February 2016 - mingw - Fedora Mailing-Lists

[Bug 1213960] New: mingw-libxml2: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment [epel-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1213960 Bug ID: 1213960 Summary: mingw-libxml2: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment [epel-all] Product: Fedora EPEL Version: el6 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1213957 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1213957 [Bug 1213957] libxml2: out-of-bounds memory access when parsing an unclosed HTML comment -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HoEUhKdNiF&a=cc_unsubscribe

8 years, 1 month

1
7
0 / 0

[Bug 1262849] New: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1262849 Bug ID: 1262849 Summary: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment was found in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment. CVE request: http://seclists.org/oss-sec/2015/q3/540 Upstream was notified, but patch is not released yet. However, a patch for nokogiri, which uses embedded libxml2, was proposed: https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c9... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ORcMh1DqE6&a=cc_unsubscribe

8 years, 1 month

1
9
0 / 0

[Bug 1262854] New: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1262854 Bug ID: 1262854 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1262849 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1262849 [Bug 1262849] libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=4KtMCmFhFk&a=cc_unsubscribe

8 years, 1 month

1
7
0 / 0

[Bug 1274226] New: mingw-libxml2: libxml2: Out-of-bounds memory access [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1274226 Bug ID: 1274226 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1274222 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1274222 [Bug 1274222] libxml2: Out-of-bounds memory access -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Ejwt1OHhYo&a=cc_unsubscribe

8 years, 1 month

1
8
0 / 0

[Bug 1276300] New: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1276300 Bug ID: 1276300 Summary: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: mprpic(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1276297 (CVE-2015-7942) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1276297 [Bug 1276297] CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NZCcFmQKm4&a=cc_unsubscribe

8 years, 1 month

1
6
0 / 0

[Bug 1281953] New: mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1281953 Bug ID: 1281953 Summary: mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1281950 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1281950 [Bug 1281950] libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=SkWvVUcN3b&a=cc_unsubscribe

8 years, 1 month

1
6
0 / 0

[Bug 1277150] New: mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1277150 Bug ID: 1277150 Summary: mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1277146 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1277146 [Bug 1277146] libxml2: DoS when parsing specially crafted XML document if XZ support is enabled -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=skNfyT0B5S&a=cc_unsubscribe

8 years, 1 month

1
8
0 / 0

[Bug 1287614] CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group (8.38/3)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1287614 Bug 1287614 depends on bug 1287619, which changed state. Bug 1287619 Summary: CVE-2015-8383 mingw-pcre: pcre: Buffer overflow caused by repeated conditional group [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287619 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 1 month

1
0
0 / 0

[Bug 1287636] CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1287636 Bug 1287636 depends on bug 1287642, which changed state. Bug 1287642 Summary: CVE-2015-8386 mingw-pcre: pcre: Buffer overflow caused by lookbehind assertion [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1287642 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 1 month

1
0
0 / 0

[Bug 1287636] CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)

by Red Hat Bugzilla

8 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw February 2016