Adélie Package Tree issueshttps://git.adelielinux.org/adelie/packages/-/issues2022-02-02T17:26:11Zhttps://git.adelielinux.org/adelie/packages/-/issues/36user/lynx (2.8.8-r7): links browsers: can't verify any SSL certificates2022-02-02T17:26:11ZEmilyuser/lynx (2.8.8-r7): links browsers: can't verify any SSL certificates| | |
| --- | --- |
| Bugzilla ID | 36 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2017-10-18 06:32:20 -0500 |
| Modified | 2017-12-12 03:06:21 -0600 |
| Status | RESOLVED FIXED |
| Version | 1....| | |
| --- | --- |
| Bugzilla ID | 36 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2017-10-18 06:32:20 -0500 |
| Modified | 2017-12-12 03:06:21 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-ALPHA3 |
| Hardware | Adélie Linux / All |
| Importance | Highest / blocker |
## Description
Simple test case:
$ lynx ddg.gg
This displays:
SSL error:unable to get local issuer certificate-Continue? (y)
I believe that the lynx codebase is deficient in calling X509_STORE_set_default_paths(); or such, and therefore is not picking up the certificates installed in /etc/ssl/certs. But I am not sure as I have not looked at the source yet.1.0-ALPHA5https://git.adelielinux.org/adelie/packages/-/issues/106user/postgresql: CVE-2019-9193: "COPY ... PROGRAM" function code execution2022-02-02T17:04:16ZEmilyuser/postgresql: CVE-2019-9193: "COPY ... PROGRAM" function code execution| | |
| --- | --- |
| Bugzilla ID | 106 |
| Alias(es) | CVE-2019-9193 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:37:29 -0500 |
| Modified | 2019-07-24 13:04:21 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 106 |
| Alias(es) | CVE-2019-9193 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:37:29 -0500 |
| Modified | 2019-07-24 13:04:21 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-9193 |
## Description
According to upstream [1]:
> The PostgreSQL Security Team would like to emphasize that this is not
> a security vulnerability.
> The COPY .. PROGRAM feature explicitly states that it can only be
> executed by database users that have been granted superuser privileges
> or the default role pg_execute_server_program. By design, this feature
> allows one who is granted superuser or pg_execute_server_program to
> perform actions as the operating system user the PostgreSQL server
> runs under (normally "postgres"). The default roles
> pg_read_server_files and pg_write_server_files that are mentioned in
> the CVE do not grant permission for a database user to use COPY ..
> PROGRAM.
[1] https://www.postgresql.org/about/news/1935/1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/107system/procps: CVE-2018-1121: process hiding through race condition2022-02-02T17:04:03ZEmilysystem/procps: CVE-2018-1121: process hiding through race condition| | |
| --- | --- |
| Bugzilla ID | 107 |
| Alias(es) | CVE-2018-1121 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:47:23 -0500 |
| Modified | 2019-07-24 12:58:15 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 107 |
| Alias(es) | CVE-2018-1121 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:47:23 -0500 |
| Modified | 2019-07-24 12:58:15 -0500 |
| Status | RESOLVED WONTFIX |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-1121 |
## Description
From upstream [1][2]:
> CVE-2018-1121 is not really a procps bug, but rather how it interacts
> with Linux proc filesystem. There is no fix for it, except to not use
> procps or even /proc for detecting the presence of a process in the
> cases of something that really wants to hide.
>
> Plenty of audit type daemons do the job better. The problem with
> procps is its a point in time (or several small groups of time).
>
> This problem is like looking for a file in a directory and you have to
> be absolutely sure nothing changes from the readdir() to the stat() of
> the last file in that directory. In fact that is exactly what is going
> on.
[1] https://gitlab.com/procps-ng/procps/issues/107
[2] https://gitlab.com/procps-ng/procps/issues/1211.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/108system/binutils: CVE-2019-9072: excessive memory allocation in setup_group2022-02-02T17:03:53ZEmilysystem/binutils: CVE-2019-9072: excessive memory allocation in setup_group| | |
| --- | --- |
| Bugzilla ID | 108 |
| Alias(es) | CVE-2019-9072 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:55:18 -0500 |
| Modified | 2019-07-24 19:17:49 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 108 |
| Alias(es) | CVE-2019-9072 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:55:18 -0500 |
| Modified | 2019-07-24 19:17:49 -0500 |
| Status | RESOLVED WONTFIX |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-9072 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=116<br>https://bts.adelielinux.org/show_bug.cgi?id=109 |
## Description
From upstream [1]:
> This doesn't reproduce for me, at least not on objdump built by gcc
> and without the address sanitizer (which increases memory use).
