[Bug 595006] New: mingw32-dlfcn-static libdl.a has no index
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: mingw32-dlfcn-static libdl.a has no index
https://bugzilla.redhat.com/show_bug.cgi?id=595006
Summary: mingw32-dlfcn-static libdl.a has no index
Product: Fedora
Version: 12
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: mingw32-dlfcn
AssignedTo: rjones(a)redhat.com
ReportedBy: stebbins(a)jetheaddev.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, berrange(a)redhat.com,
rjones(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org
Classification: Fedora
Description of problem:
When attempting to link with libdl.a this error occurs:
/usr/i686-pc-mingw32/sys-root/mingw/lib/libdl.a: could not read symbols:
Archive has no index; run ranlib to add one
Version-Release number of selected component (if applicable):
Release : 0.7.r11.fc12
Steps to Reproduce:
1. gcc -static somefile.c -o some.exe -ldl
Additional info:
running ranlib fixes the problem:
# i686-pc-mingw32-ranlib libdl.a
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
13 years, 4 months
[Bug 508746] New: noarch MinGW debuginfo packages don't get placed in the debuginfo repository
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: noarch MinGW debuginfo packages don't get placed in the debuginfo repository
https://bugzilla.redhat.com/show_bug.cgi?id=508746
Summary: noarch MinGW debuginfo packages don't get placed in
the debuginfo repository
Product: Fedora
Version: rawhide
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: mash
AssignedTo: notting(a)redhat.com
ReportedBy: erik-fedora(a)vanpienbroek.nl
QAContact: extras-qa(a)fedoraproject.org
CC: notting(a)redhat.com, jkeating(a)redhat.com,
fedora-mingw(a)lists.fedoraproject.org
Classification: Fedora
This bug was originally reported at the rel-eng trac (
https://fedorahosted.org/rel-eng/ticket/1949 ), but I was asked to report this
here:
A few days ago we (the Fedora MinGW SIG) started experimenting with generating
-debuginfo subpackages for our libraries. For this we've created some custom
scripts to strip out debug information to separate files and added some RPM
macro's to create -debuginfo subpackages containing these files. This has been
discussed at
http://lists.fedoraproject.org/pipermail/fedora-mingw/2009-June/001748.html
The RPM scripts were added in mingw32-filesystem-52-1.fc12 and some of our
regular MinGW packages were rebuild as can be seen at
http://koji.fedoraproject.org/koji/buildinfo?buildID=111400
After waiting for the next rawhide push we discovered that the
mingw32-glib2-debuginfo subpackage wasn't published in the rawhide-debuginfo
repository. We think it's caused by the fact that our mingw32 packages are
noarch.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
13 years, 6 months
[Bug 504782] New: libpng: Interlaced Images Information Disclosure Vulnerability
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: libpng: Interlaced Images Information Disclosure Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=504782
Summary: libpng: Interlaced Images Information Disclosure
Vulnerability
Product: Security Response
Version: unspecified
Platform: All
OS/Version: Linux
Status: NEW
Status Whiteboard: source=gentoo,reported=20090606,public=20090604,impact
=low?
Keywords: Security
Severity: medium
Priority: medium
Component: vulnerability
AssignedTo: security-response-team(a)redhat.com
ReportedBy: thoger(a)redhat.com
CC: paul(a)city-fan.org, lfarkas(a)lfarkas.org,
tgl(a)redhat.com, berrange(a)redhat.com,
rjones(a)redhat.com,
fedora-mingw(a)lists.fedoraproject.org
Classification: Other
Target Release: ---
Quoting Secunia advisory SA35346:
http://secunia.com/advisories/35346/
A vulnerability has been reported in libpng, which can be exploited
by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to an error when processing 1-bit
interlaced images. This can be exploited to disclose uninitialised
memory via specially crafted images having widths that are not
divisible by 8.
The vulnerability is reported in versions prior to 1.2.37.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
13 years, 8 months
[Bug 608644] CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=608644
--- Comment #16 from Vincent Danen <vdanen(a)redhat.com> 2010-06-29 16:54:43 EDT ---
(In reply to comment #10)
> Yes, it does. Upstream has declared end-of-life for libpng10 and does
> not plan any more updates, even for security, as announced back in
> February. If that is a hardship, you can complain to png-mng-implemement at
> lists.sf.net, explain why you still need libpng10, and we might revisit the
> decision.
>
> We also plan to abandon libpng12 at the end of 2010.
We have libpng10 packages in Red Hat Enterprise Linux 3 and 4, used by things
like gnome-libs (both) and Gtk-Perl, gimp (RHEL3-only), so we have to support
libpng10 until those distributions reach end-of-life.
It isn't necessarily a hardship, but other vendors may be in the same position
with regards to supporting libpng10 and libpng12 (we will be supporting
libpng12 for many years to come yet). Abandoning libpng12 at the end of this
year might be something we should bring up (perhaps some kind of maintenance
for security issues alone).
Thanks for that information.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
13 years, 10 months
[Bug 608644] CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=608644
Vincent Danen <vdanen(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|public=20100625,reported=20 |public=20100625,reported=20
|100626,source=bugzilla,rhel |100626,source=bugzilla,rhel
|-3/libpng=affected/impact=l |-3/libpng=affected/impact=l
|ow/cvss2=4.3/AV:N/AC:M/Au:N |ow/cvss2=4.3/AV:N/AC:M/Au:N
|/C:N/I:N/A:P/,rhel-4/libpng |/C:N/I:N/A:P/,rhel-4/libpng
|=affected/impact=low/cvss2= |=affected/impact=low/cvss2=
|4.3/AV:N/AC:M/Au:N/C:N/I:N/ |4.3/AV:N/AC:M/Au:N/C:N/I:N/
|A:P/ |A:P/
Status Whiteboard|rhel-5/libpng=affected/impa |rhel-5/libpng=affected/impa
|ct=low/cvss2=4.3/AV:N/AC:M/ |ct=low/cvss2=4.3/AV:N/AC:M/
|Au:N/C:N/I:N/A:P/,rhel-6/li |Au:N/C:N/I:N/A:P/,rhel-6/li
|bpng=affected/impact=low/cv |bpng=affected/impact=low/cv
|ss2=4.3/AV:N/AC:M/Au:N/C:N/ |ss2=4.3/AV:N/AC:M/Au:N/C:N/
|I:N/A:P/,fedora-all/libpng= |I:N/A:P/,fedora-all/libpng=
|affected/impact=low/cvss2=4 |affected/impact=low/cvss2=4
|.3/AV:N/AC:M/Au:N/C:N/I:N/A |.3/AV:N/AC:M/Au:N/C:N/I:N/A
|:P/ |:P/
Status Whiteboard|fedora-all/mingw32-libpng=a |fedora-all/mingw32-libpng=a
|ffected/impact=low/cvss2=4. |ffected/impact=low/cvss2=4.
|3/AV:N/AC:M/Au:N/C:N/I:N/A: |3/AV:N/AC:M/Au:N/C:N/I:N/A:
|P/ |P/,fedora-all/libpng10=affe
| |cted/impact=low/cvss2=4.3/A
| |V:N/AC:M/Au:N/C:N/I:N/A:P/,
| |rhel-3/libpng10=affected/im
| |pact=low/cvss2=4.3/AV:N/AC:
| |M/Au:N/C:N/I:N/A:P/
Status Whiteboard| |rhel-4/libpng10=affected/im
| |pact=low/cvss2=4.3/AV:N/AC:
| |M/Au:N/C:N/I:N/A:P/
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
13 years, 10 months