Adélie Package Tree issues
https://git.adelielinux.org/adelie/packages/-/issues
2022-11-12T06:02:13Z
https://git.adelielinux.org/adelie/packages/-/issues/314
user/redis: CVE-2020-14147: lua_struct.c getnum integer overflow
2022-11-12T06:02:13Z
Emily
user/redis: CVE-2020-14147: lua_struct.c getnum integer overflow
| | |
| --- | --- |
| Bugzilla ID | 314 |
| Alias(es) | CVE-2020-14147 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-22 23:14:09 -0500 |
| Modified | 2020-06-22 23:14:09 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 314 |
| Alias(es) | CVE-2020-14147 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-22 23:14:09 -0500 |
| Modified | 2020-06-22 23:14:09 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/redis |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-14147 |
## Description
CVE-2020-14147: https://nvd.nist.gov/vuln/detail/CVE-2020-14147
> An integer overflow in the getnum function in lua_struct.c in Redis
> before 6.0.3 allows context-dependent attackers with permission to run
> Lua code in a Redis session to cause a denial of service (memory
> corruption and application crash) or possibly bypass intended sandbox
> restrictions via a large number, which triggers a stack-based buffer
> overflow. NOTE: this issue exists because of a CVE-2015-8080
> regression.
Introduced by https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
Fixed in >= 5.0.8 https://github.com/antirez/redis/commit/16b2d07f0a9b58027611dab7f97788d37cb5ab84
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/312
system/curl FTTFS: different failures across 3 architectures
2021-10-15T20:10:15Z
Emily
system/curl FTTFS: different failures across 3 architectures
| | |
| --- | --- |
| Bugzilla ID | 312 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-19 19:01:10 -0500 |
| Modified | 2020-06-22 06:03:10 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...
| | |
| --- | --- |
| Bugzilla ID | 312 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-19 19:01:10 -0500 |
| Modified | 2020-06-22 06:03:10 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/curl |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=208 |
## Description
aarch64: queued
ppc:
TESTDONE: 1023 tests out of 1024 reported OK: 99%
TESTFAIL: These test cases failed: 20
TESTDONE: 1290 tests were considered during 341 seconds.
ppc64: all passed
pmmx:
TESTDONE: 265 tests out of 274 reported OK: 96%
TESTFAIL: These test cases failed: 1007 1009 1049 1093 1094 1099 1238 1242 1243
TESTDONE: 1290 tests were considered during 104 seconds.
x86_64:
TESTDONE: 1025 tests out of 1031 reported OK: 99%
TESTFAIL: These test cases failed: 332 334 352 490 514 526
TESTDONE: 1290 tests were considered during 340 seconds.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/310
system/nss: multiple vulnerabilities
2021-05-12T03:23:37Z
Emily
system/nss: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 310 |
| Alias(es) | CVE-2020-12399, CVE-2020-12402 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-19 02:57:04 -0500 |
| Modified | 2020-09-16 22:29:42 -0...
| | |
| --- | --- |
| Bugzilla ID | 310 |
| Alias(es) | CVE-2020-12399, CVE-2020-12402 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-19 02:57:04 -0500 |
| Modified | 2020-09-16 22:29:42 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/nss |
| URL | https://code.foxkit.us/adelie/packages/commit/f5d4de7809 |
## Description
CVE-2020-12399: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-12399
> During DSA signature generation in the function `dsa_SignDigest`, the
> nonce value `k` is not padded, exposing the bit length of `k`, i.e.
> the most significant bits (MSBs) of the nonce. Combined with other
> techniques this can result in DSA private keys recovery.
Fixed in >= 3.52.1 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.52.1_release_notes
CVE-2020-12402: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-12402
> It was found that NSS is vulnerable to RSA key generation cache timing
> side channel attacks. An attacker with sufficient access to mount
> cache timing attacks during the RSA key generation process could
> recover the private key.
Fixed in >= 3.53.1 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53.1_release_notes
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/309
user/elixir: FTTFS: warning: redefining module A (current version defined in ...