> Incidentally, hitting an out of memory failure in objalloc_alloc is
> not a libiberty failure and so should not be reported to the gcc
> project.
>
> Also, out of memory failures triggered by user input are not that
> interesting. It is perfectly reasonable for objdump to return with
> "out of memory" on objects with silly sizes.
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=24232#c2
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=24237#c21.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/109system/binutils: CVE-2019-9076: excessive memory allocation in elf_read_notes2022-02-02T17:03:44ZEmilysystem/binutils: CVE-2019-9076: excessive memory allocation in elf_read_notes| | |
| --- | --- |
| Bugzilla ID | 109 |
| Alias(es) | CVE-2019-9076 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:58:46 -0500 |
| Modified | 2019-07-24 19:17:49 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 109 |
| Alias(es) | CVE-2019-9076 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 02:58:46 -0500 |
| Modified | 2019-07-24 19:17:49 -0500 |
| Status | RESOLVED WONTFIX |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-9076 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=116<br>https://bts.adelielinux.org/show_bug.cgi?id=108 |
## Description
From upstream [1]:
> This is a different testcase and different out of memory condition to
> pr24233. Unlike pr24233 we report an out of memory error. I think
> that is perfectly good behaviour for user input with silly sizes, in
> this case a NOTE section claiming to be 0xfffff7dd00 bytes in size.
> While we could test for silly section sizes by comparing against file
> size, that doesn't work in all situations, eg. when section contents
> are encoded and the decoded size is much larger than the raw size.
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=24238#c11.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/110user/py3-virtualenv: CVE-2018-17793: "sandbox" escape2022-02-02T17:05:15ZEmilyuser/py3-virtualenv: CVE-2018-17793: "sandbox" escape| | |
| --- | --- |
| Bugzilla ID | 110 |
| Alias(es) | CVE-2018-17793 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 12:55:09 -0500 |
| Modified | 2019-07-24 12:56:08 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 110 |
| Alias(es) | CVE-2018-17793 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 12:55:09 -0500 |
| Modified | 2019-07-24 12:56:08 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-17793 |
## Description
"POC" [1] says it all:
> root@kali:~#pip install virtualenv
> root@kali:~#virtualenv test_env
> root@kali:~#cd test_env/
> root@kali:~/test_env#source ./bin/activate
> (test_env) root@kali:~/test_env#`
> `2、Sandbox escape
> (test_env) root@kali:~/test_env#python $(bash >&2)
> root@kali:~#
> (test_env) root@kali:~/test_env#python $(rbash >&2)
> root@kali:~#
This is NOTABUG, virtualenv is not a real sandbox.
[1] https://github.com/pypa/virtualenv/issues/12071.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/111user/libreoffice: CVE-2019-9847: hyperlink to executable unconditionally laun...2022-02-02T17:05:06ZEmilyuser/libreoffice: CVE-2019-9847: hyperlink to executable unconditionally launched| | |
| --- | --- |
| Bugzilla ID | 111 |
| Alias(es) | CVE-2019-9847 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 13:55:27 -0500 |
| Modified | 2019-07-24 13:56:01 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 111 |
| Alias(es) | CVE-2019-9847 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 13:55:27 -0500 |
| Modified | 2019-07-24 13:56:01 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-9847 |
## Description
> A vulnerability in LibreOffice hyperlink processing allows an attacker
> to construct documents containing hyperlinks pointing to the location
> of an executable on the target users file system. If the hyperlink is
> activated by the victim the executable target is unconditionally
> launched. Under Windows and macOS when processing a hyperlink target
> explicitly activated by the user there was no judgment made on whether
> the target was an executable file, so such executable targets were
> launched unconditionally. This issue affects: All LibreOffice Windows
> and macOS versions prior to 6.1.6; LibreOffice Windows and macOS
> versions in the 6.2 series prior to 6.2.3.
