Adélie Linux issueshttps://git.adelielinux.org/groups/adelie/-/issues2022-02-02T17:04:23Zhttps://git.adelielinux.org/adelie/packages/-/issues/133user/pango: CVE-2019-1010238: pango_log2vis_get_embedding_levels buffer overflow2022-02-02T17:04:23ZEmilyuser/pango: CVE-2019-1010238: pango_log2vis_get_embedding_levels buffer overflow| | |
| --- | --- |
| Bugzilla ID | 133 |
| Alias(es) | CVE-2019-1010238 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 06:54:16 -0500 |
| Modified | 2019-09-28 13:34:23 -0500 |
| Status...| | |
| --- | --- |
| Bugzilla ID | 133 |
| Alias(es) | CVE-2019-1010238 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 06:54:16 -0500 |
| Modified | 2019-09-28 13:34:23 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-1010238 |
## Description
> Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact
> is: The heap based buffer overflow can be used to get code execution.
> The component is: function name: pango_log2vis_get_embedding_levels,
> assignment of nchars and the loop condition. The attack vector is: Bug
> can be used when application pass invalid utf-8 strings to functions
> like pango_itemize.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/134user/libvncserver: CVE-2018-20750: out-of-bounds heap write2022-02-02T17:02:42ZEmilyuser/libvncserver: CVE-2018-20750: out-of-bounds heap write| | |
| --- | --- |
| Bugzilla ID | 134 |
| Alias(es) | CVE-2018-20750 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 06:59:42 -0500 |
| Modified | 2019-08-04 19:23:40 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 134 |
| Alias(es) | CVE-2018-20750 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 06:59:42 -0500 |
| Modified | 2019-08-04 19:23:40 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-20750 |
## Description
> LibVNC through 0.9.12 contains a heap out-of-bounds write
> vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127
> was incomplete.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/135user/graphviz: multiple vulnerabilities2022-11-12T00:16:36ZEmilyuser/graphviz: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 135 |
| Alias(es) | CVE-2018-10196, CVE-2019-9904 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:19 -0500 |
| Modified | 2020-06-22 06:08:36 -05...| | |
| --- | --- |
| Bugzilla ID | 135 |
| Alias(es) | CVE-2018-10196, CVE-2019-9904 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:19 -0500 |
| Modified | 2020-06-22 06:08:36 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | user/graphviz |
## Description
CVE-2018-10196: https://nvd.nist.gov/vuln/detail/CVE-2018-10196
> NULL pointer dereference vulnerability in the rebuild_vlists function
> in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows
> remote attackers to cause a denial of service (application crash) via
> a crafted file.
CVE-2019-9904: https://nvd.nist.gov/vuln/detail/CVE-2019-9904
> An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz
> 2.40.1. Stack consumption occurs because of recursive agclose calls in
> lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in
> lib\cgraph\subg.c.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/136user/fastjar: multiple vulnerabilities2022-11-13T06:54:42ZEmilyuser/fastjar: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 136 |
| Alias(es) | CVE-2010-0831, CVE-2010-2322 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:26 -0500 |
| Modified | 2020-06-22 06:08:04 -050...| | |
| --- | --- |
| Bugzilla ID | 136 |
| Alias(es) | CVE-2010-0831, CVE-2010-2322 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:26 -0500 |
| Modified | 2020-06-22 06:08:04 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | user/fastjar |
## Description
CVE-2010-0831: https://nvd.nist.gov/vuln/detail/CVE-2010-0831
> Directory traversal vulnerability in the extract_jar function in
> jartool.c in FastJar 0.98 allows remote attackers to create or
> overwrite arbitrary files via a .. (dot dot) in a non-initial pathname
> component in a filename within a .jar archive, a related issue to
> CVE-2005-1080. NOTE: this vulnerability exists because of an
> incomplete fix for CVE-2006-3619.
