[Bug 795699] New: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [fedora-all]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=795699
Summary: CVE-2012-0841 libxml2: hash table collisions CPU usage
DoS [fedora-all]
Product: Fedora
Version: 16
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Component: mingw32-libxml2
AssignedTo: rjones(a)redhat.com
ReportedBy: huzaifas(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, veillard(a)redhat.com,
rjones(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org, drizt(a)land.ru
Blocks: 787067
Classification: Fedora
Story Points: ---
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=787067
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
11 years, 2 months
[Bug 806271] New: CVE-2012-1144 freetype: insufficient checking of first outline point in TTF parser (#35689) [fedora-all]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2012-1144 freetype: insufficient checking of first outline point in TTF parser (#35689) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=806271
Summary: CVE-2012-1144 freetype: insufficient checking of first
outline point in TTF parser (#35689) [fedora-all]
Product: Fedora
Version: 16
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Component: mingw32-freetype
AssignedTo: rjones(a)redhat.com
ReportedBy: thoger(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, rjones(a)redhat.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org
Blocks: 800607
Classification: Fedora
Story Points: ---
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=800607
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
11 years, 3 months
[Bug 866032] New: configure --disable-static prevents building of freetype static library
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=866032
Bug ID: 866032
QA Contact: extras-qa(a)fedoraproject.org
Severity: unspecified
Version: rawhide
Priority: unspecified
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com
Assignee: rjones(a)redhat.com
Summary: configure --disable-static prevents building of
freetype static library
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: ntd(a)entidi.it
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: mingw-freetype
Product: Fedora
Back in 2008 static libraries were stripped from the final package. The
relevant commit does not explain why:
http://hg.et.redhat.com/cgi-bin/hg-misc.cgi/fedora-mingw--devel/rev/1d89b...
Actually they are disabled at configure level with --disable-static. I'd like
to know the rationale behind this.
If that reason still stands a comment should be added to the spec (or I can
provide a git patch myself... I don't know if this is common practice here)
otherwise adding --enable-static can be considered. I didn't find anything in
favor or against it in the wild.
--
You are receiving this mail because:
You are on the CC list for the bug.
11 years, 4 months
[Bug 843190] New: CVE-2011-3464 libpng: One-byte stack buffer overrun in png_formatted_warning [fedora-17]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=843190
Bug ID: 843190
Keywords: Security, SecurityTracking
Blocks: 843179 (CVE-2011-3464)
QA Contact: extras-qa(a)fedoraproject.org
Severity: high
Version: 17
Priority: high
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Assignee: rjones(a)redhat.com
Summary: CVE-2011-3464 libpng: One-byte stack buffer overrun
in png_formatted_warning [fedora-17]
Regression: ---
Story Points: ---
Classification: Fedora
OS: Linux
Reporter: kseifried(a)redhat.com
Type: ---
Documentation: ---
Hardware: All
Mount Type: ---
Status: NEW
Component: mingw-libpng
Product: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=843179
fedora-17 tracking bug for mingw-libpng: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
--
You are receiving this mail because:
You are on the CC list for the bug.
11 years, 4 months
[Bug 880466] CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
by Red Hat Bugzilla
Product: Security Response
https://bugzilla.redhat.com/show_bug.cgi?id=880466
Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|21127,reported=20121126,sou |21127,reported=20121126,sou
|rce=google,cvss2=6.8/AV:N/A |rce=google,cvss2=6.8/AV:N/A
|C:M/Au:N/C:P/I:P/A:P,cwe=CW |C:M/Au:N/C:P/I:P/A:P,cwe=CW
|E-124,rhel-5/libxml2=affect |E-124,rhel-5/libxml2=affect
|ed,rhel-6/libxml2=affected, |ed,rhel-6/libxml2=affected,
|rhel-6/mingw32-libxml2=new, |rhel-6/mingw32-libxml2=defe
|fedora-all/libxml2=affected |r,fedora-all/libxml2=affect
|,fedora-all/mingw32-libxml2 |ed,fedora-all/mingw32-libxm
|=affected |l2=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
11 years, 5 months
[Bug 880466] CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
by Red Hat Bugzilla
Product: Security Response
https://bugzilla.redhat.com/show_bug.cgi?id=880466
Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|21127,reported=20121126,sou |21127,reported=20121126,sou
|rce=google,cvss2=6.8/AV:N/A |rce=google,cvss2=6.8/AV:N/A
|C:M/Au:N/C:P/I:P/A:P,cwe=CW |C:M/Au:N/C:P/I:P/A:P,cwe=CW
|E-124,rhel-5/libxml2=affect |E-124,rhel-5/libxml2=affect
|ed,rhel-6/libxml2=affected, |ed,rhel-6/libxml2=affected,
|rhel-6/mingw32-libxml2=new, |rhel-6/mingw32-libxml2=new,
|fedora-all/libxml2=affected |fedora-all/libxml2=affected
|,fedora-all/mingw32-libxml2 |,fedora-all/mingw32-libxml2
|=new |=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
11 years, 5 months