https://bugzilla.redhat.com/show_bug.cgi?id=2094052
Bug ID: 2094052
Summary: CVE-2021-4231 angular: XSS vulnerability
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aileenc(a)redhat.com, amctagga(a)redhat.com,
amurdaca(a)redhat.com, andrew.slice(a)redhat.com,
aoconnor(a)redhat.com, asm(a)redhat.com,
bniver(a)redhat.com, bodavis(a)redhat.com,
branto(a)redhat.com, chazlett(a)redhat.com,
danmick(a)gmail.com, david(a)gnsa.us, dbhole(a)redhat.com,
decathorpe(a)gmail.com, deparker(a)redhat.com,
dwd(a)fedoraproject.org, eduardo.ramalho(a)gmail.com,
epel-packagers-sig(a)lists.fedoraproject.org,
erack(a)redhat.com, fedora(a)zaniyah.org,
flucifre(a)redhat.com, fmuellner(a)redhat.com,
fzatlouk(a)redhat.com,
gecko-bugs-nobody(a)fedoraproject.org,
gmalinko(a)redhat.com, gmeno(a)redhat.com,
go-sig(a)lists.fedoraproject.org, i(a)stingr.net,
janstey(a)redhat.com, jcajka(a)cajka.dev,
jhorak(a)redhat.com, jochrist(a)redhat.com,
josef(a)toxicpanda.com, jwon(a)redhat.com,
kai-engert-fedora(a)kuix.de, kanderso(a)redhat.com,
kkeithle(a)redhat.com, klaas(a)demter.de,
klember(a)redhat.com, lemenkov(a)gmail.com,
loic(a)dachary.org, lvaleeva(a)redhat.com,
madam(a)redhat.com, mbenjamin(a)redhat.com,
mhackett(a)redhat.com, muagarwa(a)redhat.com,
ngompa13(a)gmail.com, ocs-bugs(a)redhat.com,
omajid(a)redhat.com, pdelbell(a)redhat.com,
pjasicek(a)redhat.com, polkit-devel(a)redhat.com,
ramkrsna(a)gmail.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, rwagner(a)redhat.com,
sandmann(a)redhat.com, sostapov(a)redhat.com,
steve(a)silug.org, stransky(a)redhat.com,
thofmann(a)fedoraproject.org, tpopela(a)redhat.com,
trpost(a)rocketmail.com, vereddy(a)redhat.com,
zebob.m(a)gmail.com, zsvetlik(a)redhat.com
Blocks: 2094048
Target Milestone: ---
Classification: Other
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been
classified as problematic. Affected is the handling of comments. The
manipulation leads to cross site scripting. It is possible to launch the attack
remotely but it might require an authentication first. Upgrading to version
11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch
is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the
affected component.
References:
https://vuldb.com/?id.181356https://github.com/angular/angular/issues/40136https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
https://bugzilla.redhat.com/show_bug.cgi?id=2095649
Bug ID: 2095649
Summary: Error Install ImageMagick and Imagemagick-perl
together on RH8 (EPEL8 repository)
Product: Fedora
Version: rawhide
Hardware: x86_64
OS: Linux
Status: NEW
Component: ImageMagick
Assignee: luya_tfz(a)thefinalzone.net
Reporter: bartlomiej(a)kida.info
QA Contact: extras-qa(a)fedoraproject.org
CC: blaise(a)gmail.com, dcavalca(a)fb.com,
epel-packagers-sig(a)lists.fedoraproject.org,
fedora(a)famillecollet.com, luya_tfz(a)thefinalzone.net,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
pampelmuse(a)gmx.at, sergio(a)serjux.com,
troy(a)troycurtisjr.com
Target Milestone: ---
Classification: Fedora
Description of problem:
ImageMagick and ImageMagick-perl on RH8 (EPEL 8 repository)
Version-Release number of selected component (if applicable):
Newest: 6.9.12.50-1.el8
How reproducible:
Cannot install ImageMagick and ImageMagick-perl from EPEL repository - package
conflict occurs.
Steps to Reproduce:
1. Update EPEL8 cache repository
2. Probe install ImageMagick and ImageMagick-perl together
Actual results:
# dnf install ImageMagick ImageMagick-perl
Ostatnio sprawdzono ważność metadanych: 1:49:26 temu w dniu Fri Jun 10 06:33:50
2022.
