Adélie Package Tree issueshttps://git.adelielinux.org/adelie/packages/-/issues2022-02-09T21:34:49Zhttps://git.adelielinux.org/adelie/packages/-/issues/119system/libgcrypt: multiple vulnerabilities2022-02-09T21:34:49ZEmilysystem/libgcrypt: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 119 |
| Alias(es) | CVE-2019-12904, CVE-2019-13627 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-26 12:26:46 -0500 |
| Modified | 2020-06-22 06:22:39 -0...| | |
| --- | --- |
| Bugzilla ID | 119 |
| Alias(es) | CVE-2019-12904, CVE-2019-13627 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-26 12:26:46 -0500 |
| Modified | 2020-06-22 06:22:39 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/libgcrypt |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-12904 |
## Description
> In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
> flush-and-reload side-channel attack because physical addresses are
> available to other processes. (The C implementation is used on
> platforms where an assembly-language implementation is unavailable.)
From gcrypt-devel@gnupg.org: https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html
>> I was wondering if the vulnerability has been determined to be
>> legitimate and if we will see a new release with this vulnerability
> Not yet and thus don't see a reason for any immediate action. In
> fact, static tables are very common in crypto software and thus many
> more AES implementations would be affected.
Waiting on new release.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/82user/grub: grub-mkconfig does not work properly2022-02-02T17:09:48ZEmilyuser/grub: grub-mkconfig does not work properly| | |
| --- | --- |
| Bugzilla ID | 82 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2018-12-25 09:18:39 -0600 |
| Modified | 2019-06-02 19:12:29 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA2 |
|...| | |
| --- | --- |
| Bugzilla ID | 82 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2018-12-25 09:18:39 -0600 |
| Modified | 2019-06-02 19:12:29 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA2 |
| Hardware | Other / Intel x86 (64-bit) |
| Importance | --- / major |
## Description
Tried an intall on an amd64 box and wanted to configure grub:
# grub-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file ...
/etc/grub.d/10_linux: line 24: /etc/update-extlinux.conf: No such file or directory
/boot/ was mounted on /dev/sda2 as btrfs,compress=lzo.
/ was mounted on /dev/sda6 as btrfs,compress=lzo.
I was already chrooted on /.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/83user/grub: grub-mkconfig does not work properly2022-02-02T17:09:38ZEmilyuser/grub: grub-mkconfig does not work properly| | |
| --- | --- |
| Bugzilla ID | 83 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2018-12-25 09:19:40 -0600 |
| Modified | 2019-03-09 23:25:36 -0600 |
| Status | RESOLVED DUPLICATE |
| Version | 1.0-BETA2...| | |
| --- | --- |
| Bugzilla ID | 83 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2018-12-25 09:19:40 -0600 |
| Modified | 2019-03-09 23:25:36 -0600 |
| Status | RESOLVED DUPLICATE |
| Version | 1.0-BETA2 |
| Hardware | Other / Intel x86 (64-bit) |
| Importance | --- / major |
## Description
Tried an intall on an amd64 box and wanted to configure grub:
# grub-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file ...
/etc/grub.d/10_linux: line 24: /etc/update-extlinux.conf: No such file or directory
/boot/ was mounted on /dev/sda2 as btrfs,compress=lzo.
/ was mounted on /dev/sda6 as btrfs,compress=lzo.
I was already chrooted on /.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/84user/grub: grub-mkconfig does not work properly2022-02-02T17:09:27ZEmilyuser/grub: grub-mkconfig does not work properly| | |
| --- | --- |
| Bugzilla ID | 84 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2018-12-25 09:24:08 -0600 |
| Modified | 2019-03-09 23:25:19 -0600 |
| Status | RESOLVED DUPLICATE |
| Version | 1.0-BETA2...| | |
| --- | --- |
| Bugzilla ID | 84 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2018-12-25 09:24:08 -0600 |
| Modified | 2019-03-09 23:25:19 -0600 |
| Status | RESOLVED DUPLICATE |
| Version | 1.0-BETA2 |
| Hardware | Other / Intel x86 (64-bit) |
| Importance | --- / major |
## Description
Tried an intall on an amd64 box and wanted to configure grub:
# grub-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file ...
/etc/grub.d/10_linux: line 24: /etc/update-extlinux.conf: No such file or directory
/boot/ was mounted on /dev/sda2 as btrfs,compress=lzo.
/ was mounted on /dev/sda6 as btrfs,compress=lzo.
