September 2015 - mingw - Fedora Mailing-Lists

[Bug 1213957] New: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1213957 Bug ID: 1213957 Summary: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Following issue was reported in libxml2 (http://seclists.org/oss-sec/2015/q2/214): """ This is an out-of-bounds memory access in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment that was returned to ruby. In Shopify, this caused ruby objects from previous http requests to be disclosed in the rendered page. Link to the issue in libxml2's bugtracker: https://bugzilla.gnome.org/show_bug.cgi?id=746048 A patched version of nokogiri (which uses a embedded libxml2) is available here: https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c9... This bug is still not patched upstream, but both libxml2 and nokogiri developers are aware of the issue. """ No upstream patches exist at the time of creating this Bugzilla. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zRmasjF3dU&a=cc_unsubscribe

7 years, 11 months

1
27
0 / 0

[Bug 1175542] New: Building NASM with mingw-gcc fails in a strange manner

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1175542 Bug ID: 1175542 Summary: Building NASM with mingw-gcc fails in a strange manner Product: Fedora Version: 20 Component: mingw32-gcc Assignee: rjones(a)redhat.com Reporter: hpa(a)zytor.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, rjones(a)redhat.com Description of problem: Building NASM 2.11.07 (or from git) with i686-w63-mingw32 fails with a bunch of duplicate symbol errors. Removing -std=c99 from the command line seems to make it work, but I have not been able to reduce it to a smaller example. Version-Release number of selected component (if applicable): mingw32-gcc-4.8.3-1.fc20.x86_64 How reproducible: 100% Steps to Reproduce: 1. Get NASM 2.11.07 source code. 2. ./autogen.sh 3. ./configure --host=i686-w64-mingw32 4. make Actual results: Build failure with a bunch of strange symbol errors. Expected results: Executables produced. Additional info: -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NINW6IoVUD&a=cc_unsubscribe

8 years, 1 month

1
5
0 / 0

[Bug 1086514] New: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1086514 Bug ID: 1086514 Summary: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe

8 years, 1 month

1
21
0 / 0

[Bug 1086516] New: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1086516 Bug ID: 1086516 Summary: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe

8 years, 1 month

1
29
0 / 0

[Bug 1262377] New: freetype: Infinite loop in parse_encoding in t1load.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1262377 Bug ID: 1262377 Summary: freetype: Infinite loop in parse_encoding in t1load.c Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org, mkasik(a)redhat.com, rjones(a)redhat.com If the Postscript stream contains a broken number-with-base (e.g. "8#garbage") the cursor doesn't advance and parse_encoding enters an infinite loop. Upstream patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6... CVE request: http://seclists.org/oss-sec/2015/q3/537 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Q45dqAndJZ&a=cc_unsubscribe

8 years, 1 month

1
15
0 / 0

[Bug 1213960] New: mingw-libxml2: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment [epel-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1213960 Bug ID: 1213960 Summary: mingw-libxml2: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment [epel-all] Product: Fedora EPEL Version: el6 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1213957 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1213957 [Bug 1213957] libxml2: out-of-bounds memory access when parsing an unclosed HTML comment -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HoEUhKdNiF&a=cc_unsubscribe

8 years, 1 month

1
7
0 / 0

[Bug 1262849] New: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1262849 Bug ID: 1262849 Summary: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment was found in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment. CVE request: http://seclists.org/oss-sec/2015/q3/540 Upstream was notified, but patch is not released yet. However, a patch for nokogiri, which uses embedded libxml2, was proposed: https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c9... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ORcMh1DqE6&a=cc_unsubscribe

8 years, 1 month

1
9
0 / 0

[Bug 1262854] New: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1262854 Bug ID: 1262854 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1262849 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1262849 [Bug 1262849] libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=4KtMCmFhFk&a=cc_unsubscribe

8 years, 1 month

1
7
0 / 0

[Bug 1262853] New: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1262853 Bug ID: 1262853 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all] Product: Fedora Version: 22 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1262849 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1262849 [Bug 1262849] libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=LE5Z3j5KiV&a=cc_unsubscribe

8 years, 2 months

1
11
0 / 0

[Bug 851819] New: Review Request: mingw-sparsehash - MinGW Extremely memory-efficient C++ hash_map implementation

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=851819 Bug ID: 851819 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-sparsehash - MinGW Extremely memory-efficient C++ hash_map implementation Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: t.sailer(a)alumni.ethz.ch Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://sailer.fedorapeople.org/mingw-sparsehash.spec SRPM URL: http://sailer.fedorapeople.org/mingw-sparsehash-2.0.2-1.fc17.src.rpm Description: MinGW Extremely memory-efficient C++ hash_map implementation Approved MinGW packaging guidelines are here: http://fedoraproject.org/wiki/Packaging/MinGW -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 2 months

1
9
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw September 2015