Proxy Maintainers – Gentoo Packages

Security Bug Reports

app-arch/lrzip: invalid memory read in lzo1x_decompress
682270 - Assigned to Gentoo Security
<mail-mta/sendmail-8.16.1: Reconnections may not use STARTTLS
730890 - Assigned to Gentoo Security
dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})
799785 - Assigned to Gentoo Security
<net-irc/weechat-3.3: Websocket vulnerability in relay plugin
811603 - Assigned to Gentoo Security
<net-ftp/atftp-0.7.5: multiple vulnerabilities
813079 - Assigned to Gentoo Security
<dev-libs/libbpf-0.7.0: multiple vulnerabilities
830368 - Assigned to Gentoo Security
<media-libs/openjpeg-2.5.2: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb
832007 - Assigned to Gentoo Security
<net-irc/atheme-services-7.2.12: authentication bypass with >=net-irc/inspircd-3
832400 - Assigned to Gentoo Security
<app-arch/lrzip-0.650: Multiple vulnerabilities
834456 - Assigned to Gentoo Security
<net-irc/weechat-3.4.1: SSL verification vulnerability
835133 - Assigned to Gentoo Security
net-p2p/go-ethereum: multiple vulnerabilities
835610 - Assigned to Gentoo Security
<app-containers/crun-1.4.4: "exec does not set inheritable capabilities"
835976 - Assigned to Gentoo Security
dev-libs/stb: reachable assertion in stbi__create_png_image_raw
836241 - Assigned to Gentoo Security
app-arch/lrzip: DoS via invalid arithmetic shifts
856055 - Assigned to Gentoo Security
<www-servers/caddy-2.5.2: oob read allows for DoS
860147 - Assigned to Gentoo Security
app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable
864031 - Assigned to Gentoo Security
media-gfx/blender: multiple vulnerabilities
865525 - Assigned to Gentoo Security
<app-backup/amanda-3.5.4: multiple vulnerabilities
870037 - Assigned to Gentoo Security
<app-metrics/node_exporter-1.5.0: basic authentication bypass
883653 - Assigned to Gentoo Security
app-containers/buildah: multiple vulnerabilities
884859 - Assigned to Gentoo Security
<app-text/mupdf-1.11: multiple vulnerabilities
886009 - Assigned to Gentoo Security
<net-libs/libvncserver-0.9.14: multiple vulnerabilities
887067 - Assigned to Gentoo Security
<app-arch/upx-4.0.1-r1 <app-arch/upx-bin-4.0.2: multiple vulnerabilities
890616 - Assigned to Gentoo Security
<net-dialup/freeradius-3.2.2: multiple vulnerabilities
891265 - Assigned to Gentoo Security
<app-crypt/tpm2-tss-3.2.2: Buffer Overflow in TSS2_RC_Decode
891519 - Assigned to Gentoo Security
<media-libs/assimp-5.2.5-r1: heap use after free
891787 - Assigned to Gentoo Security
sys-cluster/glusterfs: multiple vulnerabilities
897926 - Assigned to Jaco Kroon
<net-dns/knot-resolver-5.6.0: DoS via many TCP connections
897928 - Assigned to Gentoo Security
<dev-libs/libtpms-0.9.6: Out-of-bounds access
898504 - Assigned to Gentoo Security
app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection
901393 - Assigned to Gentoo Security
<app-arch/upx-4.0.2 <app-arch/upx-bin-4.0.2: multiple vulnerabilities
903139 - Assigned to Gentoo Security
<net-misc/frr-8.4.1: DoS vulnerability via reachable assertion
903757 - Assigned to Gentoo Security
media-libs/libjxl: multiple vulnerabilities
905094 - Assigned to Gentoo Security
<net-libs/libsignal-protocol-c-2.3.3-r1: unsigned integer overflow in bundled protobuf-c
905098 - Assigned to Gentoo Security
net-dns/coredns: multiple vulnerabilities
905301 - Assigned to Gentoo Security
media-libs/libjxl: assertion failure
