[Bug 1107557] New: CVE-2014-0191 mingw-libxml2: libxml2: external parameter entity loaded when entity substitution is disabled [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1107557
Bug ID: 1107557
Summary: CVE-2014-0191 mingw-libxml2: libxml2: external
parameter entity loaded when entity substitution is
disabled [fedora-all]
Product: Fedora
Version: 20
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: scorneli(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1090976 (CVE-2014-0191)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1090976
[Bug 1090976] CVE-2014-0191 libxml2: external parameter entity loaded when
entity substitution is disabled
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=DIHWxpqdT4&a=cc_unsubscribe
9 years
[Bug 599567] New: mingw32-gcc should not drag in mingw32-pthreads
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: mingw32-gcc should not drag in mingw32-pthreads
https://bugzilla.redhat.com/show_bug.cgi?id=599567
Summary: mingw32-gcc should not drag in mingw32-pthreads
Product: Fedora
Version: 13
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: mingw32-gcc
AssignedTo: rjones(a)redhat.com
ReportedBy: eblake(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: berrange(a)redhat.com, rjones(a)redhat.com,
kalev(a)smartlink.ee,
fedora-mingw(a)lists.fedoraproject.org
Classification: Fedora
Target Release: ---
Description of problem:
mingw32-gcc currently drags in a dependency on mingw32-pthreads, which in turn
forces some namespace pollution due to its buggy <pthread.h> header. It would
be much nicer if the mingw32-pthreads package remained optional, since it can
interfere with cross-compilation efforts to mingw.
Version-Release number of selected component (if applicable):
mingw32-gcc-4.4.2-2.fc13.x86_64
mingw32-pthreads-2.8.0-10.fc13.noarch
How reproducible:
Always
Steps to Reproduce:
1. Install mingw32-gcc
Actual results:
mingw32-pthreads gets sucked in as a required dependency to the cross-compiler.
Expected results:
Mere presence of the cross-compiler shouldn't force the existence of a broken
<pthread.h>. Either the compiler needs to be built without mingw32-pthreads,
or mingw32-pthreads needs to be split into two packages (runtime dependency of
the compiler, vs. development library that installs <pthread.h> for situations
that actually want to use this library in spite of its current upstream flaws).
Additional info:
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
9 years, 2 months
[Bug 641423] New: mingw32-gcc installs files both inside and outside the sysroot
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: mingw32-gcc installs files both inside and outside the sysroot
https://bugzilla.redhat.com/show_bug.cgi?id=641423
Summary: mingw32-gcc installs files both inside and outside the
sysroot
Product: Fedora
Version: 13
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: low
Component: mingw32-gcc
AssignedTo: rjones(a)redhat.com
ReportedBy: pbonzini(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: rjones(a)redhat.com, kalev(a)smartlink.ee,
fedora-mingw(a)lists.fedoraproject.org
Classification: Fedora
Target Release: ---
Description of problem:
mingw32-gcc is a strange hybrid package that installs files both inside and
outside the sysroot. The files in the sysroot should be separated in
mingw32-libgcc.
Version-Release number of selected component (if applicable):
mingw32-gcc-4.4.2-2.fc13.x86_64
Additional info:
This makes the following packages depend incorrectly on mingw32-gcc:
* mingw32-gettext (directly)
* mingw32-pthreads (directly)
* mingw32-atk (indirectly)
* mingw32-glib2 (indirectly)
* mingw32-gtk2 (indirectly)
* mingw32-pango (indirectly)
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
9 years, 2 months