|
Stable | Update Request | High | Critical | [system-config-printer] update to 1.5.11 | Closed | |
Task Description
Description:
this release is mostly bugfix, updated translations, removed some deprecated parts in code (abandoning libgnome-keyring and starting using libsecret) and in UI and added Till’s patches from Ubuntu (Thank you, Till!).
Additional info: * package version(s)
# pacman -Si system-config-printer
Repositorio : extra
Nombre : system-config-printer
Versión : 1.5.9-2
Descripción : A CUPS printer configuration tool and status applet
Arquitectura : x86_64
URL : https://github.com/zdohnal/system-config-printer
Licencias : GPL
Grupos : Nada
Provee : Nada
Depende de : python-pycups python-dbus python-pycurl libnotify python-requests python-gobject gtk3 python-cairo
Dependencias opcionales : python-pysmbc: SMB browser support
python-packagekit: to install drivers with PackageKit
cups-pk-helper: PolicyKit helper to configure cups with fine-grained privileges
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 908,59 KiB
Tamaño de la instalación : 7159,00 KiB
Encargado : Andreas Radke <andyrtr@archlinux.org>
Fecha de creación : vie 27 ene 2017 04:18:24 -03
Validado por : Suma MD5 Suma SHA-256 Firma
* config and/or log files etc.
Steps to reproduce:
|
|
Any | Update Request | Very High | High | [babl] update package to v0.1.50 | Closed | |
Task Description
Description:
update package to v0.1.50 version
Note: Update [gegl] or Backport [gegl] and [gimp]
https://issues.hyperbola.info/index.php?do=details&task_id=1052
https://issues.hyperbola.info/index.php?do=details&task_id=1053
https://issues.hyperbola.info/index.php?do=details&task_id=1054
Additional info:
babl 0.1.38-1.hyperbola1
$ pacman -Si babl
Repository : extra
Name : babl
Version : 0.1.38-1.hyperbola1
Description : Dynamic, any to any, pixel format conversion library
Architecture : x86_64
URL : http://gegl.org/babl/
Licenses : LGPL3
Groups : None
Provides : None
Depends On : glibc
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 237.72 KiB
Installed Size : 734.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 31 Dec 2017 05:31:32 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
none
|
|
Any | Update Request | Very High | High | [gegl] update package to 0.3.34 | Closed | |
Task Description
Description:
Update package to 0.3.34 version
Note: Update package to 0.3.34 version
or update package to 0.4.2 backport and GIMP 2.10.2 backport
Update [babl] package
https://issues.hyperbola.info/index.php?do=details&task_id=1051
https://issues.hyperbola.info/index.php?do=details&task_id=1053
https://issues.hyperbola.info/index.php?do=details&task_id=1054
Additional info:
gegl 0.3.26-2.hyperbola1
$ pacman -Si gegl
Repository : extra
Name : gegl
Version : 0.3.26-2.hyperbola1
Description : Graph based image processing framework
Architecture : x86_64
URL : http://www.gegl.org/
Licenses : GPL3 LGPL3
Groups : None
Provides : None
Depends On : babl libspiro json-glib
Optional Deps : libraw: raw plugin
openexr: openexr plugin
ffmpeg: ffmpeg plugin
suitesparse: matting-levin plugin
librsvg: svg plugin
jasper: jasper plugin
libtiff: tiff plugin
lua: lua plugin
lensfun: lens-correct plugin
Conflicts With : gegl02
Replaces : gegl02
Download Size : 1347.15 KiB
Installed Size : 6823.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 31 Dec 2017 05:37:41 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
none
|
|
Any | Update Request | Very High | High | [krita] update to 3.1.4 version | Closed | |
Task Description
Description:
Update to 3.1.4 version
Additional info:
krita 3.1.3
$ pacman -Qi krita
Name : krita
Version : 3.1.3-1
Description : Edit and paint images
Architecture : x86_64
URL : http://krita.org
Licenses : LGPL
Groups : None
Provides : None
Depends On : kio kitemmodels gsl libraw exiv2 openexr fftw curl boost-libs hicolor-icon-theme
Optional Deps : poppler-qt5: PDF filter [installed]
ffmpeg: to save animations [installed]
opencolorio: for the LUT docker [installed]
Required By : None
Optional For : None
Conflicts With : calligra-krita krita-l10n
Replaces : calligra-krita krita-l10n
Installed Size : 112.43 MiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Fri 28 Apr 2017 07:57:59 AM -03
Install Date : Tue 12 Sep 2017 03:28:32 AM -03
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature
Steps to reproduce: contains some bugs
|
|
Any | Update Request | Very Low | High | ufw update/ufw bug | Closed | |
Task Description
There appears to be a bug with the current version of ufw, 0.35-2
Dunno if updating it would fix it, but it is kind of annoying and possibly security issue.
