Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Maintainer-Needed
Packages
2088
Stabilization
113
Outdated
443
Pull requests
77
Bugs
2326
Security
78
Changelog
Security Bug Reports
app-text/groonga: privilege escalation via PID file manipulation
630758 - Assigned to Gentoo Security
dev-db/percona-server: multiple vulnerabilities (CVE-2019-{2938,2974})
699880 - Assigned to Gentoo Security
media-libs/libwmf: Flawed malloc implementation allowing denial of service (CVE-2016-9011)
724532 - Assigned to Gentoo Security
<mail-mta/sendmail-8.16.1: Reconnections may not use STARTTLS
730890 - Assigned to Gentoo Security
app-text/xpdf: Multiple vulnerabilities (CVE-2020-{24996,24999})
740260 - Assigned to Gentoo Security
<app-text/xpdf-4.03: multiple vulnerabilities (CVE-2020-{25725,35376})
755938 - Assigned to Gentoo Security
<media-gfx/pngcheck-3.0.2: Multiple vulnerabilities (CVE-2020-27818)
759013 - Assigned to Gentoo Security
dev-libs/xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs
770763 - Assigned to Gentoo Security
<net-irc/scrollz-2.3.1: ReDoS vulnerability
777987 - Assigned to Gentoo Security
<app-text/htmldoc-1.9.16: multiple vulnerabilities
780489 - Assigned to Gentoo Security
dev-util/cflow: Use-after-free vulnerability (CVE-2020-23856)
790842 - Assigned to Gentoo Security
net-dns/avahi: multiple DoS vulnerabilities
793953 - Assigned to Gentoo Security
dev-db/percona-server: multiple vulnerabilities
803635 - Assigned to Gentoo Security
<www-client/lynx-2.9.0_pre9: cleartext credential transmission (CVE-2021-38165)
807073 - Assigned to Gentoo Security
dev-libs/libxls: null pointer dereferences
821517 - Assigned to Gentoo Security
<net-misc/httpie-3.2.1: multiple vulnerabilities
834801 - Assigned to Gentoo Security
app-admin/keepass: logs plaintext password
835074 - Assigned to Gentoo Security
net-p2p/go-ethereum: multiple vulnerabilities
835610 - Assigned to Gentoo Security
media-gfx/dcraw: integer overflow via malicious x3f
839366 - Assigned to Gentoo Security
<app-text/xpdf-4.04: multiple vulnerabilities
840873 - Assigned to Gentoo Security
<app-crypt/pesign-116: null pointer dereference
842228 - Assigned to Gentoo Security
dev-lang/squirrel: multiple vulnerabilities
843155 - Assigned to Gentoo Security
app-text/xpdf: multiple vulnerabilities ("fixed in next release")
845027 - Assigned to Gentoo Security
<app-arch/dpkg-1.20.9-r1: directory traversal via crafted orig.tar and debian.tar
847976 - Assigned to Gentoo Security
<app-text/halibut-1.3: multiple vulnerabilities
847985 - Assigned to Gentoo Security
<dev-libs/protobuf-c-1.4.1: undefined behaviour (invalid arithmetic shift)
856043 - Assigned to Gentoo Security
app-text/xpdf: multiple vulnerabilities ("fixed in xpdf-5")
856475 - Assigned to Gentoo Security
<app-emulation/libguestfs-1.48.4: DoS via buffer overflow in get_keys() function
857828 - Assigned to Gentoo Security
<net-misc/gsasl-2.0.1: Out of bounds read
858848 - Assigned to Gentoo Security
app-shells/squirrelsh: multiple vulnerabilities via bundled dev-lang/squirrel
861806 - Assigned to Gentoo Security
app-benchmarks/hyperfine: 'cargo audit' reports one or more bundled CRATES as vulnerable
863998 - Assigned to Gentoo Security
app-shells/mcfly: 'cargo audit' reports one or more bundled CRATES as vulnerable
864028 - Assigned to Gentoo Security
app-text/fblog: 'cargo audit' reports one or more bundled CRATES as vulnerable
864037 - Assigned to Gentoo Security
dev-util/bingrep: 'cargo audit' reports one or more bundled CRATES as vulnerable
864052 - Assigned to Gentoo Security
net-dns/dnrd: multiple vulnerabilities
865251 - Assigned to Gentoo Security
<media-gfx/pngcheck-3.0.3: global buffer overflow
