Adélie Linux issueshttps://git.adelielinux.org/groups/adelie/-/issues2022-11-12T05:24:05Zhttps://git.adelielinux.org/adelie/packages/-/issues/276user/fontforge: multiple vulnerabilities2022-11-12T05:24:05ZEmilyuser/fontforge: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 276 |
| Alias(es) | CVE-2017-17521, CVE-2019-15785, CVE-2020-25690, CVE-2020-5395, CVE-2020-5496 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-29 12:08:...| | |
| --- | --- |
| Bugzilla ID | 276 |
| Alias(es) | CVE-2017-17521, CVE-2019-15785, CVE-2020-25690, CVE-2020-5395, CVE-2020-5496 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-29 12:08:47 -0500 |
| Modified | 2020-12-03 22:51:42 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/fontforge |
## Description
CVE-2020-5395: https://nvd.nist.gov/vuln/detail/CVE-2020-5395
> FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in
> sfd.c.
https://github.com/fontforge/fontforge/commit/048a91e2682c1a8936ae34dbc7bd70291ec05410
CVE-2020-5496: https://nvd.nist.gov/vuln/detail/CVE-2020-5496
> FontForge 20190801 has a heap-based buffer overflow in the
> Type2NotDefSplines() function in splinesave.c.
same commit1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/277system/sudo: CVE-2019-19232: impersonation of nonexistent account through use...2022-02-02T02:03:30ZEmilysystem/sudo: CVE-2019-19232: impersonation of nonexistent account through use of unallocated UID| | |
| --- | --- |
| Bugzilla ID | 277 |
| Alias(es) | CVE-2019-19232 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-29 12:20:37 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 277 |
| Alias(es) | CVE-2019-19232 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-04-29 12:20:37 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-19232 |
## Description
> ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a
> Runas ALL sudoer account can impersonate a nonexistent user by
> invoking sudo with a numeric uid that is not associated with any user.
> NOTE: The software maintainer believes that this is not a
> vulnerability because running a command via sudo as a user not present
> in the local password database is an intentional feature. Because this
> behavior surprised some users, sudo 1.8.30 introduced an option to
> enable/disable this behavior with the default being disabled. However,
> this does not change the fact that sudo was behaving as intended, and
> as documented, in earlier versions.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/278user/node: throws SIGILL on pre-Power8 PPC642023-05-10T21:50:01ZEmilyuser/node: throws SIGILL on pre-Power8 PPC64| | |
| --- | --- |
| Bugzilla ID | 278 |
| Reporter | jeff@keyte.me |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-04-30 21:44:20 -0500 |
| Modified | 2020-06-22 05:56:12 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
|...| | |
| --- | --- |
| Bugzilla ID | 278 |
| Reporter | jeff@keyte.me |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-04-30 21:44:20 -0500 |
| Modified | 2020-06-22 05:56:12 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / PowerPC (64-bit) |
| Importance | --- / blocker |
| Package(s) | user/node |
## Description
New installation of Adelie (great distro for my aging P5, thanks!). 16gb ram.
To reproduce:
apk add node
node
-> zsh: illegal hardware instruction
dmesg log:
[34490.179121] node[7972]: illegal instruction (4) at 3a513ec8ac8 nip 3a513ec8ac8 lr 3a513ec8a80 code 1
[34490.179132] node[7972]: code: 7c211840 41800080 e87f0010 786407e0 2c240000 41820068 3880ffff 7c83202a
[34490.179136] node[7972]: code: e8bd00d0 7c242800 40820030 c8230007 <fc400b50> fc211028 c87c0000 fc011800
[34500.681472] node[7980]: illegal instruction (4) at 1fcd2048ac8 nip 1fcd2048ac8 lr 1fcd2048a80 code 1
[34500.681481] node[7980]: code: 7c211840 41800080 e87f0010 786407e0 2c240000 41820068 3880ffff 7c83202a
[34500.681485] node[7980]: code: e8bd00d0 7c242800 40820030 c8230007 <fc400b50> fc211028 c87c0000 fc0118001.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/279user/vlc: multiple vulnerabilities2020-05-10T15:53:39ZEmilyuser/vlc: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 279 |
| Alias(es) | CVE-2019-19721, CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees ...| | |
| --- | --- |
| Bugzilla ID | 279 |
| Alias(es) | CVE-2019-19721, CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-01 15:37:48 -0500 |
| Modified | 2020-05-10 10:53:39 -0500 |
| Status | RESOLVED INVALID |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2020-6073: https://nvd.nist.gov/vuln/detail/CVE-2020-6073
> An exploitable denial-of-service vulnerability exists in the TXT
> record-parsing functionality of Videolabs libmicrodns 0.1.0. When
> parsing the RDATA section in a TXT record in mDNS messages, multiple
> integer overflows can be triggered, leading to a denial of service. An
> attacker can send an mDNS message to trigger this vulnerability.