Does not apply to Linux.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/112user/compface: CVE-2009-2286: crash with long .xbm file2022-02-02T17:04:58ZEmilyuser/compface: CVE-2009-2286: crash with long .xbm file| | |
| --- | --- |
| Bugzilla ID | 112 |
| Alias(es) | CVE-2009-2286 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 13:59:28 -0500 |
| Modified | 2019-07-24 14:15:35 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 112 |
| Alias(es) | CVE-2009-2286 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 13:59:28 -0500 |
| Modified | 2019-07-24 14:15:35 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2009-2286 |
## Description
> Buffer overflow in compface 1.5.2 and earlier allows user-assisted
> attackers to cause a denial of service (crash) via a long declaration
> in a .xbm file. NOTE: this issue only affects compface on
> distributions that used a certain patch.
We do not apply the patch in question (enhanced XBM functionality).1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/114user/imagemagick: CVE-2019-13454: division by zero2022-02-02T17:04:45ZEmilyuser/imagemagick: CVE-2019-13454: division by zero| | |
| --- | --- |
| Bugzilla ID | 114 |
| Alias(es) | CVE-2019-13454 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 19:02:10 -0500 |
| Modified | 2019-08-04 19:38:49 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 114 |
| Alias(es) | CVE-2019-13454 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 19:02:10 -0500 |
| Modified | 2019-08-04 19:38:49 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13454 |
## Description
> ImageMagick 7.0.8-54 Q16 allows Division by Zero in
> RemoveDuplicateLayers in MagickCore/layer.c.
Note: NVD incorrectly identifies =7.0.8-54 as vulnerable. This is the
first released version with the fix[1].
[1] https://github.com/ImageMagick/ImageMagick/commit/1ddcf2e4f28029a888cadef2e757509ef5047ad81.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/116system/binutils: multiple vulnerabilities2019-08-03T21:10:41ZEmilysystem/binutils: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 116 |
| Alias(es) | CVE-2019-12972, CVE-2019-14250, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees...| | |
| --- | --- |
| Bugzilla ID | 116 |
| Alias(es) | CVE-2019-12972, CVE-2019-14250, CVE-2019-9070, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 19:14:25 -0500 |
| Modified | 2019-08-03 16:10:41 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=108<br>https://bts.adelielinux.org/show_bug.cgi?id=109 |
## Description
CVE-2019-9070: https://nvd.nist.gov/vuln/detail/CVE-2019-9070
> An issue was discovered in GNU libiberty, as distributed in GNU
> Binutils 2.32. It is a heap-based buffer over-read in d_expression_1
> in cp-demangle.c after many recursive calls.
CVE-2019-9071: https://nvd.nist.gov/vuln/detail/CVE-2019-9071
> An issue was discovered in GNU libiberty, as distributed in GNU
> Binutils 2.32. It is a stack consumption issue in
> d_count_templates_scopes in cp-demangle.c after many recursive calls.
CVE-2019-9073: https://nvd.nist.gov/vuln/detail/CVE-2019-9073
> An issue was discovered in the Binary File Descriptor (BFD) library
> (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted
> excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.
CVE-2019-9074: https://nvd.nist.gov/vuln/detail/CVE-2019-9074
> An issue was discovered in the Binary File Descriptor (BFD) library
> (aka libbfd), as distributed in GNU Binutils 2.32. It is an
> out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when
> called from pex64_get_runtime_function in pei-x86_64.c.