905393 - Assigned to Gentoo Security
<app-admin/filebeat-7.17.16: credential leakage into logs
905879 - Assigned to Gentoo Security
<net-misc/frr-8.4.1: multiple vulnerabilities
905882 - Assigned to Gentoo Security
<media-libs/opencv-4.8.0: multiple vulnerabilities
906106 - Assigned to Gentoo Security
<net-misc/frr-9.0: multiple vulnerabilities
906116 - Assigned to Gentoo Security
<media-libs/openexr-3.1.11: oss-fuzz stack buffer overread
908257 - Assigned to Gentoo Security
<media-libs/libjxl-0.8.2: integer underflow leading to infinite loop
908520 - Assigned to Gentoo Security
<net-libs/rabbitmq-c-0.13.0: credentials passed on command line
908818 - Assigned to Gentoo Security
<net-vpn/i2p-2.3.0: Eepsite deanonymization attack
911550 - Assigned to Gentoo Security
<net-misc/frr-9.0.4: multiple vulnerabilities
913242 - Assigned to Gentoo Security
<app-backup/borgbackup-1.2.6: Archive spoofing vulnerability
913407 - Assigned to Gentoo Security
<net-proxy/squid-6.5: multiple vulnerabilities
916334 - Assigned to Gentoo Security
<media-libs/openexr-3.1.12: oss fuzz issues
916514 - Assigned to Gentoo Security
<net-misc/frr-9.0.2: multiple vulnerabilities
916902 - Assigned to Gentoo Security
<net-libs/pjproject-2.13.1: heap buffer overflow when parsing DNS packet
917463 - Assigned to Gentoo Security
net-libs/pjproject: UAF in SRTP media transport
917613 - Assigned to Gentoo Security
<net-misc/croc-10.0.12: multiple vulnerabilities
918091 - Assigned to Gentoo Security
<www-servers/caddy-2.7.5: http/2 rapid reset vulnerability
918413 - Assigned to Gentoo Security
<net-dns/knot-resolver-5.7.0: DoS via TCP reconnections (again)
918587 - Assigned to Gentoo Security
dev-libs/stb: multiple vulnerabilities
918679 - Assigned to Gentoo Security
<app-shells/fish-3.7.0: command substitution output can trigger shell expansion
919488 - Assigned to Gentoo Security
<net-proxy/squid-6.6: Denial of Service in HTTP Request parsing
920101 - Assigned to Gentoo Security
<mail-mta/sendmail-8.18.1: smtp smuggling
921521 - Assigned to Gentoo Security
dev-libs/modsecurity: WAF bypass
923858 - Assigned to Gentoo Security
<net-dns/knot-resolver-5.7.1: "KeyTrap" DNS DoS vulnerability
924459 - Assigned to Gentoo Security
<www-apps/gitea-1.21.5: allows anonymous container access if RequireSignInView is enabled
925023 - Assigned to Gentoo Security
<net-p2p/kubo-0.29.0-r1: executes downloaded binaries without verification
930853 - Assigned to Gentoo Security
<app-crypt/tpm2-tss-4.0.2: Unchecked magic number in verify quote
931055 - Assigned to Gentoo Security
<app-crypt/tpm2-tools-5.6.1: Missing comparison of PCR selection and uncheck magic number in verify quote
931056 - Assigned to Gentoo Security
<dev-python/flask-cors-4.0.1: log injection when the log level is set to debug
931228 - Assigned to Gentoo Security
<app-containers/skopeo-1.15.1: unexpected authenticated registry accesses
932453 - Assigned to Gentoo Security
<app-containers/podman-5.0.3: unexpected authenticated registry access
936573 - Assigned to Gentoo Security
<media-libs/assimp-5.4.2: heap-based buffer overflow
936586 - Assigned to Gentoo Security
<app-editors/vim-9.1.0794: multiple vulnerabilities
937126 - Assigned to Gentoo Security
<net-proxy/squid-6.10: buffer underflow in ESI
938814 - Assigned to Gentoo Security
<dev-db/redict-7.3.1 <dev-db/redis-{6.2.16,7.2.6,7.4.1}: multiple vulnerabilities