866233 - Assigned to Gentoo Security
<www-servers/varnish-7.1.2: multiple vulnerabilities
880627 - Assigned to Gentoo Security
app-text/xpdf: multiple vulnerabilities
881351 - Assigned to Gentoo Security
<net-dialup/freeradius-3.2.2: multiple vulnerabilities
891265 - Assigned to Gentoo Security
<www-apache/mod_security-2.9.7, <dev-libs/modsecurity-3.0.9: multiple vulnerabilities
891777 - Assigned to Gentoo Security
<net-libs/sofia-sip-1.13.16: multiple heap mishandling vulnerabilities
891791 - Assigned to Gentoo Security
<app-crypt/pesign-116: root privilege escalation via symlink following
897706 - Assigned to Gentoo Security
www-apache/mod_gnutls: incorrect timeout handling leads to excessive resource consumption
897906 - Assigned to Gentoo Security
<dev-libs/confuse-3.3-r2: Heap buffer overflow
901089 - Assigned to Gentoo Security
dev-debug/edb-debugger: denial of service vulnerability
903803 - Assigned to Gentoo Security
<dev-libs/protobuf-c-1.4.1: unsigned integer overflow
904423 - Assigned to Gentoo Security
<net-p2p/freenet-0.7.5_p1497: Path folding (deanonymization) vulnerability
904441 - Assigned to Gentoo Security
app-text/xpdf: multiple vulnerabilities
905207 - Assigned to Gentoo Security
net-im/rocketchat-desktop-bin: multiple vulnerabilities
906108 - Assigned to Gentoo Security
<net-dns/maradns-3.5.0036: integer underflow vulnerability
906113 - Assigned to Gentoo Security
<dev-libs/log4cxx-1.2.0[odbc]: SQL injection
906115 - Assigned to Gentoo Security
dev-util/cflow: stack overflow
906713 - Assigned to Gentoo Security
net-mail/imapsync: insecure tmp directory usage
907935 - Assigned to Gentoo Security
app-text/xpdf: divide by zero vulnerability
908037 - Assigned to Gentoo Security
net-im/rocketchat-desktop-bin: multiple vulnerabilities
908039 - Assigned to Gentoo Security
app-admin/keepass: password disclosure via memory dump
908040 - Assigned to Gentoo Security
<app-emulation/open-vm-tools-12.2.5: Possible denial of service vulnerability
908555 - Assigned to Gentoo Security
dev-lang/mono: nuget credential leak
908612 - Assigned to Gentoo Security
<sys-cluster/kops-1.28.2: account credential leakage into containers
909091 - Assigned to Gentoo Security
<net-misc/ntpsec-1.2.2a: Crash with NTS if NTS is disabled
914427 - Assigned to Gentoo Security
<www-apache/modsecurity-crs-3.3.5: Content-Type confusion
916319 - Assigned to Gentoo Security
net-misc/httpie-3.2.2: Missing SSL certificate validation
917450 - Assigned to Gentoo Security
app-emulation/open-vm-tools: multiple vulnerabilities
918407 - Assigned to Gentoo Security
www-servers/varnish: http/2 rapid reset vulnerability
918416 - Assigned to Gentoo Security
dev-java/sbt{,-bin}: arbitrary file overwrite
918428 - Assigned to Gentoo Security
<media-gfx/gifsicle-1.94: floating point exception DoS
918436 - Assigned to Gentoo Security
app-admin/graylog: multiple vulnerabilities
918542 - Assigned to Gentoo Security
media-gfx/zbar: multiple vulnerabilities
918543 - Assigned to Gentoo Security
media-gfx/librecad: multiple vulnerabilities
918609 - Assigned to Gentoo Security
dev-libs/zziplib: invalid memory access
918624 - Assigned to Gentoo Security
app-shells/fish: command substitution output can trigger shell expansion
919488 - Assigned to Gentoo Security
<net-ftp/proftpd-1.3.8b: terrapin vulnerability
920385 - Assigned to Gentoo Security
mail-mta/sendmail: smtp smuggling
921521 - Assigned to Gentoo Security
<www-client/httrack-3.49.5 httrack's bundle of zlib Minizip affected by CVE-2023-45853
923035 - Assigned to Gentoo Security
<www-servers/nginx-1.25.4: segmentation fault might occur while processing a specially crafted QUIC session
924619 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.