Adélie Linux issues
https://git.adelielinux.org/groups/adelie/-/issues
2022-02-02T17:27:32Z
https://git.adelielinux.org/adelie/packages/-/issues/35
system/{procps,util-linux}: missing essential utilities
2022-02-02T17:27:32Z
Emily
system/{procps,util-linux}: missing essential utilities
| | |
| --- | --- |
| Bugzilla ID | 35 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2017-10-08 18:25:23 -0500 |
| Modified | 2017-12-12 03:21:46 -0600 |
| Status | RESOLVED FIXED |
| Version | 1....
| | |
| --- | --- |
| Bugzilla ID | 35 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2017-10-08 18:25:23 -0500 |
| Modified | 2017-12-12 03:21:46 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-ALPHA3 |
| Hardware | Adélie Linux / All |
| Importance | High / major |
| Blocks | https://bts.adelielinux.org/show_bug.cgi?id=3 |
## Description
The following POSIX-required utilities that were present in alpha2 are no longer present in alpha3:
procps:
- kill
util-linux:
- write
1.0-ALPHA4
https://git.adelielinux.org/adelie/packages/-/issues/11
system/musl: musl ld.so violates ELF 1.2 specification
2022-11-09T16:10:40Z
Emily
system/musl: musl ld.so violates ELF 1.2 specification
| | |
| --- | --- |
| Bugzilla ID | 11 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2016-07-24 18:47:47 -0500 |
| Modified | 2017-01-15 11:54:07 -0600 |
| Status | IN_PROGRESS |
| Version | 1.0-...
| | |
| --- | --- |
| Bugzilla ID | 11 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2016-07-24 18:47:47 -0500 |
| Modified | 2017-01-15 11:54:07 -0600 |
| Status | IN_PROGRESS |
| Version | 1.0-ALPHA1 |
| Hardware | Adélie Linux / All |
| Importance | Normal / critical |
| URL | http://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n1210 |
## Description
The ELF 1.2 Specification ( available at https://refspecs.linuxfoundation.org/elf/elf.pdf ), book III, chapter II, section III, subsection VIII, page 2-14 through 2-16 (and Figure 2-10), specifies:
Before the initialization code for any object A is called, the initialization code for any other objects that object A depends on are called. For these purposes, an object A depends on another object B, if B appears in A’s list of needed objects (recorded in the DT_NEEDED entries of the dynamic structure). The order of initialization for circular dependencies is undefined.
Using unpatched musl 1.1.14, 1.1.15, and HEAD, this behaviour is not followed; see https://bpaste.net/raw/89c5111dbc5f for GDB output of a very simple test case using GLib 2.46.2.
This can also affect certain combinations of X.Org drivers and modules unless a module load order is specified by the user in /etc/X11/xorg.conf; specifically, it appears to cause nouveau to fail to start up. It also affects creation of gtk-doc manual sets.
The URL for this bug points to the code that is deficient to the specification.
---
https://git.adelielinux.org/adelie/packages/-/issues/206
system/dash: shell PS1 is wrong when using su(1) and root uses Dash as shell
2023-12-08T03:10:42Z
Emily
system/dash: shell PS1 is wrong when using su(1) and root uses Dash as shell
| | |
| --- | --- |
| Bugzilla ID | 206 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-09-28 16:08:35 -0500 |
| Modified | 2019-10-16 18:04:07 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Ha...
| | |
| --- | --- |
| Bugzilla ID | 206 |
| Reporter | erhard_f |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-09-28 16:08:35 -0500 |
| Modified | 2019-10-16 18:04:07 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA4 |
| Hardware | Adélie Linux / PowerPC (32-bit) |
| Importance | --- / normal |
## Description
When logging in from another machine (my Gentoo amd64 box) on my PowerMac G4 DP, the command prompt is correctly shown when I log in as user. As soon as I do an 'su' the prompt gets funky.
