|
Any | Bug Report | Very High | Critical | [electrum] package no longer works | Closed | |
Task Description
Old clients (like the one packages by Hyperbola) no longer work due to changes in Electrum:
https://github.com/kyuupichan/electrumx/pull/760
The fix is to use a newer version.
|
|
Any | Bug Report | Very High | Critical | [cups] [cups-filters] ServerBin directory inconsistency | Closed | |
Task Description
As the default path of the ServerBin directory is now /usr/libexec/bin: 1. cups-files.conf should be modified/adapted accordingly. 2. The contents of /usr/lib/cups which is currently owned by cups-filters, cups-pdf foomatic-db-engine and smbclient should be moved to /usr/libexec/cups.
As it is, cups doesn’t work in v0.3.
|
|
Stable | Bug Report | Very High | Critical | [iceweasel-uxp] Broken addons with latest update | Closed | |
Task Description
Some addons are currently broken with latest iceweasel-uxp (iceweasel-uxp 52.9.20190926-1)
DownThemAll Save to Wayback Machine Self-Destructing Cookies (and probably others)
g4jc suggested to drop PGO as it could be the culprit.
https://forums.hyperbola.info/viewtopic.php?pid=1149#p1149
Regarding addons, I'm fairly certain flipping the switch on PGO (which makes the browser faster at the expense of wrecking code) is the culprit. We were warned not to use it, and this is planned to be rolled back.
However, Hyperbot has to be scheduled to rebuild the packages and I do not set it's schedule. Will advise.
|
|
Any | Bug Report | Very High | Critical | [ath9k-htc-firmware]: not work | Closed | |
Task Description
Description:
Ath9k wifi device not working, possibly bad compilation or issues with gcc
Additional info: * package version(s)
- gcc-8.4.0-2 - ath9k-htc-firmware-1.4.0-8
* config and/or log files etc.
[ 8.302952] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 8.303011] usbcore: registered new interface driver ath9k_htc
[ 8.303067] usb 1-1: Direct firmware load for ath9k_htc/htc_9271-1.4.0.fw failed with error -2
[ 8.303073] usb 1-1: ath9k_htc: Firmware htc_9271.fw requested
[ 8.623141] usb 1-1: ath9k_htc: Transferred FW: htc_9271.fw, size: 51008
[ 9.683657] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 9.683672] ath9k_htc: Failed to initialize the device
Steps to reproduce:
- Add wifi device with ath9k firmware, for example: TL-WN722N - pacman -S ath9k-htc-firmware
References:
- https://bugzilla.kernel.org/show_bug.cgi?id=208251
|
|
Testing | Bug Report | Very High | Critical | [Hyperbola GNU/Linux 0.4] QtSSL is not working | Closed | |
Task Description
Description: Tried with new compiled version of mumble no open and secured with SSL-certificate is reachable. Log within console:
qt.network.ssl: QSslSocket: cannot resolve SSL_CTX_set_options qt.network.ssl: QSslSocket: cannot resolve SSL_session_reused qt.network.ssl: QSslSocket: cannot resolve SSL_set_options qt.network.ssl: QSslSocket: cannot resolve BN_is_word qt.network.ssl: QSslSocket: cannot resolve SSL_in_init
<W>2021-08-23 01:00:18.814 QSslSocket: cannot call unresolved function sk_num
<W>2021-08-23 01:00:20.270 QSslSocket: cannot call unresolved function SSL_CTX_set_options
|
|
Any | Backport Request | Very High | High | [gegl] update package to 0.4.2 backport | Closed | |
Task Description
Description:
Update package to 0.4.2 backport version
Note: Is needed by GIMP 2.10.2 backport or update [gegl] to 0.3.34
Update the [babl] package
https://issues.hyperbola.info/index.php?do=details&task_id=1051
https://issues.hyperbola.info/index.php?do=details&task_id=1052
https://issues.hyperbola.info/index.php?do=details&task_id=1054
Additional info:
gegl 0.3.26-2.hyperbola1
$ pacman -Si gegl
Repository : extra
Name : gegl
Version : 0.3.26-2.hyperbola1
Description : Graph based image processing framework
Architecture : x86_64
URL : http://www.gegl.org/
Licenses : GPL3 LGPL3
Groups : None
Provides : None
Depends On : babl libspiro json-glib
Optional Deps : libraw: raw plugin
openexr: openexr plugin
ffmpeg: ffmpeg plugin