CVE-2010-2322: https://nvd.nist.gov/vuln/detail/CVE-2010-2322
> Absolute path traversal vulnerability in the extract_jar function in
> jartool.c in FastJar 0.98 allows remote attackers to create or
> overwrite arbitrary files via a full pathname for a file within a .jar
> archive, a related issue to CVE-2010-0831. NOTE: this vulnerability
> exists because of an incomplete fix for CVE-2006-3619.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/137user/trojita: multiple vulnerabilities2020-10-31T03:42:00ZEmilyuser/trojita: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 137 |
| Alias(es) | CVE-2019-10734, CVE-2020-15047 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:32 -0500 |
| Modified | 2020-10-30 22:42:00 -0...| | |
| --- | --- |
| Bugzilla ID | 137 |
| Alias(es) | CVE-2019-10734, CVE-2020-15047 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:32 -0500 |
| Modified | 2020-10-30 22:42:00 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/trojita |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-10734 |
## Description
> In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP
> encrypted emails can wrap them as sub-parts within a crafted multipart
> email. The encrypted part(s) can further be hidden using HTML/CSS or
> ASCII newline characters. This modified multipart email can be re-sent
> by the attacker to the intended receiver. If the receiver replies to
> this (benign looking) email, they unknowingly leak the plaintext of
> the encrypted message part(s) back to the attacker.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/138system/zip: CVE-2018-13410: invalid free with -TT option2022-02-02T17:02:35ZEmilysystem/zip: CVE-2018-13410: invalid free with -TT option| | |
| --- | --- |
| Bugzilla ID | 138 |
| Alias(es) | CVE-2018-13410 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:37 -0500 |
| Modified | 2019-07-31 07:43:55 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 138 |
| Alias(es) | CVE-2018-13410 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:37 -0500 |
| Modified | 2019-07-31 07:43:55 -0500 |
| Status | RESOLVED WONTFIX |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-13410 |
## Description
> ** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line
> options are used, allows attackers to cause a denial of service
> (invalid free and application crash) or possibly have unspecified
> other impact because of an off-by-one error. NOTE: it is unclear
> whether there are realistic scenarios in which an untrusted party
> controls the -TT value, given that the entire purpose of -TT is
> execution of arbitrary commands.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/139user/libtasn1: CVE-2018-1000654: segfault after a long time when given crafte...2022-02-02T17:02:22ZEmilyuser/libtasn1: CVE-2018-1000654: segfault after a long time when given crafted input| | |
| --- | --- |
| Bugzilla ID | 139 |
| Alias(es) | CVE-2018-1000654 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:42 -0500 |
| Modified | 2019-08-04 19:20:07 -0500 |
| Status...| | |
| --- | --- |
| Bugzilla ID | 139 |
| Alias(es) | CVE-2018-1000654 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:42 -0500 |
| Modified | 2019-08-04 19:20:07 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 |
## Description
> GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12
> contains a DoS, specifically CPU usage will reach 100% when running
> asn1Paser against the POC due to an issue in
> _asn1_expand_object_id(p_tree), after a long time, the program will be
> killed. This attack appears to be exploitable via parsing a crafted
> file.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/140system/nvi: CVE-2001-1562: format string vulnerability in filenames2022-02-02T17:02:01ZEmilysystem/nvi: CVE-2001-1562: format string vulnerability in filenames| | |
| --- | --- |
| Bugzilla ID | 140 |
| Alias(es) | CVE-2001-1562 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:48 -0500 |
| Modified | 2020-06-12 19:29:24 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 140 |
| Alias(es) | CVE-2001-1562 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:00:48 -0500 |
| Modified | 2020-06-12 19:29:24 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2001-1562 |
## Description
> Format string vulnerability in nvi before 1.79 allows local users to
> gain privileges via format string specifiers in a filename.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/141user/py3-jinja2: multiple vulnerabilities2019-08-05T00:24:29ZEmilyuser/py3-jinja2: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 141 |
| Alias(es) | CVE-2019-10906, CVE-2019-8341 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:03:21 -0500 |
| Modified | 2019-08-04 19:24:29 -05...| | |
| --- | --- |
| Bugzilla ID | 141 |
| Alias(es) | CVE-2019-10906, CVE-2019-8341 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:03:21 -0500 |
| Modified | 2019-08-04 19:24:29 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| See also | https://bugzilla.redhat.com/show_bug.cgi?id=1677653 |
## Description
> An issue was discovered in Jinja2 2.10. The from_string function is
> prone to Server Side Template Injection (SSTI) where it takes the
> "source" parameter as a template object, renders it, and then returns
> it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/142user/gnupg: CVE-2019-13050: SKS keyserver attacks2022-02-02T17:01:54ZEmilyuser/gnupg: CVE-2019-13050: SKS keyserver attacks| | |
| --- | --- |
| Bugzilla ID | 142 |
| Alias(es) | CVE-2019-13050 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:04:18 -0500 |
| Modified | 2019-08-04 19:22:49 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 142 |
| Alias(es) | CVE-2019-13050 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:04:18 -0500 |
| Modified | 2019-08-04 19:22:49 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13050 |
## Description
> Interaction between the sks-keyserver code through 1.2.0 of the SKS
> keyserver network, and GnuPG through 2.2.16, makes it risky to have a
> GnuPG keyserver configuration line referring to a host on the SKS
> keyserver network. Retrieving data from this network may cause a
> persistent denial of service, because of a Certificate Spamming
> Attack.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/143user/libexif: multiple vulnerabilities2019-08-05T00:26:06ZEmilyuser/libexif: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 143 |
| Alias(es) | CVE-2017-7544, CVE-2018-20030 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:04:33 -0500 |
| Modified | 2019-08-04 19:26:06 -05...| | |
| --- | --- |
| Bugzilla ID | 143 |
| Alias(es) | CVE-2017-7544, CVE-2018-20030 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:04:33 -0500 |
| Modified | 2019-08-04 19:26:06 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2017-7544: https://nvd.nist.gov/vuln/detail/CVE-2017-7544
> libexif through 0.6.21 is vulnerable to out-of-bounds heap read
> vulnerability in exif_data_save_data_entry function in libexif/exif-
> data.c caused by improper length computation of the allocated data of
> an ExifMnote entry which can cause denial-of-service or possibly
> information disclosure.