I was already chrooted on /1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/89system/coreutils: fails date-debug test on all arches2022-02-02T17:09:02ZEmilysystem/coreutils: fails date-debug test on all arches| | |
| --- | --- |
| Bugzilla ID | 89 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-03-08 17:51:56 -0600 |
| Modified | 2019-06-01 17:29:32 -0500 |
| Status | RESOLVED FIXED |
| Version | 1....| | |
| --- | --- |
| Bugzilla ID | 89 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-03-08 17:51:56 -0600 |
| Modified | 2019-06-01 17:29:32 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA2 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
| Blocks | https://bts.adelielinux.org/show_bug.cgi?id=87 |
## Description
```
FAIL: tests/misc/date-debug
===========================
++ initial_cwd_=/usr/src/packages/system/coreutils/src/coreutils-8.30
+++ testdir_prefix_
+++ printf gt
++ pfx_=gt
+++ mktempd_ /usr/src/packages/system/coreutils/src/coreutils-8.30 gt-date-debug.sh.XXXX
+++ case $# in
+++ destdir_=/usr/src/packages/system/coreutils/src/coreutils-8.30
+++ template_=gt-date-debug.sh.XXXX
+++ MAX_TRIES_=4
+++ case $destdir_ in
+++ destdir_slash_=/usr/src/packages/system/coreutils/src/coreutils-8.30/
+++ case $template_ in
++++ unset TMPDIR
+++ d=/usr/src/packages/system/coreutils/src/coreutils-8.30/gt-date-debug.sh.f849
+++ case $d in
+++ :
+++ test -d /usr/src/packages/system/coreutils/src/coreutils-8.30/gt-date-debug.sh.f849
++++ ls -dgo /usr/src/packages/system/coreutils/src/coreutils-8.30/gt-date-debug.sh.f849
+++ perms='drwx------ 2 4096 Mar 8 08:34 /usr/src/packages/system/coreutils/src/coreutils-8.30/gt-date-debug.sh.f849'
+++ case $perms in
+++ :
+++ echo /usr/src/packages/system/coreutils/src/coreutils-8.30/gt-date-debug.sh.f849
+++ return
++ test_dir_=/usr/src/packages/system/coreutils/src/coreutils-8.30/gt-date-debug.sh.f849
++ cd /usr/src/packages/system/coreutils/src/coreutils-8.30/gt-date-debug.sh.f849
++ gl_init_sh_nl_='
'
++ IFS='
'
++ for sig_ in 1 2 3 13 15
+++ expr 1 + 128
++ eval 'trap '\''Exit 129'\'' 1'
+++ trap 'Exit 129' 1
++ for sig_ in 1 2 3 13 15
+++ expr 2 + 128
++ eval 'trap '\''Exit 130'\'' 2'
+++ trap 'Exit 130' 2
++ for sig_ in 1 2 3 13 15
+++ expr 3 + 128
++ eval 'trap '\''Exit 131'\'' 3'
+++ trap 'Exit 131' 3
++ for sig_ in 1 2 3 13 15
+++ expr 13 + 128
++ eval 'trap '\''Exit 141'\'' 13'
+++ trap 'Exit 141' 13
++ for sig_ in 1 2 3 13 15
+++ expr 15 + 128
++ eval 'trap '\''Exit 143'\'' 15'
+++ trap 'Exit 143' 15
++ trap remove_tmp_ 0
+ path_prepend_ ./src
+ test 1 '!=' 0
+ path_dir_=./src
+ case $path_dir_ in
+ abs_path_dir_=/usr/src/packages/system/coreutils/src/coreutils-8.30/./src
+ case $abs_path_dir_ in
+ PATH=/usr/src/packages/system/coreutils/src/coreutils-8.30/./src:/usr/src/packages/system/coreutils/src/coreutils-8.30/src:/bin:/usr/bin:/usr/sbin:/sbin
+ create_exe_shims_ /usr/src/packages/system/coreutils/src/coreutils-8.30/./src
+ case $EXEEXT in
+ return 0
+ shift
+ test 0 '!=' 0
+ export PATH
+ print_ver_ date
+ require_built_ date
+ skip_=no
+ for i in "$@"
+ case " $built_programs " in
+ test no = yes
+ test yes = yes
+ local i
+ for i in $*
+ env date --version
date (GNU coreutils) 8.30
Packaged by Adélie
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by David MacKenzie.
