dev-lang

Security Bug Reports

• dev-lang/nasm: multiple vulnerabilities

  686722 - Assigned to Gentoo Security
• dev-lang/lua: Multiple vulnerabilities (CVE-2019-6706, CVE-2020-{15945,15888,15889,24342,24369,24370,24371})

  717780 - Assigned to Gentoo Security
• <dev-lang/erlang-23.1.1: httpd directory traversal (CVE-2020-25623)

  749345 - Assigned to Gentoo Security
• <dev-lang/R-4.0.4: code execution via malicious CRAN package (CVE-2020-27637)

  765361 - Assigned to Gentoo Security
• <dev-lang/erlang-23.2.2: Invalid TLS certificate validation (CVE-2020-35733)

  765796 - Assigned to Gentoo Security
• dev-lang/jerryscript: multiple vulnerabilities

  795312 - Assigned to Gentoo Security
• dev-lang/nim: multiple vulnerabilities

  807610 - Assigned to Gentoo Security
• dev-lang/nasm: multiple vulnerabilities

  810423 - Assigned to Gentoo Security
• <dev-lang/duktape-2.7.0: segmentation fault in duk_push_tval

  831659 - Assigned to Gentoo Security
• <dev-lang/mujs-1.2.0: heap buffer overflow

  833453 - Assigned to Gentoo Security
• <dev-lang/lua-5.4.4: UAF leading to sandbox escape

  835340 - Assigned to Gentoo Security
• dev-lang/squirrel: multiple vulnerabilities

  843155 - Assigned to Gentoo Security
• <dev-lang/mujs-1.3.0: multiple vulnerabilities

  845399 - Assigned to Gentoo Security
• <dev-lang/lua-5.4.6: heap buffer overflow in recursive errors

  856463 - Assigned to Gentoo Security
• dev-lang/yasm: multiple vulnerabilities

  862112 - Assigned to Gentoo Security
• dev-lang/starlark-rust: 'cargo audit' reports one or more bundled CRATES as vulnerable

  864043 - Assigned to Gentoo Security
• <dev-lang/python-{3.8.13_p8, 3.9.13_p6, 3.10.6_p4, 3.11.0_rc1_p2}, dev-python/pypy{,3}: Denial of service via abuse of bignum int type

  868150 - Assigned to Gentoo Security
• <dev-lang/erlang-{24.3.4.2,25.0.2}: client authentication bypass

  872272 - Assigned to Gentoo Security
• <dev-lang/mujs-1.3.2: code execution via UAF via crafted javascript

  882775 - Assigned to Gentoo Security
• <dev-lang/python-{3.12.0_alpha3,3.11.1,3.10.9,3.9.16,3.8.16}, <dev-python/pypy3-7.3.10: multiple vulnerabilities

  884653 - Assigned to Gentoo Security
• <dev-lang/php-{7.4.33-r1,8.0.27,8.1.14,8.2.1}: multiple vulnerabilities?

  889882 - Assigned to Gentoo Security
• <dev-lang/rust{-bin,}-1.66.1: cargo lacking ssh host key checking

  890371 - Assigned to Gentoo Security
• <dev-lang/php-{7.4.33-r2,8.0.28,8.1.16,8.2.3}: multiple vulnerabilities

  895416 - Assigned to Gentoo Security
• <dev-lang/python-{3.10.10_p2,3.9.16_p2,3.8.16_p3}, <dev-python/pypy3-7.3.11_p1: urllib.parse blocklist bypass

  897958 - Assigned to Gentoo Security
• dev-lang/jerryscript: multiple vulnerabilities

  905089 - Assigned to Gentoo Security
• <dev-lang/perl-5.36.1-r2: HTTP::Tiny certificate verification off by default

  905296 - Assigned to Gentoo Security
• dev-lang/lua: heap buffer overread

  905319 - Assigned to Gentoo Security
• <dev-lang/go-{1.19.9,1.20.4}: Multiple vulnerabilities

  906043 - Assigned to Gentoo Security
• <dev-lang/python-{3.8.17,3.9.17,3.10.12,3.11.4}, <dev-python/pypy3-7.3.12: multiple vulnerabilities

  908018 - Assigned to Gentoo Security
• <dev-lang/php-{8.0.29,8.1.20,8.2.7}: insufficient random bytes in HTTP Digest authentication for SOAP

  908259 - Assigned to Gentoo Security
• dev-lang/mono: nuget credential leak

  908612 - Assigned to Gentoo Security
• <dev-lang/rust-1.71.1 <dev-lang/rust-bin-1.71.1: Cargo does not respect umask

  911685 - Assigned to Gentoo Security
• <dev-lang/php-{8.0.30,8.1.23,8.2.9}: multiple vulnerabilities

  912331 - Assigned to Gentoo Security
• <dev-lang/python-{3.8.18,3.9.18,3.10.13,3.11.5,3.12.0_rc1_p4}, <dev-python/pypy3_9-7.3.12_p2, <dev-python/pypy3_10-7.3.12_p5: Multiple vulnerabilities

  912976 - Assigned to Gentoo Security
• <dev-lang/php-8.2.11: security release

  916516 - Assigned to Gentoo Security
• dev-lang/jerryscript: multiple vulnerabilities

  918550 - Assigned to Gentoo Security
• <dev-lang/perl-5.38.2 : Write past buffer end via illegal user-defined Unicode property

  918612 - Assigned to Gentoo Security
• <dev-lang/go-{1.20.12,1.21.5}: multiple vulnerabilities

  919310 - Assigned to Gentoo Security
• <dev-lang/python-3.12.1:12: Groups not dropped before running subprocess when using empty 'extra_groups' parameter

  919475 - Assigned to Gentoo Security
• <dev-lang/erlang-26.2.1: Terrapin vulnerability

  920682 - Assigned to Gentoo Security
• <dev-lang/go-{1.22.1,1.21.8}: multiple vulnerabilities

  926530 - Assigned to Gentoo Security
• <dev-lang/python-{3.8.19,3.9.19,3.10.14,3.11.8,3.12.2}, <dev-python/pypy3_{9,10}-7.3.16: “quoted-overlap” zip-bombs in zipfile module, dereferencing symlinks in cleanup of TemporaryDirectory

  927299 - Assigned to Gentoo Security
• <dev-lang/go-{1.21.9,1.22.2}: HTTP/2 CONTINUATION frames can be utilized for DoS attacks

  928539 - Assigned to Gentoo Security
• <dev-lang/python-{3.11.9,3.12.3}, <dev-python/pypy3_{9,10}-7.3.16: concurrency issues in collections.deque.index() and certificate store access in ssl module

  929045 - Assigned to Gentoo Security
• <dev-lang/php-{8.1.28,8.2.18,8.3.6}: multiple vulnerabilities

  929929 - Assigned to Gentoo Security
• <dev-lang/ruby-{3.1.5,3.2.4,3.3.3}: Multiple Vulnerabilities

  930533 - Assigned to Gentoo Security