Gentoo Project

Proxy Maintainers

Security Bug Reports

• <mail-mta/sendmail-8.16.1: Reconnections may not use STARTTLS

  730890 - Assigned to Gentoo Security
• media-gfx/transfig: Multiple vulnerabilities

  753962 - Assigned to Gentoo Security
• media-gfx/transfig: Out of bounds read (CVE-2021-3561)

  792333 - Assigned to Gentoo Security
• dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})

  799785 - Assigned to Gentoo Security
• <net-irc/weechat-3.3: Websocket vulnerability in relay plugin

  811603 - Assigned to Gentoo Security
• <net-ftp/atftp-0.7.5: multiple vulnerabilities

  813079 - Assigned to Gentoo Security
• <media-libs/gegl-0.4.34: shell expansion via pathname in system()

  829880 - Assigned to Gentoo Security
• <media-libs/openjpeg-2.5.2: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb

  832007 - Assigned to Gentoo Security
• <net-irc/atheme-services-7.2.12: authentication bypass with >=net-irc/inspircd-3

  832400 - Assigned to Gentoo Security
• <net-irc/weechat-3.4.1: SSL verification vulnerability

  835133 - Assigned to Gentoo Security
• net-p2p/go-ethereum: multiple vulnerabilities

  835610 - Assigned to Gentoo Security
• <app-containers/crun-1.4.4: "exec does not set inheritable capabilities"

  835976 - Assigned to Gentoo Security
• dev-libs/stb: reachable assertion in stbi__create_png_image_raw

  836241 - Assigned to Gentoo Security
• <www-servers/caddy-2.5.2: oob read allows for DoS

  860147 - Assigned to Gentoo Security
• app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable

  864031 - Assigned to Gentoo Security
• media-gfx/blender: multiple vulnerabilities

  865525 - Assigned to Gentoo Security
• <app-backup/amanda-3.5.4: multiple vulnerabilities

  870037 - Assigned to Gentoo Security
• <app-metrics/node_exporter-1.5.0: basic authentication bypass

  883653 - Assigned to Gentoo Security
• app-containers/buildah: multiple vulnerabilities

  884859 - Assigned to Gentoo Security
• <app-text/mupdf-1.11: multiple vulnerabilities

  886009 - Assigned to Gentoo Security
• <net-libs/libvncserver-0.9.14: multiple vulnerabilities

  887067 - Assigned to Gentoo Security
• <app-arch/upx-4.0.1-r1 <app-arch/upx-bin-4.0.2: multiple vulnerabilities

  890616 - Assigned to Gentoo Security
• <net-dialup/freeradius-3.2.2: multiple vulnerabilities

  891265 - Assigned to Gentoo Security
• <app-crypt/tpm2-tss-3.2.2: Buffer Overflow in TSS2_RC_Decode

  891519 - Assigned to Gentoo Security
• <www-apache/mod_security-2.9.7, <dev-libs/modsecurity-3.0.9: multiple vulnerabilities

  891777 - Assigned to Gentoo Security
• app-emulation/dynamips: use of uninitialized variable

  891779 - Assigned to Gentoo Security
• <media-libs/assimp-5.2.5-r1: heap use after free

  891787 - Assigned to Gentoo Security
• sys-cluster/glusterfs: multiple vulnerabilities

  897926 - Assigned to Jaco Kroon
• <net-dns/knot-resolver-5.6.0: DoS via many TCP connections

  897928 - Assigned to Gentoo Security
• <dev-libs/libtpms-0.9.6: Out-of-bounds access

  898504 - Assigned to Gentoo Security
• app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection

  901393 - Assigned to Gentoo Security
• <app-arch/upx-4.0.2 <app-arch/upx-bin-4.0.2: multiple vulnerabilities

  903139 - Assigned to Gentoo Security
• <net-misc/frr-8.4.1: DoS vulnerability via reachable assertion

  903757 - Assigned to Gentoo Security
• media-libs/libjxl: multiple vulnerabilities

  905094 - Assigned to Gentoo Security
• <net-libs/libsignal-protocol-c-2.3.3-r1: unsigned integer overflow in bundled protobuf-c

  905098 - Assigned to Gentoo Security
• net-dns/coredns: multiple vulnerabilities

  905301 - Assigned to Gentoo Security
• media-libs/libjxl: assertion failure

  905393 - Assigned to Gentoo Security
• <app-admin/filebeat-7.17.16: credential leakage into logs

  905879 - Assigned to Gentoo Security
• <net-misc/frr-8.4.1: multiple vulnerabilities

  905882 - Assigned to Gentoo Security
• <media-libs/opencv-4.8.0: multiple vulnerabilities

  906106 - Assigned to Gentoo Security
• <net-misc/frr-9.0: multiple vulnerabilities

  906116 - Assigned to Gentoo Security
• <media-libs/openexr-3.1.11: oss-fuzz stack buffer overread

  908257 - Assigned to Gentoo Security
• <media-libs/libjxl-0.8.2: integer underflow leading to infinite loop

  908520 - Assigned to Gentoo Security
• <net-libs/rabbitmq-c-0.13.0: credentials passed on command line

  908818 - Assigned to Gentoo Security
• <net-vpn/i2p-2.3.0: Eepsite deanonymization attack

  911550 - Assigned to Gentoo Security
• <net-misc/frr-9.0.4: multiple vulnerabilities

  913242 - Assigned to Gentoo Security
• <net-proxy/squid-6.5: multiple vulnerabilities

  916334 - Assigned to Gentoo Security
• <media-libs/openexr-3.1.12: oss fuzz issues