+ export LC_ALL=C
+ LC_ALL=C
++ TZ=America/Belize
++ date +%z
+ test -0600 = -0600
+ in1='TZ="Asia/Tokyo" Sun, 90-12-11 + 3 days - 90 minutes'
+ cat
+ TZ=America/Belize
+ date --debug -d 'TZ="Asia/Tokyo" Sun, 90-12-11 + 3 days - 90 minutes' '+%a %b %e %T %z %Y'
+ compare exp1 out1
+ compare_dev_null_ exp1 out1
+ test 2 = 2
+ test xexp1 = x/dev/null
+ test xout1 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp1 out1
+ diff -u exp1 out1
+ in2='TZ="America/Edmonton" 2006-04-02 02:30:00'
+ cat
+ returns_ 1 date --debug -d 'TZ="America/Edmonton" 2006-04-02 02:30:00'
+ compare exp2 out2
+ compare_dev_null_ exp2 out2
+ test 2 = 2
+ test xexp2 = x/dev/null
+ test xout2 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp2 out2
+ diff -u exp2 out2
--- exp2 2019-03-08 08:34:03.810000000 +0000
+++ out2 2019-03-08 08:34:03.820000000 +0000
@@ -4,7 +4,7 @@
date: using specified time as starting value: '02:30:00'
date: error: invalid date/time value:
date: user provided time: '(Y-M-D) 2006-04-02 02:30:00'
-date: normalized time: '(Y-M-D) 2006-04-02 03:30:00'
+date: normalized time: '(Y-M-D) 2006-04-02 01:30:00'
date: --
date: possible reasons:
date: non-existing due to daylight-saving time;
+ fail=1
+ in3=@1
+ cat
+ TZ=America/Lima
+ date --debug -d @1 '+%a %b %e %T %z %Y'
+ compare exp3 out3
+ compare_dev_null_ exp3 out3
+ test 2 = 2
+ test xexp3 = x/dev/null
+ test xout3 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp3 out3
+ diff -u exp3 out3
+ cat
+ date -u --debug -d 20130101
+ compare exp4 out4
+ compare_dev_null_ exp4 out4
+ test 2 = 2
+ test xexp4 = x/dev/null
+ test xout4 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp4 out4
+ diff -u exp4 out4
+ cat
+ in5='2013-10-30 00:00:00 UTC -8 days'
+ date -u --debug +%F -d '2013-10-30 00:00:00 UTC -8 days'
+ compare exp5 out5
+ compare_dev_null_ exp5 out5
+ test 2 = 2
+ test xexp5 = x/dev/null
+ test xout5 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp5 out5
+ diff -u exp5 out5
+ TOOLONG='it is recommended to specify the 15th of the months'
+ cat
+ date -u --debug -d '2016-10-31 - 1 month'
+ compare exp6 out6
+ compare_dev_null_ exp6 out6
+ test 2 = 2
+ test xexp6 = x/dev/null
+ test xout6 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp6 out6
+ diff -u exp6 out6
+ TOOLONG2='it is recommended to specify the 15th of the months'
+ cat
+ in7='2016-06-01 EDT + 6 months'
+ TZ=America/New_York
+ date --debug -d '2016-06-01 EDT + 6 months' +%F
+ compare exp7 out7
+ compare_dev_null_ exp7 out7
+ test 2 = 2
+ test xexp7 = x/dev/null
+ test xout7 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp7 out7
+ diff -u exp7 out7
+ cat
+ TZ=Europe/Helsinki
+ date --debug -d '2011-12-11 EET'
+ compare exp8_1 out8_1
+ compare_dev_null_ exp8_1 out8_1
+ test 2 = 2
+ test xexp8_1 = x/dev/null
+ test xout8_1 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp8_1 out8_1
+ diff -u exp8_1 out8_1
+ cat
+ TZ=Europe/Helsinki
+ date --debug -d '2011-06-11 EEST'
+ compare exp8_2 out8_2
+ compare_dev_null_ exp8_2 out8_2
+ test 2 = 2
+ test xexp8_2 = x/dev/null
+ test xout8_2 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp8_2 out8_2
+ diff -u exp8_2 out8_2
+ cat
+ date -u --debug -d 'Apr 11 22:59:00 2011'
+ sed '1s/(Y-M-D) [0-9][0-9][0-9][0-9]-/(Y-M-D) XXXX-/' out9_t
+ compare exp9 out9
+ compare_dev_null_ exp9 out9
+ test 2 = 2
+ test xexp9 = x/dev/null
+ test xout9 = x/dev/null
+ return 2
+ case $? in
+ compare_ exp9 out9
+ diff -u exp9 out9
+ Exit 1
+ set +e
+ exit 1
+ exit 1
+ remove_tmp_
+ __st=1
+ cleanup_
+ :
+ test '' = yes
+ cd /usr/src/packages/system/coreutils/src/coreutils-8.30
+ chmod -R u+rwx /usr/src/packages/system/coreutils/src/coreutils-8.30/gt-date-debug.sh.f849
+ rm -rf /usr/src/packages/system/coreutils/src/coreutils-8.30/gt-date-debug.sh.f849
+ exit 1
FAIL tests/misc/date-debug.sh (exit status: 1)
```1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/90user/giflib: cannot be bumped to 5.1.6 due to bad tarball2022-02-02T17:08:53ZEmilyuser/giflib: cannot be bumped to 5.1.6 due to bad tarball| | |
| --- | --- |
| Bugzilla ID | 90 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-03-10 00:09:42 -0600 |
| Modified | 2019-03-10 15:33:19 -0500 |
| Status | RESOLVED FIXED |
| Version | 1....| | |
| --- | --- |
| Bugzilla ID | 90 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-03-10 00:09:42 -0600 |
| Modified | 2019-03-10 15:33:19 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
## Description
$ tar tzvf gitlib-5.1.6.tar.gz