Looks like this:
$ ssh T600
Password:
ef on T600 ~ % ls
Desktop Documents Downloads Music Pictures Public Templates Videos
ef on T600 ~ % su
Password:
%n on %B%F{white}%m%f%b %~ %B%F{green}%#%f%b ls /home/ef/
Desktop Documents Downloads Music Pictures Public Templates Videos
%n on %B%F{white}%m%f%b %~ %B%F{green}%#%f%b
1.0-BETA3
https://git.adelielinux.org/adelie/packages/-/issues/397
system/perl: >64TB mmap() calls leading to out-of-memory crash
2022-05-31T06:32:15Z
Emily
system/perl: >64TB mmap() calls leading to out-of-memory crash
| | |
| --- | --- |
| Bugzilla ID | 397 |
| Reporter | John Ogness |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2021-02-05 17:59:49 -0600 |
| Modified | 2021-02-05 17:59:49 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| H...
| | |
| --- | --- |
| Bugzilla ID | 397 |
| Reporter | John Ogness |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2021-02-05 17:59:49 -0600 |
| Modified | 2021-02-05 17:59:49 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / PowerPC (64-bit) |
| Importance | --- / normal |
| Package(s) | system/perl |
## Description
Some perl scripts are leading to mmap() calls with insanely huge sizes (far beyond 64TB) resulting in out-of-memory errors.
2 examples of perl scripts that lead to the scenario:
(from inside the packages git repo with local changes)
$ git add -p
(from inside the kernel source tree)
$ make localmodconfig
In the backtrace, many important variables are optimized out. So to debug this I modified APKBUILD in system/perl, changing the optimization flags to:
-Doptimize="-O0 -fomit-frame-pointer"
By default, -Os is used. To my surprise, after rebuilding the perl package, the problem goes away! I don't know if it is a problem with -Os or what. Unfortunately I know nothing about perl internals. I assume anyone wit ppc64 can easily reproduce the problem with the 2 examples above. I can provide core dumps or backtraces if anyone is interested.
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/394
system/curl: multiple vulnerabilities
2021-10-11T21:40:31Z
Emily
system/curl: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 394 |
| Alias(es) | CVE-2020-8284, CVE-2020-8285, CVE-2020-8286 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-09 17:38:23 -0600 |
| Modified | 2020-12-0...
| | |
| --- | --- |
| Bugzilla ID | 394 |
| Alias(es) | CVE-2020-8284, CVE-2020-8285, CVE-2020-8286 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-09 17:38:23 -0600 |
| Modified | 2020-12-09 17:38:23 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/curl |
## Description
CVE-2020-8284: Fixed in >= 7.74.0
https://github.com/curl/curl/commit/ec9cc725d598ac https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8285: Fixed in >= 7.74.0
https://github.com/curl/curl/commit/69a358f2186e04 https://curl.se/docs/CVE-2020-8285.html
CVE-2020-8286: Fixed in >= 7.74.0
https://github.com/curl/curl/commit/d9d01672785b https://curl.se/docs/CVE-2020-8286.html
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/393
system/openssl: CVE-2020-1971: GENERAL_NAME_cmp NULL ptr dereference
2022-05-02T03:36:13Z
Emily
system/openssl: CVE-2020-1971: GENERAL_NAME_cmp NULL ptr dereference
| | |
| --- | --- |
| Bugzilla ID | 393 |
| Alias(es) | CVE-2020-1971 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-08 15:10:57 -0600 |
| Modified | 2020-12-08 15:10:57 -0600 |
| Status | ...
| | |
| --- | --- |
| Bugzilla ID | 393 |
| Alias(es) | CVE-2020-1971 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-08 15:10:57 -0600 |
| Modified | 2020-12-08 15:10:57 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/openssl |
| URL | https://www.openssl.org/news/secadv/20201208.txt |
## Description
CVE-2020-1971: https://www.openssl.org/news/secadv/20201208.txt
> The X.509 GeneralName type is a generic type for representing >
> different types of names. One of those name types is known as
> EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which
> compares different instances of a GENERAL_NAME to see if they are
> equal or not. This function behaves incorrectly when both
> GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and
> a crash may occur leading to a possible denial of service attack.
...
> OpenSSL 1.1.1 users should upgrade to 1.1.1i.
