https://bugzilla.redhat.com/show_bug.cgi?id=1162621
Bug ID: 1162621
Summary: CVE-2014-8504 binutils: stack overflow in the SREC
parser
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
Stack overflow issue was reported [1] in SREC parser in binutils.
Upstream patch that fixes this issue is at [2].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
[2]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d7…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bHcxYEBDhk&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162607
Bug ID: 1162607
Summary: CVE-2014-8503 binutils: stack overflow in objdump when
parsing specially crafted ihex file
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
Stack overflow was reported [1] in objdump when parsing a crafted ihex file
[2].
Upstream patch is at [3].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
[2]: https://sourceware.org/bugzilla/attachment.cgi?id=7869
[3]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fWj88qzSHL&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1162570
Bug ID: 1162570
Summary: CVE-2014-8501 binutils: out-of-bounds write when
parsing specially crafted PE executable
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bgollahe(a)redhat.com, dan(a)danny.cz,
dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jakub(a)redhat.com, kalevlember(a)gmail.com,
kanderso(a)redhat.com, ktietz(a)redhat.com,
law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk,
mfranc(a)redhat.com, mhlavink(a)redhat.com,
nickc(a)redhat.com, ohudlick(a)redhat.com,
pfrankli(a)redhat.com, rjones(a)redhat.com,
rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com,
swhiteho(a)redhat.com, thibault.north(a)gmail.com,
tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com
It was reported [1] that running strings, nm or objdump on a constructed PE
file [2] leads to out-of bounds write to an unitialized memory area.
Upstream path for this issue is at [3].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c0
[2]: https://sourceware.org/bugzilla/attachment.cgi?id=7849
[3]:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24ae…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xVCMYjG9bG&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1212162
Bug ID: 1212162
Summary: Exception handling corrupts a VLA
Product: Fedora
Version: 21
Component: mingw32-gcc
Assignee: rjones(a)redhat.com
Reporter: hedayatv(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, rjones(a)redhat.com
Description of problem:
Code:
-----------------------------------------------------------------
#include <iostream>
#include <cstring>
#include <sstream>
#include <stdexcept>
using namespace std;
int main(int argc, char **argv)
{
int n;
stringstream ss(argv[1]);
ss >> n;
cout << "N: " << n << endl;
char tbuff[n];
try
{
memset(tbuff, 0, n);
throw runtime_error("ERR");
}
catch (exception &e)
{
cout << "Writing to VLA" << endl;
memset(tbuff, 0, n);
cout << "Wrote" << endl;
}
}
-----------------------------------------------------------------
Compiled with:
/usr/bin/i686-w64-mingw32-g++ -O2 test.cpp -o t
Run with wine (similar results under Windows) results in crash:
[]% ./t 100
fixme:winediag:start_process Wine Staging is a testing version containing
experimental patches.
fixme:winediag:start_process Please report bugs at http://bugs.wine-staging.com
(instead of winehq.org)
N: 100
Writing to VLA
wine: Unhandled page fault on read access to 0x00000000 at address (nil)
(thread 0009), starting debugger...
Unhandled exception: page fault on read access to 0x00000000 in 32-bit code
(0x00000000).
....
Version-Release number of selected component (if applicable):
mingw32-gcc-c++-4.9.2-1.fc21.x86_64
How reproducible:
100%
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fSJiOBofWA&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=858062
Bug ID: 858062
QA Contact: extras-qa(a)fedoraproject.org
Severity: unspecified
Version: rawhide
Priority: unspecified
CC: fedora-mingw(a)lists.fedoraproject.org,
notting(a)redhat.com,
package-review(a)lists.fedoraproject.org
Assignee: nobody(a)fedoraproject.org
Summary: Review Request: mingw-qt5-qtactiveqt - Qt5 for Windows
- QtActiveQt component
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: erik-fedora(a)vanpienbroek.nl
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: Package Review
Product: Fedora
Spec URL:
http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtactiveqt/mingw-qt5-qtac…
SRPM URL:
http://ftd4linux.nl/contrib/mingw-qt5-qtactiveqt-5.0.0-0.1.beta1.fc17.src.r…
Fedora Account System Username: epienbro
Description:
This package contains the Qt software toolkit for developing
cross-platform applications.
This is the Windows version of Qt, for use in conjunction with the
Fedora Windows cross-compiler.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1124436
--- Comment #13 from Fedora End Of Life <endoflife(a)fedoraproject.org> ---
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora 'version'
of '20'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.
Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 20 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lSXWBxU2UG&a=cc_unsubscribe
Hello,
After the nettle rebuild GnuTLS has also bumped ABI.
We need rebuilds of:
mingw-glib-networking
mingw-gvnc
mingw-libmicrohttpd
mingw-libvirt
I will take care of libmicrohttpd.
Thanks,
Michael