Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Proxy Maintainers
Packages
1124
Stabilization
97
Outdated
181
Pull requests
63
Bugs
182
Security
81
Changelog
Security Bug Reports
media-libs/netpbm: ITFFRGBAImageGet out-of-bounds read and write (CVE-2017-5849)
618612 - Assigned to security
<net-misc/tigervnc-1.12.0-r2: Multiple vulnerabilities (CVE-2019-{15691, 15692, 15694, 15695}, CVE-2020-26117)
700464 - Assigned to security
<www-servers/pound-3.0: HTTP request smuggling (CVE-2018-21245)
714084 - Assigned to security
dev-util/codeblocks: Remote code execution via crafted project file (CVE-2020-10814)
716732 - Assigned to security
<net-misc/netkit-rsh-0.17-r12: Access restrictions bypass (CVE-2019-{7282,7283})
717794 - Assigned to security
dev-java/icedtea: Multiple vulnerabilities
732628 - Assigned to security
<app-emulation/xen-4.13.2-r1: Information leak via power sidechannel
754105 - Assigned to hydrapolic
<app-emulation/xen-{4.13.2-r2,4.14.0-r6}: stack corruption from XSA-346 change
757126 - Assigned to hydrapolic
net-p2p/bitcoind: Information leak via RPC calls (CVE-2021-3195)
766983 - Assigned to security
<net-libs/libesmtp-1.0.6_p20200824: Buffer overflow in NTLM handling (CVE-2019-19977)
782532 - Assigned to security
<media-libs/openjpeg-2.4.0-r3: integer overflow leading to DoS (CVE-2021-29338)
783513 - Assigned to security
<app-emulation/virtualbox-6.1.20: multiple vulnerabilities (CPU April 2021)
785445 - Assigned to security
<media-libs/openexr-2.5.7: multiple vulnerabilities (CVE-2021-23169)
787452 - Assigned to security
app-shells/thefuck: Arbitrary file deletion (CVE-2021-34363)
795291 - Assigned to security
<app-emulation/virtualbox-6.1.24: multiple vulnerabilties (CVE-2021-{2409,2442,2443,2454})
803134 - Assigned to security
app-misc/elasticsearch: multiple vulnerabilities (CVE-2021-{22144,22145})
803251 - Assigned to security
<dev-db/redis-{5.0.13, 6.0.15, 6.2.5}: integer interflow on 32 bit builds (CVE-2021-32761)
803302 - Assigned to security
app-text/mupdf: OOB write (CVE-2021-37220)
803305 - Assigned to security
<net-libs/pjproject-2.10-r2: DoS vulnerability (CVE-2021-32686)
803614 - Assigned to security
mail-client/alpine: STARTTLS vulnerabilities (CVE-2021-38370)
807613 - Assigned to security
<net-ftp/atftp-0.7.5: multiple vulnerabilities
813079 - Assigned to security
app-misc/elasticsearch: insufficient access control (CVE-2021-22147)
813513 - Assigned to security
sys-cluster/teleport: multiple vulnerabilities
813702 - Assigned to security
<dev-db/redis-{5.0.14, 6.0.16, 6.2.6}: multiple vulnerabilities (CVE-2021-{32626,32627,32628,32672,32675,32687,32762,41099})
816282 - Assigned to security
<app-emulation/xen-{4.14.3-r1,4.15.1-r1}: DoS or privilege escalation if guest has RMRR PCI devices
816882 - Assigned to security
<media-libs/openexr-3.1.2: multiple vulnerabilities
817431 - Assigned to security
dev-libs/stb: multiple vulnerabilities
818556 - Assigned to security
net-vpn/strongswan: integer overflow (CVE-2021-41991)
818841 - Assigned to security
<app-emulation/virtualbox-6.1.28: multiple vulnerabilities (CVE-2021-{2475,35538,35540,35542,35545})
820425 - Assigned to security
dev-db/redis: integer overflow via bundled hiredis
821346 - Assigned to security
<app-emulation/xen-{4.14.3-r2,4.15.1-r2}: privilege escalation
825354 - Assigned to security
app-emulation/xen - multiple vulnerabilities
826998 - Assigned to hydrapolic
media-sound/clementine: multiple vulnerabilities
829307 - Assigned to security
<net-libs/tox-0.2.13: remote code execution
829650 - Assigned to security
<media-libs/gegl-0.4.34: shell expansion via pathname in system()
829880 - Assigned to security
<net-libs/pjproject-2.12.1: multiple vulnerabilities
829894 - Assigned to security
<media-libs/assimp-5.2.2: Multiple vulnerabilities
830374 - Assigned to security
<media-libs/openexr-3.1.4: heap buffer overflow
830384 - Assigned to security