2023-10-25T22:02:41Z
Emily
user/elixir: FTTFS: warning: redefining module A (current version defined in memory)
| | |
| --- | --- |
| Bugzilla ID | 309 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-19 00:37:02 -0500 |
| Modified | 2020-06-22 06:05:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...
| | |
| --- | --- |
| Bugzilla ID | 309 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-19 00:37:02 -0500 |
| Modified | 2020-06-22 06:05:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / [Community] ARM (64-bit) |
| Importance | --- / normal |
| Package(s) | user/elixir |
## Description
**Created [attachment 32](/uploads/a431d9f06da0ef558fd378aedac6e6b2/elixir-1.10.3-r0-athena.log)**
elixir 1.10.3-r0 check() snippet from athena.adelielinux.org
The superficial issue is these two tests ("test undefined aliases" and "test undefined warn for unrequired module") are issuing unexpected warnings of the form:
warning: redefining module A (current version defined in memory)
This issue doesn't seem to have been encountered on other distros. I could not find any relevant patches. Likewise the changelog for the file showed no interesting changes https://github.com/elixir-lang/elixir/commits/master/lib/elixir/test/elixir/module/checker_test.exs
This upstream issue indicates that these warnings are encountered by others in other places however: https://github.com/elixir-lang/elixir/issues/9858
This is unrelated, but at some point we should pick this up to enforce network isolation: https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-lang/elixir/files/elixir-1.9.1-disable-network-tests.patch
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/308
user/glib-networking: CVE-2020-13645: TLS certificate hostname verification n...
2022-02-02T02:01:57Z
Emily
user/glib-networking: CVE-2020-13645: TLS certificate hostname verification not performed by default
| | |
| --- | --- |
| Bugzilla ID | 308 |
| Alias(es) | CVE-2020-13645 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-18 21:23:57 -0500 |
| Modified | 2020-09-16 22:43:36 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 308 |
| Alias(es) | CVE-2020-13645 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-18 21:23:57 -0500 |
| Modified | 2020-09-16 22:43:36 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/glib-networking |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-13645 |
## Description
> In GNOME glib-networking through 2.64.2, the implementation of
> GTlsClientConnection skips hostname verification of the server's TLS
> certificate if the application fails to specify the expected server
> identity. This is in contrast to its intended documented behavior, to
> fail the certificate verification. Applications that fail to provide
> the server identity, including Balsa before 2.5.11 and 2.6.x before
> 2.6.1, accept a TLS certificate if the certificate is valid for any
> host.
Fixed in >= 2.64.3 https://gitlab.gnome.org/GNOME/glib-networking/-/commit/dbc8d69f58b07f6ed091aa123e5d40a53573a5fc
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/307
user/mutt: CVE-2020-14093: IMAP PREAUTH MITM
2022-02-02T02:02:04Z
Emily
user/mutt: CVE-2020-14093: IMAP PREAUTH MITM
| | |
| --- | --- |
| Bugzilla ID | 307 |
| Alias(es) | CVE-2020-14093 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-17 17:55:12 -0500 |
| Modified | 2020-06-22 06:04:45 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 307 |
| Alias(es) | CVE-2020-14093 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-17 17:55:12 -0500 |
| Modified | 2020-06-22 06:04:45 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/mutt |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-14093 |
## Description
> Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle
> attack via a PREAUTH response.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/306
user/node: >= 10.19.0-r0 fails two tests on pmmx
2022-12-17T23:26:30Z
Emily
user/node: >= 10.19.0-r0 fails two tests on pmmx
| | |
| --- | --- |
| Bugzilla ID | 306 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-15 23:28:01 -0500 |
| Modified | 2020-06-22 05:56:14 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...