it says ufw is inactive when I reboot despite it being installed in the runlevel.
|
|
Any | Update Request | Very Low | High | [php] update to old stable PHP 7.1.32 | Closed | |
Task Description
Description:
Version 7.1.32
29 Aug 2019
mbstring: * Fixed CVE-2019-13224 (don’t allow different encodings for onig_new_deluxe) (stas) * pcre: Fixed bug #75457 (heap use-after-free in pcrelib) (cmb)
|
|
Stable | Update Request | Low | High | [pigeonhole] needs to be updated (depends on older vers ... | Closed | |
Task Description
Description: The pigeonhole package depends on dovecot 2.2.29.1, which is in version 2.3.4.1-2.hyperbola1.backports1 at the moment. Due to this, I can’t use it
Additional info: * pigeonhole 0.4.18-1
|
|
Stable | Update Request | High | Medium | [xscreensaver] needs an update, since there is a bugfix ... | Closed | |
Task Description
We seem to have a very old version of xscreensaver... Could you possibly update it?
this may be a security issue/privacy issue.
|
|
Stable | Update Request | Very Low | Medium | [minetest] update package to 0.4.17.1 | Closed | |
Task Description
In the latest version fixes some bugs and a crash, and small features[1].
[1]: https://dev.minetest.net/Changelog (see section 0.4.17 and 0.4.17.1 for more details)
|
|
Stable | Update Request | Very Low | Medium | [xfe] update package to 1.43.1 | Closed | |
Task Description
In the latest version fixes several minor bugs and search file function issue[1].
[1]: http://roland65.free.fr/xfe/ (see 1.43 and 1.43.1 in the news section)
|
|
Any | Update Request | Very Low | Very Low | [youtube-viewer] minor fix: function API name | Closed | |
Task Description
Description:
Fixes[0] a small error in the name API function extract.
Replaced name `indivious` to `invidious`
Attached[1] patch update
- [0]:https://github.com/arankaren/youtube-viewer/commit/a464c878579f22c1cf7e5e54897c5ecaf27e333e
- [1]:https://paste.debian.net/plain/1091395
|
|
Any | Security Issue | Very High | Critical | [gnome-mplayer] [gecko-mediaplayer] [gmtk] remove unsec ... | Closed | |
Task Description
Remove “gnome-mplayer”, “gecko-mediaplayer” and “gmtk” are unsecured/abandonware packages(released in 2014) “gecko-mediaplayer” uses deprecated/unsecured NPAPI[0] and XULRunner[1][2] apis
$ pacman -Si gnome-mplayer Repository : community Name : gnome-mplayer Version : 1.0.9-4 Description : A simple MPlayer GUI. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gnomemplayer Licenses : GPL Groups : None Provides : None Depends On : mplayer dbus-glib libnotify gmtk Optional Deps : None Conflicts With : None Replaces : None Download Size : 343.29 KiB Installed Size : 1461.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:45:38 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si gecko-mediaplayer Repository : community Name : gecko-mediaplayer Version : 1.0.9-3 Description : Browser plugin that uses gnome-mplayer to play media in a web browser. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gecko-mediaplayer Licenses : GPL Groups : None Provides : None Depends On : gnome-mplayer>=1.0.9 dbus-glib gmtk curl Optional Deps : None Conflicts With : None Replaces : None Download Size : 80.92 KiB Installed Size : 598.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:36:31 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si gmtk Repository : community Name : gmtk Version : 1.0.9-3 Description : Common functions for gnome-mplayer and gecko-mediaplayer. Architecture : x86_64 URL : https://sites.google.com/site/kdekorte2/gmtk Licenses : GPL Groups : None Provides : None Depends On : glib2 gtk3 dconf Optional Deps : None Conflicts With : None Replaces : None Download Size : 73.85 KiB Installed Size : 246.00 KiB Packager : Balló György <ballogyor+arch@gmail.com> Build Date : Sun 22 Jan 2017 04:50:49 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [freewrl] remove unsecure "libFreeWRLplugin.so" | Closed | |
