September 2023 - Epel-packagers-sig

[Bug 2236391] New: CVE-2023-39615 mingw-libxml2: libxml2: crafted xml can cause global buffer overflow [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2236391 Bug ID: 2236391 Summary: CVE-2023-39615 mingw-libxml2: libxml2: crafted xml can cause global buffer overflow [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, rjones(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235864 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2236391 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2235455] New: CVE-2021-40266 freeimage: NULL pointer dereference in ReadPalette() in PluginTIFF.cpp [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2235455 Bug ID: 2235455 Summary: CVE-2021-40266 freeimage: NULL pointer dereference in ReadPalette() in PluginTIFF.cpp [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235454 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2235455 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2235439] New: CVE-2021-40262 freeimage: stack exhaustion via Validate() in PluginRAW.cpp [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2235439 Bug ID: 2235439 Summary: CVE-2021-40262 freeimage: stack exhaustion via Validate() in PluginRAW.cpp [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235437 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2235439 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2172784] New: CVE-2021-33367 freeimage: denial of service via a crafted JXR file [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2172784 Bug ID: 2172784 Summary: CVE-2021-33367 freeimage: denial of service via a crafted JXR file [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2172782 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2172784

1 4

[Bug 2223039] New: Something is preventing unicorn from building on s390x
by bugzilla＠redhat.com 08 Mar '25

08 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2223039 Bug ID: 2223039 Summary: Something is preventing unicorn from building on s390x Product: Fedora Version: rawhide OS: Linux Status: NEW Component: unicorn Severity: medium Assignee: redhat(a)flyn.org Reporter: mike(a)flyn.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, mail(a)fabian-affolter.ch, redhat(a)flyn.org Target Milestone: --- Classification: Fedora Building unicorn on Fedora's s390x build hosts fails with the error message below. I suspect this is due to a compiler change or perhaps a change to a dependency. Reproducible: Always Steps to Reproduce: Run "fedpkg build" from the package's Git repository. Actual Results: See https://kojipkgs.fedoraproject.org//work/tasks/8545/103368545/build.log. Here is a summary: /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_ldo_le_mmu_ppc64' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_ldo_be_mmu_ppc64' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_cmpxchgo_le_mmu_aarch64' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_cmpxchgo_be_mmu_aarch64' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_sto_be_mmu_s390x' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_ldo_be_mmu_s390x' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_cmpxchgo_be_mmu_s390x' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_cmpxchgo_be_mmu_ppc64' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_sto_be_mmu_ppc64' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_cmpxchgo_le_mmu_ppc64' /usr/bin/ld: libunicorn.so.2: undefined reference to `helper_atomic_sto_le_mmu_ppc64' collect2: error: ld returned 1 exit status gmake[2]: *** [CMakeFiles/sample_batch_reg.dir/build.make:98: sample_batch_reg] Error 1 gmake[1]: *** [CMakeFiles/Makefile2:779: CMakeFiles/sample_batch_reg.dir/all] Error 2 A similar report upstream: https://github.com/unicorn-engine/unicorn/issues/1840 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2223039 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 8

[Bug 2126075] New: CVE-2021-40648 sys-apps/man2html: multiple vulnerabilities
by bugzilla＠redhat.com 25 Feb '25

25 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126075 Bug ID: 2126075 Summary: CVE-2021-40648 sys-apps/man2html: multiple vulnerabilities Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: ybuenos(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Other CVE-2021-40648: In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory. https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126075

1 8

[Bug 2126816] New: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all]
by bugzilla＠redhat.com 25 Feb '25

25 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126816 Bug ID: 2126816 Summary: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all] Product: Fedora Version: 36 Status: NEW Component: man2html Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: sergio(a)serjux.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126816

1 6

[Bug 2126815] New: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all]
by bugzilla＠redhat.com 25 Feb '25

25 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126815 Bug ID: 2126815 Summary: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: man2html Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: sergio(a)serjux.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126815

1 3

[Bug 2097004] New: stalonetray-0.8.4 is available
by bugzilla＠redhat.com 13 Feb '25

13 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2097004 Bug ID: 2097004 Summary: stalonetray-0.8.4 is available Product: Fedora Version: rawhide Status: NEW Component: stalonetray Keywords: FutureFeature, Triaged Assignee: fedora(a)me.benboeckel.net Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, fedora(a)me.benboeckel.net Target Milestone: --- Classification: Fedora Releases retrieved: 0.8.4 Upstream release that is considered latest: 0.8.4 Current version/release in rawhide: 0.8.3-16.fc36 URL: https://github.com/kolbusa/stalonetray Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/5713/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/stalonetray -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2097004

1 4

[Bug 2219490] New: python-wsgi_intercept-1.12.1 is available
by bugzilla＠redhat.com 13 Jan '25

13 Jan '25

https://bugzilla.redhat.com/show_bug.cgi?id=2219490 Bug ID: 2219490 Summary: python-wsgi_intercept-1.12.1 is available Product: Fedora Version: rawhide Status: NEW Component: python-wsgi_intercept Keywords: FutureFeature, Triaged Assignee: chkumar(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: apevec(a)redhat.com, chkumar(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, openstack-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 1.12.1 Upstream release that is considered latest: 1.12.1 Current version/release in rawhide: 1.12.0-1.fc39 URL: https://github.com/cdent/wsgi-intercept Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/7512/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-wsgi_intercept -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2219490 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 13

2025

2024

2023

2022

2021

Epel-packagers-sig September 2023