hrw-rw-r-- 0 esr esr 0 Feb 12 14:26 giflib-5.1.6/Makefile link to giflib-5.1.6/Makefile
drwxrwxr-x 0 esr esr 0 Feb 10 22:36 giflib-5.1.6/tests/
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/treescap.ico link to giflib-5.1.6/tests/treescap.ico
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/x-trans.map link to giflib-5.1.6/tests/x-trans.map
hrw-rw-r-- 0 esr esr 0 Oct 17 2012 giflib-5.1.6/tests/wedge.gif link to giflib-5.1.6/tests/wedge.gif
hrw-rw-r-- 0 esr esr 0 Apr 2 2016 giflib-5.1.6/tests/treescap-interlaced.rgb link to giflib-5.1.6/tests/treescap-interlaced.rgb
hrw-rw-r-- 0 esr esr 0 Apr 2 2016 giflib-5.1.6/tests/gifgrid.ico link to giflib-5.1.6/tests/gifgrid.ico
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/foobar.ico link to giflib-5.1.6/tests/foobar.ico
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/giffixed.ico link to giflib-5.1.6/tests/giffixed.ico
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/porsche.map link to giflib-5.1.6/tests/porsche.map
hrw-rw-r-- 0 esr esr 0 Apr 2 2016 giflib-5.1.6/tests/welcome2.rgb link to giflib-5.1.6/tests/welcome2.rgb
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/solid2.map link to giflib-5.1.6/tests/solid2.map
hrw-rw-r-- 0 esr esr 0 Apr 2 2016 giflib-5.1.6/tests/porsche.rgb link to giflib-5.1.6/tests/porsche.rgb
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/treescap-interlaced.dmp link to giflib-5.1.6/tests/treescap-interlaced.dmp
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/treescap.dmp link to giflib-5.1.6/tests/treescap.dmp
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/solid2.dmp link to giflib-5.1.6/tests/solid2.dmp
hrw-rw-r-- 0 esr esr 0 Apr 2 2016 giflib-5.1.6/tests/solid2.rgb link to giflib-5.1.6/tests/solid2.rgb
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/welcome2.map link to giflib-5.1.6/tests/welcome2.map
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/gifgrid.dmp link to giflib-5.1.6/tests/gifgrid.dmp
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/fire.map link to giflib-5.1.6/tests/fire.map
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/x-trans.dmp link to giflib-5.1.6/tests/x-trans.dmp
hrw-rw-r-- 0 esr esr 0 Apr 2 2016 giflib-5.1.6/tests/x-trans.rgb link to giflib-5.1.6/tests/x-trans.rgb
hrw-rw-r-- 0 esr esr 0 Apr 2 2016 giflib-5.1.6/tests/gifgrid.rgb link to giflib-5.1.6/tests/gifgrid.rgb
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/treescap-interlaced.map link to giflib-5.1.6/tests/treescap-interlaced.map
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/fire.dmp link to giflib-5.1.6/tests/fire.dmp
hrw-rw-r-- 0 esr esr 0 Apr 2 2016 giflib-5.1.6/tests/treescap.rgb link to giflib-5.1.6/tests/treescap.rgb
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/treescap.map link to giflib-5.1.6/tests/treescap.map
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/porsche.dmp link to giflib-5.1.6/tests/porsche.dmp
hrw-rw-r-- 0 esr esr 0 Feb 10 22:36 giflib-5.1.6/tests/makefile link to giflib-5.1.6/tests/makefile
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/gifgrid.map link to giflib-5.1.6/tests/gifgrid.map
hrw-rw-r-- 0 esr esr 0 Apr 2 2016 giflib-5.1.6/tests/fire.rgb link to giflib-5.1.6/tests/fire.rgb
hrw-rw-r-- 0 esr esr 0 May 16 2014 giflib-5.1.6/tests/welcome2.dmp link to giflib-5.1.6/tests/welcome2.dmp
$ tar xzf giflib-5.1.6.tar.gz
giflib-5.1.6/Makefile: Can't create 'giflib-5.1.6/Makefile'
giflib-5.1.6/tests/treescap.ico: Can't create 'giflib-5.1.6/tests/treescap.ico'
giflib-5.1.6/tests/x-trans.map: Can't create 'giflib-5.1.6/tests/x-trans.map'
giflib-5.1.6/tests/wedge.gif: Can't create 'giflib-5.1.6/tests/wedge.gif'
giflib-5.1.6/tests/treescap-interlaced.rgb: Can't create 'giflib-5.1.6/tests/treescap-interlaced.rgb'
giflib-5.1.6/tests/gifgrid.ico: Can't create 'giflib-5.1.6/tests/gifgrid.ico'
giflib-5.1.6/tests/foobar.ico: Can't create 'giflib-5.1.6/tests/foobar.ico'
giflib-5.1.6/tests/giffixed.ico: Can't create 'giflib-5.1.6/tests/giffixed.ico'
giflib-5.1.6/tests/porsche.map: Can't create 'giflib-5.1.6/tests/porsche.map'
giflib-5.1.6/tests/welcome2.rgb: Can't create 'giflib-5.1.6/tests/welcome2.rgb'
giflib-5.1.6/tests/solid2.map: Can't create 'giflib-5.1.6/tests/solid2.map'
giflib-5.1.6/tests/porsche.rgb: Can't create 'giflib-5.1.6/tests/porsche.rgb'
giflib-5.1.6/tests/treescap-interlaced.dmp: Can't create 'giflib-5.1.6/tests/treescap-interlaced.dmp'
giflib-5.1.6/tests/treescap.dmp: Can't create 'giflib-5.1.6/tests/treescap.dmp'
