February 2023 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2150945] New: CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [fedora-all]
by bugzilla＠redhat.com 06 Dec '23

06 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2150945 Bug ID: 2150945 Summary: CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [fedora-all] Product: Fedora Version: 37 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: jsmith.fedora(a)gmail.com Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2150943 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2150945

1 4

[Bug 2150942] New: asterisk: GetConfig AMI Action can read files outside of Asterisk directory [fedora-all]
by bugzilla＠redhat.com 06 Dec '23

06 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2150942 Bug ID: 2150942 Summary: asterisk: GetConfig AMI Action can read files outside of Asterisk directory [fedora-all] Product: Fedora Version: 37 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: jsmith.fedora(a)gmail.com Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2150940 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2150942

1 4

[Bug 2148411] New: [abrt] meld: on_file_changed(): meldwindow.py:305:on_file_changed:AttributeError: 'NewDiffTab' object has no attribute 'on_file_changed'
by bugzilla＠redhat.com 06 Dec '23

06 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2148411 Bug ID: 2148411 Summary: [abrt] meld: on_file_changed(): meldwindow.py:305:on_file_changed:AttributeError: 'NewDiffTab' object has no attribute 'on_file_changed' Product: Fedora Version: 37 Hardware: x86_64 Status: NEW Whiteboard: abrt_hash:e13b807f71fa093e5be53da5a641faaf0126d837;VAR IANT_ID=workstation; Component: meld Assignee: dmaphy(a)fedoraproject.org Reporter: f.j.panag(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: cwickert(a)fedoraproject.org, dmaphy(a)fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, lkundrak(a)v3.sk, michel(a)michel-slm.name, oliver(a)linux-kernel.at Target Milestone: --- Classification: Fedora Version-Release number of selected component: meld-3.22.0-1.fc37 Additional info: reporter: libreport-2.17.4 cgroup: 0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-org.gnome.Meld-697504.scope cmdline: /usr/bin/python3 /usr/bin/meld crash_function: on_file_changed exception_type: AttributeError executable: /usr/bin/meld interpreter: python3-3.11.0-1.fc37.x86_64 kernel: 6.0.9-300.fc37.x86_64 runlevel: N 5 type: Python3 uid: 1000 Truncated backtrace: meldwindow.py:305:on_file_changed:AttributeError: 'NewDiffTab' object has no attribute 'on_file_changed' Traceback (most recent call last): File "/usr/lib/python3.11/site-packages/meld/meldwindow.py", line 305, in on_file_changed page.on_file_changed(filename) ^^^^^^^^^^^^^^^^^^^^ AttributeError: 'NewDiffTab' object has no attribute 'on_file_changed' Local variables in innermost frame: self: <meldwindow.MeldWindow object at 0x7f05549df700 (MeldWindow at 0x5652bd02a2b0)> srcpage: <filediff.FileDiff object at 0x7f0550a4b640 (FileDiff at 0x5652bdade590)> filename: '/home/fotis/Downloads/incubator-nuttx/net/tcp/tcp_conn.c' page: <newdifftab.NewDiffTab object at 0x7f0552093b40 (NewDiffTab at 0x5652bd09bab0)> Potential duplicate: bug 2145206 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2148411

1 3

[Bug 2125635] New: [abrt] zbar-qt: XCreateGC(): zbarcam-qt killed by SIGSEGV
by bugzilla＠redhat.com 06 Dec '23

06 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2125635 Bug ID: 2125635 Summary: [abrt] zbar-qt: XCreateGC(): zbarcam-qt killed by SIGSEGV Product: Fedora Version: 37 Hardware: x86_64 Status: NEW Whiteboard: abrt_hash:078632a70931f6bcf0d3a737df94c2bb4c797b8b;VAR IANT_ID=workstation; Component: zbar Assignee: gwync(a)protonmail.com Reporter: remyabel(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, mr.marcelo.barbosa(a)gmail.com, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora Version-Release number of selected component: zbar-qt-0.23.90-5.fc37 Additional info: reporter: libreport-2.17.2 backtrace_rating: 3 cgroup: 0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-3fe4439d-5e15-4c55-880f-64488f2bf4b7.scope cmdline: zbarcam-qt crash_function: XCreateGC executable: /usr/bin/zbarcam-qt journald_cursor: s=759f6b6667fc40deb238abf796413863;i=4906;b=8bb2ff6253eb43b991e38d34d1424771;m=ea673b49;t=5e83e9c99f6b5;x=320ffbe6a9d0ebd3 kernel: 5.19.7-300.fc37.x86_64 rootdir: / runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #0 XCreateGC at /usr/src/debug/libX11-1.8.1-2.fc37.x86_64/src/CrGC.c:74 #1 _zbar_window_attach at window/x.c:168 #2 zbar_window_attach at /usr/src/debug/zbar-0.23.90-5.fc37.x86_64/zbar/window.c:73 #3 zbar::Window::attach at ./include/zbar/Window.h:75 #4 zbar::QZBar::changeEvent at qt/QZBar.cpp:337 #5 QWidget::event at kernel/qwidget.cpp:8975 #6 QApplicationPrivate::notify_helper at kernel/qapplication.cpp:3637 #7 QCoreApplication::notifyInternal2 at kernel/qcoreapplication.cpp:1064 #8 QWidget::setParent at kernel/qwidget.cpp:10505 #10 QLayoutPrivate::reparentChildWidgets at kernel/qlayout.cpp:841 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2125635

