July 2014 - mingw - Fedora Mailing-Lists

[Bug 1043745] New: CVE-2013-6425 mingw32-pixman: pixman: integer underflow when handling trapezoids [epel-5]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1043745 Bug ID: 1043745 Summary: CVE-2013-6425 mingw32-pixman: pixman: integer underflow when handling trapezoids [epel-5] Product: Fedora EPEL Version: el5 Component: mingw32-pixman Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: rjones(a)redhat.com Reporter: huzaifas(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, kraxel(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1037975 (CVE-2013-6425) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. epel-5 tracking bug for mingw32-pixman: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1037975 [Bug 1037975] CVE-2013-6425 pixman: integer underflow when handling trapezoids -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dUydcKwZkZ&a=cc_unsubscribe

9 years, 7 months

1
6
0 / 0

[Bug 1031741] New: CVE-2013-6629 mingw32-libjpeg: libjpeg: information leak (read of uninitialized memory) [epel-5]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1031741 Bug ID: 1031741 Summary: CVE-2013-6629 mingw32-libjpeg: libjpeg: information leak (read of uninitialized memory) [epel-5] Product: Fedora EPEL Version: el5 Component: mingw32-libjpeg Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: vdanen(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1031734 (CVE-2013-6629) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. epel-5 tracking bug for mingw32-libjpeg: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1031734 [Bug 1031734] CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ePkXw0rUxC&a=cc_unsubscribe

9 years, 7 months

1
6
0 / 0

[Bug 858914] New: CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation [epel-5]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=858914 Bug ID: 858914 Keywords: Security, SecurityTracking Blocks: 822109 (CVE-2011-3102) QA Contact: extras-qa(a)fedoraproject.org Severity: low Version: el5 Priority: low CC: fedora-mingw(a)lists.fedoraproject.org, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Assignee: rjones(a)redhat.com Summary: CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation [epel-5] Regression: --- Story Points: --- Classification: Fedora OS: Linux Reporter: huzaifas(a)redhat.com Type: --- Documentation: --- Hardware: All Mount Type: --- Status: NEW Component: mingw32-libxml2 Product: Fedora EPEL This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include this bug ID and the bug IDs of this bug's parent bugs filed against the "Security Response" product (the top-level CVE bugs). Please mention the CVE IDs being fixed in the RPM changelog when available. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=822109 epel-5 tracking bug for mingw32-libxml2: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] -- You are receiving this mail because: You are on the CC list for the bug.

9 years, 7 months

1
5
0 / 0

[Bug 795700] New: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [epel-5]

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=795700 Summary: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [epel-5] Product: Fedora EPEL Version: el5 Platform: All OS/Version: Linux Status: NEW Keywords: Security, SecurityTracking Severity: medium Priority: medium Component: mingw32-libxml2 AssignedTo: rjones(a)redhat.com ReportedBy: huzaifas(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: lfarkas(a)lfarkas.org, veillard(a)redhat.com, rjones(a)redhat.com, fedora-mingw(a)lists.fedoraproject.org Blocks: 787067 Classification: Fedora Story Points: --- Type: --- Regression: --- Mount Type: --- Documentation: --- This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include this bug ID and the bug IDs of this bug's parent bugs filed against the "Security Response" product (the top-level CVE bugs). Please mention the CVE IDs being fixed in the RPM changelog when available. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=787067 epel-5 tracking bug for mingw32-libxml2: see blocks bug list for full details of the security issue(s). [bug automatically created by: add-tracking-bugs] -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

9 years, 7 months

1
2
0 / 0

[Bug 721312] New: CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray [epel-5]

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray [epel-5] https://bugzilla.redhat.com/show_bug.cgi?id=721312 Summary: CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray [epel-5] Product: Fedora EPEL Version: el5 Platform: All OS/Version: Linux Status: NEW Keywords: Security, SecurityTracking Severity: medium Priority: medium Component: mingw32-libpng AssignedTo: rjones(a)redhat.com ReportedBy: huzaifas(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: lfarkas(a)lfarkas.org, rjones(a)redhat.com, fedora-mingw(a)lists.fedoraproject.org Blocks: 720607 Classification: Fedora Story Points: --- epel-5 tracking bug for mingw32-libpng: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the 'blocks' bugs. [bug automatically created by: add-tracking-bugs] -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

