Adélie Package Tree issueshttps://git.adelielinux.org/adelie/packages/-/issues2024-03-19T22:02:05Zhttps://git.adelielinux.org/adelie/packages/-/issues/1161user/minizip: CVE-2023-45853: MiniZip in zlib through 1.3 has an integer over...2024-03-19T22:02:05ZZach van Rijnuser/minizip: CVE-2023-45853: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64As of writing, we are at `1.2.13` in `1.0-BETA5`. Latest is `1.3` but still has a vulnerability:
| Name | Description ...As of writing, we are at `1.2.13` in `1.0-BETA5`. Latest is `1.3` but still has a vulnerability:
| Name | Description |
|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2023-45853 | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. |
Upstream patch:
* https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patchhttps://git.adelielinux.org/adelie/packages/-/issues/374user/krb5: CVE-2020-28196: ASN.1-encoded Kerberos message can cause unbounded...2024-03-17T10:46:53ZEmilyuser/krb5: CVE-2020-28196: ASN.1-encoded Kerberos message can cause unbounded recursion| | |
| --- | --- |
| Bugzilla ID | 374 |
| Alias(es) | CVE-2020-28196 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:33:18 -0600 |
| Modified | 2020-11-21 23:18:03 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 374 |
| Alias(es) | CVE-2020-28196 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:33:18 -0600 |
| Modified | 2020-11-21 23:18:03 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/krb5 |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-28196 |
## Description
CVE-2020-28196: https://nvd.nist.gov/vuln/detail/CVE-2020-28196
> MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3
> allows unbounded recursion via an ASN.1-encoded Kerberos message
> because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite
> lengths lacks a recursion limit.
Fixed in >= 1.18.3 https://github.com/krb5/krb5/commit/207ad69c87cf1b5c047d6c0c0165e5afe29700a61.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/380user/tigervnc: CVE-2020-26117: TLS certificate exceptions stored as authorities2024-02-17T03:53:48ZEmilyuser/tigervnc: CVE-2020-26117: TLS certificate exceptions stored as authorities| | |
| --- | --- |
| Bugzilla ID | 380 |
| Alias(es) | CVE-2020-26117 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:08:00 -0600 |
| Modified | 2020-11-21 23:08:00 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 380 |
| Alias(es) | CVE-2020-26117 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:08:00 -0600 |
| Modified | 2020-11-21 23:08:00 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/tigervnc |
## Description
Fixed in >= 1.11.0 https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/1160user/aspell: multiple vulnerabilities2024-01-09T13:37:37ZZach van Rijnuser/aspell: multiple vulnerabilitiesWe are at `0.60.8` as of the `1.0-BETA5` tag. Latest available is `0.60.8.1`:
| Name | Description ...We are at `0.60.8` as of the `1.0-BETA5` tag. Latest available is `0.60.8.1`:
| Name | Description |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2019-25051 | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). |
| CVE-2019-20433 | libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. |
| CVE-2019-17544 | libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. |
The release notes look like there's a typo (`0.68.8` vs. `0.60.8`):
```
From: Kevin Atkinson
Date: Tue, 19 Dec 2023
Subject: Aspell 0.60.8.1 Now Available
GNU Aspell 0.60.8.1 is now available at:
ftp://ftp.gnu.org/gnu/aspell/aspell-0.60.8.1.tar.gz
Changes from 0.68.8 to 0.68.8.1:
* Fix memory leak in suggestion code introduced in 0.60.8.
* Various documentation fixes.
* Fix various warnings when compiling with -Wall.
* Fix two buffer overflows found by Google’s OSS-Fuzz.
* Other minor updates.
