May 2016 - mingw - Fedora Mailing-Lists

[Bug 1306047] New: [Patch] Use posix threads, fix static library

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1306047 Bug ID: 1306047 Summary: [Patch] Use posix threads, fix static library Product: Fedora Version: rawhide Component: mingw-glib2 Assignee: erik-fedora(a)vanpienbroek.nl Reporter: manisandro(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fidencio(a)redhat.com, klember(a)redhat.com, marcandre.lureau(a)redhat.com, rjones(a)redhat.com, t.sailer(a)alumni.ethz.ch Created attachment 1122556 --> https://bugzilla.redhat.com/attachment.cgi?id=1122556&action=edit Patch The attached patch - Sets the threading implementation to posix. Win32 threads seem broken (regardless of whether used with static or dynamically linked glib) - Improves glib-prefer-constructors-over-DllMain.patch to always prefer constructors over DllMain, also handling a second case of DllMain - Adds a missing BR for mingw-pcre -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 11 months

1
12
0 / 0

[Bug 1285399] CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)

by Red Hat Bugzilla

7 years, 11 months

1
0
0 / 0

[Bug 1311503] New: pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1311503 Bug ID: 1311503 Summary: pcre: workspace overflow for (*ACCEPT) with deeply nested parentheses (8.39/13, 10.22/12) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: thoger(a)redhat.com CC: adam.stokes(a)gmail.com, andrew(a)beekhof.net, csutherl(a)redhat.com, databases-maint(a)redhat.com, dknox(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fidencio(a)redhat.com, jclere(a)redhat.com, jdornak(a)redhat.com, jdoyle(a)redhat.com, jgrulich(a)redhat.com, jorton(a)redhat.com, klember(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk, marcandre.lureau(a)redhat.com, mbabacek(a)redhat.com, mclasen(a)redhat.com, mmaslano(a)redhat.com, myarboro(a)redhat.com, pmyers(a)valanet.net, ppisar(a)redhat.com, pslavice(a)redhat.com, rcollet(a)redhat.com, rjones(a)redhat.com, rmeggins(a)redhat.com, rsvoboda(a)redhat.com, t.sailer(a)alumni.ethz.ch, twalsh(a)redhat.com, walters(a)redhat.com, webstack-team(a)redhat.com, weli(a)redhat.com ZDI reported a stack-based buffer overflow in pcre and pcre2. ZDI-CAN-3542 id is used to identify the issue. https://bugs.exim.org/show_bug.cgi?id=1791 PCRE does not validate that handling the (*ACCEPT) verb will occur within the bounds of the cworkspace stack buffer, leading to a stack buffer overflow. Fixed upstream in pcre and pcre2 via the following commits: http://vcs.pcre.org/pcre?view=revision&revision=1631 http://vcs.pcre.org/pcre2?view=revision&revision=489 Issue is triggered by the following pattern: /([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ PCRE 8.00 seems to be the first affected version. -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 11 months

2
11
0 / 0

[Bug 1287636] CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1287636 --- Comment #16 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1025 https://rhn.redhat.com/errata/RHSA-2016-1025.html -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 11 months

1
0
0 / 0

[Bug 1285399] CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1285399 --- Comment #6 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1025 https://rhn.redhat.com/errata/RHSA-2016-1025.html -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 11 months

1
0
0 / 0

[Bug 1332833] New: CVE-2016-3705 mingw-libxml2: libxml2: stack overflow before detecting invalid XML file [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1332833 Bug ID: 1332833 Summary: CVE-2016-3705 mingw-libxml2: libxml2: stack overflow before detecting invalid XML file [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1332443 (CVE-2016-3705) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1332443 [Bug 1332443] CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 11 months

1
1
0 / 0

[Bug 1332832] New: CVE-2016-3705 mingw-libxml2: libxml2: stack overflow before detecting invalid XML file [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1332832 Bug ID: 1332832 Summary: CVE-2016-3705 mingw-libxml2: libxml2: stack overflow before detecting invalid XML file [fedora-all] Product: Fedora Version: 23 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1332443 (CVE-2016-3705) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1332443 [Bug 1332443] CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 11 months

1
1
0 / 0

[Bug 1332820] New: CVE-2016-4483 libxml2: out-of-bounds read parsing a

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1332820 Bug ID: 1332820 Summary: CVE-2016-4483 libxml2: out-of-bounds read parsing a Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com A vulnerability was found in libxml2. Parsing a maliciously crafted xml file could cause the application to crash if recover mode is used. References: http://seclists.org/oss-sec/2016/q2/195 -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 11 months

1
5
0 / 0

[Bug 1332824] New: CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read parsing a [fedora-all]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1332824 Bug ID: 1332824 Summary: CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read parsing a [fedora-all] Product: Fedora Version: 23 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1332820 (CVE-2016-4483) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1332820 [Bug 1332820] CVE-2016-4483 libxml2: out-of-bounds read parsing a -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 11 months

1
2
0 / 0

[Bug 1332825] New: CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read parsing a [epel-7]

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1332825 Bug ID: 1332825 Summary: CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read parsing a [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1332820 (CVE-2016-4483) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1332820 [Bug 1332820] CVE-2016-4483 libxml2: out-of-bounds read parsing a -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 11 months

1
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw May 2016