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/391
user/erl-rebar3: CVE-2020-13802: Dependency URL can lead to shell injection
2023-06-15T01:46:56Z
Emily
user/erl-rebar3: CVE-2020-13802: Dependency URL can lead to shell injection
| | |
| --- | --- |
| Bugzilla ID | 391 |
| Alias(es) | CVE-2020-13802 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-03 23:27:39 -0600 |
| Modified | 2020-12-03 23:27:39 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 391 |
| Alias(es) | CVE-2020-13802 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-12-03 23:27:39 -0600 |
| Modified | 2020-12-03 23:27:39 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/erl-rebar3 |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-13802 |
## Description
CVE-2020-13802: Fixed in >= 3.14.0 https://github.com/erlang/rebar3/commit/2e2d1a6bb141a969b6483e082a2afd361fc2ece2
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/388
user/libslirp: arp_input/ncsi_input OOB access
2023-06-15T01:49:29Z
Emily
user/libslirp: arp_input/ncsi_input OOB access
| | |
| --- | --- |
| Bugzilla ID | 388 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:10:15 -0600 |
| Modified | 2020-11-28 17:10:15 -0600 |
| Status | CONFIRMED |
| Version | 1.0-R...
| | |
| --- | --- |
| Bugzilla ID | 388 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:10:15 -0600 |
| Modified | 2020-11-28 17:10:15 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libslirp |
## Description
Unreleased fix https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f
1.0-RELEASE
https://git.adelielinux.org/adelie/packages/-/issues/386
user/py3-lxml: HTML cleaner may allow noscript tag through
2023-06-15T01:50:41Z
Emily
user/py3-lxml: HTML cleaner may allow noscript tag through
| | |
| --- | --- |
| Bugzilla ID | 386 |
| Alias(es) | CVE-2020-27783 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:01:29 -0600 |
| Modified | 2020-11-28 17:01:29 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 386 |
| Alias(es) | CVE-2020-27783 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-28 17:01:29 -0600 |
| Modified | 2020-11-28 17:01:29 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/py3-lxml |
## Description
Fixed in >= 4.6.1 https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/385
user/mutt: CVE-2020-28896: $ssl_force_tls mishandled on IMAP connection close
2023-06-15T01:51:14Z
Emily
user/mutt: CVE-2020-28896: $ssl_force_tls mishandled on IMAP connection close
| | |
| --- | --- |
| Bugzilla ID | 385 |
| Alias(es) | CVE-2020-28896 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-25 23:42:50 -0600 |
| Modified | 2020-11-30 18:45:48 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 385 |
| Alias(es) | CVE-2020-28896 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-25 23:42:50 -0600 |
| Modified | 2020-11-30 18:45:48 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/mutt |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-28896 |
## Description
CVE-2020-28896: https://nvd.nist.gov/vuln/detail/CVE-2020-28896
> Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that
> $ssl_force_tls was processed if an IMAP server's initial server
> response was invalid. The connection was not properly closed, and the
> code could continue attempting to authenticate. This could result in
> authentication credentials being exposed on an unencrypted connection,
> or to a machine-in-the-middle.
Fixed in >= 2.0.2
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/382
user/mariadb: multiple vulnerabilities
2021-10-15T15:18:31Z
Emily
user/mariadb: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 382 |
| Alias(es) | CVE-2020-14765, CVE-2020-14776, CVE-2020-14789, CVE-2020-14812, CVE-2020-15180, CVE-2020-28912 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported |...