1 2

[Bug 2065645] New: Gmime 3.2.9 is available
by bugzilla＠redhat.com 02 Dec '23

02 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2065645 Bug ID: 2065645 Summary: Gmime 3.2.9 is available Product: Fedora Version: rawhide Hardware: All Status: NEW Component: gmime30 Severity: medium Assignee: klember(a)redhat.com Reporter: mjg(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, klember(a)redhat.com Target Milestone: --- Link ID: Github jstedfast/gmime/releases/tag/3.2.9 Classification: Fedora Description of problem: Gmime 3.2.7 as packaged is outdated (Mar 2020). Version-Release number of selected component (if applicable): 3.2.7-5 How reproducible: always Steps to Reproduce: 1. dnf list gmime30 Actual results: gmime30-3.2.7 Expected results: gmime30-3.2.9 Additional info: The real upstream has been at https://github.com/jstedfast/gmime/ for quite some time now (not on gnome any more, and never on gitlab). -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2065645

1 12

[Bug 2173166] New: dd_rescue-1.99.13 is available
by bugzilla＠redhat.com 25 Nov '23

25 Nov '23

https://bugzilla.redhat.com/show_bug.cgi?id=2173166 Bug ID: 2173166 Summary: dd_rescue-1.99.13 is available Product: Fedora Version: rawhide Status: NEW Component: dd_rescue Keywords: FutureFeature, Triaged Assignee: rebus(a)seznam.cz Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: andreas(a)bawue.net, epel-packagers-sig(a)lists.fedoraproject.org, rebus(a)seznam.cz, rhbugs(a)n-dimensional.de, steve(a)silug.org, susi.lehtola(a)iki.fi Target Milestone: --- Classification: Fedora Releases retrieved: 1.99.13 Upstream release that is considered latest: 1.99.13 Current version/release in rawhide: 1.99.12-3.fc39 URL: http://www.garloff.de/kurt/linux/ddrescue/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/406/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/dd_rescue -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2173166

1 4

[Bug 2078238] New: gssdp-1.5.0 is available
by bugzilla＠redhat.com 23 Nov '23

23 Nov '23

https://bugzilla.redhat.com/show_bug.cgi?id=2078238 Bug ID: 2078238 Summary: gssdp-1.5.0 is available Product: Fedora Version: rawhide Status: NEW Component: gssdp Keywords: FutureFeature, Triaged Assignee: klember(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dcavalca(a)fb.com, epel-packagers-sig(a)lists.fedoraproject.org, klember(a)redhat.com, zeenix(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 1.5.0 Current version/release in rawhide: 1.4.0.1-2.fc36 URL: https://developer.gnome.org/gssdp/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/1262/ -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2078238

1 27

[Bug 2081494] New: CVE-2022-1292 openssl: c_rehash script allows command injection
by bugzilla＠redhat.com 08 Nov '23

