Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
dev-lang
The dev-lang category contains various programming language implementations and related tools.
Packages
Stabilization
24
Outdated
39
Pull requests
27
Bugs
631
Security
46
Security Bug Reports
dev-lang/nasm: multiple vulnerabilities
686722 - Assigned to Gentoo Security
dev-lang/lua: Multiple vulnerabilities (CVE-2019-6706, CVE-2020-{15945,15888,15889,24342,24369,24370,24371})
717780 - Assigned to Gentoo Security
<dev-lang/erlang-23.1.1: httpd directory traversal (CVE-2020-25623)
749345 - Assigned to Gentoo Security
<dev-lang/R-4.0.4: code execution via malicious CRAN package (CVE-2020-27637)
765361 - Assigned to Gentoo Security
<dev-lang/erlang-23.2.2: Invalid TLS certificate validation (CVE-2020-35733)
765796 - Assigned to Gentoo Security
dev-lang/jerryscript: multiple vulnerabilities
795312 - Assigned to Gentoo Security
dev-lang/nim: multiple vulnerabilities
807610 - Assigned to Gentoo Security
dev-lang/nasm: multiple vulnerabilities
810423 - Assigned to Gentoo Security
<dev-lang/duktape-2.7.0: segmentation fault in duk_push_tval
831659 - Assigned to Gentoo Security
<dev-lang/mujs-1.2.0: heap buffer overflow
833453 - Assigned to Gentoo Security
<dev-lang/lua-5.4.4: UAF leading to sandbox escape
835340 - Assigned to Gentoo Security
dev-lang/squirrel: multiple vulnerabilities
843155 - Assigned to Gentoo Security
<dev-lang/mujs-1.3.0: multiple vulnerabilities
845399 - Assigned to Gentoo Security
<dev-lang/lua-5.4.6: heap buffer overflow in recursive errors
856463 - Assigned to Gentoo Security
dev-lang/yasm: multiple vulnerabilities
862112 - Assigned to Gentoo Security
dev-lang/starlark-rust: 'cargo audit' reports one or more bundled CRATES as vulnerable
864043 - Assigned to Gentoo Security
<dev-lang/python-{3.8.13_p8, 3.9.13_p6, 3.10.6_p4, 3.11.0_rc1_p2}, dev-python/pypy{,3}: Denial of service via abuse of bignum int type
868150 - Assigned to Gentoo Security
<dev-lang/erlang-{24.3.4.2,25.0.2}: client authentication bypass
872272 - Assigned to Gentoo Security
<dev-lang/mujs-1.3.2: code execution via UAF via crafted javascript
882775 - Assigned to Gentoo Security
<dev-lang/python-{3.12.0_alpha3,3.11.1,3.10.9,3.9.16,3.8.16}, <dev-python/pypy3-7.3.10: multiple vulnerabilities
884653 - Assigned to Gentoo Security
<dev-lang/php-{7.4.33-r1,8.0.27,8.1.14,8.2.1}: multiple vulnerabilities?
889882 - Assigned to Gentoo Security
<dev-lang/rust{-bin,}-1.66.1: cargo lacking ssh host key checking
890371 - Assigned to Gentoo Security
<dev-lang/php-{7.4.33-r2,8.0.28,8.1.16,8.2.3}: multiple vulnerabilities
895416 - Assigned to Gentoo Security
<dev-lang/python-{3.10.10_p2,3.9.16_p2,3.8.16_p3}, <dev-python/pypy3-7.3.11_p1: urllib.parse blocklist bypass
897958 - Assigned to Gentoo Security
dev-lang/jerryscript: multiple vulnerabilities
905089 - Assigned to Gentoo Security
<dev-lang/perl-5.36.1-r2: HTTP::Tiny certificate verification off by default
905296 - Assigned to Gentoo Security
dev-lang/lua: heap buffer overread
905319 - Assigned to Gentoo Security
<dev-lang/go-{1.19.9,1.20.4}: Multiple vulnerabilities
906043 - Assigned to Gentoo Security
<dev-lang/python-{3.8.17,3.9.17,3.10.12,3.11.4}, <dev-python/pypy3-7.3.12: multiple vulnerabilities
908018 - Assigned to Gentoo Security
<dev-lang/php-{8.0.29,8.1.20,8.2.7}: insufficient random bytes in HTTP Digest authentication for SOAP
908259 - Assigned to Gentoo Security
dev-lang/mono: nuget credential leak
908612 - Assigned to Gentoo Security
<dev-lang/rust-1.71.1 <dev-lang/rust-bin-1.71.1: Cargo does not respect umask
911685 - Assigned to Gentoo Security
<dev-lang/php-{8.0.30,8.1.23,8.2.9}: multiple vulnerabilities
912331 - Assigned to Gentoo Security
<dev-lang/python-{3.8.18,3.9.18,3.10.13,3.11.5,3.12.0_rc1_p4}, <dev-python/pypy3_9-7.3.12_p2, <dev-python/pypy3_10-7.3.12_p5: Multiple vulnerabilities
912976 - Assigned to Gentoo Security
<dev-lang/php-8.2.11: security release
916516 - Assigned to Gentoo Security
dev-lang/jerryscript: multiple vulnerabilities
918550 - Assigned to Gentoo Security
<dev-lang/perl-5.38.2 : Write past buffer end via illegal user-defined Unicode property
918612 - Assigned to Gentoo Security
<dev-lang/go-{1.20.12,1.21.5}: multiple vulnerabilities
919310 - Assigned to Gentoo Security
<dev-lang/python-3.12.1:12: Groups not dropped before running subprocess when using empty 'extra_groups' parameter
919475 - Assigned to Gentoo Security
<dev-lang/erlang-26.2.1: Terrapin vulnerability
920682 - Assigned to Gentoo Security
<dev-lang/go-{1.22.1,1.21.8}: multiple vulnerabilities
926530 - Assigned to Gentoo Security
<dev-lang/python-{3.8.19,3.9.19,3.10.14,3.11.8,3.12.2}, <dev-python/pypy3_{9,10}-7.3.16: “quoted-overlap” zip-bombs in zipfile module, dereferencing symlinks in cleanup of TemporaryDirectory
927299 - Assigned to Gentoo Security
<dev-lang/go-{1.21.9,1.22.2}: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
928539 - Assigned to Gentoo Security
<dev-lang/python-{3.11.9,3.12.3}, <dev-python/pypy3_{9,10}-7.3.16: concurrency issues in collections.deque.index() and certificate store access in ssl module
929045 - Assigned to Gentoo Security
<dev-lang/php-{8.1.28,8.2.18,8.3.6}: multiple vulnerabilities
929929 - Assigned to Gentoo Security
<dev-lang/ruby-{3.1.5,3.2.4,3.3.3}: Multiple Vulnerabilities
930533 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.