CVE-2020-6071: https://nvd.nist.gov/vuln/detail/CVE-2020-6071
> An exploitable denial-of-service vulnerability exists in the resource
> record-parsing functionality of Videolabs libmicrodns 0.1.0. When
> parsing compressed labels in mDNS messages, the compression pointer is
> followed without checking for recursion, leading to a denial of
> service. An attacker can send an mDNS message to trigger this
> vulnerability.
CVE-2020-6072: https://nvd.nist.gov/vuln/detail/CVE-2020-6072
> An exploitable code execution vulnerability exists in the label-
> parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
> compressed labels in mDNS messages, the rr_decode function's return
> value is not checked, leading to a double free that could be exploited
> to execute arbitrary code. An attacker can send an mDNS message to
> trigger this vulnerability.
CVE-2020-6078: https://nvd.nist.gov/vuln/detail/CVE-2020-6078
> An exploitable denial-of-service vulnerability exists in the message-
> parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
> mDNS messages in mdns_recv, the return value of the mdns_read_header
> function is not checked, leading to an uninitialized variable usage
> that eventually results in a null pointer dereference, leading to
> service crash. An attacker can send a series of mDNS messages to
> trigger this vulnerability.
CVE-2020-6080: https://nvd.nist.gov/vuln/detail/CVE-2020-6080
> An exploitable denial-of-service vulnerability exists in the resource
> allocation handling of Videolabs libmicrodns 0.1.0. When encountering
> errors while parsing mDNS messages, some allocated data is not freed,
> possibly leading to a denial-of-service condition via resource
> exhaustion. An attacker can send one mDNS message repeatedly to
> trigger this vulnerability through the function rr_read_RR [5] reads
> the current resource record, except for the RDATA section. This is
> read by the loop at in rr_read. For each RR type, a different function
> is called. When the RR type is 0x10, the function rr_read_TXT is
> called at [6].
CVE-2020-6079: https://nvd.nist.gov/vuln/detail/CVE-2020-6079
> An exploitable denial-of-service vulnerability exists in the resource
> allocation handling of Videolabs libmicrodns 0.1.0. When encountering
> errors while parsing mDNS messages, some allocated data is not freed,
> possibly leading to a denial-of-service condition via resource
> exhaustion. An attacker can send one mDNS message repeatedly to
> trigger this vulnerability through decoding of the domain name
> performed by rr_decode.
CVE-2020-6077: https://nvd.nist.gov/vuln/detail/CVE-2020-6077
> An exploitable denial-of-service vulnerability exists in the message-
> parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
> mDNS messages, the implementation does not properly keep track of the
> available data in the message, possibly leading to an out-of-bounds
> read that would result in a denial of service. An attacker can send an
> mDNS message to trigger this vulnerability.