suitesparse: matting-levin plugin
librsvg: svg plugin
jasper: jasper plugin
libtiff: tiff plugin
lua: lua plugin
lensfun: lens-correct plugin
Conflicts With : gegl02
Replaces : gegl02
Download Size : 1347.15 KiB
Installed Size : 6823.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 31 Dec 2017 05:37:41 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
none
|
|
Any | Backport Request | Very High | High | [gimp] update package to 2.10.2 backport | Closed | |
Task Description
Description:
Update package to 2.10.2 backport version
Note: Needs [gegl] 0.4.2 and [babl] 0.1.50
or update [gegl] 0.3.34 only
Update the [babl] package
https://issues.hyperbola.info/index.php?do=details&task_id=1051
https://issues.hyperbola.info/index.php?do=details&task_id=1052
https://issues.hyperbola.info/index.php?do=details&task_id=1053
Additional info:
gimp 2.8.22-1.hyperbola1
Repository : extra
Name : gimp
Version : 2.8.22-1.hyperbola1
Description : GNU Image Manipulation Program, with gegl and libxslt support
Architecture : x86_64
URL : https://www.gimp.org/
Licenses : GPL LGPL
Groups : None
Provides : None
Depends On : pygtk lcms libxpm libwmf libxmu librsvg libmng dbus-glib libexif gegl jasper desktop-file-utils hicolor-icon-theme babl openexr
libgudev
Optional Deps : gutenprint: for sophisticated printing only as gimp has built-in cups print support
poppler-glib: for pdf support
alsa-lib: for MIDI event controller module
curl: for URI support
ghostscript: for postscript support
Conflicts With : gimp-devel
Replaces : None
Download Size : 12.12 MiB
Installed Size : 67.73 MiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 31 Dec 2017 08:42:46 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
none
|
|
Any | Backport Request | Very High | High | [tcpreplay] update package to 4.2.6 backport | Closed | |
Task Description
Description:
Update package to 4.2.6 backport because of multiple security flaw and bugs
Additional info: * current Hyperbola package version is 4.1.0-1 from December 2014
Example of fix from 4.1.0-1:
* AFL detected security crash in fuzz feature * tcpcapinfo buffer overflow vulnerablily * Buffer overflow bug in tcpprep
Steps to reproduce:
none
|
|
Any | Backport Request | Very High | Critical | [netifrc] update package to 0.6.0 backport | Closed | |
Task Description
Description:
[netifrc] update package to 0.6.0 backport version
Fix security errors:
Fix errors:
Changes:
Features:
Note: Please add a extra hotfix patch from git:
Additional info:
netifrc 0.5.1-3
$ pacman -Si netifrc
Repository : core
Name : netifrc
Version : 0.5.1-3
Description : Network interface management scripts
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Netifrc
Licenses : BSD2
Groups : base
Provides : None
Depends On : eudev
Optional Deps : iproute2: for interface handler, VPN, bridging and tunneling support (recommended)
net-tools: for interface handler support
bridge-utils: for bridging support
linux-atm: for CLIP and RFC 2684 bridge support
wpa_supplicant: for wireless networking support (recommended)
wireless_tools: for wireless networking support
dhcpcd: for DHCP support (recommended)
dhclient: for DHCP support
busybox: for DHCP support
iputils: for APIPA support
ifenslave: for bonding interfaces
ppp: for PPP and ADSL support (recommended)
rp-pppoe: for ADSL support
macchanger: for changing MAC addresses
ifplugd: for cable in/out detection
Conflicts With : None
Replaces : None
Download Size : 62.75 KiB
Installed Size : 349.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Wed 24 Jan 2018 09:05:24 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
contains errors in 0.5.1 version
|
|
Any | Backport Request | Very High | High | [nodejs] backporting to nodejs LTS 8.11.3 | Closed | |
Task Description
Description:
Hi dear developers of Hyperbola. I work in the field of web development. I use a lot of javascript and nodejs to compile. Could they do the nodejs update?. I also mention this because Hyperbola works with LTS packages.
