https://bugzilla.redhat.com/show_bug.cgi?id=1086514
Bug ID: 1086514
Summary: CVE-2013-7353 Integer overflow leading to a heap-based
buffer overflow in png_set_unknown_chunks()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: huzaifas(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jkoncick(a)redhat.com, jkurik(a)redhat.com,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
pfrields(a)redhat.com, phracek(a)redhat.com,
rjones(a)redhat.com
An integer overflow leading to a heap-based buffer overflow was found in the
png_set_unknown_chunks() API function of libpng. A attacker could create a
specially-crafated image file and render it with an application written to
explicitly call png_set_unknown_chunks() function, could cause libpng to crash
or execute arbitrary code with the permissions of the user running such an
application.
The vendor mentions that internal calls use safe values. These issues could
potentially affect applications that use the libpng API. Apparently no such
applications were identified.
Reference:
http://sourceforge.net/p/libpng/bugs/199/http://seclists.org/oss-sec/2014/q2/83
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1086516
Bug ID: 1086516
Summary: CVE-2013-7354 Integer overflow leading to a heap-based
buffer overflow in png_set_sPLT() and png_set_text_2()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: huzaifas(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jkoncick(a)redhat.com, jkurik(a)redhat.com,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
pfrields(a)redhat.com, phracek(a)redhat.com,
rjones(a)redhat.com
An integer overflow leading to a heap-based buffer overflow was found in the
png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could
create a specially-crafated image file and render it with an application
written to explicitly call png_set_sPLT() or png_set_text_2() function, could
cause libpng to crash or execute arbitrary code with the permissions of the
user running such an application.
The vendor mentions that internal calls use safe values. These issues could
potentially affect applications that use the libpng API. Apparently no such
applications were identified.
Reference:
http://sourceforge.net/p/libpng/bugs/199/http://seclists.org/oss-sec/2014/q2/83
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=858062
Bug ID: 858062
QA Contact: extras-qa(a)fedoraproject.org
Severity: unspecified
Version: rawhide
Priority: unspecified
CC: fedora-mingw(a)lists.fedoraproject.org,
notting(a)redhat.com,
package-review(a)lists.fedoraproject.org
Assignee: nobody(a)fedoraproject.org
Summary: Review Request: mingw-qt5-qtactiveqt - Qt5 for Windows
- QtActiveQt component
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: erik-fedora(a)vanpienbroek.nl
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: Package Review
Product: Fedora
Spec URL:
http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtactiveqt/mingw-qt5-qtac…
SRPM URL:
http://ftd4linux.nl/contrib/mingw-qt5-qtactiveqt-5.0.0-0.1.beta1.fc17.src.r…
Fedora Account System Username: epienbro
Description:
This package contains the Qt software toolkit for developing
cross-platform applications.
This is the Windows version of Qt, for use in conjunction with the
Fedora Windows cross-compiler.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=858085
Bug ID: 858085
QA Contact: extras-qa(a)fedoraproject.org
Severity: unspecified
Version: rawhide
Priority: unspecified
CC: fedora-mingw(a)lists.fedoraproject.org,
notting(a)redhat.com,
package-review(a)lists.fedoraproject.org
Assignee: nobody(a)fedoraproject.org
Summary: Review Request: mingw-qt5-qtxmlpatterns - Qt5 for
Windows - QtXmlPatterns component
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: erik-fedora(a)vanpienbroek.nl
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: Package Review
Product: Fedora
Spec URL:
http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtxmlpatterns/mingw-qt5-q…
SRPM URL:
http://ftd4linux.nl/contrib/mingw-qt5-qtxmlpatterns-5.0.0-0.1.beta1.fc17.sr…
Fedora Account System Username: epienbro
Description:
This package contains the Qt software toolkit for developing
cross-platform applications.
This is the Windows version of Qt, for use in conjunction with the
Fedora Windows cross-compiler.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=858058
Bug ID: 858058
QA Contact: extras-qa(a)fedoraproject.org
Severity: unspecified
Version: rawhide
Priority: unspecified
CC: fedora-mingw(a)lists.fedoraproject.org,
notting(a)redhat.com,
package-review(a)lists.fedoraproject.org
Assignee: nobody(a)fedoraproject.org
Summary: Review Request: mingw-qt5-qtbase - Qt5 for Windows -
QtBase component
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: erik-fedora(a)vanpienbroek.nl
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: Package Review
Product: Fedora
Spec URL:
http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtbase/mingw-qt5-qtbase.s…
SRPM URL:
http://ftd4linux.nl/contrib/mingw-qt5-qtbase-5.0.0-0.10.beta1.fc17.src.rpm
Fedora Account System Username: epienbro
Description:
This package contains the Qt software toolkit for developing
cross-platform applications.
This is the Windows version of Qt, for use in conjunction with the
Fedora Windows cross-compiler.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=858063
Bug ID: 858063
QA Contact: extras-qa(a)fedoraproject.org
Severity: unspecified
Version: rawhide
Priority: unspecified
CC: fedora-mingw(a)lists.fedoraproject.org,
notting(a)redhat.com,
package-review(a)lists.fedoraproject.org
Assignee: nobody(a)fedoraproject.org
Summary: Review Request: mingw-qt5-qtconnectivity - Qt5 for
Windows - QtConnectivity component
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: erik-fedora(a)vanpienbroek.nl
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: Package Review
Product: Fedora
Spec URL:
http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtconnectivity/mingw-qt5-…
SRPM URL:
http://ftd4linux.nl/contrib/mingw-qt5-qtconnectivity-5.0.0-0.1.beta1.fc17.s…
Fedora Account System Username: epienbro
Description:
This package contains the Qt software toolkit for developing
cross-platform applications.
This is the Windows version of Qt, for use in conjunction with the
Fedora Windows cross-compiler.
--
You are receiving this mail because:
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Review request: mingw-pkg-config - MinGW Windows pkg-config tool for cross compiling
https://bugzilla.redhat.com/show_bug.cgi?id=786151
Summary: Review request: mingw-pkg-config - MinGW Windows
pkg-config tool for cross compiling
Product: Fedora
Version: rawhide
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: Package Review
AssignedTo: nobody(a)fedoraproject.org
ReportedBy: erik-fedora(a)vanpienbroek.nl
QAContact: extras-qa(a)fedoraproject.org
CC: notting(a)redhat.com,
fedora-mingw(a)lists.fedoraproject.org,
package-review(a)lists.fedoraproject.org
Classification: Fedora
Story Points: ---
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Spec URL: http://ftd4linux.nl/contrib/mingw-pkg-config.spec
SRPM URL: http://ftd4linux.nl/contrib/mingw-pkg-config-0.26-1.fc16.src.rpm
Description:
The pkgconfig tool determines compilation options. For each required
library, it reads the configuration file and outputs the necessary
compiler and linker flags.
This package contains pkg-config tool for cross compiling with the MinGW
toolchain.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.