https://bugzilla.redhat.com/show_bug.cgi?id=2093348
Bug ID: 2093348
Summary: CVE-2022-30789 ntfs-3g: crafted NTFS image can cause a
heap-based buffer overflow in
ntfs_check_log_client_array
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
A crafted NTFS image can cause a heap-based buffer overflow in
ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4xhttps://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093348
https://bugzilla.redhat.com/show_bug.cgi?id=2093340
Bug ID: 2093340
Summary: CVE-2022-30788 ntfs-3g: crafted NTFS image can cause a
heap-based buffer overflow in ntfs_mft_rec_alloc
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
A crafted NTFS image can cause a heap-based buffer overflow in
ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4xhttps://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093340
https://bugzilla.redhat.com/show_bug.cgi?id=2093326
Bug ID: 2093326
Summary: CVE-2022-30786 ntfs-3g: crafted NTFS image can cause a
heap-based buffer overflow in ntfs_names_full_collate
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
A crafted NTFS image can cause a heap-based buffer overflow in
ntfs_names_full_collate in NTFS-3G through 2021.8.22.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4xhttps://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093326
https://bugzilla.redhat.com/show_bug.cgi?id=2093314
Bug ID: 2093314
Summary: CVE-2022-30784 ntfs-3g: crafted NTFS image can cause
heap exhaustion in ntfs_get_attribute_value
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in
NTFS-3G through 2021.8.22.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4xhttps://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093314
https://bugzilla.redhat.com/show_bug.cgi?id=2093333
Bug ID: 2093333
Summary: CVE-2022-30787 ntfs-3g: integer underflow in
fuse_lib_readdir enables arbitrary memory read
operations
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
An integer underflow in fuse_lib_readdir enables arbitrary memory read
operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58https://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093333
https://bugzilla.redhat.com/show_bug.cgi?id=2093320
Bug ID: 2093320
Summary: CVE-2022-30785 ntfs-3g: a file handle created in
fuse_lib_opendir, and later used in fuse_lib_readdir,
enables arbitrary memory read and write operations
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir,
enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22
when using libfuse-lite.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58https://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093320
https://bugzilla.redhat.com/show_bug.cgi?id=2093305
Bug ID: 2093305
Summary: CVE-2022-30783 ntfs-3g: invalid return code in
fuse_kern_mount enables intercepting of libfuse-lite
protocol traffic
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: ddepaula(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jferlan(a)redhat.com, kparal(a)redhat.com,
ngompa13(a)gmail.com, rjones(a)redhat.com,
spotrh(a)gmail.com, virt-maint(a)redhat.com
Target Milestone: ---
Classification: Other
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite
protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22
when using libfuse-lite.
References:
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58https://github.com/tuxera/ntfs-3g/releases
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093305
https://bugzilla.redhat.com/show_bug.cgi?id=2120360
Bug ID: 2120360
Summary: /usr/bin/meld is not executable
Product: Fedora
Version: rawhide
OS: Linux
Status: NEW
Component: meld
Severity: high
Assignee: dmaphy(a)fedoraproject.org
Reporter: fedora(a)lyes.eu
QA Contact: extras-qa(a)fedoraproject.org
CC: cwickert(a)fedoraproject.org, dmaphy(a)fedoraproject.org,
epel-packagers-sig(a)lists.fedoraproject.org,
lkundrak(a)v3.sk, michel(a)michel-slm.name,
oliver(a)linux-kernel.at
Target Milestone: ---
Classification: Fedora
Description of problem:
When installing meld, /usr/bin/meld was not executable.
Version-Release number of selected component (if applicable):
3.21.3-1.fc38
How reproducible:
Always
Steps to Reproduce:
1. sudo dnf install meld
2. bash: /usr/bin/meld: Permission denied
Actual results:
/usr/bin/meld is not executable. Meld cannot be launched from overview, command
line, or git mergetool.
Expected results:
/usr/bin/meld is executable.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2120360
https://bugzilla.redhat.com/show_bug.cgi?id=2044963
Bug ID: 2044963
Summary: F36FailsToInstall: postorius
Product: Fedora
Version: rawhide
Status: NEW
Component: python-postorius
Assignee: michel(a)michel-slm.name
Reporter: mhroncok(a)redhat.com
CC: epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
python-sig(a)lists.fedoraproject.org
Blocks: 1992487 (F36FailsToInstall,RAWHIDEFailsToInstall)
Target Milestone: ---
Classification: Fedora
Hello,
Please note that this comment was generated automatically. If you feel that
this output has mistakes, please contact me via email (mhroncok(a)redhat.com)
Your package (python-postorius) Fails To Install in Fedora 36:
can't install postorius:
- nothing provides (python3.10dist(django) < 3.3~~ with
python3.10dist(django) >= 2.2) needed by postorius-1.3.6-1.fc36.noarch
If you know about this problem and are planning on fixing it, please
acknowledge so by setting the bug status to ASSIGNED. If you don't have time to
maintain this package, consider orphaning it, so maintainers of dependent
packages realize the problem.
If you don't react accordingly to the policy for FTBFS/FTI bugs
(https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails…)
your package may be orphaned in 8+ weeks.
P.S. The data was generated solely from koji buildroot, so it might be newer
than the latest compose or the content on mirrors.
P.P.S. If this bug has been reported in the middle of upgrading multiple
dependent packages, please consider using side tags:
https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter-d…
Thanks!
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1992487
[Bug 1992487] Fedora 36 Fails To install Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2044963
https://bugzilla.redhat.com/show_bug.cgi?id=2032607
Bug ID: 2032607
Summary: F36FailsToInstall: hyperkitty
Product: Fedora
Version: rawhide
Status: NEW
Component: python-hyperkitty
Assignee: michel(a)michel-slm.name
Reporter: mhroncok(a)redhat.com
CC: epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
python-sig(a)lists.fedoraproject.org
Blocks: 1992487 (F36FailsToInstall,RAWHIDEFailsToInstall)
Target Milestone: ---
Classification: Fedora
Hello,
Please note that this comment was generated automatically. If you feel that
this output has mistakes, please contact me via email (mhroncok(a)redhat.com)
Your package (python-hyperkitty) Fails To Install in Fedora 36:
can't install hyperkitty:
- nothing provides python3.10dist(flufl-lock) >= 4 needed by
hyperkitty-1.3.5-1.fc36.noarch
- nothing provides python3.10dist(mistune) >= 2~rc1 needed by
hyperkitty-1.3.5-1.fc36.noarch
If you know about this problem and are planning on fixing it, please
acknowledge so by setting the bug status to ASSIGNED. If you don't have time to
maintain this package, consider orphaning it, so maintainers of dependent
packages realize the problem.
If you don't react accordingly to the policy for FTBFS/FTI bugs
(https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails…)
your package may be orphaned in 8+ weeks.
P.S. The data was generated solely from koji buildroot, so it might be newer
than the latest compose or the content on mirrors.
P.P.S. If this bug has been reported in the middle of upgrading multiple
dependent packages, please consider using side tags:
https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter-d…
Thanks!
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1992487
[Bug 1992487] Fedora 36 Fails To install Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2032607