Adélie Linux issueshttps://git.adelielinux.org/groups/adelie/-/issues2022-11-13T06:54:43Zhttps://git.adelielinux.org/adelie/packages/-/issues/169user/mcpp: CVE-2019-14274: heap-based buffer overflow2022-11-13T06:54:43ZEmilyuser/mcpp: CVE-2019-14274: heap-based buffer overflow| | |
| --- | --- |
| Bugzilla ID | 169 |
| Alias(es) | CVE-2019-14274 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-02 18:06:37 -0500 |
| Modified | 2020-06-22 06:12:43 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 169 |
| Alias(es) | CVE-2019-14274 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-02 18:06:37 -0500 |
| Modified | 2020-06-22 06:12:43 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/mcpp |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-14274 |
## Description
> MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function
> in support.c.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/168user/mariadb: multiple vulnerabilities2019-08-17T21:50:40ZEmilyuser/mariadb: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 168 |
| Alias(es) | CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2019-08-02 16:25:59 -0500 |
...| | |
| --- | --- |
| Bugzilla ID | 168 |
| Alias(es) | CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805 |
| Reporter | Max Rees (sroracle) |
| Assignee | Dan Theisen |
| Reported | 2019-08-02 16:25:59 -0500 |
| Modified | 2019-08-17 16:50:40 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://mariadb.com/kb/en/library/mariadb-1047-release-notes/ |
## Description
CVE-2019-2805: https://nvd.nist.gov/vuln/detail/CVE-2019-2805
> Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: Parser). Supported versions that are affected
> are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily
> exploitable vulnerability allows low privileged attacker with network
> access via multiple protocols to compromise MySQL Server. Successful
> attacks of this vulnerability can result in unauthorized ability to
> cause a hang or frequently repeatable crash (complete DOS) of MySQL
> Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:
> (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2740: https://nvd.nist.gov/vuln/detail/CVE-2019-2740
> Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: XML). Supported versions that are affected are
> 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily
> exploitable vulnerability allows low privileged attacker with network
> access via multiple protocols to compromise MySQL Server. Successful
> attacks of this vulnerability can result in unauthorized ability to
> cause a hang or frequently repeatable crash (complete DOS) of MySQL
> Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:
> (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2739: https://nvd.nist.gov/vuln/detail/CVE-2019-2739
> Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server: Security: Privileges). Supported versions that
> are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and
> prior. Easily exploitable vulnerability allows high privileged
> attacker with logon to the infrastructure where MySQL Server executes
> to compromise MySQL Server. Successful attacks of this vulnerability
> can result in unauthorized ability to cause a hang or frequently
> repeatable crash (complete DOS) of MySQL Server as well as
> unauthorized update, insert or delete access to some of MySQL Server
> accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability
> impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2737: https://nvd.nist.gov/vuln/detail/CVE-2019-2737
> Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: Server : Pluggable Auth). Supported versions that are
> affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior.
> Easily exploitable vulnerability allows high privileged attacker with
> network access via multiple protocols to compromise MySQL Server.
> Successful attacks of this vulnerability can result in unauthorized
> ability to cause a hang or frequently repeatable crash (complete DOS)
> of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS
> Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2758: https://nvd.nist.gov/vuln/detail/CVE-2019-2758
> Vulnerability in the MySQL Server component of Oracle MySQL
> (subcomponent: InnoDB). Supported versions that are affected are
> 5.7.26 and prior and 8.0.16 and prior. Easily exploitable
> vulnerability allows high privileged attacker with network access via
> multiple protocols to compromise MySQL Server. Successful attacks of
> this vulnerability can result in unauthorized ability to cause a hang
> or frequently repeatable crash (complete DOS) of MySQL Server as well
> as unauthorized update, insert or delete access to some of MySQL
> Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and
> Availability impacts). CVSS Vector:
> (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
All fixed in >= 10.4.7.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/167user/subversion: multiple vulnerabilities2019-08-05T00:23:18ZEmilyuser/subversion: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 167 |
| Alias(es) | CVE-2018-11782, CVE-2019-0203 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-01 13:06:16 -0500 |
| Modified | 2019-08-04 19:23:18 -05...| | |
| --- | --- |
| Bugzilla ID | 167 |
| Alias(es) | CVE-2018-11782, CVE-2019-0203 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-01 13:06:16 -0500 |
| Modified | 2019-08-04 19:23:18 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://www.openwall.com/lists/oss-security/2019/07/31/3 |
## Description
CVE-2019-0203:
> Subversion's svnserve server process may exit when a client sends
> certain sequences of protocol commands.