Additional info:
* package version(s)
$ sudo pacman -Si nodejs
Repositorio : community
Nombre : nodejs
Versión : 7.10.0-1
Descripción : Evented I/O for V8 javascript
Arquitectura : x86_64
URL : http://nodejs.org/
Licencias : MIT
Grupos : Nada
Provee : Nada
Depende de : openssl-1.0 zlib icu libuv http-parser c-ares
Dependencias opcionales : npm: nodejs package manager
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 4,55 MiB
Tamaño de la instalación : 18,49 MiB
Encargado : Felix Yan <felixonmars@archlinux.org>
Fecha de creación : mié 03 may 2017 09:50:26 -05
Validado por : Suma MD5 Suma SHA-256 Firma
$ sudo pacman -Si npm
Repositorio : community
Nombre : npm
Versión : 4.5.0-1
Descripción : A package manager for javascript
Arquitectura : any
URL : https://www.npmjs.com/
Licencias : custom:Artistic
Grupos : Nada
Provee : nodejs-node-gyp
Depende de : nodejs semver
Dependencias opcionales : python2: for node-gyp
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 2,72 MiB
Tamaño de la instalación : 13,98 MiB
Encargado : Felix Yan <felixonmars@archlinux.org>
Fecha de creación : mié 12 abr 2017 22:08:06 -05
Validado por : Suma MD5 Suma SHA-256 Firma
- NodeJS LTS (includes npm 5.6.0):
* https://nodejs.org/dist/v8.11.3/node-v8.11.3.tar.gz
* https://nodejs.org/dist/v8.11.3/SHASUMS256.txt.asc
Some errors that I suffer when compiling: - https://stackoverflow.com/questions/46476741/nodejs-util-promisify-is-not-a-function
|
|
Stable | Update Request | High | Medium | [xscreensaver] needs an update, since there is a bugfix ... | Closed | |
Task Description
We seem to have a very old version of xscreensaver... Could you possibly update it?
this may be a security issue/privacy issue.
|
|
Stable | Update Request | High | High | [qt5] upgrade Qt project to the 5.6 LTS version, requir ... | Closed | |
Task Description
Cannot mix incompatible Qt library (version 0×50800) with this library (version 0×50904) Aborted
./Nextcloud-2.3.3-x86_64.AppImage: /usr/lib/libQt5Core.so.5: version `Qt_5.9’ not found (required by /tmp/.mount_NextclpprMnG/usr/bin/../lib/libqt5keychain.so.1
These two packages are directly affected by an older qt5...
Could you update all the qt packages to the LTS version available?
|
|
Stable | Update Request | High | Critical | [system-config-printer] update to 1.5.11 | Closed | |
Task Description
Description:
this release is mostly bugfix, updated translations, removed some deprecated parts in code (abandoning libgnome-keyring and starting using libsecret) and in UI and added Till’s patches from Ubuntu (Thank you, Till!).
Additional info: * package version(s)
# pacman -Si system-config-printer
Repositorio : extra
Nombre : system-config-printer
Versión : 1.5.9-2
Descripción : A CUPS printer configuration tool and status applet
Arquitectura : x86_64
URL : https://github.com/zdohnal/system-config-printer
Licencias : GPL
Grupos : Nada
Provee : Nada
Depende de : python-pycups python-dbus python-pycurl libnotify python-requests python-gobject gtk3 python-cairo
Dependencias opcionales : python-pysmbc: SMB browser support
python-packagekit: to install drivers with PackageKit
cups-pk-helper: PolicyKit helper to configure cups with fine-grained privileges
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 908,59 KiB
Tamaño de la instalación : 7159,00 KiB
Encargado : Andreas Radke <andyrtr@archlinux.org>
Fecha de creación : vie 27 ene 2017 04:18:24 -03
Validado por : Suma MD5 Suma SHA-256 Firma
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Security Issue | High | High | [npapi-sdk] remove unsecure/deprecated package | Closed | |
Task Description
“npapi-sdk” (released in 2012) uses deprecated/unsecure NPAPI[0] api
