August 2024 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1228839] New: VUL-0: CVE-2024-28567: freeimage: Buffer Overflow in FreeImage_CreateICCProfile() function when reading images in TIFF format
by bugzilla_noreply＠suse.com 05 Aug '24

05 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1228839 Bug ID: 1228839 Summary: VUL-0: CVE-2024-28567: freeimage: Buffer Overflow in FreeImage_CreateICCProfile() function when reading images in TIFF format Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/398668/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: jengelh(a)inai.de Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: stoyan.manolov(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28567 https://bugzilla.redhat.com/show_bug.cgi?id=2270976 https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 https://www.cve.org/CVERecord?id=CVE-2024-28567 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1228840] New: VUL-0: CVE-2024-28568: freeimage: buffer overflow in read_iptc_profile() function when reading images in TIFF format
by bugzilla_noreply＠suse.com 05 Aug '24

05 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1228840 Bug ID: 1228840 Summary: VUL-0: CVE-2024-28568: freeimage: buffer overflow in read_iptc_profile() function when reading images in TIFF format Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/398667/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: jengelh(a)inai.de Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: stoyan.manolov(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28568 https://bugzilla.redhat.com/show_bug.cgi?id=2270975 https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 https://www.cve.org/CVERecord?id=CVE-2024-28568 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1228842] New: VUL-0: CVE-2024-28574: freeimage: buffer overflow in opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format
by bugzilla_noreply＠suse.com 05 Aug '24

05 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1228842 Bug ID: 1228842 Summary: VUL-0: CVE-2024-28574: freeimage: buffer overflow in opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/398659/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: jengelh(a)inai.de Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: stoyan.manolov(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28574 https://bugzilla.redhat.com/show_bug.cgi?id=2270969 https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 https://www.cve.org/CVERecord?id=CVE-2024-28574 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1228841] New: VUL-0: CVE-2024-28573: freeimage: buffer overflow in peg_read_exif_profile() function when reading images in JPEG format
by bugzilla_noreply＠suse.com 05 Aug '24

05 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1228841 Bug ID: 1228841 Summary: VUL-0: CVE-2024-28573: freeimage: buffer overflow in peg_read_exif_profile() function when reading images in JPEG format Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/398662/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: jengelh(a)inai.de Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: stoyan.manolov(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28573 https://bugzilla.redhat.com/show_bug.cgi?id=2270970 https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 https://www.cve.org/CVERecord?id=CVE-2024-28573 -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1226112] Supersede kmozillahelper by xdg-desktop-portal integration
by bugzilla_noreply＠suse.com 04 Aug '24

04 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1226112 https://bugzilla.suse.com/show_bug.cgi?id=1226112#c5 --- Comment #5 from Björn Bidar <bjorn.bidar(a)thaodan.de> --- (In reply to Fabian Vogt from comment #4) > (In reply to Björn Bidar from comment #3) > > What is left that kmozillahelper does that the new switch to use the > > XDG-Portal doesn't do? > > Nothing really relevant anymore FWICT. > > > From my point of view there should be no downside to use portals by default > > even outside of Plasma as it can useful for other use cases. > > Not sure whether there are any edgecases. Some DEs might not have portals > configured correctly or not available at all. So IMO doing this only for > Plasma for now is safer. I don't think that's needed since GTK will use the dialog that doesn't use portals as fallback if no portal can be found: https://gitlab.gnome.org/GNOME/gtk/-/blob/gtk-3-24/gtk/gtkfilechoosernative… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1224773] NVIDIA KMP: initrd not regenerated on transactional systems using systemd-boot like Aeon >= RC2
by bugzilla_noreply＠suse.com 04 Aug '24

04 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1224773 https://bugzilla.suse.com/show_bug.cgi?id=1224773#c64 --- Comment #64 from Imo Hester <vortex(a)z-ray.de> --- Sorry for all the influx of emails. For now I have to enter the recovery key every single time I boot the system too. Hopefully this will fix itself as soon as the initial issue with the driver installation itself is solved. ^^" -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1228836] New: scrcpy contains pre-built binaries
by bugzilla_noreply＠suse.com 04 Aug '24