08 Nov '23

https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug ID: 2081494 Summary: CVE-2022-1292 openssl: c_rehash script allows command injection Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: pdelbell(a)redhat.com CC: aos-bugs(a)redhat.com, asoldano(a)redhat.com, bbaranow(a)redhat.com, bdettelb(a)redhat.com, berrange(a)redhat.com, bmaxwell(a)redhat.com, bootloader-eng-team(a)redhat.com, brian.stansberry(a)redhat.com, caswilli(a)redhat.com, cdewolf(a)redhat.com, cfergeau(a)redhat.com, chazlett(a)redhat.com, crobinso(a)redhat.com, crypto-team(a)lists.fedoraproject.org, csutherl(a)redhat.com, darran.lofthouse(a)redhat.com, dbelyavs(a)redhat.com, ddepaula(a)redhat.com, dhalasz(a)redhat.com, dkreling(a)redhat.com, dkuc(a)redhat.com, dosoudil(a)redhat.com, dueno(a)redhat.com, elima(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, erik-fedora(a)vanpienbroek.nl, f4bug(a)amsat.org, fjansen(a)redhat.com, fjuma(a)redhat.com, fmartine(a)redhat.com, gparvin(a)redhat.com, gzaronik(a)redhat.com, iweiss(a)redhat.com, jburrell(a)redhat.com, jclere(a)redhat.com, jferlan(a)redhat.com, jkoehler(a)redhat.com, jochrist(a)redhat.com, jramanat(a)redhat.com, jwong(a)redhat.com, jwon(a)redhat.com, kaycoth(a)redhat.com, krathod(a)redhat.com, kraxel(a)redhat.com, ktietz(a)redhat.com, lgao(a)redhat.com, marcandre.lureau(a)redhat.com, michal.skrivanek(a)redhat.com, michel(a)michel-slm.name, micjohns(a)redhat.com, mjg59(a)srcf.ucam.org, mosmerov(a)redhat.com, mperina(a)redhat.com, msochure(a)redhat.com, mspacek(a)redhat.com, msvehla(a)redhat.com, mturk(a)redhat.com, njean(a)redhat.com, nwallace(a)redhat.com, pahickey(a)redhat.com, pbonzini(a)redhat.com, pjindal(a)redhat.com, pjones(a)redhat.com, pmackay(a)redhat.com, redhat-bugzilla(a)linuxnetz.de, rfreiman(a)redhat.com, rharwood(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, rstancel(a)redhat.com, rsvoboda(a)redhat.com, sahana(a)redhat.com, sbonazzo(a)redhat.com, smaestri(a)redhat.com, stcannon(a)redhat.com, sthirugn(a)redhat.com, szappis(a)redhat.com, tmeszaro(a)redhat.com, tm(a)t8m.info, tom.jenkinson(a)redhat.com, virt-maint(a)lists.fedoraproject.org, virt-maint(a)redhat.com, vkrizan(a)redhat.com, vkumar(a)redhat.com, vmugicag(a)redhat.com Target Milestone: --- Classification: Other The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. OpenSSL 1.0.2 users should upgrade to 1.0.2ze OpenSSL 1.1.1 users should upgrade to 1.1.1o OpenSSL 3.0 users should upgrade to 3.0.3 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2081494

1 53

[Bug 2142342] New: meld requires python3-gobject
by bugzilla＠redhat.com 03 Nov '23

03 Nov '23

https://bugzilla.redhat.com/show_bug.cgi?id=2142342 Bug ID: 2142342 Summary: meld requires python3-gobject Product: Fedora Version: 37 Hardware: x86_64 OS: Linux Status: NEW Component: meld Severity: low Assignee: dmaphy(a)fedoraproject.org Reporter: adam.boseley(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: cwickert(a)fedoraproject.org, dmaphy(a)fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, lkundrak(a)v3.sk, michel(a)michel-slm.name, oliver(a)linux-kernel.at Target Milestone: --- Classification: Fedora Description of problem: Meld launches with errors, when looking for diffs in a git repo "TypeError: Couldn't find foreign struct converter for 'cairo.Context'" Version-Release number of selected component (if applicable): Name : meld Version : 3.22.0 Release : 1.fc37 Architecture : noarch How reproducible: yes Steps to Reproduce: - toolbox create mytest_box - toolbox enter mytest_box - sudo dnf install meld git - cd /tmp - mkdir test_repo - cd test_repo - git init . - touch some_file - git add -A - git commit -m "add some_file" - echo "hi " >> some_file - meld . Actual results: TypeError: Couldn't find foreign struct converter for 'cairo.Context' TypeError: Couldn't find foreign struct converter for 'cairo.Context' TypeError: Couldn't find foreign struct converter for 'cairo.Context' TypeError: Couldn't find foreign struct converter for 'cairo.Context' TypeError: Couldn't find foreign struct converter for 'cairo.Context' TypeError: Couldn't find foreign struct converter for 'cairo.Context' Expected results: I should be able to click on the file in meld and see the differences. Additional info: This is fixed by adding the missing package dependency sudo dnf install python3-gobject -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2142342

1 10

[Bug 2167264] New: pngquant-3.0.1 is available
by bugzilla＠redhat.com 30 Oct '23

30 Oct '23

https://bugzilla.redhat.com/show_bug.cgi?id=2167264 Bug ID: 2167264 Summary: pngquant-3.0.1 is available Product: Fedora Version: rawhide Status: NEW Component: pngquant Keywords: FutureFeature, Triaged Assignee: davide(a)cavalca.name Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: besser82(a)fedoraproject.org, davide(a)cavalca.name, epel-packagers-sig(a)lists.fedoraproject.org, sergio(a)serjux.com Target Milestone: --- Classification: Fedora Releases retrieved: 3.0.0, 3.0.1 Upstream release that is considered latest: 3.0.1 Current version/release in rawhide: 2.18.0-1.fc38 URL: https://pngquant.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/3674/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/pngquant -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2167264

1 10

2025

2024

2023

2022

2021

Epel-packagers-sig February 2023