$ pacman -Si npapi-sdk Repository : extra Name : npapi-sdk Version : 0.27.2-1 Description : Netscape Plugin API (NPAPI) Architecture : any URL : https://bitbucket.org/mgorny/npapi-sdk Licenses : MPL Groups : None Provides : None Depends On : None Optional Deps : None Conflicts With : None Replaces : None Download Size : 15.77 KiB Installed Size : 67.00 KiB Packager : Ionut Biru ibiru@archlinux.org Build Date : Thu 25 Apr 2013 01:47:15 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [npapi-vlc] remove unsecured package | Closed | |
Task Description
“npapi-vlc” uses deprecated/unsecure NPAPI[0] api
$ pacman -Si npapi-vlc Repository : community Name : npapi-vlc Version : 2.2.5-1 Description : The modern VLC Mozilla (NPAPI) plugin Architecture : x86_64 URL : https://code.videolan.org/videolan/npapi-vlc Licenses : GPL Groups : None Provides : None Depends On : gtk2 vlc Optional Deps : None Conflicts With : None Replaces : None Download Size : 69.96 KiB Installed Size : 287.00 KiB Packager : Timothy Redaelli timothy.redaelli@gmail.com Build Date : Tue 14 Feb 2017 12:27:08 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [nspluginwrapper] remove unsecure/deprecated package | Closed | |
Task Description
“nspluginwrapper” (released in 2011) uses deprecated/unsecure NPAPI[0] api
$ pacman -Si nspluginwrapper Repository : multilib Name : nspluginwrapper Version : 1.4.4-3 Description : Cross-platform NPAPI compatible plugin viewer Architecture : x86_64 URL : http://nspluginwrapper.davidben.net/ Licenses : GPL Groups : None Provides : None Depends On : curl libxt lib32-libxt gcc-libs lib32-gcc-libs gtk2 lib32-gtk2 Optional Deps : None Conflicts With : None Replaces : None Download Size : 146.14 KiB Installed Size : 475.00 KiB Packager : Felix Yan felixonmars@gmail.com Build Date : Sat 12 Jul 2014 02:40:45 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [x2goplugin] remove unsecure package | Closed | |
Task Description
“x2goplugin” uses deprecated/unsecure NPAPI[0] api
$ pacman -Si x2goplugin Repository : extra Name : x2goplugin Version : 4.1.0.0-1 Description : provides X2Go Client as QtBrowser-based Mozilla plugin Architecture : x86_64 URL : http://www.x2go.org Licenses : GPL2 Groups : None Provides : None Depends On : qt4 libcups nxproxy libssh libxpm Optional Deps : None Conflicts With : None Replaces : None Download Size : 1250.54 KiB Installed Size : 2761.00 KiB Packager : Andreas Radke andyrtr@archlinux.org Build Date : Wed 22 Feb 2017 12:42:48 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [djview] remove unsecure "nsdejavu.so" | Closed | |
Task Description
Remove “nsdejavu.so”, uses deprecated/unsecure NPAPI[0] api
$ sudo pacman -Si djview Repository : community Name : djview Version : 4.10.6-1 Description : Portable DjVu viewer and browser plugin Architecture : x86_64 URL : http://djvu.sourceforge.net/djview4.html Licenses : GPL Groups : None Provides : djview4 Depends On : qt5-base djvulibre libxkbcommon-x11 libsm Optional Deps : None Conflicts With : djview4 Replaces : djview4 Download Size : 535.79 KiB Installed Size : 1978.00 KiB Packager : Gaetan Bisson bisson@archlinux.org Build Date : Wed 04 May 2016 08:53:23 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ sudo pacman -Ql djview djview /usr/ djview /usr/bin/ djview /usr/bin/djview djview /usr/bin/djview4 djview /usr/lib/ djview /usr/lib/mozilla/ djview /usr/lib/mozilla/plugins/ djview /usr/lib/mozilla/plugins/nsdejavu.so djview /usr/share/ djview /usr/share/applications/ djview /usr/share/applications/djvulibre-djview4.desktop djview /usr/share/djvu/ djview /usr/share/djvu/djview4/ djview /usr/share/djvu/djview4/djview_cs.qm djview /usr/share/djvu/djview4/djview_de.qm djview /usr/share/djvu/djview4/djview_es.qm djview /usr/share/djvu/djview4/djview_fr.qm djview /usr/share/djvu/djview4/djview_ru.qm djview /usr/share/djvu/djview4/djview_uk.qm djview /usr/share/djvu/djview4/djview_zh_cn.qm djview /usr/share/djvu/djview4/djview_zh_tw.qm djview /usr/share/icons/ djview /usr/share/icons/hicolor/ djview /usr/share/icons/hicolor/32×32/ djview /usr/share/icons/hicolor/32×32/mimetypes/ djview /usr/share/icons/hicolor/32×32/mimetypes/djvulibre-djview4.png djview /usr/share/icons/hicolor/64×64/ djview /usr/share/icons/hicolor/64×64/mimetypes/ djview /usr/share/icons/hicolor/64×64/mimetypes/djvulibre-djview4.png djview /usr/share/icons/hicolor/scalable/ djview /usr/share/icons/hicolor/scalable/mimetypes/ djview /usr/share/icons/hicolor/scalable/mimetypes/djvulibre-djview4.svgz djview /usr/share/man/ djview /usr/share/man/man1/ djview /usr/share/man/man1/djview.1.gz djview /usr/share/man/man1/nsdejavu.1.gz
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [icedtea-web] remove unsecure "IcedTeaPlugin.so" | Closed | |
Task Description
Remove “IcedTeaPlugin.so”, it uses deprecated/unsecure NPAPI[0] apis
Note: this package contains “Java Web Start” and unsecured NPAPI plugin, it needs change package description and description on optional dependencies in “jre{7,8}-openjdk” packages.
$ pacman -Si icedtea-web Repository : extra Name : icedtea-web Version : 1.6.2-2.hyperbola1 Description : Free web browser plugin to run applets written in Java and an implementation of Java Web Start, without nonfree firefox support Architecture : x86_64 URL : http://icedtea.classpath.org/wiki/IcedTea-Web Licenses : GPL2 Groups : None Provides : java-web-start Depends On : java-runtime-openjdk desktop-file-utils Optional Deps : rhino: for using proxy auto config files Conflicts With : None Replaces : icedtea-web-java7 Download Size : 1525.55 KiB Installed Size : 2108.00 KiB Packager : André Silva emulatorman@hyperbola.info Build Date : Fri 26 May 2017 06:13:18 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Ql icedtea-web icedtea-web /usr/ icedtea-web /usr/bin/ icedtea-web /usr/bin/itweb-settings icedtea-web /usr/bin/javaws icedtea-web /usr/bin/policyeditor icedtea-web /usr/lib/ icedtea-web /usr/lib/mozilla/ icedtea-web /usr/lib/mozilla/plugins/ icedtea-web /usr/lib/mozilla/plugins/IcedTeaPlugin.so icedtea-web /usr/share/ icedtea-web /usr/share/applications/ icedtea-web /usr/share/applications/itweb-settings.desktop icedtea-web /usr/share/applications/javaws.desktop icedtea-web /usr/share/icedtea-web/ icedtea-web /usr/share/icedtea-web/bin/ icedtea-web /usr/share/icedtea-web/bin/itweb-settings icedtea-web /usr/share/icedtea-web/bin/javaws icedtea-web /usr/share/icedtea-web/bin/policyeditor icedtea-web /usr/share/icedtea-web/javaws_splash.png icedtea-web /usr/share/icedtea-web/lib/ icedtea-web /usr/share/icedtea-web/lib/IcedTeaPlugin.so icedtea-web /usr/share/icedtea-web/netx.jar icedtea-web /usr/share/icedtea-web/plugin.jar icedtea-web /usr/share/man/ icedtea-web /usr/share/man/man1/ icedtea-web /usr/share/man/man1/icedtea-web-plugin.1.gz icedtea-web /usr/share/man/man1/icedtea-web.1.gz icedtea-web /usr/share/man/man1/itweb-settings.1.gz icedtea-web /usr/share/man/man1/javaws.1.gz icedtea-web /usr/share/man/man1/policyeditor.1.gz icedtea-web /usr/share/pixmaps/ icedtea-web /usr/share/pixmaps/javaws.png
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
|
|
Any | Security Issue | High | High | [podofo] vulnerable allows remote attackers to cause a ... | Closed | |
Task Description
https://icepng.github.io/2017/04/21/PoDoFo-1/
https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference
http://www.securityfocus.com/bid/97296/info
Package information
Repositorio : community Nombre : podofo Versión : 0.9.5-2 Descripción : A C++ library to work with the PDF file format Arquitectura : x86_64 URL : http://podofo.sourceforge.net Licencias : GPL Grupos : Nada Provee : Nada Depende de : lua openssl fontconfig libtiff libidn libjpeg-turbo Dependencias opcionales : Nada En conflicto con : Nada Remplaza a : Nada Tamaño de la descarga : 785,18 KiB Tamaño de la instalación : 4492,00 KiB Encargado : Antonio Rojas arojas@archlinux.org Fecha de creación : sáb 18 feb 2017 06:52:31 -05 Validado por : Suma MD5 Suma SHA-256 Firma