Task Description
Remove “libFreeWRLplugin.so”, uses deprecated/unsecure NPAPI[0] and XULRunner[1][2] apis
$ pacman -Si freewrl Repository : community Name : freewrl Version : 1:2.3.3-1 Description : VRML viewer Architecture : x86_64 URL : http://freewrl.sourceforge.net/ Licenses : GPL Groups : None Provides : None Depends On : java-runtime libxaw glew freeglut curl freetype2 imlib2 sox unzip imagemagick libxml2 ttf-bitstream-vera lesstif js185 glu openal
freealut
Optional Deps : None Conflicts With : None Replaces : None Download Size : 583.49 KiB Installed Size : 2060.00 KiB Packager : Sergej Pupykin <pupykin.s+arch@gmail.com> Build Date : Mon 19 Dec 2016 10:31:49 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ sudo pacman -Ql freewrl freewrl /usr/ freewrl /usr/bin/ freewrl /usr/bin/freewrl freewrl /usr/bin/freewrl_msg freewrl /usr/bin/freewrl_snd freewrl /usr/include/ freewrl /usr/include/FreeWRLEAI/ freewrl /usr/include/FreeWRLEAI/EAIHeaders.h freewrl /usr/include/FreeWRLEAI/EAI_C.h freewrl /usr/include/FreeWRLEAI/GeneratedHeaders.h freewrl /usr/include/FreeWRLEAI/X3DNode.h freewrl /usr/include/libFreeWRL.h freewrl /usr/lib/ freewrl /usr/lib/libFreeWRL.so freewrl /usr/lib/libFreeWRL.so.2 freewrl /usr/lib/libFreeWRL.so.2.3.3 freewrl /usr/lib/libFreeWRLEAI.so freewrl /usr/lib/libFreeWRLEAI.so.2 freewrl /usr/lib/libFreeWRLEAI.so.2.3.3 freewrl /usr/lib/mozilla/ freewrl /usr/lib/mozilla/plugins/ freewrl /usr/lib/mozilla/plugins/libFreeWRLplugin.so freewrl /usr/lib/pkgconfig/ freewrl /usr/lib/pkgconfig/libFreeWRL.pc freewrl /usr/lib/pkgconfig/libFreeWRLEAI.pc freewrl /usr/share/ freewrl /usr/share/applications/ freewrl /usr/share/applications/freewrl.desktop freewrl /usr/share/man/ freewrl /usr/share/man/man1/ freewrl /usr/share/man/man1/freewrl.1.gz freewrl /usr/share/pixmaps/ freewrl /usr/share/pixmaps/freewrl.png
[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [xulrunner] unmaintained and unsupportable | Closed | |
Task Description
Remove “xulrunner”[0][1] is unsecure/abandonware package
$ pacman -Si xulrunner Repository : community Name : xulrunner Version : 41.0.2-10 Description : Mozilla Runtime Environment Architecture : x86_64 URL : http://wiki.mozilla.org/XUL:Xul_Runner Licenses : MPL GPL LGPL Groups : None Provides : None Depends On : gtk2 mozilla-common nss>3.18 libxt hunspell startup-notification mime-types dbus-glib libpulse libevent libvpx icu python2 Optional Deps : None Conflicts With : None Replaces : xulrunner-oss Download Size : 47.38 MiB Installed Size : 171.99 MiB Packager : Evangelos Foutras evangelos@foutrelis.com Build Date : Wed 26 Apr 2017 03:10:07 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [1]:https://tracker.debian.org/pkg/xulrunner
|
|
Any | Security Issue | Very High | Critical | [midori] unmaintained and unsupportable | Closed | |
Task Description
The developer team is discussing the removal of Midori from Debian repositories.