Błąd:
Problem: package ImageMagick-perl-6.9.12.50-1.el8.x86_64 requires
perl(:MODULE_COMPAT_5.32.1), but none of the providers can be installed
- package ImageMagick-perl-6.9.12.50-1.el8.x86_64 requires
libperl.so.5.32()(64bit), but none of the providers can be installed
- conflicting requests
- package perl-libs-4:5.32.1-471.module_el8.6.0+2766+8bf0b7ce.x86_64 is
filtered out by modular filtering
Expected results:
Installing both packages is correct
Additional info:
The error appears to have appeared after the latest ImageMagick update
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2095649
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
Bug ID: 2052682
Summary: CVE-2022-24303 python-pillow: temporary directory with
a space character allows removal of unrelated file
after im.show() and related action
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
If the path to the temporary directory on Linux or macOS contained a space,
this would break removal of the temporary image file after im.show() (and
related actions), and potentially remove an unrelated file. This been present
since PIL.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
https://bugzilla.redhat.com/show_bug.cgi?id=2100830
Bug ID: 2100830
Summary: [abrt] meld: _get_pixbuf():
emblemcellrenderer.py:64:_get_pixbuf:gi.repository.GLi
b.GError: gtk-icon-theme-error-quark: Ikonet
“emblem-new” er ikke tilgængeligt i temaet Adwaita (0)
Product: Fedora
Version: 36
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:b16d3ab6af6101bd0bfe20b8f8186a6bf3a31350;VAR
IANT_ID=workstation;
Component: meld
Assignee: dmaphy(a)fedoraproject.org
Reporter: magnusmj(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cwickert(a)fedoraproject.org, dmaphy(a)fedoraproject.org,
epel-packagers-sig(a)lists.fedoraproject.org,
lkundrak(a)v3.sk, michel(a)michel-slm.name,
oliver(a)linux-kernel.at
Target Milestone: ---
Classification: Fedora
Description of problem:
I was diffing a git file with its origin/main branch.
The view didn't update correctly and only when hovering the mouse over each
line in the view could i see its content.
Version-Release number of selected component:
meld-3.21.0-9.fc36
Additional info:
reporter: libreport-2.17.1
cgroup:
0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-org.gnome.Meld-36001.scope
cmdline: /usr/bin/python3 /usr/bin/meld
crash_function: _get_pixbuf
exception_type: gi.repository.GLib.GError
executable: /usr/bin/meld
interpreter: python3-3.10.5-2.fc36.x86_64
kernel: 5.18.5-200.fc36.x86_64
runlevel: N 5
type: Python3
uid: 1000
Truncated backtrace:
emblemcellrenderer.py:64:_get_pixbuf:gi.repository.GLib.GError:
gtk-icon-theme-error-quark: Ikonet “emblem-new” er ikke tilgængeligt i temaet
Adwaita (0)
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/meld/ui/emblemcellrenderer.py", line
100, in do_render
pixbuf = self._get_pixbuf(self.emblem_name, self._emblem_size)
File "/usr/lib/python3.10/site-packages/meld/ui/emblemcellrenderer.py", line
64, in _get_pixbuf
pixbuf = icon_theme.load_icon(name, size, 0).copy()
gi.repository.GLib.GError: gtk-icon-theme-error-quark: Ikonet “emblem-new” er
ikke tilgængeligt i temaet Adwaita (0)
Local variables in innermost frame:
self: <emblemcellrenderer.EmblemCellRenderer object at 0x7f3901c94cc0
(EmblemCellRenderer at 0x5560c54b7960)>
name: 'emblem-new'
size: 8
icon_theme: <Gtk.IconTheme object at 0x7f3901c7afc0 (GtkIconTheme at
0x5560c3e1aa60)>
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2100830
https://bugzilla.redhat.com/show_bug.cgi?id=2087609
Bug ID: 2087609
Summary: CVE-2022-30595 python-pillow: heap buffer overflow in
crafted TGA file
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: saroy(a)redhat.com
CC: epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
python-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Other
"CVE-2022-30595: When reading a TGA file with RLE packets that cross scan
lines, Pillow reads the information past the end of the first line without
deducting that from the length of the remaining file data. This vulnerability
was introduced in Pillow 9.1.0, and can cause a heap buffer overflow."
Introduced in 9.1.0, so only unstable is affected. Please bump to 9.1.1.
https://bugs.gentoo.org/845192
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2087609
https://bugzilla.redhat.com/show_bug.cgi?id=2102268
Bug ID: 2102268
Summary: python-breathe FTBFS with Sphinx 5 in Rawhide
Product: Fedora
Version: rawhide
Status: NEW
Component: python-breathe
Assignee: dan.cermak(a)cgc-instruments.com
Reporter: ksurma(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dan.cermak(a)cgc-instruments.com,
epel-packagers-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Description of problem:
python-breathe FTBFS with Sphinx 5, because it pins the supported version to <
5.
This causes a build failure for at least 10 packages that BR python-breathe.
Version-Release number of selected component (if applicable):
4.33.1-2
How reproducible:
Always
Steps to Reproduce:
$ mock -r fedora-rawhide-x86_64
--addrepo=https://download.copr.fedorainfracloud.org/results/ksurma/sphinx-5/fedora-rawhide-x86_64/
--no-clean <your.src.rpm>
$ mock -r fedora-rawhide-x86_64
--addrepo=https://download.copr.fedorainfracloud.org/results/ksurma/sphinx-5/fedora-rawhide-x86_64/
shell
If you open a PR to dist-git, the build will be automatically triggered here:
https://copr.fedorainfracloud.org/coprs/ksurma/sphinx-5/builds/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2102268
https://bugzilla.redhat.com/show_bug.cgi?id=2102021
Bug ID: 2102021
Summary: CVE-2022-34299 libdwarf: heap buffer over-read in
dwarf_global_formref_b() in dwarf_form.c [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: libdwarf
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: tom(a)compton.nu
Reporter: trathi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
jitesh.1337(a)gmail.com, michel(a)michel-slm.name,
orion(a)nwra.com, tom(a)compton.nu
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2102021