October 2021 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1191306] VUL-0: CVE-2021-32626: redis: Specially crafted Lua scripts may result with Heap buffer overflow
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191306 SMASH SMASH <smash_bz(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2021-3262 | |6:7.5:(AV:N/AC:H/PR:L/UI:N/ | |S:U/C:H/I:H/A:H) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191260] kernel 5.14.8 post scriptlets failing
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191260 https://bugzilla.suse.com/show_bug.cgi?id=1191260#c15 --- Comment #15 from Michal Suchanek <msuchanek(a)suse.com> --- It still stands. You claim you remove redundancy but is_supported needs to detect which certificate management is preset as does enroll and delete. So is_supported is completely redundant. But the worse problem is that whatever piece of code you are changing you have to be aware of if ! is_supported; then exit 0 fi - the code is no longer local. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191322] Optimize building initrd when updating system
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191322 https://bugzilla.suse.com/show_bug.cgi?id=1191322#c1 Takashi Iwai <tiwai(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.wilck(a)suse.com, | |msuchanek(a)suse.com, | |tiwai(a)suse.com --- Comment #1 from Takashi Iwai <tiwai(a)suse.com> --- There has been already discussions and some ongoing works about the optimization of initrd creation. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191282] Support for kwallet removed from svn
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191282 https://bugzilla.suse.com/show_bug.cgi?id=1191282#c3 Fabian Vogt <fvogt(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fvogt(a)suse.com Flags|needinfo?(meissner(a)suse.com | |) | --- Comment #3 from Fabian Vogt <fvogt(a)suse.com> --- This needinfo looks a bit weird, probably unintentional? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1184924] [Build 134.3] openQA test fails in kdump_and_crash - forced crash didn't result into expected reboot
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1184924 Ivan Ivanov <ivan.ivanov(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|mbrugger(a)suse.com |ivan.ivanov(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191302] VUL-0: CVE-2021-32687: redis: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191302 SMASH SMASH <smash_bz(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2021-3268 | |7:7.5:(AV:N/AC:H/PR:L/UI:N/ | |S:U/C:H/I:H/A:H) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191300] VUL-0: CVE-2021-32762: redis: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191300 SMASH SMASH <smash_bz(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2021-3276 | |2:7.5:(AV:N/AC:H/PR:L/UI:N/ | |S:U/C:H/I:H/A:H) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191299] VUL-0: CVE-2021-41099: redis: Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191299 SMASH SMASH <smash_bz(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2021-4109 | |9:7.5:(AV:N/AC:H/PR:L/UI:N/ | |S:U/C:H/I:H/A:H) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191282] Support for kwallet removed from svn
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191282 Marcus Meissner <meissner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner(a)suse.com Flags| |needinfo?(meissner(a)suse.com | |) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191230] Tumbleweed installer has Leap 15.3 release notes
by bugzilla_noreply＠suse.com 05 Oct '21

05 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191230 https://bugzilla.suse.com/show_bug.cgi?id=1191230#c1 Knut Alejandro Anderssen Gonz�lez <kanderssen(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #1 from Knut Alejandro Anderssen Gonz�lez <kanderssen(a)suse.com> --- Well, there are not release notes for TW at all. See https://doc.opensuse.org/release-notes/x86_64/openSUSE/Tumbleweed/ So, them are basically a remainder from when Factory was the devel tree for the uncoming openSUSE fixed releases which were then branched off, in this case Leap 15.3 So, I will close it as invalid. -- You are receiving this mail because: You are on the CC list for the bug.

1 0