| | |
| --- | --- |
| Bugzilla ID | 306 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-06-15 23:28:01 -0500 |
| Modified | 2020-06-22 05:56:14 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / Intel x86 (32-bit) |
| Importance | --- / normal |
| Package(s) | user/node |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=300 |
## Description
=== release test-http-invalid-te ===
Path: parallel/test-http-invalid-te
assert.js:126
throw err;
^
AssertionError [ERR_ASSERTION]: function should not have been called at /af/build/user/node/src/node-v10.21.0/test/parallel/test-http-invalid-te.js:27
at Server.mustNotCall (/af/build/user/node/src/node-v10.21.0/test/common/index.js:436:12)
at Server.emit (events.js:198:13)
at parserOnIncoming (_http_server.js:691:12)
at HTTPParser.parserOnHeadersComplete (_http_common.js:111:17)
Command: out/Release/node /af/build/user/node/src/node-v10.21.0/test/parallel/test-http-invalid-te.js
=== release test-worker-stdio ===
Path: parallel/test-worker-stdio
buffer.js:118
return new ArrayBuffer(size);
^
RangeError: Array buffer allocation failed
at new ArrayBuffer (<anonymous>)
at createUnsafeArrayBuffer (buffer.js:118:12)
at createUnsafeBuffer (buffer.js:112:25)
at allocate (buffer.js:330:12)
at Function.allocUnsafe (buffer.js:292:10)
at Function.concat (buffer.js:473:23)
at BufferingWritable.get buffer [as buffer] (/af/build/user/node/src/node-v10.21.0/test/parallel/test-worker-stdio.js:22:19)
at BufferingWritable.passed.on.common.mustCall (/af/build/user/node/src/node-v10.21.0/test/parallel/test-worker-stdio.js:37:55)
at BufferingWritable.<anonymous> (/af/build/user/node/src/node-v10.21.0/test/common/index.js:379:15)
at BufferingWritable.emit (events.js:203:15)
Command: out/Release/node --experimental-worker /af/build/user/node/src/node-v10.21.0/test/parallel/test-worker-stdio.js
[07:30|% 100|+ 2505|- 2]: Done
make[1]: *** [Makefile:274: jstest] Error 1
make: *** [Makefile:293: test-only] Error 2
>>> ERROR: node: check failed
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/305
user/tcpdump: FTTFS: ikev2pI2
2021-11-04T02:00:02Z
Emily
user/tcpdump: FTTFS: ikev2pI2
| | |
| --- | --- |
| Bugzilla ID | 305 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-14 02:05:11 -0500 |
| Modified | 2020-06-22 06:05:54 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...
| | |
| --- | --- |
| Bugzilla ID | 305 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-14 02:05:11 -0500 |
| Modified | 2020-06-22 06:05:54 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / PowerPC (64-bit) |
| Importance | --- / normal |
| Package(s) | user/tcpdump |
## Description
Failed test: ikev2pI2
< (v2auth: len=196 method=rsasig authdata=(000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
) ))
> (v2auth: len=196 method=rsasig authdata=(0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009d7686de6fabda36c4b374135ccca0c4596fe7636e19ee71ea7d276b4230948ab529651ba1dbec39e85e506ff90b48a57611be386a5867beccde9c9971587907251df58f0c46b473d9f0abc308eb85482f08383d
) ))
>>> ERROR: tcpdump: check failed
Upstream issue
https://github.com/the-tcpdump-group/tcpdump/issues/814
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/304
user/sane fails test suite on pmmx
2020-07-08T20:02:40Z
Emily
user/sane fails test suite on pmmx
| | |
| --- | --- |
| Bugzilla ID | 304 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-12 01:59:43 -0500 |
| Modified | 2020-07-08 15:02:40 -0500 |
| Status | RESOLVED FIXED |
| Version | 1...
| | |
| --- | --- |
| Bugzilla ID | 304 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-12 01:59:43 -0500 |
| Modified | 2020-07-08 15:02:40 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / Intel x86 (32-bit) |
| Importance | --- / normal |
| Package(s) | user/sane |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=294 |
## Description
**Created [attachment 31](/uploads/2eb69fb30f5b56d2ca58fd968a9a5a04/test-suite.pmmx.log)**
user/sane 1.0.30 test suite log for pmmx
Upstream issues:
https://gitlab.com/sane-project/backends/-/issues/157
https://gitlab.com/sane-project/backends/-/issues/241
According to these this was present in 1.0.29 as well.
Notably these tests DO pass on ppc, so it's probably some x87 mess.
