From bugzilla at redhat.com Tue Oct 3 17:39:28 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Oct 2006 13:39:28 -0400 Subject: [Bug 209163] New: CVE-2006-4247: plone password reset vulnerability Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209163 Summary: CVE-2006-4247: plone password reset vulnerability Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: urgent Component: plone AssignedTo: gauret at free.fr ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4247 Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." According to info in upstream advisory, 2.5* (FC-5 and devel) are affected, 2.1.* (FC-3 and FC-4) not. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Oct 3 17:58:45 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Oct 2006 13:58:45 -0400 Subject: [Bug 209167] New: seamonkey < 1.0.5 multiple vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167 Summary: seamonkey < 1.0.5 multiple vulnerabilities Product: Fedora Extras Version: fc4 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: seamonkey AssignedTo: kengert at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com seamonkey 1.0.4 in FE4 is probably affected by CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4570 and CVE-2006-4571. According to upstream, these are fixed in 1.0.5 (FE5+) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Oct 5 17:12:38 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Oct 2006 13:12:38 -0400 Subject: [Bug 209163] CVE-2006-4247: plone password reset vulnerability In-Reply-To: Message-ID: <200610051712.k95HCcjO029560@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4247: plone password reset vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209163 gauret at free.fr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From gauret at free.fr 2006-10-05 13:12 EST ------- Fixed and updated, thanks -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 7 00:52:13 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 6 Oct 2006 20:52:13 -0400 Subject: [Bug 209167] seamonkey < 1.0.5 multiple vulnerabilities In-Reply-To: Message-ID: <200610070052.k970qDfl031796@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: seamonkey < 1.0.5 multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167 kengert at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora Legacy Component|seamonkey |mozilla ------- Additional Comments From kengert at redhat.com 2006-10-06 20:52 EST ------- -> Fedora Legacy What would be necessary to get this done? Is it as simple as following the standard Fedora Extras build procedures, to push this build into Fedora Legacy? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 7 12:54:14 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 7 Oct 2006 08:54:14 -0400 Subject: [Bug 209167] seamonkey < 1.0.5 multiple vulnerabilities In-Reply-To: Message-ID: <200610071254.k97CsEwb000380@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: seamonkey < 1.0.5 multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167 deisenst at gtw.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |LEGACY, rh73, rh90, 1, 2, 3, | |4, discuss, NEEDSWORK Severity|normal |urgent Priority|normal |urgent AssignedTo|kengert at redhat.com |bugs at fedoralegacy.org CC| |deisenst at gtw.net, | |kengert at redhat.com External Bug| |https://bugzilla.redhat.com/ Reference| |bugzilla/show_bug.cgi?id=194 | |440 ------- Additional Comments From deisenst at gtw.net 2006-10-07 08:53 EST ------- Thank you, Kai, for forwarding this to Fedora Legacy. I've been concerned for awhile that Legacy users still only have Mozilla 1.7.13 to use. (As a matter of fact, that is all I seem to have for the FC5 that I currently run! Has Seamonkey been released as a Mozilla replacement for FC5? (rather than FE5?)) I would think that this issue will need some work, but that we can probably take our cues from the Seamonkey packages that were released for RHEL 2.1, RHEL 3 and RHEL 4, that Chris Aillon I believe has been working on for RHEL's Mozilla-suite replacement. I will put in a Bugzilla (infrastructure) Bug to add "Seamonkey" as a component for all Legacy releases so this bug can be properly filed. AFAIK, Legacy has been intending to take over Seamonkey's maintenance as a "core" package (replacing Mozilla), and at that time, I would suppose Seamonkey could be removed from Fedora Extras. Does that sound right? If so, maybe this Bug Ticket can be our coordinating spot. Builders: Since this bug ties in so closely with fixing our already-open Mozilla Bug #194440 (which has been open since June for all the Red Hat's and Fedora Core releases 1-3), unless there is objection, I am going to mark this ticket as being for RHL 7.3, RHL 9, FC1, FC2, in addition to FC3 and FC4, since the fix for this will fix the same issues in Bug #194440 and then some. Is that all right with you? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From deisenst at gtw.net Sat Oct 7 13:17:18 2006 From: deisenst at gtw.net (David Eisenstein) Date: Sat, 7 Oct 2006 08:17:18 -0500 Subject: Fedora Legacy needs help! Message-ID: <00b801c6ea12$ea2ebbc0$7962cfd0@homedns.org> Hi Fedora-Security folks: We in Fedora Legacy have been having severe manpower shortages in getting work done for security issues relating to Fedora Core releases that have been turned over to our care. Basically, no new packages that fix security issues have been released by Fedora Legacy since late July. http://www.redhat.com/archives/fedora-legacy-announce/2006-July/date.html http://www.redhat.com/archives/fedora-legacy-announce/2006-August/date.html http://www.redhat.com/archives/fedora-legacy-announce/2006-September/date.html http://www.redhat.com/archives/fedora-legacy-announce/2006-October/date.html -- those pretty much tell the story. Also, a 3+-month-old Legacy status report here . A fellow contributor says that, essentially, Fedora Legacy is providing a false sense of security to people who point their yum at our repositories. If that is the case ... ?! We need help! Any suggestions/advice on how/where we can get help getting our work done? Thanks in advance! Warm regards, David Eisenstein From mjc at redhat.com Mon Oct 9 07:53:20 2006 From: mjc at redhat.com (Mark J Cox) Date: Mon, 9 Oct 2006 08:53:20 +0100 (BST) Subject: Fedora Legacy needs help! In-Reply-To: <00b801c6ea12$ea2ebbc0$7962cfd0@homedns.org> References: <00b801c6ea12$ea2ebbc0$7962cfd0@homedns.org> Message-ID: <0610090836180.10015@dell1.moose.awe.com> > We need help! Any suggestions/advice on how/where we can get help getting our > work done? Would limiting the scope of errata support help stop Legacy being overwhelmed with updates? In my opinion if Legacy was a project that fixed only security issues rated severity critical (plus say kernel privilege escalation issues), it would still be providing an important level of protection to users whilst limiting the amount of work. For example for Enterprise Linux 4 we issued about 20 updates a year that would fall into this category. http://www.redhat.com/security/updates/classification/ In fact this is something we've started to do for Red Hat products; the Red Hat Application Stack product comes with two years of full support, followed by a year of security support for critical severity issues only. Mark From jkeating at redhat.com Mon Oct 9 14:59:08 2006 From: jkeating at redhat.com (Jesse Keating) Date: Mon, 9 Oct 2006 10:59:08 -0400 Subject: Fedora Legacy needs help! In-Reply-To: <0610090836180.10015@dell1.moose.awe.com> References: <00b801c6ea12$ea2ebbc0$7962cfd0@homedns.org> <0610090836180.10015@dell1.moose.awe.com> Message-ID: <200610091059.09364.jkeating@redhat.com> On Monday 09 October 2006 03:53, Mark J Cox wrote: > Would limiting the scope of errata support help stop Legacy being > overwhelmed with updates? > > In my opinion if Legacy was a project that fixed only security issues > rated severity critical (plus say kernel privilege escalation issues), it > would still be providing an important level of protection to users whilst > limiting the amount of work. ?For example for Enterprise Linux 4 we issued > about 20 updates a year that would fall into this category. > http://www.redhat.com/security/updates/classification/ I think this might be acceptable. We're still in a major hole wrt RHL7.3/RHL9 and FC3/4 that we'd have to dig our way out of, even if we limited it to Critical severity stuff, and this is where we need some initial help to dig our way out to a manegable workflow. -- Jesse Keating Release Engineer: Fedora -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From bugzilla at redhat.com Tue Oct 10 17:48:58 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Oct 2006 13:48:58 -0400 Subject: [Bug 191089] multiple vulnerabilities In-Reply-To: Message-ID: <200610101748.k9AHmwvJ028282@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191089 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|enrico.scholz at informatik.tu-|giallu at gmail.com |chemnitz.de | ------- Additional Comments From ville.skytta at iki.fi 2006-10-10 13:48 EST ------- Reassign to current maintainer. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Oct 10 18:25:14 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Oct 2006 14:25:14 -0400 Subject: [Bug 206516] CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle multiple vulnerabilities In-Reply-To: Message-ID: <200610101825.k9AIPE5j031448@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206516 ------- Additional Comments From ville.skytta at iki.fi 2006-10-10 14:24 EST ------- Yet one more for 1.6.2: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5219 If this new doesn't affect the packaged versions and all the earlier reported ones have been verified to not affect them either, perhaps someone who has done the verification could close this bug? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Oct 13 20:30:10 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 13 Oct 2006 16:30:10 -0400 Subject: [Bug 206516] CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle multiple vulnerabilities In-Reply-To: Message-ID: <200610132030.k9DKUAuM018395@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206516 ------- Additional Comments From imlinux at gmail.com 2006-10-13 16:30 EST ------- FYI, I've been working to update this to 1.6.3. I'm going to release a version to devel today. FC[4-5] to follow. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Oct 15 20:48:45 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 15 Oct 2006 16:48:45 -0400 Subject: [Bug 210825] New: RSA signature forgery issues in BouncyCastle < 1.34 Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210825 Summary: RSA signature forgery issues in BouncyCastle < 1.34 Product: Fedora Core Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: java-1.4.2-gcj-compat AssignedTo: fitzsim at redhat.com ReportedBy: ville.skytta at iki.fi CC: fedora-security-list at redhat.com >From BouncyCastle 1.34 release notes: Security Advisory If you are using RSA with a public exponent of three you must upgrade to this release if you want to avoid recent forgery attacks that have been described against specific implementations of the RSA signature algorithm. java-1.4.2-gcj-compat in FC5 ship with BC 1.31 and may thus be affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Oct 16 18:12:39 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Oct 2006 14:12:39 -0400 Subject: [Bug 210973] New: clamav < 0.88.5 CHM and PE vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210973 Summary: clamav < 0.88.5 CHM and PE vulnerabilities Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: clamav AssignedTo: enrico.scholz at informatik.tu-chemnitz.de ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com (Apparently no CVE id available yet) http://www.vuxml.org/freebsd/8012a79d-5d21-11db-bb8d-00123ffe8333.html Secunia reports: Two vulnerabilities have been reported in Clam AntiVirus, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An unspecified error in the CHM unpacker in chmunpack.c can be exploited to cause a DoS. 2) An unspecified error in rebuildpe.c when rebuilding PE files after unpacking can be exploited to cause a heap-based buffer overflow. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Oct 16 18:14:00 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Oct 2006 14:14:00 -0400 Subject: [Bug 210973] clamav < 0.88.5 CHM and PE vulnerabilities In-Reply-To: Message-ID: <200610161814.k9GIE0XY010507@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: clamav < 0.88.5 CHM and PE vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210973 ------- Additional Comments From ville.skytta at iki.fi 2006-10-16 14:13 EST ------- FE[3456] seem affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Oct 17 19:13:06 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Oct 2006 15:13:06 -0400 Subject: [Bug 210973] clamav < 0.88.5 CHM and PE vulnerabilities In-Reply-To: Message-ID: <200610171913.k9HJD68d005712@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: clamav < 0.88.5 CHM and PE vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210973 ------- Additional Comments From ville.skytta at iki.fi 2006-10-17 15:12 EST ------- CVE-2006-4182, CVE-2006-5295 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Oct 19 03:29:08 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Oct 2006 23:29:08 -0400 Subject: [Bug 209167] seamonkey < 1.0.5 multiple vulnerabilities In-Reply-To: Message-ID: <200610190329.k9J3T8vU005322@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: seamonkey < 1.0.5 multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167 ------- Additional Comments From kengert at redhat.com 2006-10-18 23:29 EST ------- (In reply to comment #2) > Has Seamonkey been released as a Mozilla replacement for FC5? (rather than > FE5?)) No, not as real drop in replacement. But you can install seamonkey for FC5 from Fedora Extras and you can run it instead of Mozilla, and it will use your existing Mozilla profile. > I would think that this issue will need some work, but that we can probably > take our cues from the Seamonkey packages that were released for RHEL 2.1, > RHEL 3 and RHEL 4, that Chris Aillon I believe has been working on for RHEL's > Mozilla-suite replacement. This is more than I had intended with this bug. You are proposing a full replacement, which is more work than I was proposing to do. This bug is simply about: Consider to update the SeaMonkey 1.0.4 already available in FC4 to the newer SeaMonkey 1.0.5 And being not involved in Legacy yet, my question was: What is the exact process to get that done. Is Legacy still using the same build infrastructure? Is it sufficient to do a "make build" in the standard cvs/extras/seamonkey/FC-4 directory? Will such a build end up on the fedora legacy server? If this is wrong, could you please point me to a document that explains where to build Extra packages for Legacy? I couldn't find it. > I will put in a Bugzilla (infrastructure) Bug to add "Seamonkey" as a > component for all Legacy releases so this bug can be properly filed. Yes, this bug is really meant to be about seamonkey, but as of today, the seamonkey product is not yet available in Legacy. Or should I still file this bug against extras? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 21 00:07:48 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Oct 2006 20:07:48 -0400 Subject: [Bug 191089] multiple vulnerabilities In-Reply-To: Message-ID: <200610210007.k9L07mUP001982@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191089 giallu at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.19.4-2 ------- Additional Comments From giallu at gmail.com 2006-10-20 20:07 EST ------- FC-5 and FC-6 was updated with 1.0.5. About FC-4, I do not feel confortable about supplying an update which is guaranteed to require some manual steps to complete. I applied some backported fixes already present in upstream CVS, but not yet released as 0.19.5. Look for 0.19.5 in http://www.mantisbugtracker.com/bugs/changelog_page.php for more details -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 21 06:09:09 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 21 Oct 2006 02:09:09 -0400 Subject: [Bug 