[Bug 1306047] New: [Patch] Use posix threads, fix static library
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1306047
Bug ID: 1306047
Summary: [Patch] Use posix threads, fix static library
Product: Fedora
Version: rawhide
Component: mingw-glib2
Assignee: erik-fedora(a)vanpienbroek.nl
Reporter: manisandro(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fidencio(a)redhat.com, klember(a)redhat.com,
marcandre.lureau(a)redhat.com, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Created attachment 1122556
--> https://bugzilla.redhat.com/attachment.cgi?id=1122556&action=edit
Patch
The attached patch
- Sets the threading implementation to posix. Win32 threads seem broken
(regardless of whether used with static or dynamically linked glib)
- Improves glib-prefer-constructors-over-DllMain.patch to always prefer
constructors over DllMain, also handling a second case of DllMain
- Adds a missing BR for mingw-pcre
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months
[Bug 1311503] New: pcre: workspace overflow for (*ACCEPT) with
deeply nested parentheses (8.39/13, 10.22/12)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1311503
Bug ID: 1311503
Summary: pcre: workspace overflow for (*ACCEPT) with deeply
nested parentheses (8.39/13, 10.22/12)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: thoger(a)redhat.com
CC: adam.stokes(a)gmail.com, andrew(a)beekhof.net,
csutherl(a)redhat.com, databases-maint(a)redhat.com,
dknox(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fidencio(a)redhat.com, jclere(a)redhat.com,
jdornak(a)redhat.com, jdoyle(a)redhat.com,
jgrulich(a)redhat.com, jorton(a)redhat.com,
klember(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk,
marcandre.lureau(a)redhat.com, mbabacek(a)redhat.com,
mclasen(a)redhat.com, mmaslano(a)redhat.com,
myarboro(a)redhat.com, pmyers(a)valanet.net,
ppisar(a)redhat.com, pslavice(a)redhat.com,
rcollet(a)redhat.com, rjones(a)redhat.com,
rmeggins(a)redhat.com, rsvoboda(a)redhat.com,
t.sailer(a)alumni.ethz.ch, twalsh(a)redhat.com,
walters(a)redhat.com, webstack-team(a)redhat.com,
weli(a)redhat.com
ZDI reported a stack-based buffer overflow in pcre and pcre2. ZDI-CAN-3542 id
is used to identify the issue.
https://bugs.exim.org/show_bug.cgi?id=1791
PCRE does not validate that handling the (*ACCEPT) verb will occur within
the bounds of the cworkspace stack buffer, leading to a stack buffer
overflow.
Fixed upstream in pcre and pcre2 via the following commits:
http://vcs.pcre.org/pcre?view=revision&revision=1631
http://vcs.pcre.org/pcre2?view=revision&revision=489
Issue is triggered by the following pattern:
/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
PCRE 8.00 seems to be the first affected version.
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months
[Bug 1332833] New: CVE-2016-3705 mingw-libxml2: libxml2: stack
overflow before detecting invalid XML file [epel-7]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1332833
Bug ID: 1332833
Summary: CVE-2016-3705 mingw-libxml2: libxml2: stack overflow
before detecting invalid XML file [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Blocks: 1332443 (CVE-2016-3705)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1332443
[Bug 1332443] CVE-2016-3705 libxml2: stack overflow before detecting
invalid XML file
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months
[Bug 1332832] New: CVE-2016-3705 mingw-libxml2: libxml2: stack
overflow before detecting invalid XML file [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1332832
Bug ID: 1332832
Summary: CVE-2016-3705 mingw-libxml2: libxml2: stack overflow
before detecting invalid XML file [fedora-all]
Product: Fedora
Version: 23
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Blocks: 1332443 (CVE-2016-3705)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1332443
[Bug 1332443] CVE-2016-3705 libxml2: stack overflow before detecting
invalid XML file
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months
[Bug 1332820] New: CVE-2016-4483 libxml2: out-of-bounds read parsing
a
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1332820
Bug ID: 1332820
Summary: CVE-2016-4483 libxml2: out-of-bounds read parsing a
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, ohudlick(a)redhat.com,
rjones(a)redhat.com, veillard(a)redhat.com
A vulnerability was found in libxml2. Parsing a maliciously crafted xml file
could cause the application to crash if recover mode is used.
References:
http://seclists.org/oss-sec/2016/q2/195
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months
[Bug 1332824] New: CVE-2016-4483 mingw-libxml2: libxml2:
out-of-bounds read parsing a [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1332824
Bug ID: 1332824
Summary: CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds
read parsing a [fedora-all]
Product: Fedora
Version: 23
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Blocks: 1332820 (CVE-2016-4483)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1332820
[Bug 1332820] CVE-2016-4483 libxml2: out-of-bounds read parsing a
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months
[Bug 1332825] New: CVE-2016-4483 mingw-libxml2: libxml2:
out-of-bounds read parsing a [epel-7]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1332825
Bug ID: 1332825
Summary: CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds
read parsing a [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Blocks: 1332820 (CVE-2016-4483)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1332820
[Bug 1332820] CVE-2016-4483 libxml2: out-of-bounds read parsing a
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 11 months