It does not appear to me that we are building the microdns module at
this time. However, in any case this is fixed in microdns >= 0.1.1 and
vlc >= 3.0.9.
https://github.com/videolabs/libmicrodns/releases/tag/0.1.1
https://www.videolan.org/developers/vlc-branch/NEWS1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/280[meta] APK script permission audit2023-11-15T23:52:56ZEmily[meta] APK script permission audit| | |
| --- | --- |
| Bugzilla ID | 280 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-04 03:23:46 -0500 |
| Modified | 2020-12-04 00:25:02 -0600 |
| Status | CONFIRMED |
| Version | 1.0-R...| | |
| --- | --- |
| Bugzilla ID | 280 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-04 03:23:46 -0500 |
| Modified | 2020-12-04 00:25:02 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | - |
| URL | https://www.openwall.com/lists/oss-security/2020/04/30/1 |
## Description
Please see the URL for context.
The following APK scripts were examined:
> system/abuild/abuild.pre-install
> system/abuild/abuild.pre-upgrade
> system/at/at.pre-install
> system/bash/bash.post-upgrade
> system/bash/bash.pre-deinstall
> system/ca-certificates/ca-certificates.post-deinstall
> system/ca-certificates/ca-certificates.trigger
> system/coreutils/coreutils.post-deinstall
> system/docbook-xml/docbook-xml.post-deinstall
> system/docbook-xml/docbook-xml.post-install
> system/docbook-xml/docbook-xml.post-upgrade
> system/docbook-xsl/docbook-xsl-ns.post-deinstall
> system/docbook-xsl/docbook-xsl-ns.post-install
> system/docbook-xsl/docbook-xsl-ns.post-upgrade
> system/docbook-xsl/docbook-xsl.post-deinstall
> system/docbook-xsl/docbook-xsl.post-install
> system/docbook-xsl/docbook-xsl.post-upgrade
> system/fcron/fcron.pre-install
> system/kmod/kmod.trigger
> system/man-db/man-db.trigger
> system/musl/musl-utils.trigger
> system/openrc/openrc.post-install
> system/openrc/openrc.post-upgrade
> system/ruby/ruby.post-upgrade
> system/s6-linux-init/s6-linux-init-common.post-upgrade
> system/s6-linux-init/s6-linux-init-common.pre-deinstall
> system/s6-linux-init/s6-linux-init.post-install
> system/s6-linux-init/s6-linux-init.post-upgrade
> system/s6-linux-init/s6-linux-init.pre-deinstall
> system/s6/s6.post-upgrade
> system/s6/s6.trigger
> system/sed/sed.post-deinstall
> system/sysvinit/sysvinit.post-install
> system/sysvinit/sysvinit.post-upgrade
> system/utmps/utmps.post-upgrade
> system/zsh/zsh.post-install
> system/zsh/zsh.post-upgrade
> system/zsh/zsh.pre-deinstall
> user/acpilight/acpilight.post-install
> user/apache-httpd/apache-httpd.pre-install
> user/apache-httpd/apache-httpd.pre-upgrade
> user/bind/bind.pre-install
> user/chrony/chrony.pre-install
> user/chrony/chrony.pre-upgrade
> user/cracklib/cracklib.trigger
> user/cups/cups.pre-install
> user/dbus/dbus.post-install
> user/dbus/dbus.pre-install
> user/dbus/dbus.trigger
> user/dhcpcd/dhcpcd.post-upgrade
> user/distcc/distcc.pre-install
> user/fish/fish.post-install
> user/fish/fish.post-upgrade
> user/fish/fish.pre-deinstall
> user/fontconfig/fontconfig.trigger
> user/gdk-pixbuf/gdk-pixbuf.pre-deinstall
> user/gdk-pixbuf/gdk-pixbuf.trigger
> user/glib/glib.trigger
> user/gnupg/gnupg.pre-install
> user/gnupg/gnupg.pre-upgrade
> user/graphviz/graphviz.pre-deinstall
> user/graphviz/graphviz.trigger
> user/grub/grub.post-upgrade
> user/grub/grub.trigger
> user/gtk+2.0/gtk+2.0.post-deinstall
> user/gtk+2.0/gtk+2.0.post-install