giflib-5.1.6/tests/solid2.dmp: Can't create 'giflib-5.1.6/tests/solid2.dmp'
giflib-5.1.6/tests/solid2.rgb: Can't create 'giflib-5.1.6/tests/solid2.rgb'
giflib-5.1.6/tests/welcome2.map: Can't create 'giflib-5.1.6/tests/welcome2.map'
giflib-5.1.6/tests/gifgrid.dmp: Can't create 'giflib-5.1.6/tests/gifgrid.dmp'
giflib-5.1.6/tests/fire.map: Can't create 'giflib-5.1.6/tests/fire.map'
giflib-5.1.6/tests/x-trans.dmp: Can't create 'giflib-5.1.6/tests/x-trans.dmp'
giflib-5.1.6/tests/x-trans.rgb: Can't create 'giflib-5.1.6/tests/x-trans.rgb'
giflib-5.1.6/tests/gifgrid.rgb: Can't create 'giflib-5.1.6/tests/gifgrid.rgb'
giflib-5.1.6/tests/treescap-interlaced.map: Can't create 'giflib-5.1.6/tests/treescap-interlaced.map'
giflib-5.1.6/tests/fire.dmp: Can't create 'giflib-5.1.6/tests/fire.dmp'
giflib-5.1.6/tests/treescap.rgb: Can't create 'giflib-5.1.6/tests/treescap.rgb'
giflib-5.1.6/tests/treescap.map: Can't create 'giflib-5.1.6/tests/treescap.map'
giflib-5.1.6/tests/porsche.dmp: Can't create 'giflib-5.1.6/tests/porsche.dmp'
giflib-5.1.6/tests/makefile: Can't create 'giflib-5.1.6/tests/makefile'
giflib-5.1.6/tests/gifgrid.map: Can't create 'giflib-5.1.6/tests/gifgrid.map'
giflib-5.1.6/tests/fire.rgb: Can't create 'giflib-5.1.6/tests/fire.rgb'
giflib-5.1.6/tests/welcome2.dmp: Can't create 'giflib-5.1.6/tests/welcome2.dmp'
tar: Error exit delayed from previous errors.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/91user/glib-networking: test suite fails2022-02-02T17:08:44ZEmilyuser/glib-networking: test suite fails| | |
| --- | --- |
| Bugzilla ID | 91 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-03-11 04:41:20 -0500 |
| Modified | 2019-06-02 19:41:05 -0500 |
| Status | RESOLVED UPSTREAM |
| Version |...| | |
| --- | --- |
| Bugzilla ID | 91 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-03-11 04:41:20 -0500 |
| Modified | 2019-06-02 19:41:05 -0500 |
| Status | RESOLVED UPSTREAM |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
## Description
[0/1] Running all tests.
1/6 libproxy OK 0.03 s
2/6 gnome OK 0.03 s
3/6 certificate OK 0.06 s
4/6 file-database OK 0.09 s
5/6 connection FAIL 0.78 s (killed by signal 6 SIGABRT)
6/6 dtls-connection OK 2.93 s
Ok: 5
Expected Fail: 0
Fail: 1
Unexpected Pass: 0
Skipped: 0
Timeout: 0
The output from the failed tests:
5/6 connection FAIL 0.78 s (killed by signal 6 SIGABRT)
--- command ---
G_TEST_SRCDIR='/usr/src/packages/user/glib-networking/src/glib-networking-2.58.0/tls/tests' G_TEST_BUILDDIR='/usr/src/packages/user/glib-networking/src/glib-networking-2.58.0/_build/tls/tests' GIO_MODULE_DIR='/usr/src/packages/user/glib-networking/src/glib-networking-2.58.0/_build/tls/gnutls' /usr/src/packages/user/glib-networking/src/glib-networking-2.58.0/_build/tls/tests/connection
--- stdout ---
/tls/connection/basic: OK
/tls/connection/verified: OK
/tls/connection/verified-chain: OK
/tls/connection/verified-chain-with-redundant-root-cert: OK
/tls/connection/verified-chain-with-duplicate-server-cert: OK
/tls/connection/verified-unordered-chain: OK
/tls/connection/verified-chain-with-alternative-ca-cert: OK
/tls/connection/invalid-chain-with-alternative-ca-cert: OK
/tls/connection/client-auth: OK
/tls/connection/client-auth-rehandshake: OK
/tls/connection/client-auth-failure:
--- stderr ---
**
GLib-Net:ERROR:../tls/tests/connection.c:437:on_client_connection_close_finish: assertion failed (error == NULL): Error sending data: Broken pipe (g-io-error-quark, 44)
-------
Full log written to /usr/src/packages/user/glib-networking/src/glib-networking-2.58.0/_build/meson-logs/testlog.txt
FAILED: meson-test1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/93system/tzdata: Some time zone database names are not working correctly (CET, ...2022-02-02T17:08:29ZEmilysystem/tzdata: Some time zone database names are not working correctly (CET, EST, ...)| | |
| --- | --- |
| Bugzilla ID | 93 |
| Reporter | Wolfgang Stöggl |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-03-24 08:36:42 -0500 |
| Modified | 2019-07-24 20:47:30 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-...| | |
| --- | --- |
| Bugzilla ID | 93 |
| Reporter | Wolfgang Stöggl |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-03-24 08:36:42 -0500 |
| Modified | 2019-07-24 20:47:30 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-BETA2 |
| Hardware | Other / Other |
| Importance | --- / major |
## Description
Some time zone (TZ) database names are not working correctly. Instead of the time according to the time zone, the time in UTC is shown.