<dev-python/pipenv-2022.1.8: code execution via crafted requirements.txt file
830982 - Assigned to security
<app-emulation/virtualbox-6.1.32: unspecified vulnerability (Oracle CPU Jan 2022)
831440 - Assigned to security
<app-admin/usbview-2.2: root privilege escalation via insecure polkit settings
831756 - Assigned to security
media-libs/openjpeg: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb
832007 - Assigned to security
<app-emulation/xen-{4.15.1-r3,4.16.0-r2}: multiple vulnerabilities in Xen (CVE-2022-{23033,23034,23035})
832039 - Assigned to security
<net-irc/atheme-services-7.2.12: authentication bypass with >=net-irc/inspircd-3
832400 - Assigned to security
<net-vpn/strongswan-5.9.5: authentication bypass
832460 - Assigned to security
<www-apps/kibana-bin-7.17.1: authenticated XSS via index patterns
833151 - Assigned to security
<dev-lang/mujs-1.2.0: heap buffer overflow
833453 - Assigned to security
net-nds/389-ds-base: double free in persistent searches
833631 - Assigned to security
<media-gfx/blender-{2.93.9,3.1.0}: multiple vulnerabilities
834011 - Assigned to security
<www-apps/kibana-bin-7.17.1: multiple vulnerabilities
834543 - Assigned to security
<app-misc/elasticsearch-7.17.1: insufficient access control on security index
834544 - Assigned to security
<app-emulation/xen-{4.15.2-r1,4.16.0-r4}: Multiple speculative security issues
835401 - Assigned to security
net-nds/389-ds-base: multiple vulnerabilities
835611 - Assigned to security
<app-containers/crun-1.4.4: "exec does not set inheritable capabilities"
835976 - Assigned to security
dev-libs/stb: reachable assertion in stbi__create_png_image_raw
836241 - Assigned to security
<media-libs/openjpeg-2.4.0-r2: Use-after-free
836969 - Assigned to security
<app-emulation/xen-{4.15.2-r2,4.16.0-r5}: multiple vulnerabilities
837575 - Assigned to hydrapolic
<media-libs/openexr-3.1.5: oss-fuzz issues
838079 - Assigned to security
dev-php/composer: VcsDriver::getFileContent() command execution
838268 - Assigned to security
<net-misc/asterisk-{16.26.1,18.13.0}: multiple vulnerabilities
838391 - Assigned to jaco
<app-emulation/virtualbox-6.1.34: multiple vulnerabilities
839990 - Assigned to security
<dev-util/radare2-5.7.4: multiple vulnerabilities
841023 - Assigned to security
<dev-db/redis-6.2.7: Multiple vulnerabilities
841404 - Assigned to security
media-libs/openjpeg: security fixes
844064 - Assigned to security
dev-lang/janet: array mishandling
845036 - Assigned to security
dev-lang/mujs: multiple vulnerabilities
845399 - Assigned to security
<media-gfx/gimp-2.10.32: memory exhaustion via crafted file
845402 - Assigned to security
www-apps/gitea: stored xss bug (CVE-2022-1928)
848465 - Assigned to security
net-nds/389-ds-base: access control bypass vulnerability
849401 - Assigned to security
<sys-apps/firejail-0.9.70: local privilege escalation via --join
850748 - Assigned to security
<app-emulation/xen-{4.15.3,4.16.1}: multiple vulnerabilities
850802 - Assigned to security
media-libs/libjxl: assertion failure (with further impact?)
856037 - Assigned to security
<dev-db/redis-7.0.1: memory leak via streamGetEdgeID
856040 - Assigned to security
<media-gfx/gimp-2.10.32: DoS via crafted XCF file
856283 - Assigned to security
<www-apps/gitea-1.16.8: multiple vulnerabilities
857819 - Assigned to security
app-emulation/xen: retbleed
858122 - Assigned to security
<dev-db/redis-7.0.4: Buffer overflow in XAUTOCLAIM command handling
859181 - Assigned to security
<app-emulation/virtualbox-6.1.36: multiple vulnerabilities (Oracle CPU July 2022)
859391 - Assigned to security
app-misc/broot: 'cargo audit' reports one or more bundled CRATES as vulnerable
864016 - Assigned to security
app-misc/rpick: 'cargo audit' reports one or more bundled CRATES as vulnerable
864019 - Assigned to security
app-shells/starship: 'cargo audit' reports one or more bundled CRATES as vulnerable
864034 - Assigned to security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.