| | |
| --- | --- |
| Bugzilla ID | 382 |
| Alias(es) | CVE-2020-14765, CVE-2020-14776, CVE-2020-14789, CVE-2020-14812, CVE-2020-15180, CVE-2020-28912 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:24:56 -0600 |
| Modified | 2020-11-21 23:24:56 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/mariadb |
## Description
CVE-2020-14765: Fixed in >= 10.4.16
CVE-2020-14776: Fixed in >= 10.4.16
CVE-2020-14789: Fixed in >= 10.4.16
CVE-2020-14812: Fixed in >= 10.4.16
CVE-2020-15180: Fixed in >= 10.4.15
CVE-2020-28912: Fixed in >= 10.4.16
https://mariadb.com/kb/en/security/
1.0-RELEASE
https://git.adelielinux.org/adelie/packages/-/issues/381
user/kpmcore: CVE-2020-27187: kpmcore_externalcommand incomplete dbus check
2023-06-15T01:52:29Z
Emily
user/kpmcore: CVE-2020-27187: kpmcore_externalcommand incomplete dbus check
| | |
| --- | --- |
| Bugzilla ID | 381 |
| Alias(es) | CVE-2020-27187 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:16:23 -0600 |
| Modified | 2020-11-21 23:16:23 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 381 |
| Alias(es) | CVE-2020-27187 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:16:23 -0600 |
| Modified | 2020-11-21 23:16:23 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/kpmcore |
## Description
Fixed in >= 4.2.0, but commit marked as fixer is already present in git repo's tag of 4.1.0? https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed
1.0-RELEASE
https://git.adelielinux.org/adelie/packages/-/issues/380
user/tigervnc: CVE-2020-26117: TLS certificate exceptions stored as authorities
2024-02-17T03:53:48Z
Emily
user/tigervnc: CVE-2020-26117: TLS certificate exceptions stored as authorities
| | |
| --- | --- |
| Bugzilla ID | 380 |
| Alias(es) | CVE-2020-26117 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:08:00 -0600 |
| Modified | 2020-11-21 23:08:00 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 380 |
| Alias(es) | CVE-2020-26117 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:08:00 -0600 |
| Modified | 2020-11-21 23:08:00 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/tigervnc |
## Description
Fixed in >= 1.11.0 https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b
1.0-RELEASE
https://git.adelielinux.org/adelie/packages/-/issues/379
user/oniguruma: CVE-2020-26159: concat_opt_exact_str 1 byte buffer overflow
2023-05-03T18:34:10Z
Emily
user/oniguruma: CVE-2020-26159: concat_opt_exact_str 1 byte buffer overflow
| | |
| --- | --- |
| Bugzilla ID | 379 |
| Alias(es) | CVE-2020-26159 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:05:11 -0600 |
| Modified | 2020-11-21 23:05:11 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 379 |
| Alias(es) | CVE-2020-26159 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 23:05:11 -0600 |
| Modified | 2020-11-21 23:05:11 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/oniguruma |
## Description
Fixed in >= 6.9.6 https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
1.0-RELEASE
https://git.adelielinux.org/adelie/packages/-/issues/378
system/perl-dbi: CVE-2014-10402: DBD::File drivers escape DSN f_dir
2022-11-13T06:54:42Z
Emily
system/perl-dbi: CVE-2014-10402: DBD::File drivers escape DSN f_dir
| | |
| --- | --- |
| Bugzilla ID | 378 |
| Alias(es) | CVE-2014-10402 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:56:16 -0600 |
| Modified | 2020-11-21 22:56:16 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 378 |
| Alias(es) | CVE-2014-10402 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:56:16 -0600 |
| Modified | 2020-11-21 22:56:16 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/perl-dbi |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2014-10402 |
## Description
CVE-2014-10402: https://nvd.nist.gov/vuln/detail/CVE-2014-10402
> An issue was discovered in the DBI module through 1.643 for Perl.
> DBD::File drivers can open files from folders other than those
> specifically passed via the f_dir attribute in the data source name
> (DSN). NOTE: this issue exists because of an incomplete fix for
> CVE-2014-10401.
Unreleased fix
https://github.com/perl5-dbi/dbi/commit/19d0fb169eed475e1c053e99036b8668625cfa94
1.0-RC2
Síle Ekaterin Liszka
Síle Ekaterin Liszka
https://git.adelielinux.org/adelie/packages/-/issues/377
system/c-ares: CVE-2020-8277: ares_parse_{a,aaaa}_reply could return larger *...
2022-05-02T04:07:08Z
Emily
system/c-ares: CVE-2020-8277: ares_parse_{a,aaaa}_reply could return larger *naddrttls than passed in
| | |
| --- | --- |
| Bugzilla ID | 377 |
| Alias(es) | CVE-2020-8277 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:50:08 -0600 |
| Modified | 2020-11-21 22:50:08 -0600 |
| Status | ...
