|
Any | Update Request | Very High | Critical | [certbot] update package to support ACMEv2 and Wildcard | Closed | |
Task Description
Since certbot v0.22.0[0] there’s support for ACMEv2 and Wildcard. This is an important update since wildcard SSL certificates can make server security and maintaince easier by supporting all subdomains of a base domain.
Debian Stretch (stable) uses certbot 0.10.2 but there’s 0.23.0 in stretch-backports repository[1]. So I’d like to request an update or a backport of certbot and its dependencies.
These are the actual packages versions from Hyperbola and Arch:
certbot (0.23.0-1) / Hyperbola version ⇒ (0.14.0-1) [x]
python-acme (0.23.0-1) / Hyperbola version ⇒ (0.14.0-1) [x]
python-configargparse (0.12.0-1) / Hyperbola version ⇒ (0.11.0-2) [=]
python-parsedatetime (2.4-1) / Hyperbola version ⇒ (2.3-1) [x]
python-pbr (4.0.2-1) / Hyperbola version ⇒ (3.0.0-1) [<]
python-pytz (2018.4-1) / Hyperbola version ⇒ (2017.2-1) [<]
python-zope-component (4.4.1-1) / Hyperbola version ⇒ (4.3.0-2) [=]
python-zope-event (4.3.0-1) / Hyperbola version ⇒ (4.2.0-2) [=]
NOTE: packages marked with an “[x]” means that the pkg has Debian Stretch backports of the proposed updated version. The “[=]” means that Debian has no backports but uses the same version of the pkg as Hyperbola. The [<] means the Debian Version lower than Hyperbola’s Version.
The packages that may get the update should be only the ones marked with an [x], if we follow the Debian Stretch devel. If certbot gets the update, then the following Arch packages need to be added for obtaining wildcard certificates throught the DNS challenge:
certbot-dns-cloudflare
certbot-dns-cloudxns
certbot-dns-digitalocean
certbot-dns-dnsimple
certbot-dns-dnsmadeeasy
certbot-dns-luadns
certbot-dns-nsone
certbot-dns-rfc2136
certbot-dns-route53
I ommited certbot-dns-google since it’s not compatible with the Hyperbola Packaging Guidelines.
[0] https://community.letsencrypt.org/t/certbot-0-22-0-release-with-acmev2-and-wildcard-support/55061 [1] https://packages.debian.org/search?keywords=certbot
|
|
Stable | Update Request | High | Critical | [system-config-printer] update to 1.5.11 | Closed | |
Task Description
Description:
this release is mostly bugfix, updated translations, removed some deprecated parts in code (abandoning libgnome-keyring and starting using libsecret) and in UI and added Till’s patches from Ubuntu (Thank you, Till!).
Additional info: * package version(s)
# pacman -Si system-config-printer
Repositorio : extra
Nombre : system-config-printer
Versión : 1.5.9-2
Descripción : A CUPS printer configuration tool and status applet
Arquitectura : x86_64
URL : https://github.com/zdohnal/system-config-printer
Licencias : GPL
Grupos : Nada
Provee : Nada
Depende de : python-pycups python-dbus python-pycurl libnotify python-requests python-gobject gtk3 python-cairo
Dependencias opcionales : python-pysmbc: SMB browser support
python-packagekit: to install drivers with PackageKit
cups-pk-helper: PolicyKit helper to configure cups with fine-grained privileges
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 908,59 KiB
Tamaño de la instalación : 7159,00 KiB
Encargado : Andreas Radke <andyrtr@archlinux.org>
Fecha de creación : vie 27 ene 2017 04:18:24 -03
Validado por : Suma MD5 Suma SHA-256 Firma
* config and/or log files etc.