```https://git.adelielinux.org/adelie/packages/-/issues/1159user/apr-util: CVE-2022-25147: Integer Overflow or Wraparound vulnerability i...2024-01-09T13:37:37ZZach van Rijnuser/apr-util: CVE-2022-25147: Integer Overflow or Wraparound vulnerability in apr_base64 functionsWe are at `1.6.1` as of the `1.0-BETA5` tag, latest is `1.6.3`:
| Name | Description |
|----------------|------------------------------------------------------------------...We are at `1.6.1` as of the `1.0-BETA5` tag, latest is `1.6.3`:
| Name | Description |
|----------------|--------------------------------------------------------------------|
| CVE-2022-25147 | Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. |
Reference: https://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6
```
Changes with APR-util 1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
```https://git.adelielinux.org/adelie/packages/-/issues/1157user/apache-httpd: multiple vulnerabilities2024-01-09T13:37:37ZZach van Rijnuser/apache-httpd: multiple vulnerabilitiesReference: https://downloads.apache.org/httpd/CHANGES_2.4.58
```
Changes with Apache 2.4.58
*) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
memory not reclaimed right away on RST (cve.mitre.org)
When a HTTP/2...Reference: https://downloads.apache.org/httpd/CHANGES_2.4.58
```
Changes with Apache 2.4.58
*) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
memory not reclaimed right away on RST (cve.mitre.org)
When a HTTP/2 stream was reset (RST frame) by a client, there
was a time window were the request's memory resources were not
reclaimed immediately. Instead, de-allocation was deferred to
connection close. A client could send new requests and resets,
keeping the connection busy and open and causing the memory
footprint to keep on growing. On connection close, all resources
were reclaimed, but the process might run out of memory before
that.
This was found by the reporter during testing of CVE-2023-44487
(HTTP/2 Rapid Reset Exploit) with their own test client. During
"normal" HTTP/2 use, the probability to hit this bug is very
low. The kept memory would not become noticeable before the
connection closes or times out.
Users are recommended to upgrade to version 2.4.58, which fixes
the issue.
Credits: Will Dormann of Vul Labs
*) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with
initial windows size 0 (cve.mitre.org)
An attacker, opening a HTTP/2 connection with an initial window
size of 0, was able to block handling of that connection
indefinitely in Apache HTTP Server. This could be used to
exhaust worker resources in the server, similar to the well
known "slow loris" attack pattern.
This has been fixed in version 2.4.58, so that such connection
are terminated properly after the configured connection timeout.
This issue affects Apache HTTP Server: from 2.4.55 through
2.4.57.
Users are recommended to upgrade to version 2.4.58, which fixes
the issue.
Credits: Prof. Sven Dietrich (City University of New York)
*) SECURITY: CVE-2023-31122: mod_macro buffer over-read
(cve.mitre.org)
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP
Server.This issue affects Apache HTTP Server: through 2.4.57.
Credits: David Shoon (github/davidshoon)
```https://git.adelielinux.org/adelie/packages/-/issues/1158user/apr: multiple vulnerabilities2024-01-09T13:37:37ZZach van Rijnuser/apr: multiple vulnerabilitiesWe are at `1.7.0` as of `1.0-BETA5` tag. Latest available is `1.7.4`.
| Name | Description ...We are at `1.7.0` as of `1.0-BETA5` tag. Latest available is `1.7.4`.
| Name | Description |
|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2022-24963 | Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. |
| CVE-2021-35940 | An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. |
The third CVE is Windows-specific.
Reference: https://downloads.apache.org/apr/CHANGES-APR-1.7
```
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
```https://git.adelielinux.org/adelie/packages/-/issues/1104user/libebml: CVE-2021-3405: heap overflow bug in libebml before 1.4.22023-12-08T02:51:21ZLeigh Arberuser/libebml: CVE-2021-3405: heap overflow bug in libebml before 1.4.2CVE-2021-3405: In libebml before 1.4.2, a heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData.CVE-2021-3405: In libebml before 1.4.2, a heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData.https://git.adelielinux.org/adelie/packages/-/issues/1120system/libarchive: CVE-2023-30571: Libarchive through 3.6.2 can cause directo...2023-11-21T00:02:51ZZach van Rijnsystem/libarchive: CVE-2023-30571: Libarchive through 3.6.2 can cause directories to have world-writable permissions.| Name | Description ...| Name | Description |
|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2023-30571 | Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. |
Additionally, non-CVE security fixes:
* https://github.com/libarchive/libarchive/commit/ee312cfd05c1d1d38f3a5dd10872b97cbc11902c (since `3.7.1`)
* https://github.com/libarchive/libarchive/commit/1b4e0d0f9d445ba3e4d0c7db7ce0b30300572fe8 (since `3.7.2`)https://git.adelielinux.org/adelie/packages/-/issues/337user/grub: multiple vulnerabilities2023-10-31T05:57:49ZEmilyuser/grub: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 337 |
| Alias(es) | CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, boothole |
| Reporter | Max Rees (sroracle) |
| Ass...| | |
| --- | --- |
| Bugzilla ID | 337 |
| Alias(es) | CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, boothole |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-30 17:06:40 -0500 |
| Modified | 2020-07-30 17:06:40 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/grub |
| URL | https://www.openwall.com/lists/oss-security/2020/07/29/3 |
## Description
CVE-2020-10713: https://nvd.nist.gov/vuln/detail/CVE-2020-10713
> A flaw was found in grub2, prior to version 2.06. An attacker may use
> the GRUB 2 flaw to hijack and tamper the GRUB verification process.
