May 2023 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2102001] CVE-2022-33987 nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2102001 Bug 2102001 depends on bug 2102918, which changed state. Bug 2102918 Summary: CVE-2022-33987 nodejs:12/nodejs: got: missing verification of requested URLs allows redirects to UNIX sockets [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2102918 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2102001

1 0

[Bug 2140597] CVE-2022-37603 loader-utils:Regular expression denial of service
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2140597 Bug 2140597 depends on bug 2140608, which changed state. Bug 2140608 Summary: CVE-2022-37603 golang-entgo-ent: loader-utils:Regular expression denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2140608 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2140597

1 0

[Bug 2131335] CVE-2022-21222 css-what: ReDoS due to insecure regular expression
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2131335 Bug 2131335 depends on bug 2134319, which changed state. Bug 2134319 Summary: CVE-2022-21222 golang-entgo-ent: css-what: ReDoS due to insecure regular expression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2134319 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2131335

1 0

[Bug 2126276] CVE-2021-43138 async: Prototype Pollution in async
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2126276 Bug 2126276 depends on bug 2127000, which changed state. Bug 2127000 Summary: CVE-2021-43138 golang-entgo-ent: async: Prototype Pollution in async [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2127000 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126276

1 0

[Bug 2102001] CVE-2022-33987 nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2102001 Bug 2102001 depends on bug 2102913, which changed state. Bug 2102913 Summary: CVE-2022-33987 golang-entgo-ent: got: missing verification of requested URLs allows redirects to UNIX sockets [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2102913 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2102001

1 0

[Bug 2119663] New: [abrt] ImageMagick: MagickSignalHandler(): convert killed by SIGABRT
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2119663 Bug ID: 2119663 Summary: [abrt] ImageMagick: MagickSignalHandler(): convert killed by SIGABRT Product: Fedora Version: 36 Hardware: x86_64 Status: NEW Whiteboard: abrt_hash:99097730e8acace0088df17b6d8c7e8cabcd7117;VAR IANT_ID=workstation; Component: ImageMagick Assignee: luya_tfz(a)thefinalzone.net Reporter: EldarK(a)outlook.com QA Contact: extras-qa(a)fedoraproject.org CC: blaise(a)gmail.com, dcavalca(a)fb.com, epel-packagers-sig(a)lists.fedoraproject.org, fedora(a)famillecollet.com, luya_tfz(a)thefinalzone.net, michel(a)michel-slm.name, ngompa13(a)gmail.com, pampelmuse(a)gmx.at, sergio(a)serjux.com, troy(a)troycurtisjr.com Target Milestone: --- Classification: Fedora Version-Release number of selected component: ImageMagick-1:6.9.12.52-1.fc36 Additional info: reporter: libreport-2.17.1 backtrace_rating: 4 cgroup: 0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-variety-4755.scope cmdline: convert /home/eldar/.config/variety/Downloaded/Unsplash/photo-1659782682835-bf57d0f0bee4.jpg -auto-orient /home/eldar/.config/variety/wallpaper/wallpaper-auto-rotated-620c47dc4cdbd5f227b0e1d753b50b2f.jpg crash_function: MagickSignalHandler executable: /usr/bin/convert journald_cursor: s=9340a345271846d3b1e89d8cb69dd7b7;i=3a5f;b=30c3a79f23984832a0bb195d5db5f7f8;m=17c174a0f;t=5e68547d57561;x=a5e9921b867075a9 kernel: 5.18.17-200.fc36.x86_64 rootdir: / runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #10 MagickSignalHandler at magick/magick.c:1191 #12 __memmove_sse2_unaligned_erms at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:273 #13 memcpy at /usr/include/bits/string_fortified.h:29 #14 ReadBlob at magick/blob.c:3310 #15 FillInputBuffer at coders/jpeg.c:256 #16 jpeg_fill_bit_buffer at /usr/src/debug/libjpeg-turbo-2.1.2-2.fc36.x86_64/jdhuff.c:305 #17 decode_mcu_AC_first at /usr/src/debug/libjpeg-turbo-2.1.2-2.fc36.x86_64/jdphuff.c:402 #18 consume_data at /usr/src/debug/libjpeg-turbo-2.1.2-2.fc36.x86_64/jdcoefct.c:235 #19 jpeg_start_decompress at /usr/src/debug/libjpeg-turbo-2.1.2-2.fc36.x86_64/jdapistd.c:67 #20 ReadJPEGImage_ at coders/jpeg.c:1437 Potential duplicate: bug 1644520 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2119663

1 2

[Bug 2140597] CVE-2022-37603 loader-utils:Regular expression denial of service
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2140597 Bug 2140597 depends on bug 2140606, which changed state. Bug 2140606 Summary: CVE-2022-37603 cockatrice: loader-utils:Regular expression denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2140606 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2140597

1 0

[Bug 2131335] CVE-2022-21222 css-what: ReDoS due to insecure regular expression
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2131335 Bug 2131335 depends on bug 2134317, which changed state. Bug 2134317 Summary: CVE-2022-21222 cockatrice: css-what: ReDoS due to insecure regular expression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2134317 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2131335

1 0

[Bug 2126276] CVE-2021-43138 async: Prototype Pollution in async
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2126276 Bug 2126276 depends on bug 2126998, which changed state. Bug 2126998 Summary: CVE-2021-43138 cockatrice: async: Prototype Pollution in async [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2126998 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126276

1 0

[Bug 2167331] New: top panel menu "File" opens itself too short
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2167331 Bug ID: 2167331 Summary: top panel menu "File" opens itself too short Product: Fedora Version: 36 Status: NEW Component: nemo Severity: medium Assignee: leigh123linux(a)googlemail.com Reporter: customercare(a)resellerdesktop.de QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, leigh123linux(a)googlemail.com, riehecky(a)fnal.gov Target Milestone: --- Classification: Fedora Created attachment 1942513 --> https://bugzilla.redhat.com/attachment.cgi?id=1942513&action=edit nemo screenshot Description of problem: Hi Scott, very often i see the top menu for "Files" opening itself with just the bare minimum of space available, when more than enough space is available. When this happens, it happens repeatably, but with different heights. The SS attached was the third opening after the initial opening, which had only 3 lines of options with arrowbuttons up/down . This pattern, opening very short for the first time, a bit larger for further openings, is reliable reproduceable. See Screenshot This issue happens from time to time, there is no recognizeable pattern when it happens next. Version-Release number of selected component (if applicable): Name : nemo Version : 5.2.4 Release : 1.fc36 Architecture: x86_64 Install Date: Mo 31 Okt 2022 10:23:36 CET Group : Unspecified Size : 4262992 License : GPLv2+ and LGPLv2+ Signature : RSA/SHA256, Sa 28 Mai 2022 13:40:46 CEST, Key ID 999f7cbf38ab71f4 Source RPM : nemo-5.2.4-1.fc36.src.rpm Build Date : Sa 28 Mai 2022 12:58:24 CEST -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2167331

1 2

2025

2024

2023

2022

2021

Epel-packagers-sig May 2023