>
> This can lead to disruption for users of the server.
CVE-2018-11782:
> Subversion's svnserve server process may exit when a well-formed
> read-only request produces a particular answer.
>
> This can lead to disruption for users of the server.
Both are fixed in >= 1.12.2 (1.12.1 is either a development version or
does not exist).1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/166user/sox: multiple vulnerabilities2020-03-29T07:24:40ZEmilyuser/sox: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 166 |
| Alias(es) | CVE-2017-11332, CVE-2017-11358, CVE-2017-11359, CVE-2017-15370, CVE-2017-15371, CVE-2017-15372, CVE-2017-15642, CVE-2017-18189, CVE-2019-1010004, CVE-2019-13590, CVE-2019-8354, CV...| | |
| --- | --- |
| Bugzilla ID | 166 |
| Alias(es) | CVE-2017-11332, CVE-2017-11358, CVE-2017-11359, CVE-2017-15370, CVE-2017-15371, CVE-2017-15372, CVE-2017-15642, CVE-2017-18189, CVE-2019-1010004, CVE-2019-13590, CVE-2019-8354, CVE-2019-8355, CVE-2019-8356, CVE-2019-8357 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 11:06:44 -0500 |
| Modified | 2020-03-29 02:24:40 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2017-11332: https://nvd.nist.gov/vuln/detail/CVE-2017-11332
> The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows
> remote attackers to cause a denial of service (divide-by-zero error
> and application crash) via a crafted wav file.
CVE-2017-11358: https://nvd.nist.gov/vuln/detail/CVE-2017-11358
> The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2
> allows remote attackers to cause a denial of service (invalid memory
> read and application crash) via a crafted hcom file.
CVE-2017-11359: https://nvd.nist.gov/vuln/detail/CVE-2017-11359
> The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2
> allows remote attackers to cause a denial of service (divide-by-zero
> error and application crash) via a crafted snd file, during conversion
> to a wav file.
CVE-2017-15370: https://nvd.nist.gov/vuln/detail/CVE-2017-15370
> There is a heap-based buffer overflow in the ImaExpandS function of
> ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to
> a denial of service attack during conversion of an audio file.
CVE-2017-15371: https://nvd.nist.gov/vuln/detail/CVE-2017-15371
> There is a reachable assertion abort in the function
> sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A
> Crafted input will lead to a denial of service attack during
> conversion of an audio file.
CVE-2017-15372: https://nvd.nist.gov/vuln/detail/CVE-2017-15372
> There is a stack-based buffer overflow in the
> lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange
> (SoX) 14.4.2. A Crafted input will lead to a denial of service attack
> during conversion of an audio file.
CVE-2017-15642: https://nvd.nist.gov/vuln/detail/CVE-2017-15642
> In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there
> is a Use-After-Free vulnerability triggered by supplying a malformed
> AIFF file.
CVE-2017-18189: https://nvd.nist.gov/vuln/detail/CVE-2017-18189
> In the startread function in xa.c in Sound eXchange (SoX) through
> 14.4.2, a corrupt header specifying zero channels triggers an infinite
> loop with a resultant NULL pointer dereference, which may allow a
> remote attacker to cause a denial-of-service.
CVE-2019-1010004: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004
> SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds
> Read. The impact is: Denial of Service. The component is: read_samples
> function at xa.c:219. The attack vector is: Victim must open specially
> crafted .xa file. NOTE: this may overlap CVE-2017-18189.
CVE-2019-8354: https://nvd.nist.gov/vuln/detail/CVE-2019-8354
> An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c
> has an integer overflow on the result of multiplication fed into
> malloc. When the buffer is allocated, it is smaller than expected,
> leading to a heap-based buffer overflow.
CVE-2019-8355: https://nvd.nist.gov/vuln/detail/CVE-2019-8355
> An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an
> integer overflow on the result of multiplication fed into the
> lsx_valloc macro that wraps malloc. When the buffer is allocated, it
> is smaller than expected, leading to a heap-based buffer overflow in
> channels_start in remix.c.
CVE-2019-8356: https://nvd.nist.gov/vuln/detail/CVE-2019-8356
> An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2
> in fft4g.c is not guarded, such that it can lead to write access
> outside of the statically declared array, aka a stack-based buffer
> overflow.