CVE-2019-9075: https://nvd.nist.gov/vuln/detail/CVE-2019-9075
> An issue was discovered in the Binary File Descriptor (BFD) library
> (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based
> buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
CVE-2019-9077: https://nvd.nist.gov/vuln/detail/CVE-2019-9077
> An issue was discovered in GNU Binutils 2.32. It is a heap-based
> buffer overflow in process_mips_specific in readelf.c via a malformed
> MIPS option section.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/118system/libssh2: CVE-2019-13115: integer overflow in kex_method_diffie_hellman...2022-02-02T17:04:37ZEmilysystem/libssh2: CVE-2019-13115: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange| | |
| --- | --- |
| Bugzilla ID | 118 |
| Alias(es) | CVE-2019-13115 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-26 12:18:48 -0500 |
| Modified | 2019-08-04 19:20:31 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 118 |
| Alias(es) | CVE-2019-13115 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-26 12:18:48 -0500 |
| Modified | 2019-08-04 19:20:31 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13115 |
## Description
> In libssh2 before 1.9.0,
> kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c
> has an integer overflow that could lead to an out-of-bounds read in
> the way packets are read from the server. A remote attacker who
> compromises a SSH server may be able to disclose sensitive information
> or cause a denial of service condition on the client system when a
> user connects to the server. This is related to an
> _libssh2_check_length mistake, and is different from the various
> issues fixed in 1.8.1, such as CVE-2019-3855.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/119system/libgcrypt: multiple vulnerabilities2022-02-09T21:34:49ZEmilysystem/libgcrypt: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 119 |
| Alias(es) | CVE-2019-12904, CVE-2019-13627 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-26 12:26:46 -0500 |
| Modified | 2020-06-22 06:22:39 -0...| | |
| --- | --- |
| Bugzilla ID | 119 |
| Alias(es) | CVE-2019-12904, CVE-2019-13627 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-26 12:26:46 -0500 |
| Modified | 2020-06-22 06:22:39 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/libgcrypt |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-12904 |
## Description
> In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
> flush-and-reload side-channel attack because physical addresses are
> available to other processes. (The C implementation is used on
> platforms where an assembly-language implementation is unavailable.)
From gcrypt-devel@gnupg.org: https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html
>> I was wondering if the vulnerability has been determined to be
>> legitimate and if we will see a new release with this vulnerability
> Not yet and thus don't see a reason for any immediate action. In
> fact, static tables are very common in crypto software and thus many
> more AES implementations would be affected.
Waiting on new release.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/121user/qemu: multiple vulnerabilities2020-03-29T07:23:17ZEmilyuser/qemu: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 121 |
| Alias(es) | CVE-2018-10839, CVE-2018-16867, CVE-2018-17958, CVE-2018-17962, CVE-2018-17963, CVE-2018-18849, CVE-2018-18954, CVE-2018-20815, CVE-2019-12067, CVE-2019-12068, CVE-2019-12155, CVE...| | |
| --- | --- |
| Bugzilla ID | 121 |
| Alias(es) | CVE-2018-10839, CVE-2018-16867, CVE-2018-17958, CVE-2018-17962, CVE-2018-17963, CVE-2018-18849, CVE-2018-18954, CVE-2018-20815, CVE-2019-12067, CVE-2019-12068, CVE-2019-12155, CVE-2019-12247, CVE-2019-12928, CVE-2019-12929, CVE-2019-13164, CVE-2019-14378, CVE-2019-15890, CVE-2019-20175, CVE-2019-20382, CVE-2019-3812, CVE-2019-5008, CVE-2019-6501, CVE-2019-6778, CVE-2019-9824, CVE-2020-1711 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 03:15:14 -0500 |
| Modified | 2020-03-29 02:23:17 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2018-10839: https://nvd.nist.gov/vuln/detail/CVE-2018-10839
> Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is
> vulnerable to an integer overflow, which could lead to buffer overflow
> issue. It could occur when receiving packets over the network. A user
> inside guest could use this flaw to crash the Qemu process resulting
> in DoS.
CVE-2018-16867: https://nvd.nist.gov/vuln/detail/CVE-2018-16867
> A flaw was found in qemu Media Transfer Protocol (MTP) before version
> 3.1.0. A path traversal in the in usb_mtp_write_data function in
> hw/usb/dev-mtp.c due to an improper filename sanitization. When the
> guest device is mounted in read-write mode, this allows to read/write
> arbitrary files which may lead do DoS scenario OR possibly lead to
> code execution on the host.
CVE-2018-18849: https://nvd.nist.gov/vuln/detail/CVE-2018-18849
> In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows
> out-of-bounds access by triggering an invalid msg_len value.
CVE-2018-18954: https://nvd.nist.gov/vuln/detail/CVE-2018-18954
> The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1
> allows out-of-bounds write or read access to PowerNV memory.
CVE-2019-3812: https://nvd.nist.gov/vuln/detail/CVE-2019-3812
> QEMU, through version 2.10 and through version 3.1.0, is vulnerable to
> an out-of-bounds read of up to 128 bytes in the
> hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission
> to execute i2c commands could exploit this to read stack memory of the
> qemu process on the host.