How to reproduce:
TZ='CET' date
Sun Mar 24 13:19:35 CET 2019
TZ='EST' date
Sun Mar 24 13:19:41 EST 2019
TZ='UTC' date
Sun Mar 24 13:19:49 UTC 2019
The time is always UTC.
For these TZ database names it is working OK:
'America/New_York', 'Europe/Paris' ...
TZ='America/New_York' date
Sun Mar 24 09:20:18 EDT 2019
TZ='Europe/Paris' date
Sun Mar 24 14:20:32 CET 2019
Expected behavior: CET, EST, EDT etc. should be supported and working as expected, showing the correct time for each selected time zone.
Remark:
The time zone files are installed here:
/usr/share/zoneinfo
But they seem to not be working properly (or are not found).1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/98user/openjdk8: OpenJDK 8 does not open TLS sockets without system/nss installed2022-02-02T17:07:42ZEmilyuser/openjdk8: OpenJDK 8 does not open TLS sockets without system/nss installed| | |
| --- | --- |
| Bugzilla ID | 98 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-05-24 13:44:31 -0500 |
| Modified | 2019-06-02 19:30:01 -0500 |
| Status | RESOLVED FIXED |
| Version | 1....| | |
| --- | --- |
| Bugzilla ID | 98 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-05-24 13:44:31 -0500 |
| Modified | 2019-06-02 19:30:01 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
## Description
IcedTea / OpenJDK dlopen(3)s nss, so it isn't caught by APK as a dependency. This needs to be added manually.
Temporary workaround identified as manually running `apk add nss` on affected systems.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/99user/sddm: cannot log out from xfce4 session launched from sddm2022-02-02T17:07:26ZEmilyuser/sddm: cannot log out from xfce4 session launched from sddm| | |
| --- | --- |
| Bugzilla ID | 99 |
| Reporter | Bobby Bingham |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-05-26 18:24:19 -0500 |
| Modified | 2019-06-02 19:28:35 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA...| | |
| --- | --- |
| Bugzilla ID | 99 |
| Reporter | Bobby Bingham |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-05-26 18:24:19 -0500 |
| Modified | 2019-06-02 19:28:35 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / Intel x86 (64-bit) |
| Importance | --- / normal |
## Description
Attempting to log out from xfce, when launched from SDDM, does nothing.
Steps to reproduce:
1) Log into an xfce session from SDDM
2) Go the the xfce applications menu -> Log Out
3) When prompted whether to log out, shot down, or restart, choose logout
Expected result:
Logs out, and returns to SDDM
Actual result:
Nothing happens. Xfce remains running.
Attempting to do this again will, instead of prompting for which action to take, display an error:
Received error while trying to log out
GDBus.Error:org.freedesktop.DBus.Error.invalidArgs: Type of message, "(yb)", does not match expected type "(b)"
Trying to run `xfce4-session-logout` manually from a terminal displays no errors the first time a logout is attempted, and dispalys the following error for subsequent attempts:
Received error while trying to log out, error was GDBus.Error:org.xfce.SessionManager.Error.Failed: Session manager must be in idle state when requesting a shutdown
I am able to log out of an xfce session that was launched by running `startxfce4` directly, without using a display manager. I am also able to log out from an lxqt session that was launched from SDDM.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/100system/easy-kernel (4.14.88-mc13): random stalls in MuQSS2022-02-02T17:07:02ZEmilysystem/easy-kernel (4.14.88-mc13): random stalls in MuQSS| | |
| --- | --- |
| Bugzilla ID | 100 |
| Reporter | Max Rees (sroracle) |
| Assignee | Horst Burkhardt (mc68030) |
| Reported | 2019-05-28 00:49:00 -0500 |
| Modified | 2020-09-19 00:34:22 -0500 |
| Status | RESOLVED INVALID |
| Ver...| | |
| --- | --- |
| Bugzilla ID | 100 |
| Reporter | Max Rees (sroracle) |
| Assignee | Horst Burkhardt (mc68030) |
| Reported | 2019-05-28 00:49:00 -0500 |
| Modified | 2020-09-19 00:34:22 -0500 |
| Status | RESOLVED INVALID |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / PowerPC (64-bit) |
| Importance | --- / normal |
## Description
**Created [attachment 14](/uploads/c0b4dc33ac8bea34862cff2c8548433f/proc_cpuinfo.txt)**
/proc/cpuinfo
At random intervals I get notices such as the following in dmesg after the computer (Power Mac G5) locks up for several seconds (if not longer):
[May28 01:17] INFO: rcu_sched detected stalls on CPUs/tasks:
[ +0.000010] 1-...: (1 GPs behind) idle=ffa/1/0 softirq=38868/38868 fqs=1050
[ +0.000001] (detected by 0, t=2102 jiffies, g=15798, c=15797, q=3)
[ +0.000004] Task dump for CPU 1:
[ +0.000002] MuQSS/1 R running task 0 0 1 0x00000804
[ +0.000005] Call Trace:
[ +0.000005] [c0000001a6d5b950] [c0000001a6d5b9f0] 0xc0000001a6d5b9f0 (unreliable)