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/303
user/vlc: CVE-2020-13428: hxxx_AnnexB_to_xVC heap-based buffer overflow
2022-02-02T02:02:10Z
Emily
user/vlc: CVE-2020-13428: hxxx_AnnexB_to_xVC heap-based buffer overflow
| | |
| --- | --- |
| Bugzilla ID | 303 |
| Alias(es) | CVE-2020-13428 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-11 18:55:58 -0500 |
| Modified | 2020-07-07 18:27:37 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 303 |
| Alias(es) | CVE-2020-13428 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-11 18:55:58 -0500 |
| Modified | 2020-07-07 18:27:37 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
| Package(s) | user/vlc |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-13428 |
## Description
> A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in
> modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before
> 3.0.11 allows remote attackers to cause a denial of service
> (application crash) or execute arbitrary code via a crafted H.264
> Annex-B video (.avi for example) file.
Fixed in >= 3.0.11
https://github.com/videolan/vlc-3.0/commit/d5c43c21c747ff30ed19fcca745dea3481c733e0
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/301
user/gnucobol: multiple vulnerabilities
2023-08-16T12:38:20Z
Emily
user/gnucobol: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 301 |
| Alias(es) | CVE-2019-14468, CVE-2019-14486, CVE-2019-14528, CVE-2019-14541, CVE-2019-16395, CVE-2019-16396 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported |...
| | |
| --- | --- |
| Bugzilla ID | 301 |
| Alias(es) | CVE-2019-14468, CVE-2019-14486, CVE-2019-14528, CVE-2019-14541, CVE-2019-16395, CVE-2019-16396 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-10 00:46:02 -0500 |
| Modified | 2021-05-11 20:50:31 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/gnucobol |
## Description
CVE-2019-14468: https://nvd.nist.gov/vuln/detail/CVE-2019-14468
> GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via
> crafted COBOL source code.
CVE-2019-14486: https://nvd.nist.gov/vuln/detail/CVE-2019-14486
> GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c
> via crafted COBOL source code.
CVE-2019-14528: https://nvd.nist.gov/vuln/detail/CVE-2019-14528
> GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in
> cobc/scanner.l via crafted COBOL source code.
CVE-2019-14541: https://nvd.nist.gov/vuln/detail/CVE-2019-14541
> GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id
> in cobc/typeck.c via crafted COBOL source code.
CVE-2019-16395: https://nvd.nist.gov/vuln/detail/CVE-2019-16395
> GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name()
> function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16396: https://nvd.nist.gov/vuln/detail/CVE-2019-16396
> GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name()
> function in cobc/parser.y via crafted COBOL source code.
1.0-BETA3
Zach van Rijn
Zach van Rijn
https://git.adelielinux.org/adelie/packages/-/issues/300
user/node: multiple vulnerabilities
2020-06-16T21:00:04Z
Emily
user/node: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 300 |
| Alias(es) | CVE-2020-7598, CVE-2020-8174 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-09 19:23:03 -0500 |
| Modified | 2020-06-16 16:00:04 -050...
| | |
| --- | --- |
| Bugzilla ID | 300 |
| Alias(es) | CVE-2020-7598, CVE-2020-8174 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-09 19:23:03 -0500 |
| Modified | 2020-06-16 16:00:04 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nodejs.org/en/blog/vulnerability/june-2020-security-releases |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=299<br>https://bts.adelielinux.org/show_bug.cgi?id=306 |
## Description
CVE-2020-8174
> Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(),
> or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of
> 0 will cause the entire string value to be written to buf, probably
> overrunning the length of the buffer.
Fixed in >= 10.21.0
See #299 for CVE-2020-11080.
CVE-2020-8172 does not apply to 10.x.
CVE-2020-10531 does not apply, already fixed in system/icu
https://code.foxkit.us/adelie/packages/commit/4457bb5bf106a91ed131a506269c5e09606c6f57
CVE-2020-7598
> minimist before 1.2.2 could be tricked into adding or modifying
> properties of Object.prototype using a "constructor" or "__proto__"
> payload.
