July 2022 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1201115] New: The Fedora:Rawhide project on OBS is very outdated
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1201115 Bug ID: 1201115 Summary: The Fedora:Rawhide project on OBS is very outdated Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: All OS: Fedora Status: NEW Severity: Normal Priority: P5 - None Component: BuildService Assignee: screening-team-bugs(a)suse.de Reporter: brunopitrus(a)hotmail.com QA Contact: adrian.schroeter(a)suse.com Found By: --- Blocker: --- See here for a minimal example: https://build.opensuse.org/package/show/home:dziobian:test/bugbug According to https://fedora.pkgs.org/rawhide/fedora-x86_64/abseil-cpp-20211102.0-2.fc37.… new abseil-cpp-devel has been available since March, and the version that OBS tries to pick is not in the repo anymore �� so the package is incorrectly shown as unresolvable. -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1199924] [Build 20220524] qemu: buffer overflow detected
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

https://bugzilla.suse.com/show_bug.cgi?id=1199924 https://bugzilla.suse.com/show_bug.cgi?id=1199924#c64 --- Comment #64 from Swamp Workflow Management <swamp(a)suse.de> --- SUSE-SU-2022:2254-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1197084,1198035,1198037,1198712,1199018,1199924 CVE References: CVE-2021-4206,CVE-2021-4207,CVE-2022-26354 JIRA References: Sources used: openSUSE Leap 15.3 (src): qemu-5.2.0-150300.115.2, qemu-linux-user-5.2.0-150300.115.2, qemu-testsuite-5.2.0-150300.115.4 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): qemu-5.2.0-150300.115.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): qemu-5.2.0-150300.115.2 SUSE Linux Enterprise Micro 5.2 (src): qemu-5.2.0-150300.115.2 SUSE Linux Enterprise Micro 5.1 (src): qemu-5.2.0-150300.115.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1185637] openssl-1_1 fails to build after 2022-06-01
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

https://bugzilla.suse.com/show_bug.cgi?id=1185637 https://bugzilla.suse.com/show_bug.cgi?id=1185637#c27 --- Comment #27 from Swamp Workflow Management <swamp(a)suse.de> --- SUSE-SU-2022:2251-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1185637,1199166,1200550 CVE References: CVE-2022-1292,CVE-2022-2068 JIRA References: Sources used: openSUSE Leap 15.3 (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Manager Server 4.1 (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Manager Retail Branch Server 4.1 (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Manager Proxy 4.1 (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Linux Enterprise Micro 5.2 (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Linux Enterprise Micro 5.1 (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): openssl-1_1-1.1.1d-150200.11.48.1 SUSE Enterprise Storage 7 (src): openssl-1_1-1.1.1d-150200.11.48.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191323] New: rpmlint: soname check no longer working on TW
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1191323 Bug ID: 1191323 Summary: rpmlint: soname check no longer working on TW Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: martin.liska(a)suse.com Reporter: mrueckert(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- on 15.3 i get ``` libpg_query1320.x86_64: E: shlib-policy-name-error (Badness: 10000) libpg_query1302_0 ``` but this is missing on TW can we please make sure that suse specific checks like this do not get lost? -- You are receiving this mail because: You are on the CC list for the bug.

1 84

[Bug 1199809] New: [SLPP] :systemd:mini E: shlib-policy-name-error
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1199809 Bug ID: 1199809 Summary: [SLPP] :systemd:mini E: shlib-policy-name-error Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- The following rpmlint error was seen for the package: libsystemd0-mini.x86_64: E: shlib-policy-name-error SONAME: libsystemd.so.0, expected package suffix: 0 Note the updated rpmlint will reach openSUSE:Factory soon. We would like to make 'shlib-policy-name-error' a package build failure error, so please fix the error. Link to the SLPP documentation: https://en.opensuse.org/openSUSE:Shared_library_packaging_policy#Package_na… -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1201181] VUL-0: CVE-2021-41690: dcmtk: malloced memory for storing all file information are recorded in a global variable LST and are not freed properly
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

https://bugzilla.suse.com/show_bug.cgi?id=1201181 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1201179] VUL-0: CVE-2021-41688: dcmtk: object in the program is free but its address is still used in other locations
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

https://bugzilla.suse.com/show_bug.cgi?id=1201179 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1201180] VUL-0: CVE-2021-41689: dcmtk: sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

https://bugzilla.suse.com/show_bug.cgi?id=1201180 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1201178] VUL-0: CVE-2021-41687: dcmtk: the program malloc a heap memory for parsing data, but does not free it when error in parsing
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

https://bugzilla.suse.com/show_bug.cgi?id=1201178 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1183669] AUDIT-TRACKER: CVE-2021-31153,CVE-2021-31154,CVE-2021-31155: please: security audit for permissions-file-setuid-bit
by bugzilla_noreply＠suse.com 04 Jul '22

04 Jul '22

https://bugzilla.suse.com/show_bug.cgi?id=1183669 https://bugzilla.suse.com/show_bug.cgi?id=1183669#c24 --- Comment #24 from Matthias Gerstner <matthias.gerstner(a)suse.com> --- (In reply to Andreas Stieger from comment #23) > Reporter sais this was not actually applied to the distros? > security:idm/pleaser/15.3/x86_64 > security:idm/pleaser/15.4/x86_64 No it wasn't. The whitelisting was only requested for Factory up to now. Please open a separate bug prefixed with "AUDIT-WHITELIST:" to request backports of whitelistings into individual products. Thanks! -- You are receiving this mail because: You are on the CC list for the bug.

1 0