CVE-2018-20030: https://nvd.nist.gov/vuln/detail/CVE-2018-20030
> An error when processing the EXIF_IFD_INTEROPERABILITY and
> EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to
> exhaust available CPU resources.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/144user/bluez: CVE-2018-10910: possibly always discoverable2022-02-02T17:01:46ZEmilyuser/bluez: CVE-2018-10910: possibly always discoverable| | |
| --- | --- |
| Bugzilla ID | 144 |
| Alias(es) | CVE-2018-10910 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:08:28 -0500 |
| Modified | 2020-02-25 17:24:08 -0600 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 144 |
| Alias(es) | CVE-2018-10910 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:08:28 -0500 |
| Modified | 2020-02-25 17:24:08 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-10910 |
## Description
> A bug in Bluez may allow for the Bluetooth Discoverable state being
> set to on when no Bluetooth agent is registered with the system. This
> situation could lead to the unauthorized pairing of certain Bluetooth
> devices without any form of authentication. Versions before bluez 5.51
> are vulnerable.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/145user/ntfs-3g: CVE-2019-9755: integer underflow2022-02-02T17:01:39ZEmilyuser/ntfs-3g: CVE-2019-9755: integer underflow| | |
| --- | --- |
| Bugzilla ID | 145 |
| Alias(es) | CVE-2019-9755 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:08:48 -0500 |
| Modified | 2019-08-04 19:17:38 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 145 |
| Alias(es) | CVE-2019-9755 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:08:48 -0500 |
| Modified | 2019-08-04 19:17:38 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-9755 |
## Description
> An integer underflow issue exists in ntfs-3g 2017.3.23. A local
> attacker could potentially exploit this by running /bin/ntfs-3g with
> specially crafted arguments from a specially crafted directory to
> cause a heap buffer overflow, resulting in a crash or the ability to
> execute arbitrary code. In installations where /bin/ntfs-3g is a
> setuid-root binary, this could lead to a local escalation of
> privileges.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/146user/openjpeg: CVE-2019-12973: denial of service via crafted BMP2022-02-02T17:01:30ZEmilyuser/openjpeg: CVE-2019-12973: denial of service via crafted BMP| | |
| --- | --- |
| Bugzilla ID | 146 |
| Alias(es) | CVE-2019-12973 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:08:58 -0500 |
| Modified | 2019-08-04 19:17:10 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 146 |
| Alias(es) | CVE-2019-12973 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:08:58 -0500 |
| Modified | 2019-08-04 19:17:10 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-12973 |
## Description
> In OpenJPEG 2.3.1, there is excessive iteration in the
> opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could
> leverage this vulnerability to cause a denial of service via a crafted
> bmp file. This issue is similar to CVE-2018-6616.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/147system/flex: CVE-2019-6293: recursive call stack exhaustion2022-02-02T17:01:23ZEmilysystem/flex: CVE-2019-6293: recursive call stack exhaustion| | |
| --- | --- |
| Bugzilla ID | 147 |
| Alias(es) | CVE-2019-6293 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:09:24 -0500 |
| Modified | 2020-06-22 06:08:30 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 147 |
| Alias(es) | CVE-2019-6293 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:09:24 -0500 |
| Modified | 2020-06-22 06:08:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | system/flex |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-6293 |
## Description
> An issue was discovered in the function mark_beginning_as_normal in
> nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the
> mark_beginning_as_normal function making recursive calls to itself in
> certain scenarios involving lots of '*' characters. Remote attackers
> could leverage this vulnerability to cause a denial-of-service.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/148user/{evince,atril}: CVE-2019-11459: uninitialized memory use2022-02-02T17:01:17ZEmilyuser/{evince,atril}: CVE-2019-11459: uninitialized memory use| | |
| --- | --- |
| Bugzilla ID | 148 |
| Alias(es) | CVE-2019-11459 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:10:15 -0500 |
| Modified | 2019-09-28 13:31:47 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 148 |
| Alias(es) | CVE-2019-11459 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:10:15 -0500 |
| Modified | 2019-09-28 13:31:47 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-11459 |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=178 |
## Description
> The tiff_document_render() and tiff_document_get_thumbnail() functions
> in the TIFF document backend in GNOME Evince through 3.32.0 did not
> handle errors from TIFFReadRGBAImageOriented(), leading to
> uninitialized memory use when processing certain TIFF image files.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/149user/tcpdump: multiple vulnerabilities2019-08-05T00:25:45ZEmilyuser/tcpdump: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 149 |
| Alias(es) | CVE-2017-16808, CVE-2019-1010220 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:10:44 -0500 |
| Modified | 2019-08-04 19:25:45 ...| | |
| --- | --- |
| Bugzilla ID | 149 |
| Alias(es) | CVE-2017-16808, CVE-2019-1010220 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:10:44 -0500 |
| Modified | 2019-08-04 19:25:45 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2017-16808: https://nvd.nist.gov/vuln/detail/CVE-2017-16808
> tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print
> in print-aoe.c and lookup_emem in addrtoname.c.
