February 2016 - mingw - Fedora Mailing-Lists

[Bug 1301928] New: libxml2: out-of-bounds read in htmlParseNameComplex()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1301928 Bug ID: 1301928 Summary: libxml2: out-of-bounds read in htmlParseNameComplex() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mprpic(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com An out-of-bounds read flaw was reported in libxml2's htmlParseNameComplex() function: http://seclists.org/oss-sec/2016/q1/199 A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose crash. -- You are receiving this mail because: You are on the CC list for the bug.

8 years

1
6
0 / 0

[Bug 1175542] New: Building NASM with mingw-gcc fails in a strange manner

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1175542 Bug ID: 1175542 Summary: Building NASM with mingw-gcc fails in a strange manner Product: Fedora Version: 20 Component: mingw32-gcc Assignee: rjones(a)redhat.com Reporter: hpa(a)zytor.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, rjones(a)redhat.com Description of problem: Building NASM 2.11.07 (or from git) with i686-w63-mingw32 fails with a bunch of duplicate symbol errors. Removing -std=c99 from the command line seems to make it work, but I have not been able to reduce it to a smaller example. Version-Release number of selected component (if applicable): mingw32-gcc-4.8.3-1.fc20.x86_64 How reproducible: 100% Steps to Reproduce: 1. Get NASM 2.11.07 source code. 2. ./autogen.sh 3. ./configure --host=i686-w64-mingw32 4. make Actual results: Build failure with a bunch of strange symbol errors. Expected results: Executables produced. Additional info: -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NINW6IoVUD&a=cc_unsubscribe

8 years, 1 month

1
5
0 / 0

[Bug 1312782] New: pcre: Heap buffer overflow in pcretest causing infinite loop

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1312782 Bug ID: 1312782 Summary: pcre: Heap buffer overflow in pcretest causing infinite loop Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: adam.stokes(a)gmail.com, andrew(a)beekhof.net, csutherl(a)redhat.com, databases-maint(a)redhat.com, dknox(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fidencio(a)redhat.com, jclere(a)redhat.com, jdornak(a)redhat.com, jdoyle(a)redhat.com, jgrulich(a)redhat.com, jorton(a)redhat.com, klember(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk, marcandre.lureau(a)redhat.com, mbabacek(a)redhat.com, mclasen(a)redhat.com, mmaslano(a)redhat.com, myarboro(a)redhat.com, pmyers(a)valanet.net, ppisar(a)redhat.com, pslavice(a)redhat.com, rcollet(a)redhat.com, rjones(a)redhat.com, rmeggins(a)redhat.com, rsvoboda(a)redhat.com, t.sailer(a)alumni.ethz.ch, twalsh(a)redhat.com, walters(a)redhat.com, webstack-team(a)redhat.com, weli(a)redhat.com Heap-based buffer overread caused by specially crafted input triggering infinite loop in pcretest.c was found affecting pcre 8.38. pcretest went into loop if global matching was requested with an ovector size less than 2. Upstream bug: https://bugs.exim.org/show_bug.cgi?id=1777 Upstream patch: http://vcs.pcre.org/pcre?view=revision&revision=1637 CVE request: http://seclists.org/oss-sec/2016/q1/460 -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 1 month

1
16
0 / 0

[Bug 1312794] New: mingw-glib2: pcre: Heap buffer overflow in pcretest causing infinite loop [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1312794 Bug ID: 1312794 Summary: mingw-glib2: pcre: Heap buffer overflow in pcretest causing infinite loop [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-glib2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: erik-fedora(a)vanpienbroek.nl Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, marcandre.lureau(a)redhat.com, rjones(a)redhat.com, t.sailer(a)alumni.ethz.ch Blocks: 1312782 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1312782 [Bug 1312782] pcre: Heap buffer overflow in pcretest causing infinite loop -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 1 month

1
2
0 / 0

[Bug 1312791] New: mingw-glib2: pcre: Heap buffer overflow in pcretest causing infinite loop [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1312791 Bug ID: 1312791 Summary: mingw-glib2: pcre: Heap buffer overflow in pcretest causing infinite loop [fedora-all] Product: Fedora Version: 23 Component: mingw-glib2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: erik-fedora(a)vanpienbroek.nl Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fidencio(a)redhat.com, klember(a)redhat.com, marcandre.lureau(a)redhat.com, rjones(a)redhat.com, t.sailer(a)alumni.ethz.ch Blocks: 1312782 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1312782 [Bug 1312782] pcre: Heap buffer overflow in pcretest causing infinite loop -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 1 month

1
2
0 / 0

[Bug 1086514] New: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1086514 Bug ID: 1086514 Summary: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe

8 years, 1 month

1
21
0 / 0

[Bug 1086516] New: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1086516 Bug ID: 1086516 Summary: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe

8 years, 1 month

1
29
0 / 0

[Bug 1262377] New: freetype: Infinite loop in parse_encoding in t1load.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1262377 Bug ID: 1262377 Summary: freetype: Infinite loop in parse_encoding in t1load.c Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org, mkasik(a)redhat.com, rjones(a)redhat.com If the Postscript stream contains a broken number-with-base (e.g. "8#garbage") the cursor doesn't advance and parse_encoding enters an infinite loop. Upstream patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6... CVE request: http://seclists.org/oss-sec/2015/q3/537 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Q45dqAndJZ&a=cc_unsubscribe

8 years, 1 month

1
15
0 / 0

[Bug 1311882] New: CVE-2014-9766 pixman: integer overflow in create_bits function

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1311882 Bug ID: 1311882 Summary: CVE-2014-9766 pixman: integer overflow in create_bits function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: ajax(a)redhat.com, alonbl(a)redhat.com, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, gklein(a)redhat.com, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, ogabbay(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, ydary(a)redhat.com, yeylon(a)redhat.com, ykaul(a)redhat.com In create_bits() both height and stride are ints, so the result is also an int, which will overflow if height or stride are big enough and size_t is bigger than int. External references: https://web.archive.org/web/20141227044037/http://lists.freedesktop.org/a... CVE assignment: http://seclists.org/oss-sec/2016/q1/425 -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 1 month

1
6
0 / 0

[Bug 1281760] New: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1281760 Bug ID: 1281760 Summary: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libpng Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1281756 (CVE-2015-8126) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libpng: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1281756 [Bug 1281756] CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3qNv1TFMnN&a=cc_unsubscribe

8 years, 2 months

1
15
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw February 2016