April 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2271045] New: CVE-2024-28563 freeimage: buffer overflow in Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2271045 Bug ID: 2271045 Summary: CVE-2024-28563 freeimage: buffer overflow in Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2271043 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2271045 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2235429] New: CVE-2020-24294 freeimage: buffer overflow in psdParser::UnpackRLE() in PSDParser.cpp [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2235429 Bug ID: 2235429 Summary: CVE-2020-24294 freeimage: buffer overflow in psdParser::UnpackRLE() in PSDParser.cpp [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235428 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2235429 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2236391] New: CVE-2023-39615 mingw-libxml2: libxml2: crafted xml can cause global buffer overflow [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2236391 Bug ID: 2236391 Summary: CVE-2023-39615 mingw-libxml2: libxml2: crafted xml can cause global buffer overflow [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, rjones(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235864 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2236391 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2271036] New: CVE-2024-28584 freeimage: null pointer dereference in J2KImageToFIBITMAP() function when reading images in J2K format [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2271036 Bug ID: 2271036 Summary: CVE-2024-28584 freeimage: null pointer dereference in J2KImageToFIBITMAP() function when reading images in J2K format [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2271035 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2271036 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2235455] New: CVE-2021-40266 freeimage: NULL pointer dereference in ReadPalette() in PluginTIFF.cpp [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2235455 Bug ID: 2235455 Summary: CVE-2021-40266 freeimage: NULL pointer dereference in ReadPalette() in PluginTIFF.cpp [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235454 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2235455 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2271006] New: CVE-2024-28567 freeimage: Buffer Overflow in FreeImage_CreateICCProfile() function when reading images in TIFF format [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2271006 Bug ID: 2271006 Summary: CVE-2024-28567 freeimage: Buffer Overflow in FreeImage_CreateICCProfile() function when reading images in TIFF format [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2270976 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2271006 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2270992] New: CVE-2024-28568 freeimage: buffer overflow in read_iptc_profile() function when reading images in TIFF format [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2270992 Bug ID: 2270992 Summary: CVE-2024-28568 freeimage: buffer overflow in read_iptc_profile() function when reading images in TIFF format [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2270975 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2270992 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2271002] New: CVE-2024-28565 freeimage: buffer overflow in psdParser::ReadImageData() function when reading images in PSD format [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2271002 Bug ID: 2271002 Summary: CVE-2024-28565 freeimage: buffer overflow in psdParser::ReadImageData() function when reading images in PSD format [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2271000 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2271002 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2235439] New: CVE-2021-40262 freeimage: stack exhaustion via Validate() in PluginRAW.cpp [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2235439 Bug ID: 2235439 Summary: CVE-2021-40262 freeimage: stack exhaustion via Validate() in PluginRAW.cpp [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235437 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2235439 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2254631] New: TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2254631 Bug ID: 2254631 Summary: TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254630 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254631 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

2025

2024

2023

2022

2021

Epel-packagers-sig April 2024