September 2021 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1190244] VUL-0: CVE-2021-40529: Botan: ElGamal implementation allows plaintext recovery
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

https://bugzilla.suse.com/show_bug.cgi?id=1190244 Marcus Meissner <meissner(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1190244] VUL-0: CVE-2021-40529: Botan: ElGamal implementation allows plaintext recovery
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

https://bugzilla.suse.com/show_bug.cgi?id=1190244 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189908] New: iconvconfig: gconv modules are not in directory /usr/lib/gconv
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

http://bugzilla.opensuse.org/show_bug.cgi?id=1189908 Bug ID: 1189908 Summary: iconvconfig: gconv modules are not in directory /usr/lib/gconv Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Minor Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: giecrilj(a)stegny.2a.pl QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- According to the manual, gconv modules should be stored in directory /usr/lib/gconv. This directory does not even exist. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1190178] New: VUL-1: CVE-2020-18971: podofo: stack-based buffer overflow in src/base/PdfDictionary.cpp
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

https://bugzilla.suse.com/show_bug.cgi?id=1190178 Bug ID: 1190178 Summary: VUL-1: CVE-2020-18971: podofo: stack-based buffer overflow in src/base/PdfDictionary.cpp Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/308329/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: adrian.schroeter(a)suse.com Reporter: gabriele.sonnu(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. Reference: https://sourceforge.net/p/podofo/tickets/48/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1998601 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18971 https://sourceforge.net/p/podofo/tickets/48/ -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1190179] New: VUL-1: CVE-2020-18972: podofo: memory leak in IsNextToken() in src/base/PdfTokenizer.cpp
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

https://bugzilla.suse.com/show_bug.cgi?id=1190179 Bug ID: 1190179 Summary: VUL-1: CVE-2020-18972: podofo: memory leak in IsNextToken() in src/base/PdfTokenizer.cpp Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/308328/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: adrian.schroeter(a)suse.com Reporter: gabriele.sonnu(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. Reference: https://sourceforge.net/p/podofo/tickets/49/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1998607 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18972 https://sourceforge.net/p/podofo/tickets/49/ -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1189085] fedfs-utils fails with glibc 2.34
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

https://bugzilla.suse.com/show_bug.cgi?id=1189085 https://bugzilla.suse.com/show_bug.cgi?id=1189085#c8 Martin Li��ka <martin.liska(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #8 from Martin Li��ka <martin.liska(a)suse.com> --- Thus fixed now I would say.. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189079] [META] glibc 2.34 packages failures
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

https://bugzilla.suse.com/show_bug.cgi?id=1189079 Bug 1189079 depends on bug 1189085, which changed state. Bug 1189085 Summary: fedfs-utils fails with glibc 2.34 https://bugzilla.suse.com/show_bug.cgi?id=1189085 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189027] The ability to configure what the password should be, as well as its generation
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

1 0

[Bug 1188927] Adobe Source fonts being renamed
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

https://bugzilla.suse.com/show_bug.cgi?id=1188927 https://bugzilla.suse.com/show_bug.cgi?id=1188927#c8 Michal Filka <mfilka(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC|mfilka(a)suse.com | Resolution|--- |FIXED --- Comment #8 from Michal Filka <mfilka(a)suse.com> --- (In reply to David Diaz from comment #7) > Please, see https://bugzilla.suse.com/show_bug.cgi?id=1189267#c13 According to discussion with dimstar: - both adobe-sourcesanspro-fonts and adobe-sourcesans3-fonts are available in TW - we should prefer source sans 3 as it is newer and a bit tuned compared to the other one. - revert referenced in the comment above was done to make these both fonts could coexist (resp if i got it correctly "sanspro" is a kind of alias for "sans3") So, closing as yast uses sans 3 according to comment#1 and comment#6 already. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1190235] umip: remember that you printed the warning and only print it once
by bugzilla_noreply＠suse.com 07 Sep '21

07 Sep '21

https://bugzilla.suse.com/show_bug.cgi?id=1190235 https://bugzilla.suse.com/show_bug.cgi?id=1190235#c1 --- Comment #1 from Borislav Petkov <bpetkov(a)suse.com> --- Hmm, there's a ratelimiting in that printk which should do "Bursts of 5 messages every two minutes". But that doesn't looke like it. Can you isolate the simplest reproducer possible so that I can try it on my machine and see what's going on? Also upload full dmesg from your machine pls. Thx. -- You are receiving this mail because: You are on the CC list for the bug.

1 0