February 2023 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2093731] New: zbarimg does not read a Code 128 barcode
by bugzilla＠redhat.com 25 Apr '25

25 Apr '25

https://bugzilla.redhat.com/show_bug.cgi?id=2093731 Bug ID: 2093731 Summary: zbarimg does not read a Code 128 barcode Product: Fedora Version: 36 Status: NEW Component: zbar Severity: high Assignee: gwync(a)protonmail.com Reporter: cristian.ciupitu(a)yahoo.com QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, mr.marcelo.barbosa(a)gmail.com, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora Created attachment 1886898 --> https://bugzilla.redhat.com/attachment.cgi?id=1886898&action=edit Code 128 barcode Description of problem: zbarimg does not read a Code 128 barcode Version-Release number of selected component (if applicable): zbar-0.23.90-1.fc36.x86_64 How reproducible: Every time Steps to Reproduce: 1. zbarimg barcode.png Actual results: scanned 0 barcode symbols from 1 images in 0 seconds WARNING: barcode data was not detected in some image(s) Things to check: - is the barcode type supported? Currently supported symbologies are: . EAN/UPC (EAN-13, EAN-8, EAN-2, EAN-5, UPC-A, UPC-E, ISBN-10, ISBN-13) . DataBar, DataBar Expanded . Code 128 . Code 93 . Code 39 . Codabar . Interleaved 2 of 5 . QR code . SQ code . PDF 417 - is the barcode large enough in the image? - is the barcode mostly in focus? - is there sufficient contrast/illumination? - If the symbol is split in several barcodes, are they combined in one image? - Did you enable the barcode type? some EAN/UPC codes are disabled by default. To enable all, use: $ zbarimg -S*.enable <files> Please also notice that some variants take precedence over others. Due to that, if you want, for example, ISBN-10, you should do: $ zbarimg -Sisbn10.enable <files> Expected results: (Code 128) 755897201062022179.73 Additional info: -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093731

1 8

[Bug 2126814] New: CVE-2021-40647 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all]
by bugzilla＠redhat.com 14 Mar '25

14 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126814 Bug ID: 2126814 Summary: CVE-2021-40647 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all] Product: Fedora Version: 36 Status: NEW Component: man2html Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: sergio(a)serjux.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126814

1 14

[Bug 2126073] New: CVE-2021-40647 sys-apps/man2html: multiple vulnerabilities
by bugzilla＠redhat.com 14 Mar '25

14 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126073 Bug ID: 2126073 Summary: CVE-2021-40647 sys-apps/man2html: multiple vulnerabilities Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: ybuenos(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Other CVE-2021-40647: In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory. https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126073

1 8

[Bug 2126813] New: CVE-2021-40647 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all]
by bugzilla＠redhat.com 14 Mar '25

14 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126813 Bug ID: 2126813 Summary: CVE-2021-40647 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: man2html Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: sergio(a)serjux.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126813

1 5

[Bug 2093305] New: CVE-2022-30783 ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2093305 Bug ID: 2093305 Summary: CVE-2022-30783 ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://github.com/tuxera/ntfs-3g/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093305

1 13

[Bug 2093308] New: CVE-2022-30783 ntfs-3g-system-compression: ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2093308 Bug ID: 2093308 Summary: CVE-2022-30783 ntfs-3g-system-compression: ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: ntfs-3g-system-compression Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: kparal(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, kparal(a)redhat.com, ngompa13(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093308

1 4

[Bug 2093333] New: CVE-2022-30787 ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2093333 Bug ID: 2093333 Summary: CVE-2022-30787 ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://github.com/tuxera/ntfs-3g/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093333

1 13

[Bug 2093336] New: CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2093336 Bug ID: 2093336 Summary: CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g: integer underflow in fuse_lib_readdir enables arbitrary memory read operations [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: ntfs-3g-system-compression Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: kparal(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, kparal(a)redhat.com, ngompa13(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093336

1 4

[Bug 2093323] New: CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2093323 Bug ID: 2093323 Summary: CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: ntfs-3g-system-compression Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: kparal(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, kparal(a)redhat.com, ngompa13(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093323

1 4

[Bug 2093320] New: CVE-2022-30785 ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2093320 Bug ID: 2093320 Summary: CVE-2022-30785 ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://github.com/tuxera/ntfs-3g/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093320

1 13

2025

2024

2023

2022

2021

Epel-packagers-sig February 2023