CVE-2019-8357: https://nvd.nist.gov/vuln/detail/CVE-2019-8357
> An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c
> allows a NULL pointer dereference.
CVE-2019-13590: https://nvd.nist.gov/vuln/detail/CVE-2019-13590
> An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h
> (startread function), there is an integer overflow on the result of
> integer addition (wraparound to 0) fed into the lsx_calloc macro that
> wraps malloc. When a NULL pointer is returned, it is used without a
> prior check that it is a valid pointer, leading to a NULL pointer
> dereference on lsx_readbuf in formats_i.c.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/165user/openldap: multiple vulnerabilities2019-08-05T00:18:42ZEmilyuser/openldap: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 165 |
| Alias(es) | CVE-2019-13057, CVE-2019-13565 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:54:52 -0500 |
| Modified | 2019-08-04 19:18:42 -0...| | |
| --- | --- |
| Bugzilla ID | 165 |
| Alias(es) | CVE-2019-13057, CVE-2019-13565 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:54:52 -0500 |
| Modified | 2019-08-04 19:18:42 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2019-13057: https://nvd.nist.gov/vuln/detail/CVE-2019-13057
> An issue was discovered in the server in OpenLDAP before 2.4.48. When
> the server administrator delegates rootDN (database admin) privileges
> for certain databases but wants to maintain isolation (e.g., for
> multi-tenant deployments), slapd does not properly stop a rootDN from
> requesting authorization as an identity from another database during a
> SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common
> configuration to deploy a system where the server administrator and a
> DB administrator enjoy different levels of trust.)
CVE-2019-13565: https://nvd.nist.gov/vuln/detail/CVE-2019-13565
> An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL
> authentication and session encryption, and relying on the SASL
> security layers in slapd access controls, it is possible to obtain
> access that would otherwise be denied via a simple bind for any
> identity covered in those ACLs. After the first SASL bind is
> completed, the sasl_ssf value is retained for all new non-SASL
> connections. Depending on the ACL configuration, this can affect
> different types of operations (searches, modifications, etc.). In
> other words, a successful authorization step completed by one user
> affects the authorization requirement for a different user.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/164system/nss: multiple vulnerabilities2019-08-05T00:27:23ZEmilysystem/nss: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 164 |
| Alias(es) | CVE-2019-11719, CVE-2019-11727, CVE-2019-11729 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:51:33 -0500 |
| Modified | 2019-0...| | |
| --- | --- |
| Bugzilla ID | 164 |
| Alias(es) | CVE-2019-11719, CVE-2019-11727, CVE-2019-11729 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:51:33 -0500 |
| Modified | 2019-08-04 19:27:23 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2019-11719: https://nvd.nist.gov/vuln/detail/CVE-2019-11719
> When importing a curve25519 private key in PKCS#8format with leading
> 0x00 bytes, it is possible to trigger an out-of-bounds read in the
> Network Security Services (NSS) library. This could lead to
> information disclosure. This vulnerability affects Firefox ESR < 60.8,
> Firefox < 68, and Thunderbird < 60.8.
CVE-2019-11727: https://nvd.nist.gov/vuln/detail/CVE-2019-11727
> A vulnerability exists where it possible to force Network Security
> Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures
> when those are the only ones advertised by server in
> CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be
> used for TLS 1.3 messages. This vulnerability affects Firefox < 68.
CVE-2019-11729: https://nvd.nist.gov/vuln/detail/CVE-2019-11729
> Empty or malformed p256-ECDH public keys may trigger a segmentation
> fault due values being improperly sanitized before being copied into
> memory and used. This vulnerability affects Firefox ESR < 60.8,
> Firefox < 68, and Thunderbird < 60.8.
All fixed in >= 3.45.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/163user/squashfs-tools: CVE-2015-4646: crash via crafted input2022-02-02T16:57:54ZEmilyuser/squashfs-tools: CVE-2015-4646: crash via crafted input| | |
| --- | --- |
| Bugzilla ID | 163 |
| Alias(es) | CVE-2015-4646 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:32:54 -0500 |
| Modified | 2019-10-03 14:27:36 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 163 |
| Alias(es) | CVE-2015-4646 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:32:54 -0500 |
| Modified | 2019-10-03 14:27:36 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2015-4646 |
## Description
> (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4)
> unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause
> a denial of service (application crash) via a crafted input.
