September 2020 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1176031] (CVE-2020-24553) VUL-0: CVE-2020-24553: go net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

https://bugzilla.suse.com/show_bug.cgi?id=1176031 https://bugzilla.suse.com/show_bug.cgi?id=1176031#c1 --- Comment #1 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1176031) was mentioned in https://build.opensuse.org/request/show/831306 Factory / go1.14 https://build.opensuse.org/request/show/831307 Factory / go1.15 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1175132] go1.15 release tracking
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

https://bugzilla.suse.com/show_bug.cgi?id=1175132 https://bugzilla.suse.com/show_bug.cgi?id=1175132#c2 --- Comment #2 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1175132) was mentioned in https://build.opensuse.org/request/show/831307 Factory / go1.15 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1164903] go1.14 release tracking
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

https://bugzilla.suse.com/show_bug.cgi?id=1164903 https://bugzilla.suse.com/show_bug.cgi?id=1164903#c18 --- Comment #18 from OBSbugzilla Bot <bwiedemann+obsbugzillabot(a)suse.com> --- This is an autogenerated message for OBS integration: This bug (1164903) was mentioned in https://build.opensuse.org/request/show/831306 Factory / go1.14 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1176033] New: touchpad don't work on Lenovo IdeaPad 3
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1176033 Bug ID: 1176033 Summary: touchpad don't work on Lenovo IdeaPad 3 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: sandro.it(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- I recently purchased a lenovo IdeaPad 3 81WE pc and I report that unfortunately using the last available TW snapshot the touchpad is not recognized. I tried the solution proposed by Matt Warmerdam (https://bugs.launchpad.net/ubuntu/+source/linux-signed-hwe/+bug/1880172) which consists in adding the following to grub: "i8042.nopnp=1 pci=nocrs" and it seems to work. I also report this link: https://www.kernel.org/doc/html/v4.14/admin-guide/kernel-parameters.html, where it is indicated that if you need to use "nocrs" you must report the bug. Information on my pc can be found: https://paste.opensuse.org/31182987 -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1176023] New: calibre ebook-viewer doesn't start, Fatal Python error: PyEval_SaveThread: NULL tstate
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1176023 Bug ID: 1176023 Summary: calibre ebook-viewer doesn't start, Fatal Python error: PyEval_SaveThread: NULL tstate Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: a.samirh78(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Trying to start ebook-viewer fails with: Fatal Python error: PyEval_SaveThread: NULL tstate the issue affects Debian too, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962811 The issue seems fixed by updating python3-qtwebengine-qt5, I tested by building PyQtWebEngine-5.15.1.dev2008221426.tar.gz from upstream. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1175968] openSUSE 15.1, 15.2 and Tumbleweed repos for NVIDIA driver broken
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

https://bugzilla.suse.com/show_bug.cgi?id=1175968 https://bugzilla.suse.com/show_bug.cgi?id=1175968#c8 Stefan Dirsch <sndirsch(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #8 from Stefan Dirsch <sndirsch(a)suse.com> --- NVIDIA just fixed the repositories. Closing. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1176031] (CVE-2020-24553) VUL-0: CVE-2020-24553: go net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

https://bugzilla.suse.com/show_bug.cgi?id=1176031 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1175968] New: YaST2 reports "Wrong Digest" for https://download.nvidia.com/opensuse/tumbleweed
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1175968 Bug ID: 1175968 Summary: YaST2 reports "Wrong Digest" for https://download.nvidia.com/opensuse/tumbleweed Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers(a)suse.de Reporter: jchoksi(a)gmail.com QA Contact: jsrain(a)suse.com Found By: --- Blocker: --- Confirmed as happening to others as well: - https://old.reddit.com/r/openSUSE/comments/iiuc4g/anybody_else_getting_a_wr… - https://lists.opensuse.org/opensuse-factory/2020-08/msg00329.html In my case, when installing openSUSE Tumbleweed via autoyast, if I have an entry to setup the nvidia repository, e.g. <listentry t="map"> <alias>download.nvidia.com-tumbleweed</alias> <media_url>https://download.nvidia.com/opensuse/tumbleweed</media_url> <name>nVidia Graphics Drivers</name> <priority t="integer">90</priority> <product_dir>/</product_dir> </listentry> then during installation, I will get the following error: ---snip--- Wrong Digest The expected checksum of file /var/tmp/AP_0xp8UPnm/repodata/susedata.xml.gz is fa47ae8244fe7640f149d28964e604bf7e756da989d7e520f67216a96bb6cfb2, but the current checksum is 1f4dc420bfbf3d1b423cd7c4e1ca6aa25d7a13daff70c64e412f0ed449602406. The file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity and security of your system. Use it anyway? [] Do not show this message again [ YES ] [ NO ] ---snip--- -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1176031] New: (CVE-2020-24553) VUL-0: CVE-2020-24553: go net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1176031 Bug ID: 1176031 Summary: (CVE-2020-24553) VUL-0: CVE-2020-24553: go net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: jkowalczyk(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Go 1.15.1 and Go 1.14.8 address a recently reported security issue: When a Handler does not explicitly set the Content-Type header, the net/http/cgi and net/http/fcgi packages would default to “text/html”, which could cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response. The Content-Type header is now set based on the contents of the first Write using http.DetectContentType, which is consistent with the behavior of the net/http package. Although this protects some applications that validate the contents of uploaded files, not setting the Content-Type header explicitly on any attacker-controlled file is unsafe and should be avoided. This issue is CVE-2020-24553 and Go issue https://github.com/golang/go/issues/40928 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1173758] Qt 5.12 shipped in Leap 15.2 lacks support for PostgreSQL 12 also shipped in Leap 15.2
by bugzilla_noreply＠suse.com 01 Sep '20

01 Sep '20

https://bugzilla.suse.com/show_bug.cgi?id=1173758 https://bugzilla.suse.com/show_bug.cgi?id=1173758#c7 --- Comment #7 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:1319-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1172726,1173758 CVE References: CVE-2020-13962 JIRA References: Sources used: openSUSE Leap 15.2 (src): libqt5-qtbase-5.12.7-lp152.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0