  916514 - Assigned to Gentoo Security
• <net-misc/frr-9.0.2: multiple vulnerabilities

  916902 - Assigned to Gentoo Security
• <net-libs/pjproject-2.13.1: heap buffer overflow when parsing DNS packet

  917463 - Assigned to Gentoo Security
• net-libs/pjproject: UAF in SRTP media transport

  917613 - Assigned to Gentoo Security
• <net-misc/croc-10.0.12: multiple vulnerabilities

  918091 - Assigned to Gentoo Security
• <www-servers/caddy-2.7.5: http/2 rapid reset vulnerability

  918413 - Assigned to Gentoo Security
• <net-dns/knot-resolver-5.7.0: DoS via TCP reconnections (again)

  918587 - Assigned to Gentoo Security
• dev-libs/stb: multiple vulnerabilities

  918679 - Assigned to Gentoo Security
• <app-shells/fish-3.7.0: command substitution output can trigger shell expansion

  919488 - Assigned to Gentoo Security
• <net-proxy/squid-6.6: Denial of Service in HTTP Request parsing

  920101 - Assigned to Gentoo Security
• <net-vpn/strongswan-5.9.13: buffer overflow and potential RCE

  920105 - Assigned to Gentoo Security
• mail-mta/sendmail: smtp smuggling

  921521 - Assigned to Gentoo Security
• dev-libs/modsecurity: WAF bypass

  923858 - Assigned to Gentoo Security
• <net-dns/knot-resolver-5.7.1: "KeyTrap" DNS DoS vulnerability

  924459 - Assigned to Gentoo Security
• <www-apps/gitea-1.21.5: allows anonymous container access if RequireSignInView is enabled

  925023 - Assigned to Gentoo Security
• <net-p2p/kubo-0.29.0-r1: executes downloaded binaries without verification

  930853 - Assigned to Gentoo Security
• <app-crypt/tpm2-tss-4.0.2: Unchecked magic number in verify quote

  931055 - Assigned to Gentoo Security
• <app-crypt/tpm2-tools-5.6.1: Missing comparison of PCR selection and uncheck magic number in verify quote

  931056 - Assigned to Gentoo Security
• <dev-python/flask-cors-4.0.1: log injection when the log level is set to debug

  931228 - Assigned to Gentoo Security
• <app-containers/skopeo-1.15.1: unexpected authenticated registry accesses

  932453 - Assigned to Gentoo Security
• <app-containers/podman-5.0.3: unexpected authenticated registry access

  936573 - Assigned to Gentoo Security
• <media-libs/assimp-5.4.2: heap-based buffer overflow

  936586 - Assigned to Gentoo Security
• app-editors/vim: multiple vulnerabilities

  937126 - Assigned to Gentoo Security
• <net-proxy/squid-6.10: buffer underflow in ESI

  938814 - Assigned to Gentoo Security
• <dev-db/redict-7.3.1 <dev-db/redis-{6.2.16,7.2.6,7.4.1}: multiple vulnerabilities

  940609 - Assigned to Gentoo Security
• <app-emulation/xen-4.18.4_pre0: Deadlock in vlapic_error()

  940632 - Assigned to Gentoo Security
• <app-containers/podman-5.2.4: improper input validation

  941217 - Assigned to Gentoo Security
• <app-containers/containers-common-0.60.4: improper file path handling when FIPS mode is enabled

  941218 - Assigned to Gentoo Security
• <net-analyzer/wireshark-{4.2.8, 4.4.1}: Multiple vulnerabilities

  941560 - Assigned to Gentoo Security
• <app-containers/podman-5.2.5: symlink traversal can result in denial of service via OOM

  942556 - Assigned to Gentoo Security
• <app-containers/buildah-1.37.5; symlink traversal can result in denial of service via OOM

  942557 - Assigned to Gentoo Security
• <app-containers/containers-storage-1.55.1: symlink traversal can result in denial of service via OOM

  942559 - Assigned to Gentoo Security
• <net-libs/mbedtls-{2.28.9,3.6.2}: multiple vulnerabilities

  943337 - Assigned to Gentoo Security
• <net-fs/openafs-1.8.13: multiple vulnerabilities

  943361 - Assigned to Gentoo Security
• <app-emulation/xen-4.18.4_pre1: multiple vulnerabilities

  944489 - Assigned to Tomáš Mózes
• <dev-java/json-smart-2.5.1: possible stack overflow

  947204 - Assigned to Gentoo Security
• <net-misc/frr-{10.0.3,10.1.2}: Denial of Service in RPKI validation

  947630 - Assigned to Gentoo Security
• <dev-db/redict-7.3.2, <dev-db/redis-{6.2.17,7.2.7,7.4.2}: multiple vulnerabilities

  947749 - Assigned to Gentoo Security
• <net-misc/asterisk-{18.26.1,20.11.1,21.6.1,22.1.1}: Path traversal

  947790 - Assigned to Gentoo Security
• app-editors/vim: heap-buffer-overflow when switching buffers in visual mode

  947924 - Assigned to Gentoo Security
• dev-libs/olm: multiple vulenrabilities

  951441 - Assigned to Gentoo Security
• net-irc/inspircd-4.X potential denial of service by privileged user

  952940 - Assigned to Gentoo Security
• <dev-cpp/abseil-cpp-20250127.1: potential integer overflow in hash container create/resize

  953451 - Assigned to Gentoo Security
• <net-dns/dnsdist-1.9.9: vulnerability to CVE-2025-30194 (DOS via crafted DoH exchange)

  955071 - Assigned to Gentoo Security