[Bug 1281758] New: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1281758
Bug ID: 1281758
Summary: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow
vulnerabilities in png_get_PLTE/png_set_PLTE functions
[fedora-all]
Product: Fedora
Version: 23
Component: mingw-libpng
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1281756 (CVE-2015-8126)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
[Bug 1281756] CVE-2015-8126 libpng: Buffer overflow vulnerabilities in
png_get_PLTE/png_set_PLTE functions
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ji6RpkSOYr&a=cc_unsubscribe
8 years, 4 months
[Bug 886320] Review Request: mingw-nspr - MinGW build of Netscape
Portable Runtime
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=886320
Erik van Pienbroek <erik-fedora(a)vanpienbroek.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |erik-fedora(a)vanpienbroek.nl
--- Comment #11 from Erik van Pienbroek <erik-fedora(a)vanpienbroek.nl> ---
@Greg Hellings: are you talking about mingw-dlfcn? That package currently isn't
in EPEL7 yet, but are you sure that nspr really requires it?
Basically mingw-dlfcn is just a wrapper for the unix-specific functions
dlopen/dlclose/dlsym. The Win32 API functions LoadLibrary, FreeLibrary and
GetProcAddress are their Windows equivalents.
I would expect that nspr uses these Win32 API functions already in their native
Windows builds. If this really is the case then it is preferred to use the
Win32 API directly instead of using a wrapper library (to avoid dependency
bloat and to remain as close to upstream packaging as possible).
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Xpk7zhJ9cd&a=cc_unsubscribe
8 years, 4 months