Bug 1900686
Summary: | CVE-2020-25713 raptor2: malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common [fedora-all] | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Marian Rehak <mrehak> | ||||
Component: | raptor2 | Assignee: | Caolan McNamara <caolanm> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 33 | CC: | caolanm, jskarvad, kde-sig, rdieter | ||||
Target Milestone: | --- | Keywords: | Security, SecurityTracking | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | raptor2-2.0.15-27.fc34 raptor2-2.0.15-27.eln108 raptor2-2.0.15-27.fc33 raptor2-2.0.15-27.fc32 | Doc Type: | No Doc Update | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-01-11 12:09:57 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1900685 | ||||||
Attachments: |
|
Description
Marian Rehak
2020-11-23 14:25:03 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=medium # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1900685,1900686 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new Created attachment 1732949 [details]
we think this is the better solution
I can take this if there is no objections FEDORA-2021-a918c68d19 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-5752e07eb6 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2021-5752e07eb6 FEDORA-2021-72a713f253 has been pushed to the Fedora ELN stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-5752e07eb6 has been pushed to the Fedora 32 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-5752e07eb6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-5752e07eb6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-8fe81dcf9f has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-8fe81dcf9f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-8fe81dcf9f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-8fe81dcf9f has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-5752e07eb6 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. |