> This flaw also allows the bypass of Secure Boot protections. In order
> to load an untrusted or modified kernel, an attacker would first need
> to establish access to the system such as gaining physical access,
> obtain the ability to alter a pxe-boot network, or have remote access
> to a networked system with root access. With this access, an attacker
> could then craft a string to cause a buffer overflow by injecting a
> malicious payload that leads to arbitrary code execution within GRUB.
> The highest threat from this vulnerability is to data confidentiality
> and integrity as well as system availability.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e
CVE-2020-14308: https://nvd.nist.gov/vuln/detail/CVE-2020-14308
> In grub2 versions before 2.06 the grub memory allocator doesn't check
> for possible arithmetic overflows on the requested allocation size.
> This leads the function to return invalid memory allocations which can
> be further used to cause possible integrity, confidentiality and
> availability impacts during the boot process.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
CVE-2020-14309: https://nvd.nist.gov/vuln/detail/CVE-2020-14309
> There's an issue with grub2 in all versions before 2.06 when handling
> squashfs filesystems containing a symbolic link with name length of
> UINT32 bytes in size. The name size leads to an arithmetic overflow
> leading to a zero-size allocation further causing a heap-based buffer
> overflow with attacker controlled data.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=3f05d693d1274965ffbe4ba99080dc2c570944c6
CVE-2020-14310: https://www.openwall.com/lists/oss-security/2020/07/29/3
> Integer overflow read_section_from_string may lead to heap based
> overflow.
same as previous
CVE-2020-14311: https://www.openwall.com/lists/oss-security/2020/07/29/3
> Integer overflow in grub_ext2_read_link leads to heap based buffer
> overflow.
same as previous
CVE-2020-15705: https://nvd.nist.gov/vuln/detail/CVE-2020-15705
> GRUB2 fails to validate kernel signature when booted directly without
> shim, allowing secure boot to be bypassed. This only affects systems
> where the kernel signing certificate has been imported directly into
> the secure boot database and the GRUB image is booted directly without
> the use of shim. This issue affects GRUB2 version 2.04 and prior
> versions.
There doesn't seem to be an official fix for this.
* Debian is ignoring it (not affected)
* Ubuntu & SUSE: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu/plain/debian/patches/0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch?h=focal&id=62887dc0030652f9bc20f3d558565ca3e37ef5a6 https://bugzilla.suse.com/attachment.cgi?id=839944&action=diff
CVE-2020-15706: https://nvd.nist.gov/vuln/detail/CVE-2020-15706
> GRUB2 contains a race condition in grub_script_function_create()
> leading to a use-after-free vulnerability which can be triggered by
> redefining a function whilst the same function is already executing,
> leading to arbitrary code execution and secure boot restriction
> bypass. This issue affects GRUB2 version 2.04 and prior versions.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=426f57383d647406ae9c628c472059c27cd6e040
CVE-2020-15707: https://nvd.nist.gov/vuln/detail/CVE-2020-15707
> Integer overflows were discovered in the functions grub_cmd_initrd and
> grub_initrd_init in the efilinux component of GRUB2, as shipped in
> Debian, Red Hat, and Ubuntu (the functionality is not included in
> GRUB2 upstream), leading to a heap-based buffer overflow. These could
> be triggered by an extremely large number of arguments to the initrd
> command on 32-bit architectures, or a crafted filesystem with very
> large files on any architecture. An attacker could use this to execute
> arbitrary code and bypass UEFI Secure Boot restrictions. This issue
> affects GRUB2 version 2.04 and prior versions.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
There are reports that these changes were making systems unbootable, but
at least for RedHat that appears to have been a problem with their
signed shim. However, given the extensive changes these entail (and the
fact that they will probably not apply cleanly to 2.04, and that we
don't really support secure boot right now anyway) means we should sit
on this for the time being.
https://lwn.net/Articles/827573/
https://bugzilla.redhat.com/show_bug.cgi?id=18619771.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/1077user/faad2: multiple vulnerabilities2023-10-30T22:58:33ZZach van Rijnuser/faad2: multiple vulnerabilities| Name | Description |
|----------------|-------------...| Name | Description |
|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2021-32278 | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. |
| CVE-2021-32277 | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. |
| CVE-2021-32276 | An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service. |
| CVE-2021-32274 | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. |
| CVE-2021-32273 | An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. |
Fixed in `2.10.1`.https://git.adelielinux.org/adelie/packages/-/issues/1080user/sddm: password for 'live' user not required (any random password accepted)2023-10-07T01:55:17ZZach van Rijnuser/sddm: password for 'live' user not required (any random password accepted)Using `20230829` media.