Jeremy Bicha says:
> The final stable release of Midori still uses the unmaintained WebKit1 > instead of webkit2gtk and therefore the browser suffers from numerous > known security vulnerabilities. Midori now fails to build with vala > 0.36 which is in Ubuntu 17.10 Alpha and will be in Debian unstable > once it clears the Debian new queue. > https://launchpad.net/bugs/1698483 .
See a complete discussion here.
|
|
Any | Security Issue | Very High | Critical | [w3m] unmaintained and unsupportable | Closed | |
Task Description
w3m is an unmaintained and unsuportable software, the latest release was 0.5.3 (2011)[0][1][2][3]
$ pacman -Qi w3m Name : w3m Version : 0.5.3.git20170102-2 Description : Text-based Web browser, as well as pager Architecture : x86_64 URL : http://w3m.sourceforge.net/ Licenses : custom Groups : None Provides : None Depends On : openssl gc ncurses gpm Optional Deps : imlib2: for graphics support [installed] Required By : None Optional For : None Conflicts With : None Replaces : None Installed Size : 1784.00 KiB Packager : Jan de Groot jgc@archlinux.org Build Date : Sat 04 Mar 2017 07:12:38 PM -03 Install Date : Tue 12 Sep 2017 03:43:25 AM -03 Install Reason : Explicitly installed Install Script : No Validated By : Signature
[0]:https://sourceforge.net/projects/w3m/files/w3m/ [1]:https://security.archlinux.org/package/w3m [2]:https://tracker.debian.org/pkg/w3m [3]:https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/w3m
|
|
Any | Security Issue | Very High | Critical | [pam] pam_unix2 is orphaned and dead upstream | Closed | |
Task Description
pam_unix2 was removed from Debian Jessie because it’s buggy and unmaintained [0]
It’s included inside pam package and should be removed since it doesn’t comes from official source. Also the original upstream FTP directory (ftp://ftp.suse.com/people/kukuk/pam/pam_unix2) has disappeared.
[0]:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628848
$ pacman -Si pam Repository : core Name : pam Version : 1.3.0-1 Description : PAM (Pluggable Authentication Modules) library Architecture : x86_64 URL : http://linux-pam.org Licenses : GPL2 Groups : None Provides : None Depends On : glibc cracklib libtirpc pambase Optional Deps : None Conflicts With : None Replaces : None Download Size : 609.71 KiB Installed Size : 2980.00 KiB Packager : Tobias Powalowski tpowa@archlinux.org Build Date : Thu 09 Jun 2016 02:44:03 PM -03 Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Ql pam > pam_fileslist.txt
|
|
Any | Security Issue | Very High | Critical | [wpa_supplicant] vulnerable to KRAK attack | Closed | |
Task Description
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
https://w1.fi/security/2017-1/
Arch just patched: https://www.archlinux.org/packages/core/i686/wpa_supplicant/
|
|
Any | Security Issue | Very High | Critical | [dillo] enable IPv6, SSL/TLS and threaded DNS support | Closed | |
Task Description
Please move dillo to blacklist. Please enable IPv6, SSL/TLS and threaded DNS support.
1- Arch PKGBUILD problems:
a- not obtain source via https
b- not compiled with support --enable-ipv6 --enable-threaded-dns --enable-ssl
My correction is committed in NAB-packages-community
|
|
Any | Security Issue | Very High | Critical | [linux-libre-lts*] Meltdown & Spectre Vulnerability | Closed | |
Task Description
Multiple CVEs. Unprivileged programs can gain access to a hardware bug in the CPU, and thereby initiate memory dumps and other low-level attacks.
|
|
Any | Security Issue | Very High | Critical | [electrum] JSONRPC vulnerability | Closed | |
Task Description
Our current version is vulnerable
|
|
Any | Security Issue | High | Critical | [irssi] IRSSI-SA-2018-02 Irssi Security Advisory | Closed | |
Task Description
Multiple vulnerabilities have been located in Irssi.
Access remote: yes
References links:
|
|
Any | Security Issue | Very High | Critical | [mupdf] multiple security issues | Closed | |
Task Description
Summary
The package mupdf is vulnerable to multiple issues including arbitrary code execution and denial of service via CVE-2018-6544, CVE-2018-6192, CVE-2018-6187, CVE-2018-5686 and CVE-2018-1000051.