209167] seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla In-Reply-To: Message-ID: <200610210609.k9L699Xv016700@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167 deisenst at gtw.net changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|seamonkey < 1.0.5 multiple |seamonkey < 1.0.5 multiple |vulnerabilities |vulnerabilities; to replace | |Mozilla Component|mozilla |seamonkey CC| |michal at harddata.com, | |jkeating at redhat.com ------- Additional Comments From deisenst at gtw.net 2006-10-21 02:08 EST ------- Changing component to seamonkey, as this was added yesterday or so to the Bugzilla system. Thanks, Jesse! Kai, we're doing some work in Legacy to help open up access for folks to be able to build packages in an environment like Fedora Extras has -- even- tually down to even using the same build server infrastructure that Extras now uses. However, Legacy's current build team for quite a while has had its own independent build server, which we are still using. We are in the pro- cess of getting to know how CVS works and more about the details of buil- ding packages in a similar if not nearly identical way that Extras does it. I for one am a CVS newbie though. Legacy folks have been used to unpacking, repacking, and passing around .src.rpm's for Legacy's QA activities. Although we are in the process of migrating to a more extras-like environment in Legacy, I am not sure how technically far along the process we are in doing so. Jesse Keating is the man-in-the-know in that regard. I believe Jesse is trying to balance a desire to get everything moved to Fedora infrastructure with the fact that there are a number of people that need to get accustomed to what to us is a new way of doing things. Because some other packages in the Fedora Core depend on libraries provided by Mozilla, and because we are not sure of which and/or how many Mozilla &c vulnerabilties may lie within the libraries that Mozilla pro- vides to other packages in Core, I believe we ought to be more interested in creating replacement packages for Mozilla using seamonkey. At least 'yelp' and the 'epiphany' browser depend upon Mozilla libraries, but there may be other packages in Core that do too. You might be interested in knowing, Kai, that Michal Jaegermann, a Fedora Legacy contributor, has created a replacement seamonkey srpm package for FC4. His email to the fedora-legacy-list about it can be found here: Kai, do you have access to Fedora Legacy's cvs? An example command that I was given to access (checkout) a package from that cvs: cvs -d :ext:@cvs.fedora.redhat.com:/cvs/legacy co which should check out the Fedora Core 3 & 4 cvs stuff for . If you have access, I would welcome your checking in seamonkey 1.0.5 sources and patches and a spec-file there. After you do that, we can tweak the spec-file to turn seamonkey into a replacement seamonkey version for our FC4 and FC3 users. Then I can build what we've come up with on Legacy's build server, sign it with the Legacy PGP key, push it to Legacy's updates-testing repository and ask our legacy folks to test it. I certainly will, especially if we can create a FC5 version of a (replacement) seamonkey while we're at doing these others for FC4 and FC3. If you don't have access to Legacy's cvs, you can get access by being added to the 'cvslegacy' group through the Fedora Accounts system, . Jesse Keating will be the one to approve your access there; I would think that should be no problem. Does this sound like a plan? Thoughts / Suggestions anyone? Thanks! -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 21 06:25:45 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 21 Oct 2006 02:25:45 -0400 Subject: [Bug 191089] mantis multiple vulnerabilities In-Reply-To: Message-ID: <200610210625.k9L6PjlK017167@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: mantis multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191089 deisenst at gtw.net changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|multiple vulnerabilities |mantis multiple | |vulnerabilities -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Oct 23 20:49:59 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Oct 2006 16:49:59 -0400 Subject: [Bug 191089] mantis multiple vulnerabilities In-Reply-To: Message-ID: <200610232049.k9NKnxBr021603@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: mantis multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191089 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Version|fc5 |fc4 Status|CLOSED |NEW Keywords| |Reopened Resolution|CURRENTRELEASE | ------- Additional Comments From ville.skytta at iki.fi 2006-10-23 16:49 EST ------- Looking briefly into the patches applied to the FC-4 package, it seems to me that CVE-2006-0665 and CVE-2006-0840 are fixed, but the following may remain unaddressed or only partially fixed: CVE-2006-0665, CVE-2006-0841, CVE-2006-1577 For more info, see the Debian patchkit at http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge4.1.diff.gz Reopening for comments from someone more familiar with Mantis and PHP. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Oct 26 14:47:08 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Oct 2006 10:47:08 -0400 Subject: [Bug 212355] New: CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212355 Summary: CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: bugzilla AssignedTo: jwb at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com According to CVE descriptions, Bugzilla in FE-4 and later is vulnerable to: CVE-2006-5453 (unauthorized write access) CVE-2006-5454 (unauthorized information access) CVE-2006-5455 (unauthorized write access) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Oct 27 01:40:05 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Oct 2006 21:40:05 -0400 Subject: [Bug 212355] CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla vulnerabilities In-Reply-To: Message-ID: <200610270140.k9R1e52f018158@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212355 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Oct 27 14:09:14 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 27 Oct 2006 10:09:14 -0400 Subject: [Bug 206516] CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle multiple vulnerabilities In-Reply-To: Message-ID: <200610271409.k9RE9ELa004709@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4784, CVE-2006-4785, CVE-2006-4786: moodle multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206516 imlinux at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From imlinux at gmail.com 2006-10-27 10:09 EST ------- No one has complained, I'll be rebuilding FC4 and 5 immediately. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Oct 27 17:17:41 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 27 Oct 2006 13:17:41 -0400 Subject: [Bug 210973] clamav < 0.88.5 CHM and PE vulnerabilities In-Reply-To: Message-ID: <200610271717.k9RHHfPq021306@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: clamav < 0.88.5 CHM and PE vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210973 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |0.88.5 ------- Additional Comments From ville.skytta at iki.fi 2006-10-27 13:17 EST ------- Appears to be fixed in all branches. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 28 06:16:10 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 28 Oct 2006 02:16:10 -0400 Subject: [Bug 212696] New: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212696 Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: wv AssignedTo: gauret at free.fr ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com Multiple integer overflows in wv < 1.2.3: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 All FE versions seem affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 28 06:35:06 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 28 Oct 2006 02:35:06 -0400 Subject: [Bug 212698] New: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212698 Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: abiword AssignedTo: uwog at uwog.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com +++ This bug was initially created as a clone of Bug #212696 +++ Multiple integer overflows in wv < 1.2.3: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513 abiword uses an internal copy of wv, which seems to be 1.0.3 as of abiword 2.4.5, so it may be affected. Additionally, would it be possible to change abiword to use the system installed wv instead of the internal one? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 28 06:43:36 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 28 Oct 2006 02:43:36 -0400 Subject: [Bug 212699] New: CVE-2006-5602: xsupplicant < 1.2.6 memory leaks Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212699 Summary: CVE-2006-5602: xsupplicant < 1.2.6 memory leaks Product: Fedora Extras Version: fc3 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5602 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xsupplicant AssignedTo: tcallawa at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5602 (FC3 only) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 28 06:47:19 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 28 Oct 2006 02:47:19 -0400 Subject: [Bug 212700] New: CVE-2006-5601: xsupplicant < 1.2.8 (?) stack smashing vulnerability Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212700 Summary: CVE-2006-5601: xsupplicant < 1.2.8 (?) stack smashing vulnerability Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5601 OS/Version: Linux Status: NEW Severity: high Priority: normal Component: xsupplicant AssignedTo: tcallawa at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5601 http://open1x.sourceforge.net/ "7 Oct 2006 -- Xsupplicant 1.2.8 is now available for download. This release has several bug fixes in it, including a fix to a stack smash that could potentially lead to a remote root exploit." Seems to affect all FE versions. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 28 06:51:00 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 28 Oct 2006 02:51:00 -0400 Subject: [Bug 212698] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610280651.k9S6p0Ug004477@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212698 peter at thecodergeek.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |peter at thecodergeek.com ------- Additional Comments From peter at thecodergeek.com 2006-10-28 02:50 EST ------- (In reply to comment #0) > Additionally, would it be possible to change abiword to use the system > installed wv instead of the internal one? IIRC, That's planned for the in-development 2.6.x series. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 28 16:57:03 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 28 Oct 2006 12:57:03 -0400 Subject: [Bug 212696] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610281657.k9SGv3Ii032108@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212696 gauret at free.fr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From gauret at free.fr 2006-10-28 12:57 EST ------- Updated to 1.2.4 for FC-5, FC-6 and devel -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Oct 28 20:16:06 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 28 Oct 2006 16:16:06 -0400 Subject: [Bug 212696] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610282016.k9SKG65J011451@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212696 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |NEW Keywords| |Reopened Resolution|NEXTRELEASE | ------- Additional Comments From ville.skytta at iki.fi 2006-10-28 16:15 EST ------- FC-4 seems to have been updated too, but build failed, libgsf-devel >= 1.11.2 not found: http://buildsys.fedoraproject.org/build-status/job.psp?uid=20439 I don't see a devel build either in the failed or succeeded build lists. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Oct 29 07:04:50 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 29 Oct 2006 02:04:50 -0500 Subject: [Bug 212696] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610290704.k9T74oRE000723@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212696 ------- Additional Comments From gauret at free.fr 2006-10-29 02:04 EST ------- Devel build re-requested. wv really needs libgsf >= 1.13.0 (in version 1.2.3 too), and this does not exist in FC-4. What should I do ? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Oct 29 09:26:23 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 29 Oct 2006 04:26:23 -0500 Subject: [Bug 212696] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610290926.k9T9QNQ0024760@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212696 ------- Additional Comments From ville.skytta at iki.fi 2006-10-29 04:26 EST ------- Perhaps take a look if the fixes are easy to backport as a patch to an older wv version instead of upgrading it? If not, or if you're not (that) interested in FC-4 any more, I'd suggest reverting the upgrade to 1.2.4 in the FC-4 branch in order to provide a clean table for someone else who might be interested in taking a look at fixing it for legacy distro version(s). -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Oct 29 18:09:36 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 29 Oct 2006 13:09:36 -0500 Subject: [Bug 212696] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610291809.k9TI9a8H019274@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212696 gauret at free.fr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From gauret at free.fr 2006-10-29 13:09 EST ------- OK, the patch applies fine on version 1.0.3 and it builds fine. However, I have no FC-4 system to test it on. Since it seems to be a small patch, I've requested the build nevertheless. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Oct 29 18:12:34 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 29 Oct 2006 13:12:34 -0500 Subject: [Bug 212698] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610291812.k9TICYGU019411@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212698 gauret at free.fr changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gauret at free.fr ------- Additional Comments From gauret at free.fr 2006-10-29 13:12 EST ------- I've backported the fix to version 1.0.3 (FC-4 version), you may want to try that: http://cvs.fedora.redhat.com/viewcvs/rpms/wv/FC-4/wv-1.0.3-CVE-2006-4513.patch?root=extras&rev=1.1&view=log -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Oct 29 18:29:06 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 29 Oct 2006 13:29:06 -0500 Subject: [Bug 212698] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610291829.k9TIT6aE020053@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212698 ------- Additional Comments From uwog at uwog.net 2006-10-29 13:28 EST ------- In AbiWord CVS the backports to wv have already been made too, so AbiWord 2.4.6 will automatically get the fixes. I'll update AbiWord 2.3.5 in the meantime with a patch as well. Also note that the fix described in comment 2 prevents the overflow, but _will crash_ on the documents that triggered the overflow in the first place. Please apply the attached diff as well. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Oct 29 18:30:18 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 29 Oct 2006 13:30:18 -0500 Subject: [Bug 212698] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610291830.k9TIUInZ020096@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212698 ------- Additional Comments From uwog at uwog.net 2006-10-29 13:30 EST ------- Created an attachment (id=139674) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=139674&action=view) Patch to prevent wv from crashing after applying the security fix Patch to prevent wv from crashing after applying the security fix -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Oct 29 18:47:33 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 29 Oct 2006 13:47:33 -0500 Subject: [Bug 212698] CVE-2006-4513: multiple integer overflows in wv < 1.2.3 In-Reply-To: Message-ID: <200610291847.k9TIlXUM021285@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212698 ------- Additional Comments From gauret at free.fr 2006-10-29 13:47 EST ------- Done, thanks. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.