December 2023 - Epel-packagers-sig - Fedora Mailing-Lists

[Bug 2255066] New: CVE-2023-48795 golang-x-crypto: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2255066 Bug ID: 2255066 Summary: CVE-2023-48795 golang-x-crypto: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: golang-x-crypto Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mark.e.fuller(a)gmx.de Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254210 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2255066 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 months, 2 weeks

1
14
0 / 0

[Bug 2248370] New: golang-x-mod: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248370 Bug ID: 2248370 Summary: golang-x-mod: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] Product: Fedora Version: 38 Status: NEW Component: golang-x-mod Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mark.e.fuller(a)gmx.de Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2248209 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248370 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 months, 2 weeks

1
10
0 / 0

[Bug 2248371] New: golang-x-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248371 Bug ID: 2248371 Summary: golang-x-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] Product: Fedora Version: 38 Status: NEW Component: golang-x-net Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mark.e.fuller(a)gmx.de Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2248209 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248371 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 months, 2 weeks

1
8
0 / 0

[Bug 2255095] New: CVE-2023-48795 golang-x-crypto: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2255095 Bug ID: 2255095 Summary: CVE-2023-48795 golang-x-crypto: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [fedora-all] Product: Fedora Version: 39 Status: NEW Component: golang-x-crypto Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mark.e.fuller(a)gmx.de Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254210 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2255095 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 months, 2 weeks

1
10
0 / 0

[Bug 2235863] New: CVE-2023-40889 zbar: buffer overflow via crafted qr code [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2235863 Bug ID: 2235863 Summary: CVE-2023-40889 zbar: buffer overflow via crafted qr code [fedora-all] Product: Fedora Version: 38 Status: NEW Component: zbar Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: gwync(a)protonmail.com Reporter: askrabec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235861 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2235863 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 months, 2 weeks

1
8
0 / 0

[Bug 2235860] New: CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2235860 Bug ID: 2235860 Summary: CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [fedora-all] Product: Fedora Version: 38 Status: NEW Component: zbar Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: gwync(a)protonmail.com Reporter: askrabec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235858 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2235860 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 months, 2 weeks

1
8
0 / 0

[Bug 2248226] New: golang-x-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248226 Bug ID: 2248226 Summary: golang-x-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: golang-x-net Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mark.e.fuller(a)gmx.de Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2248209 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248226 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 months, 2 weeks

1
5
0 / 0

[Bug 2229579] New: CVE-2023-3978 golang-x-net: golang.org/x/net/html: Cross site scripting [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2229579 Bug ID: 2229579 Summary: CVE-2023-3978 golang-x-net: golang.org/x/net/html: Cross site scripting [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: golang-x-net Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mark.e.fuller(a)gmx.de Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2228689 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2229579 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 months, 2 weeks

1
5
0 / 0

[Bug 2178403] New: CVE-2022-41723 golang-x-net: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2178403 Bug ID: 2178403 Summary: CVE-2022-41723 golang-x-net: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: golang-x-net Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: zebob.m(a)gmail.com Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, zebob.m(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2178358 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2178403

4 months, 2 weeks

1
7
0 / 0

[Bug 2237821] New: blender core dumps at execution instead of giving sane feedback about unsupported hardware

