All Projects

Advanced

Miscellaneous Search in comments Search details Search for all words Tasks I watch Tasks not blocking other tasks Tasks blocking other tasks Blocker or nonblocker, selecting both filter options doesn't make sense. Has attachment Hide SubTasks

Task Properties

Task Type

Severity

Priority

Due In Version

Reported Version

Category

Status

Percent Complete

Users Opened by Assigned To Closed by

Dates

Due from to

Changed from to

Opened from to

Closed from to

	Project	Category	Task Type	Priority	Severity	Summary	Status	Progress
	Packages	Any	Security Issue	Very High	Critical	~~[libressl] add package as OpenSSL replacement and defau~~ ...	Closed	100%	Task Description LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes. It was forked from the OpenSSL in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, [4] [5] [6] [7] with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. [8] As LibreSSL follow the same goals than Hyperbola Packaging Guidelines in stability and security concerns, it should be the default provider of SSL and TLS protocols for Hyperbola Project.
	Packages	Any	Security Issue	Very High	Critical	~~[avahi] blacklist package since it's a zeroconf impleme~~ ...	Closed	100%	Task Description Avahi is a zero-configuration networking implementation that contains critical security issues because mDNS operates under a different trust model than unicast DNS trusting the entire network rather than a designated DNS server, it is vulnerable to spoofing attacks by any system within the multicast IP range. Like SNMP and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines. [0] Since it violates the Hyperbola Social Contract , Avahi should be blacklisted.
	Packages	Any	Security Issue	High	Critical	~~[geth] possible denial of service attacks "DoS Attack"~~	Closed	100%	Task Description Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.
	Packages	Any	Security Issue	Very High	Critical	~~[vlc] CVE-2017-17670~~	Closed	100%	Task Description Description: In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. Additional info: * package version(s) 2.2.6-1.hyperbola1 * config and/or log files etc. None Steps to reproduce: Run VLC
	Packages	Any	Security Issue	Very High	Critical	~~[vlc] CVE-2018-11529~~	Closed	100%	Task Description Description: VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. Additional info: * package version(s) 2.2.6-1.hyperbola1 * config and/or log files etc. None Steps to reproduce: Run VLC

Showing tasks 701 - 705 of 705 Page 15 of 15

Keyboard shortcuts

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task