CVE-2019-1010220: https://nvd.nist.gov/vuln/detail/CVE-2019-1010220
> tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read.
> The impact is: May expose Saved Frame Pointer, Return Address etc. on
> stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in
> function named "print_prefix", in "print-hncp.c". The attack vector
> is: The victim must open a specially crafted pcap file.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/150user/taglib: multiple vulnerabilities2019-08-05T00:27:51ZEmilyuser/taglib: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 150 |
| Alias(es) | CVE-2017-12678, CVE-2018-11439 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:11:41 -0500 |
| Modified | 2019-08-04 19:27:51 -0...| | |
| --- | --- |
| Bugzilla ID | 150 |
| Alias(es) | CVE-2017-12678, CVE-2018-11439 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:11:41 -0500 |
| Modified | 2019-08-04 19:27:51 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2017-12678: https://nvd.nist.gov/vuln/detail/CVE-2017-12678
> In TagLib 1.11.1, the rebuildAggregateFrames function in
> id3v2framefactory.cpp has a pointer to cast vulnerability, which
> allows remote attackers to cause a denial of service or possibly have
> unspecified other impact via a crafted audio file.
CVE-2018-11439: https://nvd.nist.gov/vuln/detail/CVE-2018-11439
> The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in
> TagLib 1.11.1 allows remote attackers to cause information disclosure
> (heap-based buffer over-read) via a crafted audio file.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/151user/libreoffice: multiple vulnerabilities2020-02-25T23:41:06ZEmilyuser/libreoffice: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 151 |
| Alias(es) | CVE-2019-9848, CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852, CVE-2019-9853, CVE-2019-9854 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| R...| | |
| --- | --- |
| Bugzilla ID | 151 |
| Alias(es) | CVE-2019-9848, CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852, CVE-2019-9853, CVE-2019-9854 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:12:57 -0500 |
| Modified | 2020-02-25 17:41:06 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
## Description
CVE-2019-9848: https://nvd.nist.gov/vuln/detail/CVE-2019-9848
> LibreOffice has a feature where documents can specify that pre-
> installed scripts can be executed on various document events such as
> mouse-over, etc. LibreOffice is typically also bundled with LibreLogo,
> a programmable turtle vector graphics script, which can be manipulated
> into executing arbitrary python commands. By using the document event
> feature to trigger LibreLogo to execute python contained within a
> document a malicious document could be constructed which would execute
> arbitrary python commands silently without warning. In the fixed
> versions, LibreLogo cannot be called from a document event handler.
> This issue affects: Document Foundation LibreOffice versions prior to
> 6.2.5.
CVE-2019-9849: https://nvd.nist.gov/vuln/detail/CVE-2019-9849
> LibreOffice has a 'stealth mode' in which only documents from
> locations deemed 'trusted' are allowed to retrieve remote resources.
> This mode is not the default mode, but can be enabled by users who
> want to disable LibreOffice's ability to include remote resources
> within a document. A flaw existed where bullet graphics were omitted
> from this protection prior to version 6.2.5. This issue affects:
> Document Foundation LibreOffice versions prior to 6.2.5.1.0-BETA3https://git.adelielinux.org/adelie/packages/-/issues/152user/nmap: multiple vulnerabilities2020-02-25T05:47:26ZEmilyuser/nmap: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 152 |
| Alias(es) | CVE-2017-18594, CVE-2018-15173 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:13:16 -0500 |
| Modified | 2020-02-24 23:47:26 -0...| | |
| --- | --- |
| Bugzilla ID | 152 |
| Alias(es) | CVE-2017-18594, CVE-2018-15173 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:13:16 -0500 |
| Modified | 2020-02-24 23:47:26 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2018-15173 |
## Description
> Nmap through 7.70, when the -sV option is used, allows remote
> attackers to cause a denial of service (stack consumption and
> application crash) via a crafted TCP-based service.1.0-BETA3