CVE-2019-6778: https://nvd.nist.gov/vuln/detail/CVE-2019-6778
> In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer
> overflow.
CVE-2019-9824: https://nvd.nist.gov/vuln/detail/CVE-2019-9824
> tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0
> uses uninitialized data in an snprintf call, leading to Information
> disclosure.
CVE-2019-12247: https://nvd.nist.gov/vuln/detail/CVE-2019-12247
> ** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the
> qga/commands*.c files do not check the length of the argument list or
> the number of environment variables. NOTE: This has been disputed as
> not exploitable.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/122user/libmad: CVE-2018-7263: SIGABRT via crafted file2022-02-02T17:04:31ZEmilyuser/libmad: CVE-2018-7263: SIGABRT via crafted file| | |
| --- | --- |
| Bugzilla ID | 122 |
| Alias(es) | CVE-2018-7263 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 03:24:15 -0500 |
| Modified | 2020-09-17 01:12:12 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 122 |
| Alias(es) | CVE-2018-7263 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 03:24:15 -0500 |
| Modified | 2020-09-17 01:12:12 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | user/libmad |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-7263 |
## Description
> The mad_decoder_run() function in decoder.c in Underbit libmad through
> 0.15.1b allows remote attackers to cause a denial of service (SIGABRT
> because of double free or corruption) or possibly have unspecified
> other impact via a crafted file. NOTE: this may overlap
> CVE-2017-11552.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/123system/unzip: multiple vulnerabilities2020-06-13T00:30:04ZEmilysystem/unzip: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 123 |
| Alias(es) | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636, CVE-2014-9913, CVE-2015-7696, CVE-2015-7697, CVE-2016-9844, CVE-2018-18384, CVE-2019-13232 |
| Reporter | Max Rees (sro...| | |
| --- | --- |
| Bugzilla ID | 123 |
| Alias(es) | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636, CVE-2014-9913, CVE-2015-7696, CVE-2015-7697, CVE-2016-9844, CVE-2018-18384, CVE-2019-13232 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:10:28 -0500 |
| Modified | 2020-06-12 19:30:04 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2014-9636: https://nvd.nist.gov/vuln/detail/CVE-2014-9636
> unzip 6.0 allows remote attackers to cause a denial of service
> (out-of-bounds read or write and crash) via an extra field with an
> uncompressed size smaller than the compressed field size in a zip
> archive that advertises STORED method compression.
CVE-2014-9913: https://nvd.nist.gov/vuln/detail/CVE-2014-9913
> Buffer overflow in the list_files function in list.c in Info-Zip UnZip
> 6.0 allows remote attackers to cause a denial of service (crash) via
> vectors related to the compression method.
CVE-2015-7696: https://nvd.nist.gov/vuln/detail/CVE-2015-7696
> Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of
> service (heap-based buffer over-read and application crash) or
> possibly execute arbitrary code via a crafted password-protected ZIP
> archive, possibly related to an Extra-Field size value.
CVE-2015-7697: https://nvd.nist.gov/vuln/detail/CVE-2015-7697
> Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of
> service (infinite loop) via empty bzip2 data in a ZIP archive.
CVE-2016-9844: https://nvd.nist.gov/vuln/detail/CVE-2016-9844
> Buffer overflow in the zi_short function in zipinfo.c in Info-Zip
> UnZip 6.0 allows remote attackers to cause a denial of service (crash)
> via a large compression method value in the central directory file
> header.
CVE-2018-18384: https://nvd.nist.gov/vuln/detail/CVE-2018-18384
> Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive
> has a crafted relationship between the compressed-size value and the
> uncompressed-size value, because a buffer size is 10 and is supposed
> to be 12.
CVE-2019-13232: https://nvd.nist.gov/vuln/detail/CVE-2019-13232
> Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP
> container, leading to denial of service (resource consumption), aka a
> "better zip bomb" issue.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/124user/audiofile: multiple vulnerabilities2022-11-13T06:54:42ZEmilyuser/audiofile: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 124 |
| Alias(es) | CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838,...| | |
| --- | --- |
| Bugzilla ID | 124 |
| Alias(es) | CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839, CVE-2018-13440 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:13:10 -0500 |
| Modified | 2020-06-22 06:06:49 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/audiofile |
## Description
CVE-2017-6827: https://nvd.nist.gov/vuln/detail/CVE-2017-6827
> Heap-based buffer overflow in the MSADPCM::initializeCoefficients
> function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File
> Library) 0.3.6 allows remote attackers to have unspecified impact via
> a crafted audio file.