> user/gtk+2.0/gtk+2.0.post-upgrade
> user/gtk+2.0/gtk-update-icon-cache.trigger
> user/gtk+3.0/gtk+3.0.post-deinstall
> user/gtk+3.0/gtk+3.0.post-install
> user/gtk+3.0/gtk+3.0.post-upgrade
> user/gutenprint/gutenprint.post-install
> user/gutenprint/gutenprint.post-upgrade
> user/java-common/java-common.trigger
> user/libgphoto2/libgphoto2.pre-install
> user/libgphoto2/libgphoto2.pre-upgrade
> user/lighttpd/lighttpd.pre-install
> user/lighttpd/lighttpd.pre-upgrade
> user/lilo/lilo.trigger
> user/lm_sensors/sensors.install
> user/mariadb/mariadb-server.pre-install
> user/mkfontscale/mkfontscale.trigger
> user/mksh/mksh.post-install
> user/mksh/mksh.post-upgrade
> user/mksh/mksh.pre-deinstall
> user/mosquitto/mosquitto.pre-install
> user/netqmail/netqmail.post-install
> user/netqmail/netqmail.pre-deinstall
> user/nextcloud/nextcloud-initscript.post-install
> user/nextcloud/nextcloud.post-upgrade
> user/nextcloud/nextcloud.pre-install
> user/nsd/nsd.pre-install
> user/openldap/openldap.post-install
> user/openldap/openldap.post-upgrade
> user/openldap/openldap.pre-install
> user/openvpn/openvpn.pre-install
> user/pango/pango.pre-deinstall
> user/pango/pango.trigger
> user/pcsc-lite/pcsc-lite.pre-install
> user/pcsc-lite/pcsc-lite.pre-upgrade
> user/perl-xml-sax/perl-xml-sax.post-install
> user/perl-xml-sax/perl-xml-sax.pre-deinstall
> user/polkit/polkit.pre-install
> user/polkit/polkit.pre-upgrade
> user/postfix/postfix.pre-install
> user/postgresql/postgresql.pre-upgrade
> user/prosody/prosody.pre-install
> user/pulseaudio/pulseaudio.pre-install
> user/pulseaudio/pulseaudio.pre-upgrade
> user/qemu/qemu.post-install
> user/qemu/qemu.pre-install
> user/redis/redis.pre-install
> user/rpcbind/rpcbind.pre-install
> user/rpcbind/rpcbind.pre-upgrade
> user/sane/sane.pre-install
> user/sane/saned.pre-install
> user/sddm/sddm.post-install
> user/shared-mime-info/shared-mime-info.post-deinstall
> user/shared-mime-info/shared-mime-info.trigger
> user/strongswan/strongswan.pre-install
> user/tcsh/tcsh.post-install
> user/tcsh/tcsh.post-upgrade
> user/tcsh/tcsh.pre-deinstall
> user/tlp/tlp.post-upgrade
> user/transmission/transmission-daemon.post-upgrade
> user/transmission/transmission-daemon.pre-install
> user/transmission/transmission.post-install
> user/unbound/unbound.pre-install
> user/vde2/vde2.pre-install
> user/vlc/vlc-daemon.pre-install
> user/vlc/vlc-libs.trigger
Of these, the following were found to have potential issues:
> user/mariadb/mariadb-server.pre-install
> user/nextcloud/nextcloud-initscript.post-install1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/281user/re2c: CVE-2018-21232: find_fixed_tags infinite recursion2021-11-04T01:28:33ZEmilyuser/re2c: CVE-2018-21232: find_fixed_tags infinite recursion| | |
| --- | --- |
| Bugzilla ID | 281 |
| Alias(es) | CVE-2018-21232 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-04 23:21:07 -0500 |
| Modified | 2020-06-22 06:09:48 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 281 |
| Alias(es) | CVE-2018-21232 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-04 23:21:07 -0500 |
| Modified | 2020-06-22 06:09:48 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | user/re2c |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-21232 |
## Description
CVE-2018-21232: https://nvd.nist.gov/vuln/detail/CVE-2018-21232
> re2c before 2.0 has uncontrolled recursion that causes stack
> consumption in find_fixed_tags.
