https://bugzilla.redhat.com/show_bug.cgi?id=2126816
Bug ID: 2126816
Summary: CVE-2021-40648 man2html: sys-apps/man2html: multiple
vulnerabilities [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: man2html
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: sergio(a)serjux.com
Reporter: ybuenos(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
orion(a)nwra.com, sergio(a)serjux.com,
tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2126816
https://bugzilla.redhat.com/show_bug.cgi?id=2126073
Bug ID: 2126073
Summary: CVE-2021-40647 sys-apps/man2html: multiple
vulnerabilities
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: ybuenos(a)redhat.com
CC: epel-packagers-sig(a)lists.fedoraproject.org,
orion(a)nwra.com, sergio(a)serjux.com,
tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com
Target Milestone: ---
Classification: Other
CVE-2021-40647:
In man2html 1.6g, a specific string being read in from a file will overwrite
the size parameter in the top chunk of the heap. This at least causes the
program to segmentation abort if the heap size parameter isn't aligned
correctly. In version before GLIBC version 2.29 and aligned correctly, it
allows arbitrary write anywhere in the programs memory.
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2126073
https://bugzilla.redhat.com/show_bug.cgi?id=2126814
Bug ID: 2126814
Summary: CVE-2021-40647 man2html: sys-apps/man2html: multiple
vulnerabilities [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: man2html
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: sergio(a)serjux.com
Reporter: ybuenos(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
orion(a)nwra.com, sergio(a)serjux.com,
tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2126814
https://bugzilla.redhat.com/show_bug.cgi?id=2104905
Bug ID: 2104905
Summary: CVE-2022-2097 openssl: AES OCB fails to encrypt some
bytes
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mcascell(a)redhat.com
CC: bdettelb(a)redhat.com, berrange(a)redhat.com,
bootloader-eng-team(a)redhat.com, caswilli(a)redhat.com,
cfergeau(a)redhat.com, cllang(a)redhat.com,
crobinso(a)redhat.com,
crypto-team(a)lists.fedoraproject.org,
csutherl(a)redhat.com, dbelyavs(a)redhat.com,
ddepaula(a)redhat.com, dffrench(a)redhat.com,
dhalasz(a)redhat.com, dkuc(a)redhat.com, dueno(a)redhat.com,
elima(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
erik-fedora(a)vanpienbroek.nl, f4bug(a)amsat.org,
fjansen(a)redhat.com, fmartine(a)redhat.com,
gzaronik(a)redhat.com, jary(a)redhat.com,
jburrell(a)redhat.com, jclere(a)redhat.com,
jferlan(a)redhat.com, jkoehler(a)redhat.com,
jwong(a)redhat.com, jwon(a)redhat.com, kaycoth(a)redhat.com,
krathod(a)redhat.com, kraxel(a)redhat.com,
kshier(a)redhat.com, ktietz(a)redhat.com,
marcandre.lureau(a)redhat.com,
michal.skrivanek(a)redhat.com, michel(a)michel-slm.name,
micjohns(a)redhat.com, mjg59(a)srcf.ucam.org,
mmadzin(a)redhat.com, mperina(a)redhat.com,
mspacek(a)redhat.com, mturk(a)redhat.com,
ngough(a)redhat.com, pbonzini(a)redhat.com,
peholase(a)redhat.com, pjindal(a)redhat.com,
pjones(a)redhat.com, plodge(a)redhat.com,
redhat-bugzilla(a)linuxnetz.de, rgodfrey(a)redhat.com,
rharwood(a)redhat.com, rh-spice-bugs(a)redhat.com,
rjones(a)redhat.com, sahana(a)redhat.com,
sbonazzo(a)redhat.com, stcannon(a)redhat.com,
sthirugn(a)redhat.com, szappis(a)redhat.com,
tfister(a)redhat.com, tm(a)t8m.info,
virt-maint(a)lists.fedoraproject.org,
virt-maint(a)redhat.com, vkrizan(a)redhat.com,
vkumar(a)redhat.com, vmugicag(a)redhat.com
Blocks: 2104175
Target Milestone: ---
Classification: Other
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation will not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was preexisting in
the memory that wasn't written. In the special case of "in place" encryption,
sixteen bytes of the plaintext would be revealed.