Unreleased fixes:
https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1
https://github.com/plougher/squashfs-tools/commit/ba215d73e153a6f237088b4ecb88c702bb4d4183
The patch we are currently carrying for CVE-2015-4645 should be dropped
in favor of the above.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/162user/glib: CVE-2019-12450: default permissions during file copy operation2022-02-02T16:58:01ZEmilyuser/glib: CVE-2019-12450: default permissions during file copy operation| | |
| --- | --- |
| Bugzilla ID | 162 |
| Alias(es) | CVE-2019-12450 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:24:25 -0500 |
| Modified | 2019-08-04 01:00:18 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 162 |
| Alias(es) | CVE-2019-12450 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:24:25 -0500 |
| Modified | 2019-08-04 01:00:18 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-12450 |
## Description
> file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1
> does not properly restrict file permissions while a copy operation is
> in progress. Instead, default permissions are used.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/161user/id3lib: CVE-2007-4460: RenderV2ToFile symlink attack2022-02-02T16:58:08ZEmilyuser/id3lib: CVE-2007-4460: RenderV2ToFile symlink attack| | |
| --- | --- |
| Bugzilla ID | 161 |
| Alias(es) | CVE-2007-4460 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:19:17 -0500 |
| Modified | 2019-08-04 19:26:44 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 161 |
| Alias(es) | CVE-2007-4460 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:19:17 -0500 |
| Modified | 2019-08-04 19:26:44 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2007-4460 |
## Description
> The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3)
> 3.8.3 allows local users to overwrite arbitrary files via a symlink
> attack on a temporary file whose name is constructed from the name of
> a file being tagged.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/160user/catdoc: CVE-2017-11110: ole_init heap-based underflow2022-02-02T16:58:15ZEmilyuser/catdoc: CVE-2017-11110: ole_init heap-based underflow| | |
| --- | --- |
| Bugzilla ID | 160 |
| Alias(es) | CVE-2017-11110 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:16:57 -0500 |
| Modified | 2019-08-04 19:19:09 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 160 |
| Alias(es) | CVE-2017-11110 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:16:57 -0500 |
| Modified | 2019-08-04 19:19:09 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2017-11110 |
## Description
> The ole_init function in ole.c in catdoc 0.95 allows remote attackers
> to cause a denial of service (heap-based buffer underflow and
> application crash) or possibly have unspecified other impact via a
> crafted file, i.e., data is written to memory addresses before the
> beginning of the tmpBuf buffer.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/159user/libgd: multiple vulnerabilities2019-10-03T16:48:29ZEmilyuser/libgd: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 159 |
| Alias(es) | CVE-2018-1000222, CVE-2018-5711, CVE-2019-6977, CVE-2019-6978 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:15:54 -0500 |
| Mo...| | |
| --- | --- |
| Bugzilla ID | 159 |
| Alias(es) | CVE-2018-1000222, CVE-2018-5711, CVE-2019-6977, CVE-2019-6978 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:15:54 -0500 |
| Modified | 2019-10-03 11:48:29 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2018-1000222: https://nvd.nist.gov/vuln/detail/CVE-2018-1000222
> Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability
> in gdImageBmpPtr Function that can result in Remote Code Execution .
> This attack appear to be exploitable via Specially Crafted Jpeg Image
> can trigger double free. This vulnerability appears to have been fixed
> in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
CVE-2019-6977: https://nvd.nist.gov/vuln/detail/CVE-2019-6977
> gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka
> LibGD) 2.2.5, as used in the imagecolormatch function in PHP before
> 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before
> 7.3.1, has a heap-based buffer overflow. This can be exploited by an
> attacker who is able to trigger imagecolormatch calls with crafted
> image data.
CVE-2019-6978: https://nvd.nist.gov/vuln/detail/CVE-2019-6978
> The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the
> gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.