Package Information
$ pacman -Si mupdf
Repositorio : community
Nombre : mupdf
Versión : 1.11-1
Descripción : Lightweight PDF and XPS viewer
Arquitectura : x86_64
URL : http://mupdf.com
Licencias : AGPL3
Grupos : Nada
Provee : Nada
Depende de : curl desktop-file-utils freetype2 harfbuzz jbig2dec libjpeg openjpeg2 openssl
Dependencias opcionales : Nada
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 18,18 MiB
Tamaño de la instalación : 33,03 MiB
Encargado : Christian Hesse <arch@eworm.de>
Fecha de creación : mar 11 abr 2017 05:22:41 -05
Validado por : Suma MD5 Suma SHA-256 Firma
References
|
|
Any | Security Issue | High | Critical | [geth] possible denial of service attacks "DoS Attack" | Closed | |
Task Description
Geth 1.6.x contains possible denial of service attacks “DoS Attack”, however it has been solved in 1.7.2 [0] instead. Since 1.6.x needs many modifications spread across multiple files of the code and it is inefficient to be backported, the newer version (eg. 1.7.x) could replace the current version package as exception, but repackaged with the appropriate suffix “-backports”.
|
|
Any | Security Issue | Very High | Critical | [xen] multiple security issues: CVE-2018-10472, CVE-201 ... | Closed | |
Task Description
http://openwall.com/lists/oss-security/2018/04/30/1 http://openwall.com/lists/oss-security/2018/04/30/1 An attacker supplying a crafted CDROM image can read any file (or device node) on the dom0 filesystem with the permissions of the qemu devicemodel process. (The virtual CDROM device is read-only, so no data can be written.)
http://openwall.com/lists/oss-security/2018/04/30/2 A malicious or buggy guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host.
http://openwall.com/lists/oss-security/2018/05/11/1 A malicious unprivileged device model can cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time.
http://openwall.com/lists/oss-security/2018/05/11/2
[critical] A malicious or buggy HVM guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host. Privilege escalation, or information leaks, cannot be excluded.
Patches provided by upstream.
|
|
Any | Security Issue | Medium | Critical | [glusterfs] CVE-2018-1088: Privilege escalation via gl ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [wget] - GNU Wget Cookie Injection CVE-2018-0494 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [openrc] use procps-ng's "sysctl" by default instead of ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [openrc] remove dangerous "local" init script | Closed | |
|
|
Any | Security Issue | Very High | Critical | [znc] CVE-2018-14055: privilege escalation & CVE-2018-1 ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [wesnoth] CVE-2018-1999023 - Code Injection vulnerabili ... | Closed | |
|
|
Stable | Security Issue | Very High | Critical | [iceweasel-uxp] Issue with HTTPS websites | Closed | |
|
|
Any | Security Issue | Very High | Critical | [openssh] CVE-2018-15473 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [dropbear] CVE-2018-15599 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [mutt] CVE-2018-14354 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [iceweasel-uxp-noscript] Zero-day bypass and script exe ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [util-linux] CVE-2018-7738 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [schroedinger] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [vlc] CVE-2017-17670 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [vlc] CVE-2018-11529 | Closed | |
|
|
Any | Security Issue | High | Critical | [octopi] uploads system logs to ptpb.pw without confirm ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [qtpass] Insecure Password Generation prior to 1.2.1 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [toxcore] Memory leak - Remote DDoS vunerability | Closed | |
|
|
Any | Security Issue | Very High | Critical | [openldap] 2.4.44 multiple security issues | Closed | |
|
|
Any | Security Issue | Very High | Critical | [php] CVE-2017-9120 | Closed | |
|
|
Stable | Security Issue | Very High | Critical | [exim] CVE-2019-10149 | Closed | |
|
|
Any | Security Issue | Very High | Critical | [libarchive] CVE-2019-18408 | Closed | |
|
|
Any | Security Issue | Medium | Critical | [libjpeg-turbo] CVE-2019-2201 | Closed | |
|
|
Any | Security Issue | High | High | [npapi-sdk] remove unsecure/deprecated package | Closed | |
|
|
Any | Security Issue | High | High | [npapi-vlc] remove unsecured package | Closed | |
|