[Bug 1277149] New: mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1277149
Bug ID: 1277149
Summary: mingw-libxml2: libxml2: DoS when parsing specially
crafted XML document if XZ support is enabled
[fedora-all]
Product: Fedora
Version: 22
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1277146
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
[Bug 1277146] libxml2: DoS when parsing specially crafted XML document if
XZ support is enabled
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6QqISaRX8I&a=cc_unsubscribe
8 years, 1 month
[Bug 1276299] New: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1276299
Bug ID: 1276299
Summary: CVE-2015-7942 mingw-libxml2: libxml2: heap-based
buffer overflow in xmlParseConditionalSections()
[fedora-all]
Product: Fedora
Version: 22
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: mprpic(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1276297 (CVE-2015-7942)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
[Bug 1276297] CVE-2015-7942 libxml2: heap-based buffer overflow in
xmlParseConditionalSections()
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fZhozt3A5i&a=cc_unsubscribe
8 years, 1 month
[Bug 1274225] New: mingw-libxml2: libxml2: Out-of-bounds memory access [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1274225
Bug ID: 1274225
Summary: mingw-libxml2: libxml2: Out-of-bounds memory access
[fedora-all]
Product: Fedora
Version: 22
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1274222
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
[Bug 1274222] libxml2: Out-of-bounds memory access
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wUyBa6ppBZ&a=cc_unsubscribe
8 years, 1 month
[Bug 1262853] New: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1262853
Bug ID: 1262853
Summary: mingw-libxml2: libxml2: Out-of-bounds memory access
when parsing unclosed HTMl comment [fedora-all]
Product: Fedora
Version: 22
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1262849
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
[Bug 1262849] libxml2: Out-of-bounds memory access when parsing unclosed
HTMl comment
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=LE5Z3j5KiV&a=cc_unsubscribe
8 years, 1 month
[Bug 1281756] New: CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
Bug ID: 1281756
Summary: CVE-2015-8126 libpng: Buffer overflow vulnerabilities
in png_get_PLTE/png_set_PLTE functions
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
paul(a)city-fan.org, phracek(a)redhat.com,
rjones(a)redhat.com
Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,
allowing remote attackers to cause DoS to application or have unspecified other
impact. These functions failed to check for an out-of-range palette when
reading or writing PNG files with a bit_depth less than 8. Some applications
might read the bit depth from the IHDR chunk and allocate memory for a 2^N
entry palette, while libpng can return a palette with up to 256 entries even
when the bit depth is less than 8.
Affected versions of libpng are before 1.0.64, 1.1.x and 1.2.x before 1.2.54,
1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19.
Upstream patches:
https://github.com/glennrp/libpng/commit/81f44665cce4cb1373f049a76f3904e9...
https://github.com/glennrp/libpng/commit/a901eb3ce6087e0afeef988247f1a1aa...
https://github.com/glennrp/libpng/commit/1bef8e97995c33123665582e57d3ed40...
https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c3...
CVE assignment:
http://seclists.org/oss-sec/2015/q4/264
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kwjqAGuHqm&a=cc_unsubscribe
8 years, 1 month
[Bug 1268248] New: Mingwfortran compiled programs hang on open statement
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1268248
Bug ID: 1268248
Summary: Mingwfortran compiled programs hang on open statement
Product: Fedora
Version: 22
Component: mingw32-gcc
Severity: high
Assignee: rjones(a)redhat.com
Reporter: joukj(a)hrem.nano.tudelft.nl
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
klember(a)redhat.com, rjones(a)redhat.com
Description of problem:Open statement does not work in compiled fortran
programs
See also http://sourceforge.net/p/mingw-w64/bugs/487/
On the said website there is some indication that it might be solved in a newer
version. Is it possible that packages of mingw32/64 been made for a newer
version and placed in the testing repoitory?
Version-Release number of selected component (if applicable):
5.1.0-2
How reproducible:
Always
Steps to Reproduce:
1.compile a program with the statement "open(file=xxx,status='old')"
2.run it on a windows machine
3.
Actual results:
Program hangs
Expected results:
program opening the existing file
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HQhCSMKYEv&a=cc_unsubscribe
8 years, 3 months
[Bug 1213959] New: mingw-libxml2: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1213959
Bug ID: 1213959
Summary: mingw-libxml2: libxml2: out-of-bounds memory access
when parsing an unclosed HTML comment [fedora-all]
Product: Fedora
Version: 21
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1213957
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1213957
[Bug 1213957] libxml2: out-of-bounds memory access when parsing an unclosed
HTML comment
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=phFs7mCvb2&a=cc_unsubscribe
8 years, 3 months