May 2015 - mingw - Fedora Mailing-Lists

[Bug 1162621] New: CVE-2014-8504 binutils: stack overflow in the SREC parser

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Bug ID: 1162621 Summary: CVE-2014-8504 binutils: stack overflow in the SREC parser Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com Stack overflow issue was reported [1] in SREC parser in binutils. Upstream patch that fixes this issue is at [2]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7 [2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bHcxYEBDhk&a=cc_unsubscribe

8 years, 5 months

1
42
0 / 0

[Bug 1162607] New: CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex file

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162607 Bug ID: 1162607 Summary: CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex file Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com Stack overflow was reported [1] in objdump when parsing a crafted ihex file [2]. Upstream patch is at [3]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7869 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc5... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fWj88qzSHL&a=cc_unsubscribe

8 years, 5 months

1
31
0 / 0

[Bug 1162594] New: CVE-2014-8502 binutils: heap overflow in objdump

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug ID: 1162594 Summary: CVE-2014-8502 binutils: heap overflow in objdump Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com A heap overflow was reborted [1] when running objdump on a specially crafted PE executable [2]. Upstream patches that address this are at [3] and [4]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7862 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30... [4]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=acafeb6056bec4... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=pnYCBTnBr5&a=cc_unsubscribe

8 years, 5 months

1
44
0 / 0

[Bug 1162570] New: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug ID: 1162570 Summary: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com It was reported [1] that running strings, nm or objdump on a constructed PE file [2] leads to out-of bounds write to an unitialized memory area. Upstream path for this issue is at [3]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c0 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7849 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xVCMYjG9bG&a=cc_unsubscribe

8 years, 5 months

1
39
0 / 0

[Bug 1212162] New: Exception handling corrupts a VLA

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1212162 Bug ID: 1212162 Summary: Exception handling corrupts a VLA Product: Fedora Version: 21 Component: mingw32-gcc Assignee: rjones(a)redhat.com Reporter: hedayatv(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, rjones(a)redhat.com Description of problem: Code: ----------------------------------------------------------------- #include <iostream> #include <cstring> #include <sstream> #include <stdexcept> using namespace std; int main(int argc, char **argv) { int n; stringstream ss(argv[1]); ss >> n; cout << "N: " << n << endl; char tbuff[n]; try { memset(tbuff, 0, n); throw runtime_error("ERR"); } catch (exception &e) { cout << "Writing to VLA" << endl; memset(tbuff, 0, n); cout << "Wrote" << endl; } } ----------------------------------------------------------------- Compiled with: /usr/bin/i686-w64-mingw32-g++ -O2 test.cpp -o t Run with wine (similar results under Windows) results in crash: []% ./t 100 fixme:winediag:start_process Wine Staging is a testing version containing experimental patches. fixme:winediag:start_process Please report bugs at http://bugs.wine-staging.com (instead of winehq.org). N: 100 Writing to VLA wine: Unhandled page fault on read access to 0x00000000 at address (nil) (thread 0009), starting debugger... Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x00000000). .... Version-Release number of selected component (if applicable): mingw32-gcc-c++-4.9.2-1.fc21.x86_64 How reproducible: 100% -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fSJiOBofWA&a=cc_unsubscribe

8 years, 5 months

1
5
0 / 0

[Bug 1205458] New: Review Request: mingw-qt5-qtwebchannel - Qt5 for Windows - QtWebChannel component

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1205458 Bug ID: 1205458 Summary: Review Request: mingw-qt5-qtwebchannel - Qt5 for Windows - QtWebChannel component Product: Fedora Version: 21 Component: Package Review Assignee: nobody(a)fedoraproject.org Reporter: erik-fedora(a)vanpienbroek.nl QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, package-review(a)lists.fedoraproject.org Spec URL: http://svn.nntpgrab.nl/svn/fedora_cross/mingw-qt5-qtwebchannel/mingw-qt5-... SRPM URL: http://koji.vanpienbroek.nl/kojifiles/packages/mingw-qt5-qtwebchannel/5.4... Koji scratch build: https://koji.vanpienbroek.nl/koji/buildinfo?buildID=256 Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=amKXe8w2cr&a=cc_unsubscribe

8 years, 5 months

1
3
0 / 0

[Bug 858062] New: Review Request: mingw-qt5-qtactiveqt - Qt5 for Windows - QtActiveQt component

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=858062 Bug ID: 858062 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-qt5-qtactiveqt - Qt5 for Windows - QtActiveQt component Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: erik-fedora(a)vanpienbroek.nl Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtactiveqt/mingw-qt5-qt... SRPM URL: http://ftd4linux.nl/contrib/mingw-qt5-qtactiveqt-5.0.0-0.1.beta1.fc17.src... Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 9 months

1
26
0 / 0

[Bug 1057910] New: Review Request: mingw-qt5-qtserialport - Qt5 for Windows - QtSerialPort component

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1057910 Bug ID: 1057910 Summary: Review Request: mingw-qt5-qtserialport - Qt5 for Windows - QtSerialPort component Product: Fedora Version: rawhide Component: Package Review Severity: medium Priority: medium Assignee: nobody(a)fedoraproject.org Reporter: erik-fedora(a)vanpienbroek.nl QA Contact: extras-qa(a)fedoraproject.org CC: fedora-mingw(a)lists.fedoraproject.org, package-review(a)lists.fedoraproject.org Spec URL: http://svn.nntpgrab.nl/svn/fedora_cross/mingw-qt5-qtserialport/mingw-qt5-... SRPM URL: http://koji.vanpienbroek.nl/kojifiles/packages/mingw-qt5-qtserialport/5.2... Koji scratch build: http://koji.vanpienbroek.nl/koji/buildinfo?buildID=187 Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=cAZZzKe8ME&a=cc_unsubscribe

8 years, 9 months

1
4
0 / 0

[Bug 1124436] libtool wrapper corrupts command line on Windows

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1124436 --- Comment #13 from Fedora End Of Life <endoflife(a)fedoraproject.org> --- This message is a reminder that Fedora 20 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 20. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '20'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 20 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lSXWBxU2UG&a=cc_unsubscribe

8 years, 10 months

1
0
0 / 0

GnuTLS 3.4 is now in rawhide

by Michael Cronenworth

Hello, After the nettle rebuild GnuTLS has also bumped ABI. We need rebuilds of: mingw-glib-networking mingw-gvnc mingw-libmicrohttpd mingw-libvirt I will take care of libmicrohttpd. Thanks, Michael

8 years, 11 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw May 2015