Steps to reproduce:
|
|
Stable | Update Request | Very Low | Critical | [qt5] request for upgrade | Closed | |
Task Description
I know that upgrading Qt is not a trivial task, but would it be possible to do this anyway? Qt 5.8 has issues that other versions do not have. See for example the discussion here about Projecteur, a very useful tool. Hyperbola seems to be the only Linux distribution unable to run it, just because of Qt 5.8:
https://github.com/jahnf/Projecteur/issues/26
|
|
Any | Security Issue | Very High | Critical | [gnome-mplayer] [gecko-mediaplayer] [gmtk] remove unsec ... | Closed | |
Task Description
Remove “gnome-mplayer”, “gecko-mediaplayer” and “gmtk” are unsecured/abandonware packages(released in 2014) “gecko-mediaplayer” uses deprecated/unsecured NPAPI[0] and XULRunner[1][2] apis
$ pacman -Si gnome-mplayer Repository : community Name : gnome-mplayer Version : 1.0.9-4 Description : A simple MPlayer GUI. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gnomemplayer Licenses : GPL Groups : None Provides : None Depends On : mplayer dbus-glib libnotify gmtk Optional Deps : None Conflicts With : None Replaces : None Download Size : 343.29 KiB Installed Size : 1461.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:45:38 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si gecko-mediaplayer Repository : community Name : gecko-mediaplayer Version : 1.0.9-3 Description : Browser plugin that uses gnome-mplayer to play media in a web browser. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gecko-mediaplayer Licenses : GPL Groups : None Provides : None Depends On : gnome-mplayer>=1.0.9 dbus-glib gmtk curl Optional Deps : None Conflicts With : None Replaces : None Download Size : 80.92 KiB Installed Size : 598.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:36:31 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si gmtk Repository : community Name : gmtk Version : 1.0.9-3 Description : Common functions for gnome-mplayer and gecko-mediaplayer. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gmtk Licenses : GPL Groups : None Provides : None Depends On : glib2 gtk3 dconf Optional Deps : None Conflicts With : None Replaces : None Download Size : 73.85 KiB Installed Size : 246.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:50:49 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [freewrl] remove unsecure "libFreeWRLplugin.so" | Closed | |
Task Description
Remove “libFreeWRLplugin.so”, uses deprecated/unsecure NPAPI[0] and XULRunner[1][2] apis
$ pacman -Si freewrl Repository : community Name : freewrl Version : 1:2.3.3-1 Description : VRML viewer Architecture : x86_64 URL : http://freewrl.sourceforge.net/ Licenses : GPL Groups : None Provides : None Depends On : java-runtime libxaw glew freeglut curl freetype2 imlib2 sox unzip imagemagick libxml2 ttf-bitstream-vera lesstif js185 glu openal
freealut
Optional Deps : None Conflicts With : None Replaces : None Download Size : 583.49 KiB Installed Size : 2060.00 KiB Packager : Sergej Pupykin <pupykin.s+arch@gmail.com> Build Date : Mon 19 Dec 2016 10:31:49 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ sudo pacman -Ql freewrl freewrl /usr/ freewrl /usr/bin/ freewrl /usr/bin/freewrl freewrl /usr/bin/freewrl_msg freewrl /usr/bin/freewrl_snd freewrl /usr/include/ freewrl /usr/include/FreeWRLEAI/ freewrl /usr/include/FreeWRLEAI/EAIHeaders.h freewrl /usr/include/FreeWRLEAI/EAI_C.h freewrl /usr/include/FreeWRLEAI/GeneratedHeaders.h freewrl /usr/include/FreeWRLEAI/X3DNode.h freewrl /usr/include/libFreeWRL.h freewrl /usr/lib/ freewrl /usr/lib/libFreeWRL.so freewrl /usr/lib/libFreeWRL.so.2 freewrl /usr/lib/libFreeWRL.so.2.3.3 freewrl /usr/lib/libFreeWRLEAI.so freewrl /usr/lib/libFreeWRLEAI.so.2 freewrl /usr/lib/libFreeWRLEAI.so.2.3.3 freewrl /usr/lib/mozilla/ freewrl /usr/lib/mozilla/plugins/ freewrl /usr/lib/mozilla/plugins/libFreeWRLplugin.so freewrl /usr/lib/pkgconfig/ freewrl /usr/lib/pkgconfig/libFreeWRL.pc freewrl /usr/lib/pkgconfig/libFreeWRLEAI.pc freewrl /usr/share/ freewrl /usr/share/applications/ freewrl /usr/share/applications/freewrl.desktop freewrl /usr/share/man/ freewrl /usr/share/man/man1/ freewrl /usr/share/man/man1/freewrl.1.gz freewrl /usr/share/pixmaps/ freewrl /usr/share/pixmaps/freewrl.png
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [xulrunner] unmaintained and unsupportable | Closed | |
Task Description
Remove “xulrunner”[0][1] is unsecure/abandonware package
$ pacman -Si xulrunner Repository : community Name : xulrunner Version : 41.0.2-10 Description : Mozilla Runtime Environment Architecture : x86_64 URL : http://wiki.mozilla.org/XUL:Xul_Runner Licenses : MPL GPL LGPL Groups : None Provides : None Depends On : gtk2 mozilla-common nss>3.18 libxt hunspell startup-notification mime-types dbus-glib libpulse libevent libvpx icu python2 Optional Deps : None Conflicts With : None Replaces : xulrunner-oss Download Size : 47.38 MiB Installed Size : 171.99 MiB Packager : Evangelos Foutras evangelos@foutrelis.com Build Date : Wed 26 Apr 2017 03:10:07 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [1]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [midori] unmaintained and unsupportable | Closed | |
Task Description
The developer team is discussing the removal of Midori from Debian repositories.