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2237821 Bug ID: 2237821 Summary: blender core dumps at execution instead of giving sane feedback about unsupported hardware Product: Fedora Version: 38 Hardware: aarch64 OS: Linux Status: NEW Component: blender Severity: medium Assignee: luya_tfz(a)thefinalzone.net Reporter: havealoha+fedoraproject(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: code(a)musicinmybrain.net, design-devel(a)lists.fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora blender core dumps at execution instead of giving sane feedback about unsupported hardware Reproducible: Always Steps to Reproduce: 1. install asahi fedora remix 38 on macbook air m1n1 2. install and launch blender Actual Results: core dump Expected Results: blender should return an error about unsupported hardware and or unsupported OpenGL version https://discussion.fedoraproject.org/t/blender-crashes-on-latest-build-an... BLT_lang_init: 'locale' data path for translations not found, continuing EGL Error (0x3009): EGL_BAD_MATCH: Arguments are inconsistent (for example, a valid context requires buffers n ot supplied by a valid surface). EGL Error (0x3009): EGL_BAD_MATCH: Arguments are inconsistent (for example, a valid context requires buffers n ot supplied by a valid surface). EGL Error (0x3009): EGL_BAD_MATCH: Arguments are inconsistent (for example, a valid context requires buffers n ot supplied by a valid surface). EGL Error (0x3009): EGL_BAD_MATCH: Arguments are inconsistent (for example, a valid context requires buffers n ot supplied by a valid surface). EGL Error (0x3009): EGL_BAD_MATCH: Arguments are inconsistent (for example, a valid context requires buffers n ot supplied by a valid surface). EGL Error (0x3009): EGL_BAD_MATCH: Arguments are inconsistent (for example, a valid context requires buffers n ot supplied by a valid surface). EGL Error (0x3009): EGL_BAD_MATCH: Arguments are inconsistent (for example, a valid context requires buffers n ot supplied by a valid surface). EGL Error (0x3009): EGL_BAD_MATCH: Arguments are inconsistent (for example, a valid context requires buffers n ot supplied by a valid surface). Warning: No OpenGL vendor detected. blender: ../src/dispatch_common.c:872: epoxy_get_proc_address: Assertion `0 && "Couldn't find current GLX or E GL context.\n"' failed. Aborted (core dumped) # Asahi Linux System Diagnostic Dump Collected at: Wed Sep 6 20:44:45 PDT 2023 (2023-09-06T20:44:45-07:00) Username: Hostname: makukumba ## Device information Model: Apple MacBook Air (M1, 2020) Compatible: apple,j313 apple,t8103 apple,arm-platform ## Firmware versions iBoot1: iBoot-8422.141.2 iBoot2: iBoot-8422.141.2 SFR: 13.5 OS firmware: 13.5 m1n1 stage 2: v1.3.3 U-Boot: 2023.07 ## Boot information ESP UUID: 745b90c8-7d4a-4418-b5ea-74fbcf0d0483 EFI: available ## System information Kernel: 6.4.11-401.asahi.fc38.aarch64+16k Kernel build: #1 SMP PREEMPT_DYNAMIC Mon Aug 21 19:38:10 UTC 2023 Uptime: 20:44:45 up 22:36, 3 users, load average: 0.70, 0.59, 0.46 Kernel cmdline: BOOT_IMAGE=(hd0,gpt5)/boot/vmlinuz-6.4.11-401.asahi.fc38.aarch64+16k rhgb quiet root=UUID=86ad63d7-5618-4548-8ba8-78d68efa4738 rootflags=subvol=root ## Environment COLORTERM=truecolor DISPLAY=:0 LANG=C.UTF-8 LANGUAGE= TERM=xterm-256color WAYLAND_DISPLAY=wayland-0 XDG_SESSION_TYPE=wayland ## Mounts ``` ## PCI devices ``` 00:00.0 PCI bridge: Apple Inc. Apple Silicon PCI Express Root Port (rev 01) 01:00.0 Network controller: Broadcom Inc. and subsidiaries BRCM4378 Wireless Network Adapter (rev 03) 01:00.1 Network controller: Broadcom Inc. and subsidiaries BRCM4378 Bluetooth Controller (rev 03) ``` ## Input devices ``` I: Bus=001c Vendor=05ac Product=0281 Version=0935 N: Name="Apple Internal Keyboard / Trackpad" P: Phys=spi1.0 (2) S: Sysfs=/devices/platform/soc/23510c000.spi/spi_master/spi1/spi1.0/001C:05AC:0281.0002/input/input0 U: Uniq= H: Handlers=mouse0 event0 B: PROP=5 B: EV=1b B: KEY=e520 10000 0 0 0 0 B: ABS=67f800001000003 B: MSC=10 I: Bus=001c Vendor=05ac Product=0281 Version=0935 N: Name="Apple Internal Keyboard / Trackpad" P: Phys=spi1.0 (1) S: Sysfs=/devices/platform/soc/23510c000.spi/spi_master/spi1/spi1.0/001C:05AC:0281.0001/input/input1 U: Uniq= H: Handlers=sysrq kbd leds event1 B: PROP=0 B: EV=120013 B: KEY=10000 0 0 0 101007b02011007 ff9f21fac14057ff ffbeffdfffefffff fffffffffffffffe B: MSC=10 B: LED=1f I: Bus=0000 Vendor=0000 Product=0000 Version=0000 N: Name="Apple SMC power/lid events" P: Phys=macsmc-hid (0) S: Sysfs=/devices/platform/soc/23e400000.smc/macsmc-hid/input/input2 U: Uniq= H: Handlers=kbd event2 B: PROP=0 B: EV=23 B: KEY=10000000000000 0 B: SW=1 I: Bus=0000 Vendor=0000 Product=0000 Version=0000 N: Name="MacBook Air J313 Headphone Jack" P: Phys=ALSA S: Sysfs=/devices/platform/sound/sound/card0/input3 U: Uniq= H: Handlers=event3 B: PROP=0 B: EV=21 B: SW=14 ``` -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2237821 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 months, 2 weeks

1
13
0 / 0

2024

2023

2022

2021

Epel-packagers-sig December 2023