Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: mingw32-glib2 may need to be rebuilt against Python 2.7 in F14 and rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=623338
Summary: mingw32-glib2 may need to be rebuilt against Python
2.7 in F14 and rawhide
Product: Fedora
Version: 14
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: mingw32-glib2
AssignedTo: rjones(a)redhat.com
ReportedBy: dmalcolm(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, t.sailer(a)alumni.ethz.ch,
rjones(a)redhat.com,
fedora-mingw(a)lists.fedoraproject.org
Depends on: 623233
Blocks: 619913
Classification: Fedora
Target Release: ---
This is an automatically-filed bug.
mingw32-glib2-2.24.1-1.fc14 contains one or more .pyc files, but has not been
rebuilt since Python 2.7 was built for Fedora, and thus the .pyc files
presumably are for Python 2.6. Python 2.7 changed the bytecode format, so
usage of those files will typically fail (see e.g. bug 621726).
The package needs to be rebuilt against python 2.7 in both F14 and devel.
Information on the new "dist-git" system can be seen here:
http://fedoraproject.org/wiki/Using_Fedora_GIT
Information on common difficulties with Python 2.7 rebuilds can be seen here:
https://fedoraproject.org/wiki/Features/Python_2.7
Once it's been successfully rebuilt for F14, an update needs to be filed to get
the rebuild into F14:
https://admin.fedoraproject.org/updates/new/
Please add this bug to the update, to make it easy to track what's been done,
and what's left to do.
I'm sorry that this component was not handled by the mass rebuild. (This may
be due to bug 623233)
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1092759
Bug ID: 1092759
Summary: gzseek calls can incorrectly position the file.
Product: Fedora
Version: 19
Component: mingw-zlib
Assignee: rjones(a)redhat.com
Reporter: tsteven4(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Created attachment 890969
--> https://bugzilla.redhat.com/attachment.cgi?id=890969&action=edit
zlib gzseek test case
Description of problem: gzseek can incorrectly hit EOF, causing subsequent
gzread calls to fail.
Version-Release number of selected component (if applicable):
mingw32-zlib-1.2.7-2.fc19.noarch
How reproducible:
100%
Steps to Reproduce:
1. unzip test case zlib_test2.zip provided.
2. run test2 script to compile the test case.
3. execute test case by running testz2.exe under windows. testz2.exe,
zlib1.dll and test.data all need to be in the directory testz2.exe is executed
from.
Actual results:
Got 0
Expected results:
Got 4
Additional info:
A possible patch with zlib 1.2.8 is listed below, although this might be a
configuration problem. offset, which is of type z_off64_t, ends up being 32
bits as configured.
--- gzlib.c 2013-03-24 23:47:59.000000000 -0600
+++ gzlib.patch.c 2014-04-27 15:34:38.496808069 -0600
@@ -393,7 +393,7 @@
/* if within raw area while reading, just go there */
if (state->mode == GZ_READ && state->how == COPY &&
state->x.pos + offset >= 0) {
- ret = LSEEK(state->fd, offset - state->x.have, SEEK_CUR);
+ ret = LSEEK(state->fd, offset - (z_off64_t)state->x.have, SEEK_CUR);
if (ret == -1)
return -1;
state->x.have = 0;
I have reported this to zlib(a)gzip.org but haven't received any response yet.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=t37ShhxD8T&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1118276
Bug ID: 1118276
Summary: Subpixel rendering patch invalid
Product: Fedora
Version: rawhide
Component: mingw-freetype
Assignee: rjones(a)redhat.com
Reporter: ntd(a)entidi.it
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com
Created attachment 917044
--> https://bugzilla.redhat.com/attachment.cgi?id=917044&action=edit
The new patch updated to freetype 2.5.3
The latest update to 2.5.3 invalidated the subpixel rendering patch. I think
the problem has not been caught because your build system does not enable
subpixel rendering by default.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OkPbJnEQkW&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1172635
Bug ID: 1172635
Summary: mingw-freetype: freetype: OOB stack-based read/write
in cf2_hintmap_build() (incomplete fix for
CVE-2014-2240). [fedora-20]
Product: Fedora
Version: 20
Component: mingw-freetype
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com
Blocks: 1172633
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
fedora-20 tracking bug for mingw-freetype: see blocks bug list for full details
of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1172633
[Bug 1172633] freetype: OOB stack-based read/write in cf2_hintmap_build()
(incomplete fix for CVE-2014-2240).
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dhuXAxrK1L&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162678
Bug ID: 1162678
Summary: mingw-binutils: binutils: out of bounds memory write
[epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162666
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
[Bug 1162666] binutils: out of bounds memory write
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=QEfoIFLnS8&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162665
Bug ID: 1162665
Summary: mingw-binutils: binutils: directory traversal
vulnerability [epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162655
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162655
[Bug 1162655] binutils: directory traversal vulnerability
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=mAjttbGbKd&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162630
Bug ID: 1162630
Summary: CVE-2014-8504 mingw-binutils: binutils: stack overflow
in the SREC parser [epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162621 (CVE-2014-8504)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162621
[Bug 1162621] CVE-2014-8504 binutils: stack overflow in the SREC parser
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JyPQu7TGVU&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162619
Bug ID: 1162619
Summary: CVE-2014-8503 mingw-binutils: binutils: stack overflow
in objdump when parsing specially crafted ihex file
[epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162607 (CVE-2014-8503)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162607
[Bug 1162607] CVE-2014-8503 binutils: stack overflow in objdump when
parsing specially crafted ihex file
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=EyQKy8SkMe&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162606
Bug ID: 1162606
Summary: CVE-2014-8502 mingw-binutils: binutils: heap overflow
in objdump [epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com
Blocks: 1162594 (CVE-2014-8502)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162594
[Bug 1162594] CVE-2014-8502 binutils: heap overflow in objdump
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VIewK5AgR2&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162673
Bug ID: 1162673
Summary: mingw-binutils: binutils: out of bounds memory write
[fedora-all]
Product: Fedora
Version: 20
Component: mingw-binutils
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, ktietz(a)redhat.com,
rjones(a)redhat.com
Blocks: 1162666
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1162666
[Bug 1162666] binutils: out of bounds memory write
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dEQdekFCiz&a=cc_unsubscribe