CVE-2017-6828: https://nvd.nist.gov/vuln/detail/CVE-2017-6828
> Heap-based buffer overflow in the readValue function in FileHandle.cpp
> in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows
> remote attackers to have unspecified impact via a crafted WAV file.
CVE-2017-6829: https://nvd.nist.gov/vuln/detail/CVE-2017-6829
> The decodeSample function in IMA.cpp in Audio File Library (aka
> audiofile) 0.3.6 allows remote attackers to cause a denial of service
> (crash) via a crafted file.
CVE-2017-6830: https://nvd.nist.gov/vuln/detail/CVE-2017-6830
> Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp
> in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to
> cause a denial of service (crash) via a crafted file.
CVE-2017-6831: https://nvd.nist.gov/vuln/detail/CVE-2017-6831
> Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp
> in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to
> cause a denial of service (crash) via a crafted file.
CVE-2017-6832: https://nvd.nist.gov/vuln/detail/CVE-2017-6832
> Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio
> File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
> denial of service (crash) via a crafted file.
CVE-2017-6833: https://nvd.nist.gov/vuln/detail/CVE-2017-6833
> The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio
> File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
> denial of service (divide-by-zero error and crash) via a crafted file.
CVE-2017-6834: https://nvd.nist.gov/vuln/detail/CVE-2017-6834
> Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp
> in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to
> cause a denial of service (crash) via a crafted file.
CVE-2017-6835: https://nvd.nist.gov/vuln/detail/CVE-2017-6835
> The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio
> File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
> denial of service (divide-by-zero error and crash) via a crafted file.
CVE-2017-6836: https://nvd.nist.gov/vuln/detail/CVE-2017-6836
> Heap-based buffer overflow in the Expand3To4Module::run function in
> libaudiofile/modules/SimpleModule.h in Audio File Library (aka
> audiofile) 0.3.6 allows remote attackers to cause a denial of service
> (crash) via a crafted file.
CVE-2017-6837: https://nvd.nist.gov/vuln/detail/CVE-2017-6837
> WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote
> attackers to cause a denial of service (crash) via vectors related to
> a large number of coefficients.
CVE-2017-6838: https://nvd.nist.gov/vuln/detail/CVE-2017-6838
> Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka
> audiofile) 0.3.6 allows remote attackers to cause a denial of service
> (crash) via a crafted file.
CVE-2017-6839: https://nvd.nist.gov/vuln/detail/CVE-2017-6839
> Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka
> audiofile) 0.3.6 allows remote attackers to cause a denial of service
> (crash) via a crafted file.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/125user/exiv2: multiple vulnerabilities2019-08-11T01:15:55ZEmilyuser/exiv2: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 125 |
| Alias(es) | CVE-2019-13108, CVE-2019-13109, CVE-2019-13110, CVE-2019-13111, CVE-2019-13112, CVE-2019-13113, CVE-2019-13114 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle...| | |
| --- | --- |
| Bugzilla ID | 125 |
| Alias(es) | CVE-2019-13108, CVE-2019-13109, CVE-2019-13110, CVE-2019-13111, CVE-2019-13112, CVE-2019-13113, CVE-2019-13114 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:17:40 -0500 |
| Modified | 2019-08-10 20:15:55 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2019-13108: https://nvd.nist.gov/vuln/detail/CVE-2019-13108
> An integer overflow in Exiv2 through 0.27.1 allows an attacker to
> cause a denial of service (SIGSEGV) via a crafted PNG image file,
> because PngImage::readMetadata mishandles a zero value for iccOffset.
CVE-2019-13109: https://nvd.nist.gov/vuln/detail/CVE-2019-13109
> An integer overflow in Exiv2 through 0.27.1 allows an attacker to
> cause a denial of service (SIGSEGV) via a crafted PNG image file,
> because PngImage::readMetadata mishandles a chunkLength - iccOffset
> subtraction.