[ +0.000010] [c0000001a6d5bb20] [c00000000001b6e8] .arch_cpu_idle+0x48/0x150
[ +0.000006] [c0000001a6d5bba0] [c0000000001617c4] .get_next_timer_interrupt+0xb4/0x240
[ +0.000005] [c0000001a6d5bc40] [c000000000178234] .__tick_nohz_idle_enter+0x4a4/0x590
[ +0.000006] [c0000001a6d5bd10] [c000000000af92c4] .default_idle_call+0x64/0x78
[ +0.000005] [c0000001a6d5bd80] [c000000000124024] .do_idle+0x2b4/0x350
[ +0.000004] [c0000001a6d5be30] [c0000000001242c8] .cpu_startup_entry+0x28/0x40
[ +0.000005] [c0000001a6d5bea0] [c00000000003fde8] .start_secondary+0x4e8/0x540
[ +0.000005] [c0000001a6d5bf90] [c00000000000b5fc] start_secondary_prolog+0x10/0x14
I'm not doing anything more strenuous than using ssh over ethernet.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/101system/openrc: Error: keymaps is the name of a real and virtual service.2022-02-02T17:06:46ZEmilysystem/openrc: Error: keymaps is the name of a real and virtual service.| | |
| --- | --- |
| Bugzilla ID | 101 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-05-28 23:37:49 -0500 |
| Modified | 2019-06-02 19:23:50 -0500 |
| Status | RESOLVED FIXED |
| Version | 1...| | |
| --- | --- |
| Bugzilla ID | 101 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-05-28 23:37:49 -0500 |
| Modified | 2019-06-02 19:23:50 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
We really need to fix this before 1.0.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/110user/py3-virtualenv: CVE-2018-17793: "sandbox" escape2022-02-02T17:05:15ZEmilyuser/py3-virtualenv: CVE-2018-17793: "sandbox" escape| | |
| --- | --- |
| Bugzilla ID | 110 |
| Alias(es) | CVE-2018-17793 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 12:55:09 -0500 |
| Modified | 2019-07-24 12:56:08 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 110 |
| Alias(es) | CVE-2018-17793 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 12:55:09 -0500 |
| Modified | 2019-07-24 12:56:08 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-17793 |
## Description
"POC" [1] says it all:
> root@kali:~#pip install virtualenv
> root@kali:~#virtualenv test_env
> root@kali:~#cd test_env/
> root@kali:~/test_env#source ./bin/activate
> (test_env) root@kali:~/test_env#`
> `2、Sandbox escape
> (test_env) root@kali:~/test_env#python $(bash >&2)
> root@kali:~#
> (test_env) root@kali:~/test_env#python $(rbash >&2)
> root@kali:~#
This is NOTABUG, virtualenv is not a real sandbox.
[1] https://github.com/pypa/virtualenv/issues/12071.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/111user/libreoffice: CVE-2019-9847: hyperlink to executable unconditionally laun...2022-02-02T17:05:06ZEmilyuser/libreoffice: CVE-2019-9847: hyperlink to executable unconditionally launched| | |
| --- | --- |
| Bugzilla ID | 111 |
| Alias(es) | CVE-2019-9847 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 13:55:27 -0500 |
| Modified | 2019-07-24 13:56:01 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 111 |
| Alias(es) | CVE-2019-9847 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 13:55:27 -0500 |
| Modified | 2019-07-24 13:56:01 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-9847 |
## Description
> A vulnerability in LibreOffice hyperlink processing allows an attacker
> to construct documents containing hyperlinks pointing to the location
> of an executable on the target users file system. If the hyperlink is
> activated by the victim the executable target is unconditionally
> launched. Under Windows and macOS when processing a hyperlink target
> explicitly activated by the user there was no judgment made on whether
> the target was an executable file, so such executable targets were
> launched unconditionally. This issue affects: All LibreOffice Windows
> and macOS versions prior to 6.1.6; LibreOffice Windows and macOS
> versions in the 6.2 series prior to 6.2.3.
Does not apply to Linux.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/112user/compface: CVE-2009-2286: crash with long .xbm file2022-02-02T17:04:58ZEmilyuser/compface: CVE-2009-2286: crash with long .xbm file| | |
| --- | --- |
| Bugzilla ID | 112 |
| Alias(es) | CVE-2009-2286 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 13:59:28 -0500 |
| Modified | 2019-07-24 14:15:35 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 112 |
| Alias(es) | CVE-2009-2286 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 13:59:28 -0500 |
| Modified | 2019-07-24 14:15:35 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2009-2286 |
## Description
> Buffer overflow in compface 1.5.2 and earlier allows user-assisted
> attackers to cause a denial of service (crash) via a long declaration
> in a .xbm file. NOTE: this issue only affects compface on
> distributions that used a certain patch.