Jeremy Bicha says:
> The final stable release of Midori still uses the unmaintained WebKit1 > instead of webkit2gtk and therefore the browser suffers from numerous > known security vulnerabilities. Midori now fails to build with vala > 0.36 which is in Ubuntu 17.10 Alpha and will be in Debian unstable > once it clears the Debian new queue. > https://launchpad.net/bugs/1698483 .
See a complete discussion here.
|
|
Any | Security Issue | Very High | Critical | [w3m] unmaintained and unsupportable | Closed | |
Task Description
w3m is an unmaintained and unsuportable software, the latest release was 0.5.3 (2011)[0][1][2][3]
$ pacman -Qi w3m Name : w3m Version : 0.5.3.git20170102-2 Description : Text-based Web browser, as well as pager Architecture : x86_64 URL : http://w3m.sourceforge.net/ Licenses : custom Groups : None Provides : None Depends On : openssl gc ncurses gpm Optional Deps : imlib2: for graphics support [installed] Required By : None Optional For : None Conflicts With : None Replaces : None Installed Size : 1784.00 KiB Packager : Jan de Groot jgc@archlinux.org Build Date : Sat 04 Mar 2017 07:12:38 PM -03 Install Date : Tue 12 Sep 2017 03:43:25 AM -03 Install Reason : Explicitly installed Install Script : No Validated By : Signature
[0]:https://sourceforge.net/projects/w3m/files/w3m/ [1]:https://security.archlinux.org/package/w3m [2]:https://tracker.debian.org/pkg/w3m [3]:https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/w3m
|
|
Any | Security Issue | Very High | Critical | [pam] pam_unix2 is orphaned and dead upstream | Closed | |
Task Description
pam_unix2 was removed from Debian Jessie because it’s buggy and unmaintained [0]
It’s included inside pam package and should be removed since it doesn’t comes from official source. Also the original upstream FTP directory (ftp://ftp.suse.com/people/kukuk/pam/pam_unix2) has disappeared.
[0]:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628848
$ pacman -Si pam Repository : core Name : pam Version : 1.3.0-1 Description : PAM (Pluggable Authentication Modules) library Architecture : x86_64 URL : http://linux-pam.org Licenses : GPL2 Groups : None Provides : None Depends On : glibc cracklib libtirpc pambase Optional Deps : None Conflicts With : None Replaces : None Download Size : 609.71 KiB Installed Size : 2980.00 KiB Packager : Tobias Powalowski tpowa@archlinux.org Build Date : Thu 09 Jun 2016 02:44:03 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Ql pam > pam_fileslist.txt
|
|
Any | Security Issue | Very High | Critical | [wpa_supplicant] vulnerable to KRAK attack | Closed | |
Task Description
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
https://w1.fi/security/2017-1/
Arch just patched: https://www.archlinux.org/packages/core/i686/wpa_supplicant/
|
|
Any | Security Issue | Very High | Critical | [dillo] enable IPv6, SSL/TLS and threaded DNS support | Closed | |
Task Description
Please move dillo to blacklist. Please enable IPv6, SSL/TLS and threaded DNS support.
