https://bugzilla.redhat.com/show_bug.cgi?id=2087913
--- Comment #7 from Nick Tait <ntait(a)redhat.com> ---
After extensive testing by hkario/ssorce (and probably others too) we've
determined this flaw is not exploitable. I've set all product's to not affected
and closed trackers.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2087913
https://bugzilla.redhat.com/show_bug.cgi?id=2093361
Bug ID: 2093361
Summary: CVE-2021-46790 ntfs-3g-system-compression: ntfs-3g:
heap-based buffer overflow in ntfsck [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: ntfs-3g-system-compression
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: kparal(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
kparal(a)redhat.com, ngompa13(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093361
https://bugzilla.redhat.com/show_bug.cgi?id=2093352
Bug ID: 2093352
Summary: CVE-2022-30789 ntfs-3g-system-compression: ntfs-3g:
crafted NTFS image can cause a heap-based buffer
overflow in ntfs_check_log_client_array [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: ntfs-3g-system-compression
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: kparal(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
kparal(a)redhat.com, ngompa13(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093352
https://bugzilla.redhat.com/show_bug.cgi?id=2093345
Bug ID: 2093345
Summary: CVE-2022-30788 ntfs-3g-system-compression: ntfs-3g:
crafted NTFS image can cause a heap-based buffer
overflow in ntfs_mft_rec_alloc [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: ntfs-3g-system-compression
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: kparal(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
kparal(a)redhat.com, ngompa13(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093345
https://bugzilla.redhat.com/show_bug.cgi?id=2093338
Bug ID: 2093338
Summary: CVE-2022-30787 ntfs-3g-system-compression: ntfs-3g:
integer underflow in fuse_lib_readdir enables
arbitrary memory read operations [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: ntfs-3g-system-compression
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: kparal(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
kparal(a)redhat.com, ngompa13(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093338
https://bugzilla.redhat.com/show_bug.cgi?id=2093331
Bug ID: 2093331
Summary: CVE-2022-30786 ntfs-3g-system-compression: ntfs-3g:
crafted NTFS image can cause a heap-based buffer
overflow in ntfs_names_full_collate [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: ntfs-3g-system-compression
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: kparal(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
kparal(a)redhat.com, ngompa13(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093331
https://bugzilla.redhat.com/show_bug.cgi?id=2093325
Bug ID: 2093325
Summary: CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a
file handle created in fuse_lib_opendir, and later
used in fuse_lib_readdir, enables arbitrary memory
read and write operations [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: ntfs-3g-system-compression
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: kparal(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
kparal(a)redhat.com, ngompa13(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093325
https://bugzilla.redhat.com/show_bug.cgi?id=2093319
Bug ID: 2093319
Summary: CVE-2022-30784 ntfs-3g-system-compression: ntfs-3g:
crafted NTFS image can cause heap exhaustion in
ntfs_get_attribute_value [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: ntfs-3g-system-compression
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: kparal(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
kparal(a)redhat.com, ngompa13(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093319
https://bugzilla.redhat.com/show_bug.cgi?id=2093310
Bug ID: 2093310
Summary: CVE-2022-30783 ntfs-3g-system-compression: ntfs-3g:
invalid return code in fuse_kern_mount enables
intercepting of libfuse-lite protocol traffic
[fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: ntfs-3g-system-compression
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: kparal(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
kparal(a)redhat.com, ngompa13(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093310