See also:
https://www.openwall.com/lists/oss-security/2020/04/27/2
https://github.com/skvadrik/re2c/issues/219
There are several patches for this but upstream doesn't seem to consider it fixed yet, and since it's minor we'll sit on it for now.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/282user/{efivar,efibootmgr}: not built for aarch642022-02-02T16:50:45ZEmilyuser/{efivar,efibootmgr}: not built for aarch64| | |
| --- | --- |
| Bugzilla ID | 282 |
| Reporter | CyberLeo |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-05-06 17:27:53 -0500 |
| Modified | 2020-05-27 23:37:23 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| ...| | |
| --- | --- |
| Bugzilla ID | 282 |
| Reporter | CyberLeo |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-05-06 17:27:53 -0500 |
| Modified | 2020-05-27 23:37:23 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Other / Other |
| Importance | --- / enhancement |
## Description
It looks like the APKBUILD files declare them as suitable for arm64, but not aarch64. Their absence prevents installation of grub-efi on aarch64.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/284user/firefox-esr seccomp is blocking time64 syscalls2020-06-10T20:37:31ZEmilyuser/firefox-esr seccomp is blocking time64 syscalls| | |
| --- | --- |
| Bugzilla ID | 284 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-10 18:51:40 -0500 |
| Modified | 2020-06-10 15:37:31 -0500 |
| Status | RESOLVED FIXED |
| Version | 1...| | |
| --- | --- |
| Bugzilla ID | 284 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-10 18:51:40 -0500 |
| Modified | 2020-06-10 15:37:31 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
## Description
On pmmx with firefox-esr=68.4.1-r0, as soon as firefox is started it can be observed that it spams the console with messages like these:
> Sandbox: seccomp sandbox violation: pid 5607, tid 5607, syscall 403, args 1 3215982588 3215982588 0 1 3215982488.
On pmmx, syscall 403 is clock_gettime64. I suspect this issue affects all of the time64 syscalls on all of our 32-bit arches. It's hard to tell since it's so slow on the pmmx machine I have, but it seems to prevent loading of any pages.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/285user/libexif: multiple vulnerabilities2020-06-15T21:38:59ZEmilyuser/libexif: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 285 |
| Alias(es) | CVE-2020-0093, CVE-2020-0182, CVE-2020-0198, CVE-2020-12767, CVE-2020-13112, CVE-2020-13113, CVE-2020-13114 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |...| | |
| --- | --- |
| Bugzilla ID | 285 |
| Alias(es) | CVE-2020-0093, CVE-2020-0182, CVE-2020-0198, CVE-2020-12767, CVE-2020-13112, CVE-2020-13113, CVE-2020-13114 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-13 13:44:40 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
## Description
> exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-
> by-zero error.
Unreleased fix https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da721.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/286system/json-c: CVE-2020-12762: printbuf_memappend integer overflow / OOB write2022-02-02T02:03:21ZEmilysystem/json-c: CVE-2020-12762: printbuf_memappend integer overflow / OOB write| | |
| --- | --- |
| Bugzilla ID | 286 |
| Alias(es) | CVE-2020-12762 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-15 16:34:50 -0500 |
| Modified | 2020-10-30 22:33:02 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 286 |
| Alias(es) | CVE-2020-12762 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-15 16:34:50 -0500 |
| Modified | 2020-10-30 22:33:02 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/json-c |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-12762 |
## Description
> json-c through 0.14 has an integer overflow and out-of-bounds write
> via a large JSON file, as demonstrated by printbuf_memappend.