This may be the intended/expected behavior, but you can enter any random password here and it will log you in. Lock screen or if you log out fully first.
![VirtualBox_test1_06_10_2023_13_18_03](/uploads/07d6d2a8...Using `20230829` media.
This may be the intended/expected behavior, but you can enter any random password here and it will log you in. Lock screen or if you log out fully first.
![VirtualBox_test1_06_10_2023_13_18_03](/uploads/07d6d2a8e52a5b3fc889cbc121a2f093/VirtualBox_test1_06_10_2023_13_18_03.png)https://git.adelielinux.org/adelie/packages/-/issues/652system/binutils: multiple vulnerabilities2023-10-04T04:10:22ZZach van Rijnsystem/binutils: multiple vulnerabilitiesSee #214 to start.
| Name | Description |
|-------|-------------|
| CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When...See #214 to start.
| Name | Description |
|-------|-------------|
| CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. |
| ~CVE-2019-9077~ | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. |
| CVE-2019-9076 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. |
| ~CVE-2019-9075~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. |
| ~CVE-2019-9074~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. |
| ~CVE-2019-9073~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. |
| CVE-2019-9072 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. |
| ~CVE-2019-9071~ | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. |
| ~CVE-2019-9070~ | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. |
| ~CVE-2019-17451~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. |
| ~CVE-2019-17450~ | find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. |
| ~CVE-2019-14444~ | apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. |
| ~CVE-2019-14250~ | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. |
| ~CVE-2019-12972~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. |
| CVE-2018-1000876 | binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. |https://git.adelielinux.org/adelie/packages/-/issues/1034system/curl: multiple vulnerabilities2023-09-22T11:16:35ZZach van Rijnsystem/curl: multiple vulnerabilitiesWe are at `8.0.1` as of writing (7c97598cf01499e2c2082b3f61a9ad060b536277), and `8.1.0` fixes:
| # | S | Vulnerability | Date | First | Last |
|-----|---|----------------------------------...We are at `8.0.1` as of writing (7c97598cf01499e2c2082b3f61a9ad060b536277), and `8.1.0` fixes:
| # | S | Vulnerability | Date | First | Last |
|-----|---|-----------------------------------------------------|-----------|--------|-------|
| 145 | ● | CVE-2023-28322: more POST-after-PUT confusion | 5/17/2023 | 7.7 | 8.0.1 |
| 144 | ● | CVE-2023-28321: IDN wildcard match | 5/17/2023 | 7.12.0 | 8.0.1 |
| 143 | ● | CVE-2023-28320: siglongjmp race condition | 5/17/2023 | 7.9.8 | 8.0.1 |
| 142 | ● | CVE-2023-28319: UAF in SSH sha256 fingerprint check | 5/17/2023 | 7.81.0 | 8.0.1 |
See also:
* https://curl.se/docs/security.htmlhttps://git.adelielinux.org/adelie/packages/-/issues/1041system/openssl: multiple vulnerabilities2023-09-22T11:16:33ZZach van Rijnsystem/openssl: multiple vulnerabilities* https://www.openssl.org/news/secadv/20230322.txt
* Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)
* https://www.openssl.org/news/secadv/20230328.txt
* Invalid certificate policies in leaf certificates a...* https://www.openssl.org/news/secadv/20230322.txt
* Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)
* https://www.openssl.org/news/secadv/20230328.txt
* Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465)
* Certificate policy check not enabled (CVE-2023-0466)
* https://www.openssl.org/news/secadv/20230420.txt
* Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255)
* https://www.openssl.org/news/secadv/20230530.txt
* Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)https://git.adelielinux.org/adelie/packages/-/issues/301user/gnucobol: multiple vulnerabilities2023-08-16T12:38:20ZEmilyuser/gnucobol: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 301 |
| Alias(es) | CVE-2019-14468, CVE-2019-14486, CVE-2019-14528, CVE-2019-14541, CVE-2019-16395, CVE-2019-16396 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported |...| | |
| --- | --- |
| Bugzilla ID | 301 |
| Alias(es) | CVE-2019-14468, CVE-2019-14486, CVE-2019-14528, CVE-2019-14541, CVE-2019-16395, CVE-2019-16396 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-10 00:46:02 -0500 |
| Modified | 2021-05-11 20:50:31 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/gnucobol |
## Description
CVE-2019-14468: https://nvd.nist.gov/vuln/detail/CVE-2019-14468
> GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via
> crafted COBOL source code.