CVE-2019-13110: https://nvd.nist.gov/vuln/detail/CVE-2019-13110
> A CiffDirectory::readDirectory integer overflow and out-of-bounds read
> in Exiv2 through 0.27.1 allows an attacker to cause a denial of
> service (SIGSEGV) via a crafted CRW image file.
CVE-2019-13111: https://nvd.nist.gov/vuln/detail/CVE-2019-13111
> A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1
> allows an attacker to cause a denial of service (large heap allocation
> followed by a very long running loop) via a crafted WEBP image file.
CVE-2019-13112: https://nvd.nist.gov/vuln/detail/CVE-2019-13112
> A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2
> through 0.27.1 allows an attacker to cause a denial of service (crash
> due to an std::bad_alloc exception) via a crafted PNG image file.
CVE-2019-13113: https://nvd.nist.gov/vuln/detail/CVE-2019-13113
> Exiv2 through 0.27.1 allows an attacker to cause a denial of service
> (crash due to assertion failure) via an invalid data location in a CRW
> image file.
CVE-2019-13114: https://nvd.nist.gov/vuln/detail/CVE-2019-13114
> http.c in Exiv2 through 0.27.1 allows a malicious http server to cause
> a denial of service (crash due to a NULL pointer dereference) by
> returning a crafted response that lacks a space character.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/126user/libid3tag: multiple vulnerabilities2019-08-05T00:25:00ZEmilyuser/libid3tag: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 126 |
| Alias(es) | CVE-2004-2779, CVE-2017-11550, CVE-2017-11551 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:18:49 -0500 |
| Modified | 2019-08...| | |
| --- | --- |
| Bugzilla ID | 126 |
| Alias(es) | CVE-2004-2779, CVE-2017-11550, CVE-2017-11551 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:18:49 -0500 |
| Modified | 2019-08-04 19:25:00 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2004-2779: https://nvd.nist.gov/vuln/detail/CVE-2004-2779
> id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b
> misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes,
> triggering an endless loop allocating memory until an OOM condition is
> reached, leading to denial-of-service (DoS).
CVE-2017-11550: https://nvd.nist.gov/vuln/detail/CVE-2017-11550
> The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows
> remote attackers to cause a denial of service (NULL Pointer
> Dereference and application crash) via a crafted mp3 file.
CVE-2017-11551: https://nvd.nist.gov/vuln/detail/CVE-2017-11551
> The id3_field_parse function in field.c in libid3tag 0.15.1b allows
> remote attackers to cause a denial of service (OOM) via a crafted MP3
> file.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/127user/libsndfile: multiple vulnerabilities2022-11-12T04:38:51ZEmilyuser/libsndfile: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 127 |
| Alias(es) | CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-6892, CVE-2017-8361, CVE-2017-8363, CVE-2017-8365, CVE-2018-13139, CVE-2018-13419, CVE-2018-19432, CVE-2018-19661, CVE-201...| | |
| --- | --- |
| Bugzilla ID | 127 |
| Alias(es) | CVE-2017-14245, CVE-2017-14246, CVE-2017-14634, CVE-2017-6892, CVE-2017-8361, CVE-2017-8363, CVE-2017-8365, CVE-2018-13139, CVE-2018-13419, CVE-2018-19432, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758, CVE-2019-3832 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:19:58 -0500 |
| Modified | 2020-06-22 06:14:26 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libsndfile |
## Description
CVE-2017-6892: https://nvd.nist.gov/vuln/detail/CVE-2017-6892
> In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()"
> function (aiff.c) can be exploited to cause an out-of-bounds read
> memory access via a specially crafted AIFF file.
CVE-2017-14245: https://nvd.nist.gov/vuln/detail/CVE-2017-14245
> An out of bounds read in the function d2alaw_array() in alaw.c of
> libsndfile 1.0.28 may lead to a remote DoS attack or information
> disclosure, related to mishandling of the NAN and INFINITY
> floating-point values.
CVE-2017-14246: https://nvd.nist.gov/vuln/detail/CVE-2017-14246
> An out of bounds read in the function d2ulaw_array() in ulaw.c of
> libsndfile 1.0.28 may lead to a remote DoS attack or information
> disclosure, related to mishandling of the NAN and INFINITY
> floating-point values.
