All Projects

ProjectCategoryTask Type  ascPrioritySeveritySummaryStatusProgress
PackagesAnySecurity IssueVery LowCritical[octopi] requires suUnconfirmed
Task Description

would it be possible to make it use sudo instead?

From what I know, sudo is safer. Let me know if you agree this is a problem.

PackagesAnySecurity IssueHighCritical[octopi] uploads system logs to without confirm...In Progress
Task Description

Octopi 0.9.0 is uploading system logs to without confirmation through :

→ SysInfo →

I think it should be either disabled or add at least a patch to ask for a confirmation.
An other way could be to patch this :

240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@-", tempFile->fileName());
256:  return ptpb;

to :

240: * Generates SysInfo file and paste it to ptpb site
255:  QString ptpb = UnixCommand::getCommandOutput("curl -F c=@- **", tempFile->fileName());
256:  return ptpb;

This way, you can at least ask for log deletion with the help of log uuid as explained here :

PackagesAnySecurity IssueVery HighCritical[libssh] CVE-2018-10933Researching
Task Description

libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authentciate
without any credentials.

Additional info:
* package version(s) : extra/libssh 0.7.5-1


PackagesAnySecurity IssueMediumMedium[cinepaint] unmaintained and unsupportableIn Progress
Task Description

Remove “cinepaint” package since it’s unmaintained and unsupportable. Also, it doesn’t contains any file format support in the latest version (previous version supported multiple file formats).

I suggest use Krita (or Gimp 2.10) to edit 16bit and 32bit file formats or convert with imagemagick/graphicsmagick.

$ pacman -Si cinepaint
Repository      : community
Name            : cinepaint
Version         : 1:1.0.4-5
Description     : Sophisticated graphics manipulation programm supporting > 8bit pictures
Architecture    : x86_64
URL             :
Licenses        : LGPL  GPL  MIT
Groups          : None
Provides        : None
Depends On      : gtk2  openexr  lcms  libxpm  fltk  ftgl  libxxf86vm
Optional Deps   : python2: for python plug-ins
                  gutenprint: for print plug-ins
                  ghostscript: for pdf plug-ins
Conflicts With  : None
Replaces        : None
Download Size   : 3.75 MiB
Installed Size  : 13.91 MiB
Packager        : Christian Hesse <>
Build Date      : Thu 28 Apr 2016 05:17:05 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
PackagesAnySecurity IssueVery LowMedium[patch] CVE-2018-6951 - NULL pointer DoSUnconfirmed
Task Description

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.

PackagesAnySecurity IssueVery LowMedium[qemu] Multiple CVEUnconfirmed
Task Description

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)

Patches included at above URLs.

PackagesStableUpdate RequestHighHigh[qt5] upgrade Qt project to the 5.6 LTS version, requir...Deferred
Task Description

Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904)

./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/ version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/

These two packages are directly affected by an older qt5...

Could you update all the qt packages to the LTS version available?

PackagesAnyUpdate RequestMediumHighMake Knock patch for Linux-libre 4.14 LTSUnconfirmed
Task Description

The Knock patches for linux-libre maintained by you at have support up to linux-libre 4.13 only (and I think it didn’t work for it when I tried it, compilation failed) but from all of those supported versions, the newest maintained generation by the upstream is 4.9.x

However, since newer kernel generations might require reprogramming the patch, I want to request it only for the latest LTS generation which is 4.14. As you know, LTS software are supported for a long time, so it’s worth to make it for linux-libre 4.14.x

This might not be really important for Hyperbola in the short term, but you are the maintainers of the TCP Stealth implementation for Linux-libre and I and maybe other people would like to use it in their projects for newer versions.

Plus, it would be great since while 4.9 kernels can use the GRSec+Knock combination like linux-libre-lts-unofficial-grsec-knock, with support for 4.14 anyone would be able to use a combination of newer patches such as Linux-hardened+Knock (Linux-hardened supports 4.14 and 4.15 as of now) which is what I’d like to do.

PackagesAnyUpdate RequestVery LowHighufw update/ufw bugUnconfirmed
Task Description

There appears to be a bug with the current version of ufw, 0.35-2

Dunno if updating it would fix it, but it is kind of annoying and possibly security issue.

it says ufw is inactive when I reboot despite it being installed in the runlevel.

PackagesAnyUpdate RequestVery LowHigh[proj]: please update to latest versionUnconfirmed
Task Description


This package have valuable geodetic applications, and I intend to present Hyperbola GNU/Linux-libre soon in universities and schools in East Africa.

The coordinate system there is not WGS84 and this package only in new version is providing the conversion from East African geographic coordinates to WGS84, and will be very usable in many industrial and private applications.

PackagesAnyUpdate RequestMediumMedium[cups] update requestAssigned
Task Description

New versiĆ³n v2.2.7


PackagesStableUpdate RequestVery LowMedium[xfe] update package to 1.43.1Researching
Task Description

In the latest version fixes several minor bugs and search file function issue[1].

[1]: (see 1.43 and 1.43.1 in the news section)

PackagesStableUpdate RequestVery LowMedium[grafx2] update package to 2.6Unconfirmed
Task Description

In the latest version was released on 11th of January 2019, with several new features, improvements and fixes[1].

[1]: (see version 2.6 for more details in update log)

Showing tasks 601 - 613 of 613 Page 13 of 13<<First - 9 - 10 - 11 - 12 - 13

Available keyboard shortcuts


Task Details

Task Editing