All Projects

Description:

• The Arch version of pkgfile from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or create a cron job (scheduled task) to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : extra
Name            : pkgfile
Version         : 17-1
Description     : a pacman .files metadata explorer
Architecture    : x86_64
URL             : http://github.com/falconindy/pkgfile
Licenses        : MIT
Groups          : None
Provides        : None
Depends On      : libarchive  curl  pcre  pacman
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 23.16 KiB
Installed Size  : 47.00 KiB
Packager        : Dave Reisner <dreisner@archlinux.org>
Build Date      : Tue 18 Apr 2017 05:30:59 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/pkgfile-update.service is owned by pkgfile 17-1
/usr/lib/systemd/system/pkgfile-update.timer is owned by pkgfile 17-1

Steps to reproduce:

• Install package.

Description:

• In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

Additional info:
* package version(s)

• 2.2.6-1.hyperbola1

* config and/or log files etc.

• None

Steps to reproduce:

• Run VLC

Description:

• VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Additional info:
* package version(s)

• 2.2.6-1.hyperbola1

* config and/or log files etc.

• None

Steps to reproduce:

• Run VLC

Description:

• Arch distributes a version of man-pages with manual pages from the POSIX standard. The man-pages project is permitted to distribute them and Andries Brouwer assumes that re-distribution by vendors is permitted as well. However, modification is definitively not allowed, hence this contribution by The Institute of Electrical and Electronics Engineers and The Open Group render the entire man-pages package nonfree. The way to solve it is remove all nonfree POSIX manual pages from man-pages package.

Additional info:
* package version(s)

• 4.11-1

* config and/or log files etc.

• License file (POSIX-COPYRIGHT):

The Institute of Electrical and Electronics Engineers (IEEE) and
The Open Group, have given us permission to reprint portions of
their documentation.

In the following statement, the phrase ``this text'' refers to
portions of the system documentation.

Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1, 2013 Edition, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 7, Copyright (C) 2013 by the Institute of Electri-
cal and Electronics Engineers, Inc and The Open Group.  (This is
POSIX.1-2008 with the 2013 Technical Corrigendum 1 applied.) In the
event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document.  The original Standard can be obtained online
at http://www.unix.org/online.html .

This notice shall appear on any product containing this material.

Redistribution of this material is permitted so long as this notice and
the corresponding notices within each POSIX manual page are retained on
any distribution, and the nroff source is included. Modifications to
the text are permitted so long as any conflicts with the standard
are clearly marked as such in the text.

Steps to reproduce:

• See license in /usr/share/licenses/man-pages/POSIX-COPYRIGHT

Description:

• The Arch version of Erlang (headless version) from the snapshot used by Hyperbola comes with systemd support. Since Hyperbola follows the Init Freedom Campaign , systemd unit files removal is required or add OpenRC init scripts to replace it.

Additional info:
* package version(s)
* config and/or log files etc.

Repository      : community
Name            : erlang-nox
Version         : 19.3-3
Description     : General-purpose concurrent functional programming language developed by Ericsson (headless version)
Architecture    : x86_64
URL             : http://www.erlang.org/
Licenses        : Apache
Groups          : None
Provides        : None
Depends On      : ncurses  openssl
Optional Deps   : erlang-unixodbc: database support
                  java-environment: for Java support
                  lksctp-tools: for SCTP support
Conflicts With  : erlang
Replaces        : None
Download Size   : 39.01 MiB
Installed Size  : 106.73 MiB
Packager        : Jan de Groot <jgc@archlinux.org>
Build Date      : Fri 28 Apr 2017 08:44:33 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

/usr/lib/systemd/system/epmd.service is owned by erlang-nox 19.3-3
/usr/lib/systemd/system/epmd.socket is owned by erlang-nox 19.3-3

Steps to reproduce:

• Install package.