CVE-2017-14634: https://nvd.nist.gov/vuln/detail/CVE-2017-14634
> In libsndfile 1.0.28, a divide-by-zero error exists in the function
> double64_init() in double64.c, which may lead to DoS when playing a
> crafted audio file.
CVE-2018-13139: https://nvd.nist.gov/vuln/detail/CVE-2018-13139
> A stack-based buffer overflow in psf_memset in common.c in libsndfile
> 1.0.28 allows remote attackers to cause a denial of service
> (application crash) or possibly have unspecified other impact via a
> crafted audio file. The vulnerability can be triggered by the
> executable sndfile-deinterleave.
CVE-2018-13419: https://nvd.nist.gov/vuln/detail/CVE-2018-13419
> ** DISPUTED ** An issue has been found in libsndfile 1.0.28. There is
> a memory leak in psf_allocate in common.c, as demonstrated by
> sndfile-convert. NOTE: The maintainer and third parties were unable to
> reproduce and closed the issue.
CVE-2018-19432: https://nvd.nist.gov/vuln/detail/CVE-2018-19432
> An issue was discovered in libsndfile 1.0.28. There is a NULL pointer
> dereference in the function sf_write_int in sndfile.c, which will lead
> to a denial of service.
CVE-2018-19661: https://nvd.nist.gov/vuln/detail/CVE-2018-19661
> An issue was discovered in libsndfile 1.0.28. There is a buffer
> over-read in the function i2ulaw_array in ulaw.c that will lead to a
> denial of service.
CVE-2018-19662: https://nvd.nist.gov/vuln/detail/CVE-2018-19662
> An issue was discovered in libsndfile 1.0.28. There is a buffer
> over-read in the function i2alaw_array in alaw.c that will lead to a
> denial of service.
CVE-2018-19758: https://nvd.nist.gov/vuln/detail/CVE-2018-19758
> There is a heap-based buffer over-read at wav.c in wav_write_header in
> libsndfile 1.0.28 that will cause a denial of service.
CVE-2019-3832: https://nvd.nist.gov/vuln/detail/CVE-2019-3832
> It was discovered the fix for CVE-2018-19758 (libsndfile) was not
> complete and still allows a read beyond the limits of a buffer in
> wav_write_header() function in wav.c. A local attacker may use this
> flaw to make the application crash.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/128user/poppler: multiple vulnerabilities2022-11-12T00:18:45ZEmilyuser/poppler: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 128 |
| Alias(es) | CVE-2019-10871, CVE-2019-14494, CVE-2019-9543, CVE-2019-9545, CVE-2019-9959 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:21:3...| | |
| --- | --- |
| Bugzilla ID | 128 |
| Alias(es) | CVE-2019-10871, CVE-2019-14494, CVE-2019-9543, CVE-2019-9545, CVE-2019-9959 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 04:21:38 -0500 |
| Modified | 2020-06-22 06:08:42 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | user/poppler |
## Description
CVE-2019-9543: https://nvd.nist.gov/vuln/detail/CVE-2019-9543
> An issue was discovered in Poppler 0.74.0. A recursive function call,
> in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be
> triggered by sending a crafted pdf file to (for example) the
> pdfseparate binary. It allows an attacker to cause Denial of Service
> (Segmentation fault) or possibly have unspecified other impact. This
> is related to JArithmeticDecoder::decodeBit.
Wait on upstream: https://gitlab.freedesktop.org/poppler/poppler/issues/730
CVE-2019-9545: https://nvd.nist.gov/vuln/detail/CVE-2019-9545
> An issue was discovered in Poppler 0.74.0. A recursive function call,
> in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be
> triggered by sending a crafted pdf file to (for example) the pdfimages
> binary. It allows an attacker to cause Denial of Service (Segmentation
> fault) or possibly have unspecified other impact. This is related to
> JBIG2Bitmap::clearToZero.
Wait on upstream: https://gitlab.freedesktop.org/poppler/poppler/issues/731
CVE-2019-10871: https://nvd.nist.gov/vuln/detail/CVE-2019-10871
> An issue was discovered in Poppler 0.74.0. There is a heap-based
> buffer over-read in the function PSOutputDev::checkPageSlice at
> PSOutputDev.cc.
Wait on upstream: https://gitlab.freedesktop.org/poppler/poppler/issues/7511.0-BETA3