https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Bug ID: 2042522
Summary: CVE-2022-22816 python-pillow: buffer over-read during
initialization of ImagePath.Path in path_getbbox() in
path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during
initialization of ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
Bug ID: 2042511
Summary: CVE-2022-22815 python-pillow: improperly initializes
ImagePath.Path in path_getbbox() in path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes
ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
https://bugzilla.redhat.com/show_bug.cgi?id=2176591
Bug ID: 2176591
Summary: msmtp package should provide /usr/bin/sendmail
Product: Fedora
Version: rawhide
Status: NEW
Component: msmtp
Assignee: lemenkov(a)gmail.com
Reporter: yann(a)droneaud.fr
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
gbcox(a)bzb.us, lemenkov(a)gmail.com, ndevos(a)redhat.com,
wart(a)kobold.org
Target Milestone: ---
Classification: Fedora
Description of problem:
msmtp package is not declared to provide /usr/sbin/sendmail. But installing
the package, makes msmtp the "mta" (see alternatives --display mta), and thus
provide /usr/bin/sendmail.
Some packages, see below, requires /usr/sbin/sendmail
BackupPC-0:4.4.0-9.fc38.x86_64
alpine-0:2.26-3.fc38.x86_64
arpwatch-14:3.3-14.fc39.x86_64
asterisk-voicemail-0:18.12.1-1.fc38.3.x86_64
certwatch-mod_ssl-0:1.2-12.fc38.x86_64
fail2ban-sendmail-0:1.0.2-2.fc38.noarch
fvwm-0:2.7.0-3.fc38.x86_64
hylafax+-client-0:7.0.7-1.fc39.i686
hylafax+-client-0:7.0.7-1.fc39.x86_64
mgetty-0:1.2.1-18.fc38.x86_64
quilt-0:0.67-4.fc39.noarch
redhat-lsb-core-0:4.1-60.fc38.i686
redhat-lsb-core-0:4.1-60.fc38.x86_64
spamass-milter-0:0.4.0-24.fc38.x86_64
uudeview-0:0.5.20-51.fc38.x86_64
websec-0:1.9.0-34.fc38.noarch
x509watch-0:0.6.1-14.fc38.noarch
Thus, when asking dnf to install one of the packages above, it will also
install another mta from the list below if none of them is already installed.
Likely esmtp in my experience (likely because it's the first alphabetically).
esmtp-0:1.2-21.fc38.x86_64
exim-0:4.96-8.fc38.x86_64
opensmtpd-0:6.8.0p2-11.fc38.x86_64
postfix-2:3.7.4-1.fc38.x86_64
sendmail-0:8.17.1-8.fc38.x86_64
ssmtp-0:2.64-32.fc38.x86_64
Having msmtp already installed should be enough to satisfy /usr/sbin/sendmail
requirement, and no other MTA should be installed as part of installing another
package.
Version-Release number of selected component (if applicable):
msmtp-1.8.23-1.fc38.x86_64
How reproducible:
When installing a package that requires /usr/bin/sendmail when no other MTA
is installed.
Steps to Reproduce:
1. dnf install msmtp
2. dnf install arpwatch
Actual results:
"dnf install arpwatch" installs arpwatch and esmtp
Expected results:
"dnf install arpwatch" would install only arpwatch
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2176591
https://bugzilla.redhat.com/show_bug.cgi?id=2236563
Bug ID: 2236563
Summary: [abrt] gnome-calendar: g_date_time_add_days():
gnome-calendar killed by SIGSEGV
Product: Fedora
Version: 38
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:abb5d0ab9e6ff7f5ceede07a2d765f2b2c849ee5;VAR
IANT_ID=workstation;
Component: gnome-calendar
Assignee: gnome-sig(a)lists.fedoraproject.org
Reporter: fabian(a)knogle.industries
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
igor.raits(a)gmail.com, klember(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Trying to access an event, stretched accross a few days.
Version-Release number of selected component:
gnome-calendar-44.1-1.fc38
Additional info:
reporter: libreport-2.17.11
type: CCpp
reason: gnome-calendar killed by SIGSEGV
journald_cursor:
s=a4f44cce694f4b1b8a4bdf494f4c6e4b;i=6496e;b=9b7d0edf7d2e4a27bbd42315ab195e81;m=46b1be211;t=6043c28d1545d;x=ed95a7eda7ddbd07
executable: /usr/bin/gnome-calendar
cmdline: /usr/bin/gnome-calendar --gapplication-service
cgroup:
0::/user.slice/user-1000.slice/user@1000.service/app.slice/dbus-:1.2-org.gnome.Calendar@0.service
rootdir: /
uid: 1000
kernel: 6.4.12-200.fc38.x86_64
package: gnome-calendar-44.1-1.fc38
runlevel: N 5
backtrace_rating: 4
crash_function: g_date_time_add_days
comment: Trying to access an event, stretched accross a few days.
Truncated backtrace:
Thread no. 1 (6 frames)
#0 g_date_time_add_days at ../glib/gdatetime.c:1868
#2 update_event_indicators at ../src/gui/event-editor/gcal-date-chooser.c:407
#3 update_event_indicators_in_idle_cb at
../src/gui/event-editor/gcal-date-chooser.c:447
#7 g_main_context_iterate.isra.0 at ../glib/gmain.c:4276
#8 g_main_context_iteration at ../glib/gmain.c:4343
#9 g_application_run at ../gio/gapplication.c:2573
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2236563
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2236392
Bug ID: 2236392
Summary: CVE-2023-39615 mingw-libxml2: libxml2: crafted xml can
cause global buffer overflow [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: trathi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
rjones(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2235864
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2236392
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…