[Bug 1043745] New: CVE-2013-6425 mingw32-pixman: pixman: integer underflow when handling trapezoids [epel-5]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1043745
Bug ID: 1043745
Summary: CVE-2013-6425 mingw32-pixman: pixman: integer
underflow when handling trapezoids [epel-5]
Product: Fedora EPEL
Version: el5
Component: mingw32-pixman
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: rjones(a)redhat.com
Reporter: huzaifas(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fedora-mingw(a)lists.fedoraproject.org,
kraxel(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1037975 (CVE-2013-6425)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug for mingw32-pixman: see blocks bug list for full details of
the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1037975
[Bug 1037975] CVE-2013-6425 pixman: integer underflow when handling
trapezoids
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dUydcKwZkZ&a=cc_unsubscribe
9 years, 7 months
[Bug 1031741] New: CVE-2013-6629 mingw32-libjpeg: libjpeg: information leak (read of uninitialized memory) [epel-5]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1031741
Bug ID: 1031741
Summary: CVE-2013-6629 mingw32-libjpeg: libjpeg: information
leak (read of uninitialized memory) [epel-5]
Product: Fedora EPEL
Version: el5
Component: mingw32-libjpeg
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: vdanen(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com
Blocks: 1031734 (CVE-2013-6629)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug for mingw32-libjpeg: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1031734
[Bug 1031734] CVE-2013-6629 libjpeg: information leak (read of
uninitialized memory)
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ePkXw0rUxC&a=cc_unsubscribe
9 years, 7 months
[Bug 858914] New: CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation [epel-5]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=858914
Bug ID: 858914
Keywords: Security, SecurityTracking
Blocks: 822109 (CVE-2011-3102)
QA Contact: extras-qa(a)fedoraproject.org
Severity: low
Version: el5
Priority: low
CC: fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com,
veillard(a)redhat.com
Assignee: rjones(a)redhat.com
Summary: CVE-2011-3102 libxml: An off-by-one out-of-bounds
write by XPointer part evaluation [epel-5]
Regression: ---
Story Points: ---
Classification: Fedora
OS: Linux
Reporter: huzaifas(a)redhat.com
Type: ---
Documentation: ---
Hardware: All
Mount Type: ---
Status: NEW
Component: mingw32-libxml2
Product: Fedora EPEL
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=822109
epel-5 tracking bug for mingw32-libxml2: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 7 months
[Bug 795700] New: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [epel-5]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=795700
Summary: CVE-2012-0841 libxml2: hash table collisions CPU usage
DoS [epel-5]
Product: Fedora EPEL
Version: el5
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Component: mingw32-libxml2
AssignedTo: rjones(a)redhat.com
ReportedBy: huzaifas(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, veillard(a)redhat.com,
rjones(a)redhat.com,
fedora-mingw(a)lists.fedoraproject.org
Blocks: 787067
Classification: Fedora
Story Points: ---
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=787067
epel-5 tracking bug for mingw32-libxml2: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
9 years, 7 months
[Bug 721312] New: CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray [epel-5]
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2011-2690 libpng: buffer overwrite in png_rgb_to_gray [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=721312
Summary: CVE-2011-2690 libpng: buffer overwrite in
png_rgb_to_gray [epel-5]
Product: Fedora EPEL
Version: el5
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Component: mingw32-libpng
AssignedTo: rjones(a)redhat.com
ReportedBy: huzaifas(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: lfarkas(a)lfarkas.org, rjones(a)redhat.com,
fedora-mingw(a)lists.fedoraproject.org
Blocks: 720607
Classification: Fedora
Story Points: ---
epel-5 tracking bug for mingw32-libpng: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
9 years, 7 months
[Bug 1124368] New: mingw32-crt has wrong value for in6addr_loopback
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1124368
Bug ID: 1124368
Summary: mingw32-crt has wrong value for in6addr_loopback
Product: Fedora EPEL
Version: epel7
Component: mingw32-w32api
Assignee: rjones(a)redhat.com
Reporter: chris(a)edesix.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com
The value of _in6addr_loopback is wrong. It should be ::1, but is :: (all
zeros). See the "Contents of section .rdata" in the objdump snippet below...
$ rpm -q -f /usr/i686-w64-mingw32/sys-root/mingw/lib/libws2_32.a
mingw32-crt-3.1.999-0.10.trunk.gitb8e816.20140530.el7.noarch
$ i686-w64-mingw32-objdump -x -s
/usr/i686-w64-mingw32/sys-root/mingw/lib/libws2_32.a
[snip]
SYMBOL TABLE:
[ 0](sec 1)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .text
AUX scnlen 0x0 nreloc 0 nlnno 0
[ 2](sec 2)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .data
AUX scnlen 0x0 nreloc 0 nlnno 0
[ 4](sec 3)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .bss
AUX scnlen 0x0 nreloc 0 nlnno 0
[ 6](sec 4)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .rdata
AUX scnlen 0x20 nreloc 0 nlnno 0
[ 8](sec 5)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .rdata$zzz
AUX scnlen 0x35 nreloc 0 nlnno 0
[ 10](sec 4)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000 _in6addr_loopback
[ 11](sec 4)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000010 _in6addr_any
Contents of section .rdata:
0000 00000000 00000000 00000000 00000000 ................
0010 00000000 00000000 00000000 00000000 ................
Contents of section .rdata$zzz:
0000 4743433a 2028474e 55292034 2e392e30 GCC: (GNU) 4.9.0
0010 20323031 34303432 32202846 65646f72 20140422 (Fedor
0020 61204d69 6e475720 342e392e 302d312e a MinGW 4.9.0-1.
0030 656c3729 00000000 el7)....
[snip]
This is what it should look like - from Fedora 20...
$ rpm -q -f /usr/i686-w64-mingw32/sys-root/mingw/lib/libws2_32.a
mingw32-crt-3.1.0-3.fc20.noarch
$ i686-w64-mingw32-objdump -x -s
/usr/i686-w64-mingw32/sys-root/mingw/lib/libws2_32.a
[snip]
SYMBOL TABLE:
[ 0](sec 1)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .text
AUX scnlen 0x0 nreloc 0 nlnno 0
[ 2](sec 2)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .data
AUX scnlen 0x0 nreloc 0 nlnno 0
[ 4](sec 3)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .bss
AUX scnlen 0x0 nreloc 0 nlnno 0
[ 6](sec 4)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .rdata
AUX scnlen 0x20 nreloc 0 nlnno 0
[ 8](sec 5)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .rdata$zzz
AUX scnlen 0x36 nreloc 0 nlnno 0
[ 10](sec 4)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000 _in6addr_loopback
[ 11](sec 4)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000010 _in6addr_any
Contents of section .rdata:
0000 00000000 00000000 00000000 00000001 ................
0010 00000000 00000000 00000000 00000000 ................
Contents of section .rdata$zzz:
0000 4743433a 2028474e 55292034 2e382e32 GCC: (GNU) 4.8.2
0010 20323031 33313031 36202846 65646f72 20131016 (Fedor
0020 61204d69 6e475720 342e382e 322d312e a MinGW 4.8.2-1.
0030 66633230 29000000 fc20)...
[snip]
I've logged this issue under mimgw32-w32api because there is no mingw32-crt
component.
Regards,
Chris.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=M0G9g4JaAZ&a=cc_unsubscribe
9 years, 8 months