Debian just patched for v0.9.5-6
https://sources.debian.net/src/libpodofo/0.9.5-6/debian/patches/CVE-2017-738%5B0123%5D.patch/
https://sources.debian.net/src/libpodofo/0.9.5-6/debian/patches/
|
|
Any | Security Issue | High | High | [isync] needs update | Closed | |
Task Description
isync is currently on 1.2.1-3, the versions is 2 years old and a lot of security/features have been implemented to the version 1.3.0
isync needs be upgraded from 1.2.1 to 1.2.3 since it is a bugfix adapted for our current snapshot in Milky Way (2017-05-08) which is using isync 1.2.x series.
|
|
Any | Security Issue | High | High | [busybox] CVE-2017-16544: autocompletion vulnerability | Closed | |
Task Description
Package: https://www.hyperbola.info/packages/community/x86_64/busybox/
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
Patch: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
|
|
Any | Security Issue | High | Critical | [irssi] IRSSI-SA-2018-02 Irssi Security Advisory | Closed | |
Task Description
Multiple vulnerabilities have been located in Irssi.
Access remote: yes
References links:
|
|
Any | Security Issue | High | Critical | [python2] heap-overflow vulnerability CVE-2018-1000030 | Closed | |
Task Description
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3→Malloc→Thread1→Free’s→Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.
https://security-tracker.debian.org/tracker/CVE-2018-1000030
|
|
Any | Security Issue | High | Critical | [geth] possible denial of service attacks "DoS Attack" | Closed | |
Task Description
Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.
|
|
Any | Security Issue | High | Critical | [octopi] uploads system logs to ptpb.pw without confirm ... | Closed | |
|
|
Any | Security Issue | High | High | [certbot] version 0.23 is not giving the option to keep ... | Closed | |
|
|
Any | Replace Request | High | Critical | [python2] replace deprecated Python 2 to Tauthon | Closed | |
|
|
Any | Pull Request | High | High | [firetools] update of 0.9.50 to 0.9.52 + support for UX ... | Closed | |
|
|
Any | Privacy Issue | High | High | [redshift] remove geoclue2 support | Closed | |
|
|
Any | Privacy Issue | High | High | [epiphany] would be more private if not for Hyperbola p ... | Closed | |
|
|
Any | Privacy Issue | High | Critical | [deepin-desktop-base] Check for CNZZ Spyware | Closed | |
|
|
Any | Implementation Request | High | High | [onioncat]: add package | Closed | |
|
|
Any | Implementation Request | High | High | [xen] add Xen 4.8.x split packages | Closed | |
|
|
Stable | Implementation Request | High | Medium | [nitrokey-app] add package | Closed | |
|
|
Any | Implementation Request | High | High | [dhcpcd-ui] add package | Closed | |
|
|
Testing | Implementation Request | High | Critical | [xlsfonts] Missing package needs to be added for xenoca ... | Closed | |
|
|
Stable | Freedom Issue | High | Critical | [smplayer] Removal of unfree "Chromecast"-plugin | Closed | |
|
|
Any | Feature Request | High | High | [icedove-enigmail] add package | Closed | |
|
|
Any | Feature Request | High | High | [aircrack-ng] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [android-tools] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [apache] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [arch-audit] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [argyllcms] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [axel] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [badvpn] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bigloo] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bind] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bind-tools] rebuild package against libressl | Closed | |
|
|
Any | Feature Request | High | High | [bip] rebuild package against libressl | Closed | |
|