Fixed in >= 1.2.2
https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Unclear if this is fixed in node 10.21.0
https://github.com/nodejs/node/commit/04cd67f85e5fafec2630f4e165516e712d7c3a7a
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/299
user/nghttp2: CVE-2020-11080: DoS via large SETTINGS frame
2022-02-02T02:02:23Z
Emily
user/nghttp2: CVE-2020-11080: DoS via large SETTINGS frame
| | |
| --- | --- |
| Bugzilla ID | 299 |
| Alias(es) | CVE-2020-11080 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-09 19:07:09 -0500 |
| Modified | 2020-06-15 16:39:00 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 299 |
| Alias(es) | CVE-2020-11080 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-09 19:07:09 -0500 |
| Modified | 2020-06-15 16:39:00 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-11080 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=300 |
## Description
> In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS
> frame payload causes denial of service. The proof of concept attack
> involves a malicious client constructing a SETTINGS frame with a
> length of 14,400 bytes (2400 individual settings entries) over and
> over again. The attack causes the CPU to spike at 100%. nghttp2
> v1.41.0 fixes this vulnerability. There is a workaround to this
> vulnerability. Implement nghttp2_on_frame_recv_callback callback, and
> if received frame is SETTINGS frame and the number of settings entries
> are large (e.g., > 32), then drop the connection.
Fixed in >= 1.41.0
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr
https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090
https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/298
user/libjpeg-turbo: CVE-2020-13790: get_rgb_row heap-based buffer overflow
2022-02-02T02:03:01Z
Emily
user/libjpeg-turbo: CVE-2020-13790: get_rgb_row heap-based buffer overflow
| | |
| --- | --- |
| Bugzilla ID | 298 |
| Alias(es) | CVE-2020-13790 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:19:33 -0500 |
| Modified | 2020-06-15 16:39:00 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 298 |
| Alias(es) | CVE-2020-13790 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:19:33 -0500 |
| Modified | 2020-06-15 16:39:00 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-13790 |
## Description
> libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-
> read in get_rgb_row() in rdppm.c via a malformed PPM input file.
Unreleased fix https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/297
user/libreoffice: multiple vulnerabilities
2023-05-03T18:14:57Z
Emily
user/libreoffice: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 297 |
| Alias(es) | CVE-2020-12801, CVE-2020-12802, CVE-2020-12803 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:11:41 -0500 |
| Modified | 2020-0...
| | |
| --- | --- |
| Bugzilla ID | 297 |
| Alias(es) | CVE-2020-12801, CVE-2020-12802, CVE-2020-12803 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:11:41 -0500 |
| Modified | 2020-08-13 16:58:02 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libreoffice |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-12801 |
## Description
> If LibreOffice has an encrypted document open and crashes, that
> document is auto-saved encrypted. On restart, LibreOffice offers to
> restore the document and prompts for the password to decrypt it. If
> the recovery is successful, and if the file format of the recovered
> document was not LibreOffice's default ODF file format, then affected
> versions of LibreOffice default that subsequent saves of the document
> are unencrypted. This may lead to a user accidentally saving a
> MSOffice file format document unencrypted while believing it to be
> encrypted. This issue affects: LibreOffice 6-3 series versions prior
> to 6.3.6; 6-4 series versions prior to 6.4.3.
https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
Fixed in >= 6.4.3
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/296
system/perl: multiple vulnerabilities
2022-05-02T03:34:15Z
Emily
system/perl: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 296 |
| Alias(es) | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:06:56 -0500 |
| Modified | 2020-0...
| | |
| --- | --- |
| Bugzilla ID | 296 |
| Alias(es) | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:06:56 -0500 |
| Modified | 2020-06-22 06:07:05 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/perl |
## Description
CVE-2020-10878: https://nvd.nist.gov/vuln/detail/CVE-2020-10878
> Perl before 5.30.3 has an integer overflow related to mishandling of a
> "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression
> could lead to malformed bytecode with a possibility of instruction
> injection.
Fixed in >= 5.30.3
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
CVE-2020-10543: https://nvd.nist.gov/vuln/detail/CVE-2020-10543
> Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer
> overflow because nested regular expression quantifiers have an integer
> overflow.
Fixed in >= 5.30.3
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
CVE-2020-12723: https://nvd.nist.gov/vuln/detail/CVE-2020-12723
> regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted
> regular expression because of recursive S_study_chunk calls.