CVE-2019-14486: https://nvd.nist.gov/vuln/detail/CVE-2019-14486
> GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c
> via crafted COBOL source code.
CVE-2019-14528: https://nvd.nist.gov/vuln/detail/CVE-2019-14528
> GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in
> cobc/scanner.l via crafted COBOL source code.
CVE-2019-14541: https://nvd.nist.gov/vuln/detail/CVE-2019-14541
> GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id
> in cobc/typeck.c via crafted COBOL source code.
CVE-2019-16395: https://nvd.nist.gov/vuln/detail/CVE-2019-16395
> GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name()
> function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16396: https://nvd.nist.gov/vuln/detail/CVE-2019-16396
> GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name()
> function in cobc/parser.y via crafted COBOL source code.1.0-BETA3Zach van RijnZach van Rijnhttps://git.adelielinux.org/adelie/packages/-/issues/381user/kpmcore: CVE-2020-27187: kpmcore_externalcommand incomplete dbus check2023-06-15T01:52:29ZEmilyuser/kpmcore: CVE-2020-27187: kpmcore_externalcommand incomplete dbus check| | |
| --- | --- |
| Bugzilla ID | 381 |
| Alias(es) | CVE-2020-27187 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:16:23 -0600 |
| Modified | 2020-11-21 23:16:23 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 381 |
| Alias(es) | CVE-2020-27187 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:16:23 -0600 |
| Modified | 2020-11-21 23:16:23 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/kpmcore |
## Description
Fixed in >= 4.2.0, but commit marked as fixer is already present in git repo's tag of 4.1.0? https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/385user/mutt: CVE-2020-28896: $ssl_force_tls mishandled on IMAP connection close2023-06-15T01:51:14ZEmilyuser/mutt: CVE-2020-28896: $ssl_force_tls mishandled on IMAP connection close| | |
| --- | --- |
| Bugzilla ID | 385 |
| Alias(es) | CVE-2020-28896 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-25 23:42:50 -0600 |
| Modified | 2020-11-30 18:45:48 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 385 |
| Alias(es) | CVE-2020-28896 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-25 23:42:50 -0600 |
| Modified | 2020-11-30 18:45:48 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/mutt |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-28896 |
## Description
CVE-2020-28896: https://nvd.nist.gov/vuln/detail/CVE-2020-28896
> Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
> $ssl_force_tls was processed if an IMAP server's initial server
> response was invalid. The connection was not properly closed, and the
> code could continue attempting to authenticate. This could result in
> authentication credentials being exposed on an unencrypted connection,
> or to a machine-in-the-middle.
Fixed in >= 2.0.2
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/386user/py3-lxml: HTML cleaner may allow noscript tag through2023-06-15T01:50:41ZEmilyuser/py3-lxml: HTML cleaner may allow noscript tag through| | |
| --- | --- |
| Bugzilla ID | 386 |
| Alias(es) | CVE-2020-27783 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:01:29 -0600 |
| Modified | 2020-11-28 17:01:29 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 386 |
| Alias(es) | CVE-2020-27783 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:01:29 -0600 |
| Modified | 2020-11-28 17:01:29 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/py3-lxml |
## Description
Fixed in >= 4.6.1 https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/388user/libslirp: arp_input/ncsi_input OOB access2023-06-15T01:49:29ZEmilyuser/libslirp: arp_input/ncsi_input OOB access| | |
| --- | --- |
| Bugzilla ID | 388 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:10:15 -0600 |
| Modified | 2020-11-28 17:10:15 -0600 |
| Status | CONFIRMED |
| Version | 1.0-R...| | |
| --- | --- |
| Bugzilla ID | 388 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:10:15 -0600 |
| Modified | 2020-11-28 17:10:15 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libslirp |
## Description
Unreleased fix https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f1.0-RELEASE