Unreleased fixes:
https://github.com/json-c/json-c/pull/592
https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157
https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6
https://github.com/json-c/json-c/pull/610
Backports:
https://github.com/json-c/json-c/pull/6081.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/287user/libcroco: Multiple vulnerabilities2020-10-31T03:33:38ZEmilyuser/libcroco: Multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 287 |
| Alias(es) | CVE-2020-12825 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-15 16:38:19 -0500 |
| Modified | 2020-10-30 22:33:38 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 287 |
| Alias(es) | CVE-2020-12825 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-15 16:38:19 -0500 |
| Modified | 2020-10-30 22:33:38 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libcroco |
## Description
> libcroco through 0.6.13 has excessive recursion in
> cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
No fix yet https://gitlab.gnome.org/GNOME/libcroco/-/issues/81.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/288user/ant: CVE-2020-1945: insecure temporary file use2021-11-04T01:30:29ZEmilyuser/ant: CVE-2020-1945: insecure temporary file use| | |
| --- | --- |
| Bugzilla ID | 288 |
| Alias(es) | CVE-2020-11979, CVE-2020-1945 |
| Reporter | Max Rees (sroracle) |
| Assignee | Alyx Wolcott |
| Reported | 2020-05-15 17:03:51 -0500 |
| Modified | 2020-10-26 20:18:38 -0500 |
| ...| | |
| --- | --- |
| Bugzilla ID | 288 |
| Alias(es) | CVE-2020-11979, CVE-2020-1945 |
| Reporter | Max Rees (sroracle) |
| Assignee | Alyx Wolcott |
| Reported | 2020-05-15 17:03:51 -0500 |
| Modified | 2020-10-26 20:18:38 -0500 |
| Status | IN_PROGRESS |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/ant |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-1945 |
## Description
CVE-2020-1945: https://nvd.nist.gov/vuln/detail/CVE-2020-1945
> Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default
> temporary directory identified by the Java system property
> java.io.tmpdir for several tasks and may thus leak sensitive
> information. The fixcrlf and replaceregexp tasks also copy files from
> the temporary directory back into the build tree allowing an attacker
> to inject modified source files into the build process.
https://www.openwall.com/lists/oss-security/2020/05/13/1
http://ant.apache.org/security.html
Fixed in >= 1.10.81.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/289user/mariadb: multiple vulnerabilities2020-07-08T17:41:07ZEmilyuser/mariadb: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 289 |
| Alias(es) | CVE-2020-13249, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2020-05-15 17:15:59 -0500 |...| | |
| --- | --- |
| Bugzilla ID | 289 |
| Alias(es) | CVE-2020-13249, CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2020-05-15 17:15:59 -0500 |
| Modified | 2020-07-08 12:41:07 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/mariadb |
| URL | https://mariadb.com/kb/en/mariadb-10413-release-notes/ |
## Description
CVE-2020-2752: https://nvd.nist.gov/vuln/detail/CVE-2020-2752
> Vulnerability in the MySQL Client product of Oracle MySQL (component:
> C API). Supported versions that are affected are 5.6.47 and prior,
> 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit
> vulnerability allows low privileged attacker with network access via
> multiple protocols to compromise MySQL Client. Successful attacks of
> this vulnerability can result in unauthorized ability to cause a hang
> or frequently repeatable crash (complete DOS) of MySQL Client. CVSS
> 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:
> (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2760: https://nvd.nist.gov/vuln/detail/CVE-2020-2760
> Vulnerability in the MySQL Server product of Oracle MySQL (component:
> InnoDB). Supported versions that are affected are 5.7.29 and prior and
> 8.0.19 and prior. Easily exploitable vulnerability allows high
> privileged attacker with network access via multiple protocols to
> compromise MySQL Server. Successful attacks of this vulnerability can
> result in unauthorized ability to cause a hang or frequently
> repeatable crash (complete DOS) of MySQL Server as well as
> unauthorized update, insert or delete access to some of MySQL Server
> accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability
> impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2020-2812: https://nvd.nist.gov/vuln/detail/CVE-2020-2812
> Vulnerability in the MySQL Server product of Oracle MySQL (component:
> Server: Stored Procedure). Supported versions that are affected are
> 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily
> exploitable vulnerability allows high privileged attacker with network
> access via multiple protocols to compromise MySQL Server. Successful
> attacks of this vulnerability can result in unauthorized ability to
> cause a hang or frequently repeatable crash (complete DOS) of MySQL
> Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:
> (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2814: https://nvd.nist.gov/vuln/detail/CVE-2020-2814
> Vulnerability in the MySQL Server product of Oracle MySQL (component:
> InnoDB). Supported versions that are affected are 5.6.47 and prior,
> 5.7.28 and prior and 8.0.18 and prior. Easily exploitable
> vulnerability allows high privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of
> this vulnerability can result in unauthorized ability to cause a hang
> or frequently repeatable crash (complete DOS) of MySQL Server. CVSS
> 3.0 Base Score 4.9 (Availability impacts). CVSS Vector:
> (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
All fixed in >= 10.4.13 https://mariadb.com/kb/en/mariadb-10413-release-notes/1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/290user/bind: multiple vulnerabilities2020-10-26T01:49:36ZEmilyuser/bind: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 290 |
| Alias(es) | CVE-2020-8619 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2020-05-19 16:54:18 -0500 |
| Modified | 2020-10-25 20:49:36 -0500 |
| Status | RESOLVED...| | |
| --- | --- |
| Bugzilla ID | 290 |
| Alias(es) | CVE-2020-8619 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2020-05-19 16:54:18 -0500 |
| Modified | 2020-10-25 20:49:36 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/bind |
## Description
> CVE-2020-8616: BIND does not sufficiently limit the number
> of fetches performed when processing referrals
> https://kb.isc.org/docs/cve-2020-8616
>
> CVE-2020-8617: A logic error in code which checks TSIG
> validity can be used to trigger an assertion failure in tsig.c
> https://kb.isc.org/docs/cve-2020-8617
Fixed in >= 9.14.121.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/291user/nsd, user/unbound: multiple vulnerabilities2022-11-13T06:54:43ZEmilyuser/nsd, user/unbound: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 291 |
| Alias(es) | CVE-2020-12662, CVE-2020-12663, CVE-2020-28935 |
| Reporter | Max Rees (sroracle) |
| Assignee | Alyx Wolcott |
| Reported | 2020-05-19 17:00:04 -0500 |
| Modified | 2020-12-09 17...| | |
| --- | --- |
| Bugzilla ID | 291 |
| Alias(es) | CVE-2020-12662, CVE-2020-12663, CVE-2020-28935 |
| Reporter | Max Rees (sroracle) |
| Assignee | Alyx Wolcott |
| Reported | 2020-05-19 17:00:04 -0500 |
| Modified | 2020-12-09 17:23:35 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/nsd, user/unbound |
| URL | https://www.openwall.com/lists/oss-security/2020/05/19/5 |
## Description
> = CVE-2020-12662
> Unbound can be tricked into amplifying an incoming query into a large
> number of queries directed to a target.
>
> = CVE-2020-12663
> Malformed answers from upstream name servers can be used to make
> Unbound unresponsive.
Fixed in >= 1.10.11.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/292user/transmission: CVE-2018-10756: tr_variantWalk heap UAF2021-11-04T01:31:24ZEmilyuser/transmission: CVE-2018-10756: tr_variantWalk heap UAF| | |
| --- | --- |
| Bugzilla ID | 292 |
| Alias(es) | CVE-2018-10756 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2020-05-20 17:45:10 -0500 |
| Modified | 2020-06-22 06:10:05 -0500 |
| Status | UNCONFI...| | |
| --- | --- |
| Bugzilla ID | 292 |
| Alias(es) | CVE-2018-10756 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2020-05-20 17:45:10 -0500 |
| Modified | 2020-06-22 06:10:05 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/transmission |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-10756 |
## Description
> Use-after-free in libtransmission/variant.c in Transmission before
> 3.00 allows remote attackers to cause a denial of service (crash) or
> possibly execute arbitrary code via a crafted torrent file.
Fixed in >= 3.00 https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/293user/freetds: CVE-2019-13508: heap-based buffer overflow2022-02-02T02:03:15ZEmilyuser/freetds: CVE-2019-13508: heap-based buffer overflow| | |
| --- | --- |
| Bugzilla ID | 293 |
| Alias(es) | CVE-2019-13508 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-26 17:31:53 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 293 |
| Alias(es) | CVE-2019-13508 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-26 17:31:53 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13508 |
## Description
CVE-2019-13508: https://nvd.nist.gov/vuln/detail/CVE-2019-13508
> FreeTDS through 1.1.11 has a Buffer Overflow.