OpenSSL security advisory:
https://www.openssl.org/news/secadv/20220705.txt
Upstream fix:
https://github.com/openssl/openssl/commit/6ebf6d51596f51d23ccbc17930778d104…
[master]
https://github.com/openssl/openssl/commit/919925673d6c9cfed3c1085497f5dfbbe…
[1_1_1-stable]
https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a4232…
[openssl-3.0]
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2104905
https://bugzilla.redhat.com/show_bug.cgi?id=2134911
Bug ID: 2134911
Summary: QSocketNotifier: Can only be used with threads started
with QThread
Product: Fedora
Version: 36
Hardware: x86_64
OS: Linux
Status: NEW
Component: python-matplotlib
Assignee: quantum.analyst(a)gmail.com
Reporter: dev(a)javinator9889.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
gwync(a)protonmail.com, jonathan.underwood(a)gmail.com,
paulo.cesar.pereira.de.andrade(a)gmail.com,
python-packagers-sig(a)lists.fedoraproject.org,
quantum.analyst(a)gmail.com, thibault(a)north.li,
tomspur(a)fedoraproject.org
Target Milestone: ---
Classification: Fedora
Created attachment 1918084
--> https://bugzilla.redhat.com/attachment.cgi?id=1918084&action=edit
Python script to replicate exactly the issue (one needs to have cuDNN and CUDA
for make it work)
Description of problem:
Trying to replicate a convolutional AI model on my local computer I faced this
issue when simply trying to display the generated images by such model. The
"guide" I'm following is:
https://keras.io/guides/keras_cv/generate_images_with_stable_diffusion/?s=0…
There is no issue when generating the images but when displaying them.
Version-Release number of selected component (if applicable): tried with both
matplotlib from pip (3.6.1) and the one bundled with Fedora 36 (3.5.3-2, at the
time of writting this). Notice that the shipped Python version is in use
(3.10.2)
How reproducible: always, inside a Wayland environment (I didn't tried with
Xorg but I've seen in general that this issue is only related to Wayland)
Steps to Reproduce:
1. Generate a bunch of images using the model, or any other application
2. In a Python console:
```
import matplotlib.pyplot as plt
# images = <matrix of generated images>
plt.imshow(images)
```
Actual results:
QSocketNotifier: Can only be used with threads started with QThread
Expected results:
The set of images show up and are displayed
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2134911
https://bugzilla.redhat.com/show_bug.cgi?id=2167331
Bug ID: 2167331
Summary: top panel menu "File" opens itself too short
Product: Fedora
Version: 36
Status: NEW
Component: nemo
Severity: medium
Assignee: leigh123linux(a)googlemail.com
Reporter: customercare(a)resellerdesktop.de
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
leigh123linux(a)googlemail.com, riehecky(a)fnal.gov
Target Milestone: ---
Classification: Fedora
Created attachment 1942513
--> https://bugzilla.redhat.com/attachment.cgi?id=1942513&action=edit
nemo screenshot
Description of problem:
Hi Scott,
very often i see the top menu for "Files" opening itself with just the bare
minimum of space available, when more than enough space is available.
When this happens, it happens repeatably, but with different heights. The SS
attached was the third opening after the initial opening, which had only 3
lines of options with arrowbuttons up/down . This pattern, opening very short
for the first time, a bit larger for further openings, is reliable
reproduceable.
See Screenshot
This issue happens from time to time, there is no recognizeable pattern when it
happens next.
Version-Release number of selected component (if applicable):
Name : nemo
Version : 5.2.4
Release : 1.fc36
Architecture: x86_64
Install Date: Mo 31 Okt 2022 10:23:36 CET
Group : Unspecified
Size : 4262992
License : GPLv2+ and LGPLv2+
Signature : RSA/SHA256, Sa 28 Mai 2022 13:40:46 CEST, Key ID 999f7cbf38ab71f4
Source RPM : nemo-5.2.4-1.fc36.src.rpm
Build Date : Sa 28 Mai 2022 12:58:24 CEST
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2167331
https://bugzilla.redhat.com/show_bug.cgi?id=2117860
Bug ID: 2117860
Summary: Please branch and build libappindicator-devel in
epel8.