04 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1228836 Bug ID: 1228836 Summary: scrcpy contains pre-built binaries Classification: openSUSE Product: openSUSE Tumbleweed Version: Slowroll Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: munix9(a)googlemail.com Reporter: Andreas.Stieger(a)gmx.de QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- scrcpy seems to contain pre-built binaries: URL: https://github.com/Genymobile/scrcpy Source0: %{url}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: %{url}/releases/download/v%{version}/scrcpy-server-v%{version} $ file scrcpy-server-v2.6.1 scrcpy-server-v2.6.1: Android package (APK), with gradle app-metadata.properties https://github.com/Genymobile/scrcpy/blob/master/doc/build.md#build https://github.com/Genymobile/scrcpy/blob/master/doc/build.md#option-2-use-… This appears to be in violation of packaging policy: https://en.opensuse.org/openSUSE:Packaging_guidelines#No_inclusion_of_pre-b… If the package can be made functional without this BLOB, please do so. If not, built the binary from sources either in the package or as a separate package. -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1175644] windows:mingw:win{32|64}/mingw{32|64}-ngspice
by bugzilla_noreply＠suse.com 04 Aug '24

04 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1175644 https://bugzilla.suse.com/show_bug.cgi?id=1175644#c1 Ralf Habacker <ralf.habacker(a)freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Ralf Habacker <ralf.habacker(a)freenet.de> --- With actual ngspice version the mentioned libraries are loaded correctly. 0134:0138: loads DLL Z:\usr\i686-w64-mingw32\sys-root\mingw\lib\ngspice\spice2poly.cm @0000000078290000 (237056<1638>) 0134:0138: loads DLL Z:\usr\i686-w64-mingw32\sys-root\mingw\lib\ngspice\analog.cm @00000000781B0000 (795648<3588>) 0134:0138: loads DLL Z:\usr\i686-w64-mingw32\sys-root\mingw\lib\ngspice\digital.cm @0000000078090000 (1074688<3982>) 0134:0138: loads DLL Z:\usr\i686-w64-mingw32\sys-root\mingw\lib\ngspice\xtradev.cm @0000000077FF0000 (485376<2571>) 0134:0138: loads DLL Z:\usr\i686-w64-mingw32\sys-root\mingw\lib\ngspice\xtraevt.cm @0000000077F80000 (305152<1946>) 0134:0138: loads DLL Z:\usr\i686-w64-mingw32\sys-root\mingw\lib\ngspice\table.cm @0000000077EF0000 (460800<2212>) -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1210211] windows:mingw:win{32|64}: Some packages overwrite definitions already provided by cmake macros
by bugzilla_noreply＠suse.com 04 Aug '24

04 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1210211 https://bugzilla.suse.com/show_bug.cgi?id=1210211#c2 Ralf Habacker <ralf.habacker(a)freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Ralf Habacker <ralf.habacker(a)freenet.de> --- Fixed with https://build.opensuse.org/package/rdiff/windows:mingw:win32/mingw32-libsat… and https://build.opensuse.org/package/rdiff/windows:mingw:win64/mingw64-libsat… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1227294] New: windows:mingw:win{32|64}/mingw{32|64}-kxxxx: Update to 5.103.0 required
by bugzilla_noreply＠suse.com 04 Aug '24

04 Aug '24

https://bugzilla.suse.com/show_bug.cgi?id=1227294 Bug ID: 1227294 Summary: windows:mingw:win{32|64}/mingw{32|64}-kxxxx: Update to 5.103.0 required Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: ralf.habacker(a)freenet.de Reporter: ralf.habacker(a)freenet.de QA Contact: screening-team-bugs(a)suse.de CC: mkbosmans(a)gmail.com Depends on: 1227293 Target Milestone: --- Found By: --- Blocker: --- KDE frameworks version >= 5.90 is required to create Windows binary files for the upcoming version 5.2 of KMyMoney. To correspond to the native version used on Leap, version 5.103.0 would be desirable. -- You are receiving this mail because: You are on the CC list for the bug.

1 3