Georgy Yakovlev – Gentoo Packages

Security Bug Reports

sys-fs/zfs: ipv6 access control confusion (CVE-2013-20001)

770337 - Assigned to Gentoo Security
<sys-process/glances-3.1.7: unsafe XML parsing

791565 - Assigned to Gentoo Security
<net-irc/weechat-3.3: Websocket vulnerability in relay plugin

811603 - Assigned to Gentoo Security
<app-containers/docker-20.10.9: multiple vulnerabilities

816273 - Assigned to Gentoo Security
<app-containers/docker-cli-20.10.9: May send credentials to non-chosen registry (CVE-2021-41092)

816321 - Assigned to Gentoo Security
<dev-java/openjfx-11.0.11_p1: OOB read in bundled gstreamer

819633 - Assigned to Gentoo Security
<app-containers/runc-1.0.2-r1: Access restriction bypass (CVE-2021-43784)

828471 - Assigned to Gentoo Security
<net-irc/weechat-3.4.1: SSL verification vulnerability

835133 - Assigned to Gentoo Security
<app-shells/fish-3.4.0: code execution via malicious git configuration

835337 - Assigned to Gentoo Security
<app-containers/containerd-1.5.11: Default inheritable capabilities for linux container should be empty

835917 - Assigned to Gentoo Security
<app-containers/runc-1.1.2: incorrect handling of inheritable capabilities

844085 - Assigned to Gentoo Security
<app-arch/dpkg-1.20.9-r1: directory traversal via crafted orig.tar and debian.tar

847976 - Assigned to Gentoo Security
<app-containers/containerd-1.6.8: malicious container memory exhaustion

850124 - Assigned to Gentoo Security
app-benchmarks/hyperfine: 'cargo audit' reports one or more bundled CRATES as vulnerable

863998 - Assigned to Gentoo Security
dev-util/bingrep: 'cargo audit' reports one or more bundled CRATES as vulnerable

864052 - Assigned to Gentoo Security
<dev-util/cargo-ebuild-0.5.4-r1: 'cargo audit' reports one or more bundled CRATES as vulnerable

864061 - Assigned to Gentoo Security
dev-util/rustup: 'cargo audit' reports one or more bundled CRATES as vulnerable

864067 - Assigned to Gentoo Security
<dev-qt/qtwebengine-5.15.7_p20221122: Multiple vulnerabilities...

866332 - Assigned to Gentoo Security
app-containers/docker: supplementary groups mishandling

869407 - Assigned to Gentoo Security
app-containers/docker: Git vulnerability mitigations

877653 - Assigned to Gentoo Security
<app-containers/containerd-1.6.14: host memory exhaustion

884803 - Assigned to Gentoo Security
<app-containers/docker-20.10.22: multiple vulnerabilities

886509 - Assigned to Gentoo Security
<dev-qt/qtwebengine-5.15.8_p20230112: Multiple vulnerabilities...

888181 - Assigned to Gentoo Security
app-containers/containerd: multiple vulnerabilities

897960 - Assigned to Gentoo Security
<app-containers/runc-1.1.5: Privilege escalation bug

903079 - Assigned to Gentoo Security
<dev-qt/qtwebengine-5.15.8_p20230313: Multiple vulnerabilities...

903544 - Assigned to Gentoo Security
app-containers/docker: multiple vulnerabilities

903804 - Assigned to Gentoo Security
<dev-qt/qtwebengine-5.15.9_p20230421: Multiple vulnerabilities...

904290 - Assigned to Gentoo Security
app-containers/docker: vulnerability in bundled buildkit

905336 - Assigned to Gentoo Security
<dev-qt/qtwebengine-5.15.9_p20230505: Multiple vulnerabilities...

906857 - Assigned to Gentoo Security
<app-admin/sysstat-12.6.2-r1: incomplete fix for CVE-2022-39377

907121 - Assigned to Gentoo Security
net-libs/grpc: multiple vulnerabilities

908217 - Assigned to Gentoo Security
<dev-qt/qtwebengine-5.15.10_p20230623: Multiple vulnerabilities...

909778 - Assigned to Gentoo Security
<dev-lang/rust-1.71.1, <dev-lang/rust-bin-1.71.1: Cargo does not respect umask

911685 - Assigned to Gentoo Security
<dev-qt/qtwebengine-5.15.10_p20230815: Multiple vulnerabilities

913050 - Assigned to Gentoo Security

Contact Information

Please file new vulnerability reports on Gentoo Bugzilla and assign them to the Gentoo Security product and Vulnerabilities component.

Gentoo Developer Georgy Yakovlev

Security Bug Reports

Contact Information

Gentoo Developer

Georgy Yakovlev