940609 - Assigned to Gentoo Security
<app-emulation/xen-4.18.4_pre0: Deadlock in vlapic_error()
940632 - Assigned to Gentoo Security
<app-containers/podman-5.2.4: improper input validation
941217 - Assigned to Gentoo Security
<app-containers/containers-common-0.60.4: improper file path handling when FIPS mode is enabled
941218 - Assigned to Gentoo Security
<app-containers/podman-5.2.5: symlink traversal can result in denial of service via OOM
942556 - Assigned to Gentoo Security
<app-containers/buildah-1.37.5; symlink traversal can result in denial of service via OOM
942557 - Assigned to Gentoo Security
<app-containers/containers-storage-1.55.1: symlink traversal can result in denial of service via OOM
942559 - Assigned to Gentoo Security
<net-fs/openafs-1.8.13: multiple vulnerabilities
943361 - Assigned to Gentoo Security
<app-emulation/xen-4.18.4_pre1: multiple vulnerabilities
944489 - Assigned to Tomáš Mózes
<dev-java/json-smart-2.5.1: possible stack overflow
947204 - Assigned to Gentoo Security
<dev-db/redict-7.3.2, <dev-db/redis-{6.2.17,7.2.7,7.4.2}: multiple vulnerabilities
947749 - Assigned to Gentoo Security
<app-editors/vim-9.1.1436: heap-buffer-overflow when switching buffers in visual mode
947924 - Assigned to Gentoo Security
<www-servers/nginx-1.26.3: SNI allowed to reuse SSL sessions in a different virtual server
949354 - Assigned to Gentoo Security
dev-libs/olm: multiple vulnerabilities
951441 - Assigned to Gentoo Security
<www-apps/icingaweb2-module-director-1.11.4: Rest API endpoints accessible to restricted users
953028 - Assigned to Gentoo Security
<dev-cpp/abseil-cpp-20250127.1: potential integer overflow in hash container create/resize
953451 - Assigned to Gentoo Security
<dev-db/redict-7.3.3 <dev-db/redis-{6.2.18,7.2.8,7.4.3}: An unauthenticated client can cause an unlimited growth of output buffers
954265 - Assigned to Gentoo Security
<net-dns/dnsdist-1.9.9: vulnerability to CVE-2025-30194 (DOS via crafted DoH exchange)
955071 - Assigned to Gentoo Security
<net-dns/dnsdist-1.9.10: DOS via crafted TCP exchange
956344 - Assigned to Gentoo Security
<net-analyzer/wireshark-4.4.7: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
957157 - Assigned to Gentoo Security
<dev-libs/libtpms-0.10.1: Out-of-bound access in HMAC Signing
957795 - Assigned to Gentoo Security
<media-libs/libavif-1.3.0: integer and resultant buffer overflow
958975 - Assigned to Gentoo Security
<dev-db/redict-7.3.5 <dev-db/redis-{6.2.19, 7.2.10, 7.4.5, 8.0.3}: Multiple vulnerabilities
959657 - Assigned to Gentoo Security
<www-apps/icingadb-web-1.2.2: Exposure of Sensitive Information to an Unauthorized User of Icinga Dependency Views
960512 - Assigned to Gentoo Security
net-misc/asterisk security: GHSA-mrq5-74j5-f5cr & GHSA-v9q8-9j8m-5xwp & GHSA-64qc-9x89-rx5j
960930 - Assigned to Gentoo Security
<net-dns/dnsdist-1.9.11: DoS in HTTP/2 due to client triggered stream reset
962197 - Assigned to Gentoo Security
www-apps/redmine: multiple vulnerabilities
963180 - Assigned to Gentoo Security
<net-analyzer/wireshark-4.4.10: MONGO dissector infinite loop
963972 - Assigned to Gentoo Security

Contact Information

Please file new vulnerability reports on Gentoo Bugzilla and assign them to the Gentoo Security product and Vulnerabilities component.

Gentoo ProjectProxy Maintainers

Security Bug Reports

Contact Information

Gentoo Project
Proxy Maintainers