We do not apply the patch in question (enhanced XBM functionality).1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/113user/netqmail: CVE-2011-1431: STARTTLS command injection2022-02-02T17:04:52ZEmilyuser/netqmail: CVE-2011-1431: STARTTLS command injection| | |
| --- | --- |
| Bugzilla ID | 113 |
| Alias(es) | CVE-2011-1431 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 14:27:36 -0500 |
| Modified | 2019-07-24 14:27:50 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 113 |
| Alias(es) | CVE-2011-1431 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 14:27:36 -0500 |
| Modified | 2019-07-24 14:27:50 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2011-1431 |
## Description
> The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the
> netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict
> I/O buffering, which allows man-in-the-middle attackers to insert
> commands into encrypted SMTP sessions by sending a cleartext command
> that is processed after TLS is in place, related to a "plaintext
> command injection" attack, a similar issue to CVE-2011-0411.
We do not apply the patch in question.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/114user/imagemagick: CVE-2019-13454: division by zero2022-02-02T17:04:45ZEmilyuser/imagemagick: CVE-2019-13454: division by zero| | |
| --- | --- |
| Bugzilla ID | 114 |
| Alias(es) | CVE-2019-13454 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 19:02:10 -0500 |
| Modified | 2019-08-04 19:38:49 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 114 |
| Alias(es) | CVE-2019-13454 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-24 19:02:10 -0500 |
| Modified | 2019-08-04 19:38:49 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13454 |
## Description
> ImageMagick 7.0.8-54 Q16 allows Division by Zero in
> RemoveDuplicateLayers in MagickCore/layer.c.
Note: NVD incorrectly identifies =7.0.8-54 as vulnerable. This is the
first released version with the fix[1].
[1] https://github.com/ImageMagick/ImageMagick/commit/1ddcf2e4f28029a888cadef2e757509ef5047ad81.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/118system/libssh2: CVE-2019-13115: integer overflow in kex_method_diffie_hellman...2022-02-02T17:04:37ZEmilysystem/libssh2: CVE-2019-13115: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange| | |
| --- | --- |
| Bugzilla ID | 118 |
| Alias(es) | CVE-2019-13115 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-26 12:18:48 -0500 |
| Modified | 2019-08-04 19:20:31 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 118 |
| Alias(es) | CVE-2019-13115 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-26 12:18:48 -0500 |
| Modified | 2019-08-04 19:20:31 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13115 |
## Description
> In libssh2 before 1.9.0,
> kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c
> has an integer overflow that could lead to an out-of-bounds read in
> the way packets are read from the server. A remote attacker who
> compromises a SSH server may be able to disclose sensitive information
> or cause a denial of service condition on the client system when a
> user connects to the server. This is related to an
> _libssh2_check_length mistake, and is different from the various
> issues fixed in 1.8.1, such as CVE-2019-3855.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/122user/libmad: CVE-2018-7263: SIGABRT via crafted file2022-02-02T17:04:31ZEmilyuser/libmad: CVE-2018-7263: SIGABRT via crafted file| | |
| --- | --- |
| Bugzilla ID | 122 |
| Alias(es) | CVE-2018-7263 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 03:24:15 -0500 |
| Modified | 2020-09-17 01:12:12 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 122 |
| Alias(es) | CVE-2018-7263 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-29 03:24:15 -0500 |
| Modified | 2020-09-17 01:12:12 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | user/libmad |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-7263 |
## Description
> The mad_decoder_run() function in decoder.c in Underbit libmad through
> 0.15.1b allows remote attackers to cause a denial of service (SIGABRT
> because of double free or corruption) or possibly have unspecified
> other impact via a crafted file. NOTE: this may overlap
> CVE-2017-11552.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/133user/pango: CVE-2019-1010238: pango_log2vis_get_embedding_levels buffer overflow2022-02-02T17:04:23ZEmilyuser/pango: CVE-2019-1010238: pango_log2vis_get_embedding_levels buffer overflow| | |
| --- | --- |
| Bugzilla ID | 133 |
| Alias(es) | CVE-2019-1010238 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 06:54:16 -0500 |
| Modified | 2019-09-28 13:34:23 -0500 |
| Status...| | |
| --- | --- |
| Bugzilla ID | 133 |
| Alias(es) | CVE-2019-1010238 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 06:54:16 -0500 |
| Modified | 2019-09-28 13:34:23 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-1010238 |
## Description
> Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact
> is: The heap based buffer overflow can be used to get code execution.
> The component is: function name: pango_log2vis_get_embedding_levels,
> assignment of nchars and the loop condition. The attack vector is: Bug
> can be used when application pass invalid utf-8 strings to functions
> like pango_itemize.1.0-BETA3