> NOTE: PHP is unaffected.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/158user/py3-twisted: CVE-2019-12855: XMPP TLS certificates not verified2022-02-02T16:58:22ZEmilyuser/py3-twisted: CVE-2019-12855: XMPP TLS certificates not verified| | |
| --- | --- |
| Bugzilla ID | 158 |
| Alias(es) | CVE-2019-12855 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:12:22 -0500 |
| Modified | 2019-08-22 15:32:12 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 158 |
| Alias(es) | CVE-2019-12855 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:12:22 -0500 |
| Modified | 2019-08-22 15:32:12 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-12855 |
## Description
> In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP
> support did not verify certificates when used with TLS, allowing an
> attacker to MITM connections.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/157user/libvorbis: multiple vulnerabilities2019-09-28T18:33:58ZEmilyuser/libvorbis: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 157 |
| Alias(es) | CVE-2018-10392, CVE-2018-10393 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:05:53 -0500 |
| Modified | 2019-09-28 13:33:58 -0...| | |
| --- | --- |
| Bugzilla ID | 157 |
| Alias(es) | CVE-2018-10392, CVE-2018-10393 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 10:05:53 -0500 |
| Modified | 2019-09-28 13:33:58 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2018-10392: https://nvd.nist.gov/vuln/detail/CVE-2018-10392
> mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not
> validate the number of channels, which allows remote attackers to
> cause a denial of service (heap-based buffer overflow or over-read) or
> possibly have unspecified other impact via a crafted file.
CVE-2018-10393: https://nvd.nist.gov/vuln/detail/CVE-2018-10393
> bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-
> based buffer over-read.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/156user/ffmpeg: multiple vulnerabilities2020-05-10T15:16:24ZEmilyuser/ffmpeg: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 156 |
| Alias(es) | CVE-2019-13312, CVE-2019-13390, CVE-2019-15942, CVE-2020-12284 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:16:08 -0500 |
| M...| | |
| --- | --- |
| Bugzilla ID | 156 |
| Alias(es) | CVE-2019-13312, CVE-2019-13390, CVE-2019-15942, CVE-2020-12284 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:16:08 -0500 |
| Modified | 2020-05-10 10:16:24 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2019-13312: https://nvd.nist.gov/vuln/detail/CVE-2019-13312
> block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based
> buffer over-read.
CVE-2019-13390: https://nvd.nist.gov/vuln/detail/CVE-2019-13390
> In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in
> libavformat/rawenc.c. This may be related to two NULL pointers passed
> as arguments at libavcodec/frame_thread_encoder.c.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/155user/oniguruma: multiple vulnerabilities2019-09-09T21:32:32ZEmilyuser/oniguruma: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 155 |
| Alias(es) | CVE-2019-13224, CVE-2019-13225 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:15:21 -0500 |
| Modified | 2019-09-09 16:32:32 -0...| | |
| --- | --- |
| Bugzilla ID | 155 |
| Alias(es) | CVE-2019-13224, CVE-2019-13225 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:15:21 -0500 |
| Modified | 2019-09-09 16:32:32 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=194 |
## Description
CVE-2019-13224: https://nvd.nist.gov/vuln/detail/CVE-2019-13224
> A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2
> allows attackers to potentially cause information disclosure, denial
> of service, or possibly code execution by providing a crafted regular
> expression. The attacker provides a pair of a regex pattern and a
> string, with a multi-byte encoding that gets handled by
> onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as
> common optional libraries for PHP and Rust.
CVE-2019-13225: https://nvd.nist.gov/vuln/detail/CVE-2019-13225
> A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma
> 6.9.2 allows attackers to potentially cause denial of service by
> providing a crafted regular expression. Oniguruma issues often affect
> Ruby, as well as common optional libraries for PHP and Rust.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/154user/redis: CVE-2018-12453: xgroupCommand segmentation fault2022-02-02T17:00:43ZEmilyuser/redis: CVE-2018-12453: xgroupCommand segmentation fault| | |
| --- | --- |
| Bugzilla ID | 154 |
| Alias(es) | CVE-2018-12453 |
| Reporter | Max Rees (sroracle) |
| Assignee | Alyx Wolcott |
| Reported | 2019-07-31 07:14:14 -0500 |
| Modified | 2019-08-07 20:16:41 -0500 |
| Status | RESOLV...| | |
| --- | --- |
| Bugzilla ID | 154 |
| Alias(es) | CVE-2018-12453 |
| Reporter | Max Rees (sroracle) |
| Assignee | Alyx Wolcott |
| Reported | 2019-07-31 07:14:14 -0500 |
| Modified | 2019-08-07 20:16:41 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-12453 |