Product: Fedora
Version: 36
Status: NEW
Component: libappindicator
Assignee: echevemaster(a)gmail.com
Reporter: markus.muckhoff(a)softwaretechnik-und-mehr.de
QA Contact: extras-qa(a)fedoraproject.org
CC: dcavalca(a)fb.com, echevemaster(a)gmail.com,
epel-packagers-sig(a)lists.fedoraproject.org,
mailinglists(a)tpokorra.de, michel(a)michel-slm.name,
ngompa13(a)gmail.com, oliver(a)redhat.com,
philip.wyett(a)kathenas.org
Target Milestone: ---
Classification: Fedora
Please branch and build libappindicator-devel in epel8.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2117860
https://bugzilla.redhat.com/show_bug.cgi?id=2137393
Bug ID: 2137393
Summary: [abrt] meld: _flush_std_streams():
util.py:439:_flush_std_streams:OSError: [Errno 5]
Input/output error
Product: Fedora
Version: 36
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:923f838279f1054d8f9f0ae9937e7aada5c35488;VAR
IANT_ID=xfce;
Component: meld
Assignee: dmaphy(a)fedoraproject.org
Reporter: dave(a)dave3.xyz
QA Contact: extras-qa(a)fedoraproject.org
CC: cwickert(a)fedoraproject.org, dmaphy(a)fedoraproject.org,
epel-packagers-sig(a)lists.fedoraproject.org,
lkundrak(a)v3.sk, michel(a)michel-slm.name,
oliver(a)linux-kernel.at
Target Milestone: ---
Classification: Fedora
Description of problem:
Launched 2 instances from cmd line in background. Bugged out after starting
program 2nd time. Launched from terminal inside Intellij.
Version-Release number of selected component:
meld-3.22.0-1.fc36
Additional info:
reporter: libreport-2.17.4
cgroup:
0::/user.slice/user-1000.slice/user@1000.service/app.slice/snap.intellij-idea-ultimate.intellij-idea-ultimate.e962ec3f-35e7-488f-8c46-7c6cd9a4da9c.scope
cmdline: /usr/bin/python3 /usr/bin/meld run_autocluster.py
run_autocluster_old.py
crash_function: _flush_std_streams
exception_type: OSError
executable: /usr/bin/meld
interpreter: python3-3.10.7-1.fc36.x86_64
kernel: 5.19.16-200.fc36.x86_64
runlevel: N 5
type: Python3
uid: 1000
Truncated backtrace:
util.py:439:_flush_std_streams:OSError: [Errno 5] Input/output error
Traceback (most recent call last):
File "/usr/lib64/python3.10/multiprocessing/process.py", line 121, in start
self._popen = self._Popen(self)
File "/usr/lib64/python3.10/multiprocessing/context.py", line 224, in _Popen
return _default_context.get_context().Process._Popen(process_obj)
File "/usr/lib64/python3.10/multiprocessing/context.py", line 281, in _Popen
return Popen(process_obj)
File "/usr/lib64/python3.10/multiprocessing/popen_fork.py", line 16, in
__init__
util._flush_std_streams()
File "/usr/lib64/python3.10/multiprocessing/util.py", line 439, in
_flush_std_streams
sys.stderr.flush()
OSError: [Errno 5] Input/output error
Local variables in innermost frame:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2137393
https://bugzilla.redhat.com/show_bug.cgi?id=2125190
Bug ID: 2125190
Summary: [abrt] meld: help_callback():
meldapp.py:128:help_callback:gi.repository.GLib.GError
: g-io-error-quark: The specified location is not
supported (15)
Product: Fedora
Version: 36
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:35a101c398ed0ff4b5936242a2309884d9ef9336;
Component: meld
Assignee: dmaphy(a)fedoraproject.org
Reporter: ilaurie(a)bigpond.net.au
QA Contact: extras-qa(a)fedoraproject.org
CC: cwickert(a)fedoraproject.org, dmaphy(a)fedoraproject.org,
epel-packagers-sig(a)lists.fedoraproject.org,
lkundrak(a)v3.sk, michel(a)michel-slm.name,
oliver(a)linux-kernel.at
Target Milestone: ---
Classification: Fedora
Description of problem:
Selected "Help" from the menu.
Version-Release number of selected component:
meld-3.22.0-1.fc36
Additional info:
reporter: libreport-2.17.2
cgroup: 0::/user.slice/user-1000.slice/session-2.scope
cmdline: /usr/bin/python3 /usr/bin/meld
crash_function: help_callback
exception_type: gi.repository.GLib.GError
executable: /usr/bin/meld
interpreter: python3-3.10.6-1.fc36.x86_64
kernel: 5.19.7-200.fc36.x86_64
runlevel: N 5
type: Python3
uid: 1000
Truncated backtrace:
meldapp.py:128:help_callback:gi.repository.GLib.GError: g-io-error-quark: The
specified location is not supported (15)
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/meld/meldapp.py", line 128, in
help_callback
Gtk.show_uri(
gi.repository.GLib.GError: g-io-error-quark: The specified location is not
supported (15)
Local variables in innermost frame:
self: <meldapp.MeldApp object at 0x7f8f2e558740 (meld+meldapp+MeldApp at
0x55e5c654c210)>
action: <Gio.SimpleAction object at 0x7f8f286ef9c0 (GSimpleAction at
0x55e5c6a26c50)>
parameter: None
uri: 'help:meld'
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2125190