9 years, 7 months

1
4
0 / 0

[Bug 1124368] New: mingw32-crt has wrong value for in6addr_loopback

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1124368 Bug ID: 1124368 Summary: mingw32-crt has wrong value for in6addr_loopback Product: Fedora EPEL Version: epel7 Component: mingw32-w32api Assignee: rjones(a)redhat.com Reporter: chris(a)edesix.com QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, lfarkas(a)lfarkas.org, rjones(a)redhat.com The value of _in6addr_loopback is wrong. It should be ::1, but is :: (all zeros). See the "Contents of section .rdata" in the objdump snippet below... $ rpm -q -f /usr/i686-w64-mingw32/sys-root/mingw/lib/libws2_32.a mingw32-crt-3.1.999-0.10.trunk.gitb8e816.20140530.el7.noarch $ i686-w64-mingw32-objdump -x -s /usr/i686-w64-mingw32/sys-root/mingw/lib/libws2_32.a [snip] SYMBOL TABLE: [ 0](sec 1)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .text AUX scnlen 0x0 nreloc 0 nlnno 0 [ 2](sec 2)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .data AUX scnlen 0x0 nreloc 0 nlnno 0 [ 4](sec 3)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .bss AUX scnlen 0x0 nreloc 0 nlnno 0 [ 6](sec 4)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .rdata AUX scnlen 0x20 nreloc 0 nlnno 0 [ 8](sec 5)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .rdata$zzz AUX scnlen 0x35 nreloc 0 nlnno 0 [ 10](sec 4)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000 _in6addr_loopback [ 11](sec 4)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000010 _in6addr_any Contents of section .rdata: 0000 00000000 00000000 00000000 00000000 ................ 0010 00000000 00000000 00000000 00000000 ................ Contents of section .rdata$zzz: 0000 4743433a 2028474e 55292034 2e392e30 GCC: (GNU) 4.9.0 0010 20323031 34303432 32202846 65646f72 20140422 (Fedor 0020 61204d69 6e475720 342e392e 302d312e a MinGW 4.9.0-1. 0030 656c3729 00000000 el7).... [snip] This is what it should look like - from Fedora 20... $ rpm -q -f /usr/i686-w64-mingw32/sys-root/mingw/lib/libws2_32.a mingw32-crt-3.1.0-3.fc20.noarch $ i686-w64-mingw32-objdump -x -s /usr/i686-w64-mingw32/sys-root/mingw/lib/libws2_32.a [snip] SYMBOL TABLE: [ 0](sec 1)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .text AUX scnlen 0x0 nreloc 0 nlnno 0 [ 2](sec 2)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .data AUX scnlen 0x0 nreloc 0 nlnno 0 [ 4](sec 3)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .bss AUX scnlen 0x0 nreloc 0 nlnno 0 [ 6](sec 4)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .rdata AUX scnlen 0x20 nreloc 0 nlnno 0 [ 8](sec 5)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .rdata$zzz AUX scnlen 0x36 nreloc 0 nlnno 0 [ 10](sec 4)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000 _in6addr_loopback [ 11](sec 4)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000010 _in6addr_any Contents of section .rdata: 0000 00000000 00000000 00000000 00000001 ................ 0010 00000000 00000000 00000000 00000000 ................ Contents of section .rdata$zzz: 0000 4743433a 2028474e 55292034 2e382e32 GCC: (GNU) 4.8.2 0010 20323031 33313031 36202846 65646f72 20131016 (Fedor 0020 61204d69 6e475720 342e382e 322d312e a MinGW 4.8.2-1. 0030 66633230 29000000 fc20)... [snip] I've logged this issue under mimgw32-w32api because there is no mingw32-crt component. Regards, Chris. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=M0G9g4JaAZ&a=cc_unsubscribe

9 years, 8 months

1
6
0 / 0

[PkgDB] rjones:mingw32-pixman commit set to Approved

by Fedora PackageDB

user: rjones set for kraxel acl: commit of package: mingw32-pixman from: Awaiting Review to: Approved on branch: el6 To make changes to this package see: https://admin.fedoraproject.org/pkgdb/package/mingw32-pixman

9 years, 8 months

1
0
0 / 0

[PkgDB] rjones:mingw32-pixman commit set to Approved

by Fedora PackageDB

user: rjones set for kraxel acl: commit of package: mingw32-pixman from: Awaiting Review to: Approved on branch: master To make changes to this package see: https://admin.fedoraproject.org/pkgdb/package/mingw32-pixman

9 years, 8 months

1
0
0 / 0

[PkgDB] rjones:mingw32-glib2 commit set to Approved

by Fedora PackageDB

user: rjones set for kalev acl: commit of package: mingw32-glib2 from: Awaiting Review to: Approved on branch: master To make changes to this package see: https://admin.fedoraproject.org/pkgdb/package/mingw32-glib2

9 years, 8 months

1
0
0 / 0

[PkgDB] rjones:mingw32-glib2 commit set to Approved

by Fedora PackageDB

user: rjones set for epienbro acl: commit of package: mingw32-glib2 from: Awaiting Review to: Approved on branch: el6 To make changes to this package see: https://admin.fedoraproject.org/pkgdb/package/mingw32-glib2

9 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw July 2014