| | |
| --- | --- |
| Bugzilla ID | 377 |
| Alias(es) | CVE-2020-8277 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:50:08 -0600 |
| Modified | 2020-11-21 22:50:08 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/c-ares |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-8277 |
## Description
Fixed in >= 1.17.0 https://github.com/c-ares/c-ares/commit/0d252eb3b2147179296a3bdb4ef97883c97c54d3
This issue was also addressed in bundled c-ares in node.js. We do not use bundled c-ares there at this time, however we are on an unsupported branch of node now https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#denial-of-service-through-dns-request-cve-2020-8277
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/376
system/ruby: CVE-2020-25613: HTTP request smuggling
2022-05-02T03:35:02Z
Emily
system/ruby: CVE-2020-25613: HTTP request smuggling
| | |
| --- | --- |
| Bugzilla ID | 376 |
| Alias(es) | CVE-2020-25613 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:42:56 -0600 |
| Modified | 2020-11-21 22:42:56 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 376 |
| Alias(es) | CVE-2020-25613 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:42:56 -0600 |
| Modified | 2020-11-21 22:42:56 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | system/ruby |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-25613 |
## Description
> An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6,
> and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with
> Ruby, had not checked the transfer-encoding header value rigorously.
> An attacker may potentially exploit this issue to bypass a reverse
> proxy (which also has a poor header check), which may lead to an HTTP
> Request Smuggling attack.
Fixed in >= webrick 1.6.1
https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
This fix is included in ruby >= 2.7.2
https://www.ruby-lang.org/en/news/2020/10/02/ruby-2-7-2-released/
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/375
user/openldap: multiple vulnerabilities
2022-11-12T21:32:50Z
Emily
user/openldap: multiple vulnerabilities
| | |
| --- | --- |
| Bugzilla ID | 375 |
| Alias(es) | CVE-2020-25692, CVE-2020-25709, CVE-2020-25710 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:36:27 -0600 |
| Modified | 2020-1...
| | |
| --- | --- |
| Bugzilla ID | 375 |
| Alias(es) | CVE-2020-25692, CVE-2020-25709, CVE-2020-25710 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:36:27 -0600 |
| Modified | 2020-11-21 22:36:27 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/openldap |
## Description
CVE-2020-25692: Fixed in >= 2.4.55 https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d
CVE-2020-25709: Fixed in >= 2.4.56 https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65
CVE-2020-25710: Fixed in >= 2.4.56 https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/374
user/krb5: CVE-2020-28196: ASN.1-encoded Kerberos message can cause unbounded...
2024-03-17T10:46:53Z
Emily
user/krb5: CVE-2020-28196: ASN.1-encoded Kerberos message can cause unbounded recursion
| | |
| --- | --- |
| Bugzilla ID | 374 |
| Alias(es) | CVE-2020-28196 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:33:18 -0600 |
| Modified | 2020-11-21 23:18:03 -0600 |
| Status |...
| | |
| --- | --- |
| Bugzilla ID | 374 |
| Alias(es) | CVE-2020-28196 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:33:18 -0600 |
| Modified | 2020-11-21 23:18:03 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/krb5 |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-28196 |
## Description
CVE-2020-28196: https://nvd.nist.gov/vuln/detail/CVE-2020-28196
> MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3
> allows unbounded recursion via an ASN.1-encoded Kerberos message
> because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite
> lengths lacks a recursion limit.
Fixed in >= 1.18.3 https://github.com/krb5/krb5/commit/207ad69c87cf1b5c047d6c0c0165e5afe29700a6
1.0-RC2
https://git.adelielinux.org/adelie/packages/-/issues/372
user/tcpdump: CVE-2020-8037: ppp excessive memory allocation
2021-11-04T03:08:12Z
Emily
user/tcpdump: CVE-2020-8037: ppp excessive memory allocation
| | |
| --- | --- |
| Bugzilla ID | 372 |
| Alias(es) | CVE-2020-8037 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:24:31 -0600 |
| Modified | 2020-11-21 22:24:31 -0600 |
| Status | ...
| | |
| --- | --- |
| Bugzilla ID | 372 |
| Alias(es) | CVE-2020-8037 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-11-21 22:24:31 -0600 |
| Modified | 2020-11-21 22:24:31 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/tcpdump |
## Description
CVE-2020-8037: https://nvd.nist.gov/vuln/detail/CVE-2020-8037
> The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a
> large amount of memory.
Unreleased fix
https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
1.0-RC2