Fixed in >= 5.30.3
https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/295
user/dbus: CVE-2020-12049: denial of service via file descriptor leak
2022-02-02T02:03:08Z
Emily
user/dbus: CVE-2020-12049: denial of service via file descriptor leak
| | |
| --- | --- |
| Bugzilla ID | 295 |
| Alias(es) | CVE-2020-12049 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-04 13:16:10 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 295 |
| Alias(es) | CVE-2020-12049 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-04 13:16:10 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://www.openwall.com/lists/oss-security/2020/06/04/3 |
## Description
CVE-2020-12049: https://www.openwall.com/lists/oss-security/2020/06/04/3
> Kevin Backhouse of the GitHub Security Lab discovered a denial of
> service vulnerability[0] in dbus >= 1.3.0. An unprivileged local
> attacker can cause the system dbus-daemon (dbus-daemon --system) to
> leak file descriptors (fds) by sending messages with a number of fds
> that exceeds the allowed number, resulting in truncation. The
> attacker's connection is (correctly) disconnected, but the fds that
> were attached to the truncated message are (incorrectly) not closed.
> By repeating this process, the attacker can make the dbus-daemon reach
> its RLIMIT_NOFILE limit. When this limit is reached, new connections
> will fail, and existing connections will be unable to send messages
> with fds attached, causing denial of service.
>
> The same attack is also possible in the uncommon situation where
> processes of different privilege levels communicate directly using a
> private D-Bus socket (DBusServer) without going via a dbus-daemon.
Fixed in >= 1.12.18
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/294
user/sane: multiple vulnerabilities
2020-07-08T20:02:59Z
Emily
user/sane: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 294 |
| Alias(es) | CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle...
| | |
| --- | --- |
| Bugzilla ID | 294 |
| Alias(es) | CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-01 11:58:05 -0500 |
| Modified | 2020-07-08 15:02:59 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/sane |
| URL | https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=304 |
## Description
> - `epson2`: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
> management issues found while addressing that CVE
> - `epsonds`: addresses out-of-bound memory access issues to fix
> CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
> addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
> and disables network autodiscovery to mitigate CVE-2020-12866
> (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
> (GHSL-2020-081). Note that this backend does not support network
> scanners to begin with.
> - `magicolor`: fixes a floating point exception and uninitialized data
> read
> - fixes an overflow in `sanei_tcp_read()`
Fixed in >= 1.0.30
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/293
user/freetds: CVE-2019-13508: heap-based buffer overflow
2022-02-02T02:03:15Z
Emily
user/freetds: CVE-2019-13508: heap-based buffer overflow
| | |
| --- | --- |
| Bugzilla ID | 293 |
| Alias(es) | CVE-2019-13508 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-26 17:31:53 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 293 |
| Alias(es) | CVE-2019-13508 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-26 17:31:53 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13508 |
## Description
CVE-2019-13508: https://nvd.nist.gov/vuln/detail/CVE-2019-13508
> FreeTDS through 1.1.11 has a Buffer Overflow.
> This can happens if server cause a downgrade to protocol 5.0 and send
> a UDT type.
Patch: https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
Redhat says this is released in 1.1.11 contradicting NVD info: https://bugzilla.redhat.com/show_bug.cgi?id=1736255#c2
It's definitely fixed in 1.1.40 though
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/292
user/transmission: CVE-2018-10756: tr_variantWalk heap UAF
2021-11-04T01:31:24Z
Emily
user/transmission: CVE-2018-10756: tr_variantWalk heap UAF
| | |
| --- | --- |
| Bugzilla ID | 292 |
| Alias(es) | CVE-2018-10756 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2020-05-20 17:45:10 -0500 |
| Modified | 2020-06-22 06:10:05 -0500 |
| Status | UNCONFI...
| | |
| --- | --- |
| Bugzilla ID | 292 |
| Alias(es) | CVE-2018-10756 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2020-05-20 17:45:10 -0500 |
| Modified | 2020-06-22 06:10:05 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/transmission |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-10756 |
## Description
> Use-after-free in libtransmission/variant.c in Transmission before
> 3.00 allows remote attackers to cause a denial of service (crash) or
> possibly execute arbitrary code via a crafted torrent file.
Fixed in >= 3.00 https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e
1.0-BETA3