> This can happens if server cause a downgrade to protocol 5.0 and send
> a UDT type.
Patch: https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
Redhat says this is released in 1.1.11 contradicting NVD info: https://bugzilla.redhat.com/show_bug.cgi?id=1736255#c2
It's definitely fixed in 1.1.40 though1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/294user/sane: multiple vulnerabilities2020-07-08T20:02:59ZEmilyuser/sane: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 294 |
| Alias(es) | CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle...| | |
| --- | --- |
| Bugzilla ID | 294 |
| Alias(es) | CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-01 11:58:05 -0500 |
| Modified | 2020-07-08 15:02:59 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/sane |
| URL | https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=304 |
## Description
> - `epson2`: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
> management issues found while addressing that CVE
> - `epsonds`: addresses out-of-bound memory access issues to fix
> CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
> addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
> and disables network autodiscovery to mitigate CVE-2020-12866
> (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
> (GHSL-2020-081). Note that this backend does not support network
> scanners to begin with.
> - `magicolor`: fixes a floating point exception and uninitialized data
> read
> - fixes an overflow in `sanei_tcp_read()`
Fixed in >= 1.0.301.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/295user/dbus: CVE-2020-12049: denial of service via file descriptor leak2022-02-02T02:03:08ZEmilyuser/dbus: CVE-2020-12049: denial of service via file descriptor leak| | |
| --- | --- |
| Bugzilla ID | 295 |
| Alias(es) | CVE-2020-12049 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-04 13:16:10 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 295 |
| Alias(es) | CVE-2020-12049 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-04 13:16:10 -0500 |
| Modified | 2020-06-15 16:38:59 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://www.openwall.com/lists/oss-security/2020/06/04/3 |
## Description
CVE-2020-12049: https://www.openwall.com/lists/oss-security/2020/06/04/3
> Kevin Backhouse of the GitHub Security Lab discovered a denial of
> service vulnerability[0] in dbus >= 1.3.0. An unprivileged local
> attacker can cause the system dbus-daemon (dbus-daemon --system) to
> leak file descriptors (fds) by sending messages with a number of fds
> that exceeds the allowed number, resulting in truncation. The
> attacker's connection is (correctly) disconnected, but the fds that
> were attached to the truncated message are (incorrectly) not closed.
> By repeating this process, the attacker can make the dbus-daemon reach
> its RLIMIT_NOFILE limit. When this limit is reached, new connections
> will fail, and existing connections will be unable to send messages
> with fds attached, causing denial of service.
>
> The same attack is also possible in the uncommon situation where
> processes of different privilege levels communicate directly using a
> private D-Bus socket (DBusServer) without going via a dbus-daemon.
Fixed in >= 1.12.181.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/296system/perl: multiple vulnerabilities2022-05-02T03:34:15ZEmilysystem/perl: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 296 |
| Alias(es) | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:06:56 -0500 |
| Modified | 2020-0...| | |
| --- | --- |
| Bugzilla ID | 296 |
| Alias(es) | CVE-2020-10543, CVE-2020-10878, CVE-2020-12723 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-06 02:06:56 -0500 |
| Modified | 2020-06-22 06:07:05 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/perl |
## Description
CVE-2020-10878: https://nvd.nist.gov/vuln/detail/CVE-2020-10878
> Perl before 5.30.3 has an integer overflow related to mishandling of a
> "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression
> could lead to malformed bytecode with a possibility of instruction
> injection.
Fixed in >= 5.30.3
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
CVE-2020-10543: https://nvd.nist.gov/vuln/detail/CVE-2020-10543
> Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer
> overflow because nested regular expression quantifiers have an integer
> overflow.
Fixed in >= 5.30.3
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
CVE-2020-12723: https://nvd.nist.gov/vuln/detail/CVE-2020-12723
> regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted
> regular expression because of recursive S_study_chunk calls.
Fixed in >= 5.30.3
https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a1.0-BETA3