1- Arch PKGBUILD problems:
a- not obtain source via https
b- not compiled with support --enable-ipv6 --enable-threaded-dns --enable-ssl
My correction is committed in NAB-packages-community
|
|
Any | Security Issue | Very High | Critical | [linux-libre-lts*] Meltdown & Spectre Vulnerability | Closed | |
Task Description
Multiple CVEs. Unprivileged programs can gain access to a hardware bug in the CPU, and thereby initiate memory dumps and other low-level attacks.
|
|
Any | Security Issue | Very High | Critical | [libressl] add package as OpenSSL replacement and defau ... | Closed | |
Task Description
LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.
It was forked from the OpenSSL in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, [4] [5] [6] [7] with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. [8]
As LibreSSL follow the same goals than Hyperbola Packaging Guidelines in stability and security concerns, it should be the default provider of SSL and TLS protocols for Hyperbola Project.
|
|
Any | Security Issue | Very High | Critical | [avahi] blacklist package since it's a zeroconf impleme ... | Closed | |
Task Description
Avahi is a zero-configuration networking implementation that contains critical security issues because mDNS operates under a different trust model than unicast DNS trusting the entire network rather than a designated DNS server, it is vulnerable to spoofing attacks by any system within the multicast IP range. Like SNMP and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines. [0]
Since it violates the Hyperbola Social Contract , Avahi should be blacklisted.
|
|
Any | Security Issue | Very High | Critical | [electrum] JSONRPC vulnerability | Closed | |
Task Description
Our current version is vulnerable
|
|
Any | Security Issue | High | Critical | [irssi] IRSSI-SA-2018-02 Irssi Security Advisory | Closed | |
Task Description
Multiple vulnerabilities have been located in Irssi.
Access remote: yes
References links:
|
|
Any | Security Issue | High | Critical | [python2] heap-overflow vulnerability CVE-2018-1000030 | Closed | |
Task Description
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3→Malloc→Thread1→Free’s→Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.
https://security-tracker.debian.org/tracker/CVE-2018-1000030
|
|
Any | Security Issue | Very High | Critical | [mupdf] multiple security issues | Closed | |
Task Description
Summary
The package mupdf is vulnerable to multiple issues including arbitrary code execution and denial of service via CVE-2018-6544, CVE-2018-6192, CVE-2018-6187, CVE-2018-5686 and CVE-2018-1000051.
Package Information
$ pacman -Si mupdf
Repositorio : community
Nombre : mupdf
Versión : 1.11-1
Descripción : Lightweight PDF and XPS viewer
Arquitectura : x86_64
URL : http://mupdf.com
Licencias : AGPL3
Grupos : Nada
Provee : Nada
Depende de : curl desktop-file-utils freetype2 harfbuzz jbig2dec libjpeg openjpeg2 openssl
Dependencias opcionales : Nada
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 18,18 MiB
Tamaño de la instalación : 33,03 MiB
Encargado : Christian Hesse <arch@eworm.de>
Fecha de creación : mar 11 abr 2017 05:22:41 -05
Validado por : Suma MD5 Suma SHA-256 Firma
References
|
|
Any | Security Issue | High | Critical | [geth] possible denial of service attacks "DoS Attack" | Closed | |
Task Description
Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.
|
|
Any | Security Issue | Very High | Critical | [xen] multiple security issues: CVE-2018-10472, CVE-201 ... | Closed | |
Task Description
http://openwall.com/lists/oss-security/2018/04/30/1 http://openwall.com/lists/oss-security/2018/04/30/1 An attacker supplying a crafted CDROM image can read any file (or device node) on the dom0 filesystem with the permissions of the qemu devicemodel process. (The virtual CDROM device is read-only, so no data can be written.)
http://openwall.com/lists/oss-security/2018/04/30/2 A malicious or buggy guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host.
http://openwall.com/lists/oss-security/2018/05/11/1 A malicious unprivileged device model can cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time.
http://openwall.com/lists/oss-security/2018/05/11/2
[critical] A malicious or buggy HVM guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host. Privilege escalation, or information leaks, cannot be excluded.
