December 2014 - mingw - Fedora Mailing-Lists

[Bug 1162660] New: mingw-binutils: binutils: directory traversal vulnerability [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162660 Bug ID: 1162660 Summary: mingw-binutils: binutils: directory traversal vulnerability [fedora-all] Product: Fedora Version: 20 Component: mingw-binutils Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, ktietz(a)redhat.com, rjones(a)redhat.com Blocks: 1162655 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1162655 [Bug 1162655] binutils: directory traversal vulnerability -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0rCsRfqbK3&a=cc_unsubscribe

9 years, 3 months

1
10
0 / 0

[Bug 1162626] New: CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162626 Bug ID: 1162626 Summary: CVE-2014-8504 mingw-binutils: binutils: stack overflow in the SREC parser [fedora-all] Product: Fedora Version: 20 Component: mingw-binutils Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, ktietz(a)redhat.com, rjones(a)redhat.com Blocks: 1162621 (CVE-2014-8504) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1162621 [Bug 1162621] CVE-2014-8504 binutils: stack overflow in the SREC parser -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0g5PmhlHcw&a=cc_unsubscribe

9 years, 3 months

1
10
0 / 0

[Bug 1162612] New: CVE-2014-8503 mingw-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162612 Bug ID: 1162612 Summary: CVE-2014-8503 mingw-binutils: binutils: stack overflow in objdump when parsing specially crafted ihex file [fedora-all] Product: Fedora Version: 20 Component: mingw-binutils Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, ktietz(a)redhat.com, rjones(a)redhat.com Blocks: 1162607 (CVE-2014-8503) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1162607 [Bug 1162607] CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex file -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6OyawZq4HB&a=cc_unsubscribe

9 years, 3 months

1
10
0 / 0

[Bug 1162602] New: CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162602 Bug ID: 1162602 Summary: CVE-2014-8502 mingw-binutils: binutils: heap overflow in objdump [fedora-all] Product: Fedora Version: 20 Component: mingw-binutils Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, ktietz(a)redhat.com, rjones(a)redhat.com Blocks: 1162594 (CVE-2014-8502) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1162594 [Bug 1162594] CVE-2014-8502 binutils: heap overflow in objdump -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qroolnoCII&a=cc_unsubscribe

9 years, 3 months

1
10
0 / 0

[Bug 1162583] New: CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162583 Bug ID: 1162583 Summary: CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [epel-all] Product: Fedora EPEL Version: el6 Component: mingw-binutils Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com Blocks: 1162570 (CVE-2014-8501) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1162570 [Bug 1162570] CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=D0KPVsr7x9&a=cc_unsubscribe

9 years, 3 months

1
6
0 / 0

[Bug 1172633] New: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240).

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1172633 Bug ID: 1172633 Summary: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240). Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org, mkasik(a)redhat.com, rjones(a)redhat.com It was reported [1] that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240. Upstream patch is at [2] Upstream bug with some additional info is at [3]. This new CFF handling code was introduced in Freetype 2.4.12 (new Type 2 interpreter and hinter); earlier versions are not affected. This is fixed in 2.5.4 [4]. [1]: https://bugs.mageia.org/show_bug.cgi?id=14771 [2]: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6e... [3]: http://savannah.nongnu.org/bugs/?43661 [4]: http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/ Statement: Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 5, 6 and 7. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=yLFKJV2zPY&a=cc_unsubscribe

9 years, 3 months

1
12
0 / 0

[Bug 1162578] New: CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162578 Bug ID: 1162578 Summary: CVE-2014-8501 mingw-binutils: binutils: out-of-bounds write when parsing specially crafted PE executable [fedora-all] Product: Fedora Version: 20 Component: mingw-binutils Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, ktietz(a)redhat.com, rjones(a)redhat.com Blocks: 1162570 (CVE-2014-8501) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1162570 [Bug 1162570] CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=UaCDXMxyc2&a=cc_unsubscribe

9 years, 3 months

1
8
0 / 0

[Bug 1172636] New: mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240). [fedora-19]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1172636 Bug ID: 1172636 Summary: mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240). [fedora-19] Product: Fedora Version: 19 Component: mingw-freetype Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1172633 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. fedora-19 tracking bug for mingw-freetype: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1172633 [Bug 1172633] freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240). -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Ey2mHWzF6A&a=cc_unsubscribe

9 years, 3 months

1
3
0 / 0

[Bug 1176410] New: [abrt] mingw64-binutils: make_import_fixup_mark(): ld killed by SIGSEGV

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1176410 Bug ID: 1176410 Summary: [abrt] mingw64-binutils: make_import_fixup_mark(): ld killed by SIGSEGV Product: Fedora Version: 20 Component: mingw-binutils Assignee: erik-fedora(a)vanpienbroek.nl Reporter: Bill(a)WRLee.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, ktietz(a)redhat.com, rjones(a)redhat.com Description of problem: Attempting to compile and link a simple c++ test program using MinGW. Version-Release number of selected component: mingw64-binutils-2.23.52.0.1-2.fc20 Additional info: reporter: libreport-2.2.3 backtrace_rating: 4 cmdline: /usr/lib64/gcc/x86_64-w64-mingw32/4.8.3/../../../../x86_64-w64-mingw32/bin/ld --sysroot=/usr/x86_64-w64-mingw32/sys-root -m i386pep -Bdynamic -o testDelimited_Strings /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/crt2.o /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/crtbegin.o -L/usr/lib64/gcc/x86_64-w64-mingw32/4.8.3 -L/usr/lib64/gcc/x86_64-w64-mingw32/4.8.3/../../../../x86_64-w64-mingw32/lib/../lib -L/usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib -L/usr/lib64/gcc/x86_64-w64-mingw32/4.8.3/../../../../x86_64-w64-mingw32/lib -L/usr/x86_64-w64-mingw32/sys-root/mingw/lib /tmp/ccf402pN.o Delimited_Strings.o -lpdcurses -lpthread -lusb-1.0 -lstdc++ -lmingw32 -lgcc_s -lgcc -lmoldname -lmingwex -lmsvcrt -ladvapi32 -lshell32 -luser32 -lkernel32 -lmingw32 -lgcc_s -lgcc -lmoldname -lmingwex -lmsvcrt /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/crtend.o crash_function: make_import_fixup_mark executable: /usr/x86_64-w64-mingw32/bin/ld kernel: 3.17.6-200.fc20.x86_64 runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (7 frames) #1 make_import_fixup_mark at ../../ld/pe-dll.c:2409 #2 pep_create_import_fixup at ../../ld/pe-dll.c:2613 #3 make_import_fixup at ei386pep.c:1037 #4 pep_walk_relocs_of_symbol at ../../ld/pe-dll.c:1302 #5 pep_find_data_imports at ei386pep.c:1092 #6 gld_i386pep_after_open at ei386pep.c:1191 #7 lang_process at ../../ld/ldlang.c:6713 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=z6fTZ7N6RN&a=cc_unsubscribe

9 years, 3 months

1
5
0 / 0

[Bug 1177576] New: mingw-binutils conflicts rhel6 mingw32-binutils

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1177576 Bug ID: 1177576 Summary: mingw-binutils conflicts rhel6 mingw32-binutils Product: Fedora EPEL Version: el6 Component: mingw-binutils Severity: high Assignee: erik-fedora(a)vanpienbroek.nl Reporter: tis(a)foobar.fi QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com Description of problem: mingw-binutils provide mingw32-binutils which updates same package from rhel6. Please adjust the package or unpush it. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=7cCBr3DGjs&a=cc_unsubscribe

9 years, 3 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw December 2014