## Description
> Type confusion in the xgroupCommand function in t_stream.c in redis-
> server in Redis before 5.0 allows remote attackers to cause denial-of-
> service via an XGROUP command in which the key is not a stream.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/153user/rsync: CVE-2017-16548: receive_xattr heap overread2022-02-02T17:00:51ZEmilyuser/rsync: CVE-2017-16548: receive_xattr heap overread| | |
| --- | --- |
| Bugzilla ID | 153 |
| Alias(es) | CVE-2017-16548 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:13:46 -0500 |
| Modified | 2019-08-04 03:56:34 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 153 |
| Alias(es) | CVE-2017-16548 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:13:46 -0500 |
| Modified | 2019-08-04 03:56:34 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2017-16548 |
## Description
> The receive_xattr function in xattrs.c in rsync 3.1.2 and
> 3.1.3-development does not check for a trailing '\0' character in an
> xattr name, which allows remote attackers to cause a denial of service
> (heap-based buffer over-read and application crash) or possibly have
> unspecified other impact by sending crafted data to the daemon.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/152user/nmap: multiple vulnerabilities2020-02-25T05:47:26ZEmilyuser/nmap: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 152 |
| Alias(es) | CVE-2017-18594, CVE-2018-15173 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:13:16 -0500 |
| Modified | 2020-02-24 23:47:26 -0...| | |
| --- | --- |
| Bugzilla ID | 152 |
| Alias(es) | CVE-2017-18594, CVE-2018-15173 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:13:16 -0500 |
| Modified | 2020-02-24 23:47:26 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-15173 |
## Description
> Nmap through 7.70, when the -sV option is used, allows remote
> attackers to cause a denial of service (stack consumption and
> application crash) via a crafted TCP-based service.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/151user/libreoffice: multiple vulnerabilities2020-02-25T23:41:06ZEmilyuser/libreoffice: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 151 |
| Alias(es) | CVE-2019-9848, CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852, CVE-2019-9853, CVE-2019-9854 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| R...| | |
| --- | --- |
| Bugzilla ID | 151 |
| Alias(es) | CVE-2019-9848, CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852, CVE-2019-9853, CVE-2019-9854 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:12:57 -0500 |
| Modified | 2020-02-25 17:41:06 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2019-9848: https://nvd.nist.gov/vuln/detail/CVE-2019-9848
> LibreOffice has a feature where documents can specify that pre-
> installed scripts can be executed on various document events such as
> mouse-over, etc. LibreOffice is typically also bundled with LibreLogo,
> a programmable turtle vector graphics script, which can be manipulated
> into executing arbitrary python commands. By using the document event
> feature to trigger LibreLogo to execute python contained within a
> document a malicious document could be constructed which would execute
> arbitrary python commands silently without warning. In the fixed
> versions, LibreLogo cannot be called from a document event handler.
> This issue affects: Document Foundation LibreOffice versions prior to
> 6.2.5.
CVE-2019-9849: https://nvd.nist.gov/vuln/detail/CVE-2019-9849
> LibreOffice has a 'stealth mode' in which only documents from
> locations deemed 'trusted' are allowed to retrieve remote resources.
> This mode is not the default mode, but can be enabled by users who
> want to disable LibreOffice's ability to include remote resources
> within a document. A flaw existed where bullet graphics were omitted
> from this protection prior to version 6.2.5. This issue affects:
> Document Foundation LibreOffice versions prior to 6.2.5.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/150user/taglib: multiple vulnerabilities2019-08-05T00:27:51ZEmilyuser/taglib: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 150 |
| Alias(es) | CVE-2017-12678, CVE-2018-11439 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:11:41 -0500 |
| Modified | 2019-08-04 19:27:51 -0...| | |
| --- | --- |
| Bugzilla ID | 150 |
| Alias(es) | CVE-2017-12678, CVE-2018-11439 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:11:41 -0500 |
| Modified | 2019-08-04 19:27:51 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2017-12678: https://nvd.nist.gov/vuln/detail/CVE-2017-12678
> In TagLib 1.11.1, the rebuildAggregateFrames function in
> id3v2framefactory.cpp has a pointer to cast vulnerability, which
> allows remote attackers to cause a denial of service or possibly have
> unspecified other impact via a crafted audio file.
CVE-2018-11439: https://nvd.nist.gov/vuln/detail/CVE-2018-11439
> The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in
> TagLib 1.11.1 allows remote attackers to cause information disclosure
> (heap-based buffer over-read) via a crafted audio file.1.0-BETA3