Patches provided by upstream.
|
|
Any | Security Issue | Medium | Critical | [glusterfs] CVE-2018-1088: Privilege escalation via gl ... | Closed | |
Task Description
https://security-tracker.debian.org/tracker/CVE-2018-1088
http://openwall.com/lists/oss-security/2018/04/18/1
https://bugs.debian.org/896128
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Upstream patches: https://review.gluster.org/#/c/19899/1..2
Fixed in: https://github.com/gluster/glusterfs/releases/tag/v4.0.2
|
|
Any | Security Issue | Very High | Critical | [wget] - GNU Wget Cookie Injection CVE-2018-0494 | Closed | |
Task Description
An external attacker is able to inject arbitrary cookie values cookie jar file, adding new or replacing existing cookie values. http://openwall.com/lists/oss-security/2018/05/06/1
Fixed in GNU Wget 1.19.5 or later.
|
|
Any | Security Issue | Very High | Critical | [networkmanager] CVE-2018-1111: DHCP client script code ... | Closed | |
Task Description
A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager which is configured to obtain network configuration using the DHCP protocol.
|
|
Any | Security Issue | Very High | Critical | [openrc] use procps-ng's "sysctl" by default instead of ... | Closed | |
Task Description
Description:
Use procps-ng's "sysctl" by default instead of inetutils's "hostname" for
hostname support.
Since [inetutils] is an extra dependency for openrc, it
contains insecure commands like: ftp/rcp/rlogin/rsh/talk/telnet
For security reasons, procps-ng should be the tool to handle hostname
configuration through hostname init script because is a base package.
Additional info:
openrc 0.28-14
/etc/init.d/hostname
- hostname "$h"
+ case $(uname -s) in
+ GNU/Linux|Linux)
+ sysctl -qw kernel.hostname="$h"
+ ;;
+ *)
+ hostname "$h"
+ ;;
+ esac
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Set and run hostname init script
|
|
Any | Security Issue | Very High | Critical | [openrc] remove dangerous "local" init script | Closed | |
Task Description
Description:
“https://wiki.gentoo.org/wiki//etc/local.d”
Additional info:
remove:
“/etc/init.d/local”
“/etc/local.d/README”
“/etc/local.d/”
/etc/init.d/agetty
----
- after local
+ after *
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-17
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 194.10 KiB
Installed Size : 1727.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Thu 05 Jul 2018 01:37:37 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Security Issue | Very High | Critical | [znc] CVE-2018-14055: privilege escalation & CVE-2018-1 ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [wesnoth] CVE-2018-1999023 - Code Injection vulnerabili ... | Closed | |
|
|
Stable | Security Issue | Very High | Critical | [iceweasel-uxp] Issue with HTTPS websites | Closed | |
|
|
Any | Security Issue | Very High | Critical | [openssh] CVE-2018-15473 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [dropbear] CVE-2018-15599 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [mutt] CVE-2018-14354 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [iceweasel-uxp-noscript] Zero-day bypass and script exe ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [util-linux] CVE-2018-7738 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [schroedinger] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [vlc] CVE-2017-17670 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [vlc] CVE-2018-11529 | Closed | |
|
|
Any | Security Issue | High | Critical | [octopi] uploads system logs to ptpb.pw without confirm ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [qtpass] Insecure Password Generation prior to 1.2.1 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [toxcore] Memory leak - Remote DDoS vunerability | Closed | |
|
|
Any | Security Issue | Very Low | Critical | [toxcore] Memory leak bug | Closed | |
|
|
Any | Security Issue | Very High | Critical | [libssh] CVE-2018-10933 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [openldap] 2.4.44 multiple security issues | Closed | |
|
|
Any | Security Issue | Very High | Critical | [php] CVE-2017-9120 | Closed | |
|
|
Any | Security Issue | Very Low | Critical | [dokuwiki] CVEs | Closed | |
|
|
Any | Security Issue | Very Low | Critical | [tcpreplay] CVEs | Closed | |
|
|
Stable | Security Issue | Very High | Critical | [exim] CVE-2019-10149 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [libarchive] CVE-2019-18408 | Closed | |
|
|
Any | Security Issue | Medium | Critical | [libjpeg-turbo] CVE-2019-2201 | Closed | |
|
|
Any | Security Issue | Very Low | Critical | [unbound] Multiple CVEs | Closed | |
|
|
Stable | Security Issue | Very Low | Critical | [lts-kernel][sec] filter /dev/mem access & restrict acc ... | Closed | |
|