Gentoo Project

Proxy Maintainers

Security Bug Reports

• <app-emulation/xen-4.13.2-r1: Information leak via power sidechannel

  754105 - Assigned to Tomáš Mózes
• net-p2p/bitcoind: Information leak via RPC calls (CVE-2021-3195)

  766983 - Assigned to Gentoo Security
• =net-libs/libmicrohttpd-0.9.70: buffer overflow vulnerability (CVE-2021-3466)

  778296 - Assigned to Gentoo Security
• <net-libs/libesmtp-1.0.6_p20200824: Buffer overflow in NTLM handling (CVE-2019-19977)

  782532 - Assigned to Gentoo Security
• dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})

  799785 - Assigned to Gentoo Security
• <app-text/mupdf-1.20.0: multiple vulnerabilities

  803305 - Assigned to Gentoo Security
• <net-ftp/atftp-0.7.5: multiple vulnerabilities

  813079 - Assigned to Gentoo Security
• sys-cluster/teleport: multiple vulnerabilities

  813702 - Assigned to Gentoo Security
• <net-proxy/squid-4.17: multiple vulnerabilities

  816246 - Assigned to Gentoo Security
• dev-libs/stb: multiple vulnerabilities

  818556 - Assigned to Gentoo Security
• <net-vpn/strongswan-5.9.4: integer overflow (CVE-2021-41991)

  818841 - Assigned to Gentoo Security
• dev-db/redis: integer overflow via bundled hiredis

  821346 - Assigned to Gentoo Security
• app-emulation/xen - multiple vulnerabilities

  826998 - Assigned to Tomáš Mózes
• <net-libs/tox-0.2.13: remote code execution

  829650 - Assigned to Gentoo Security
• <media-libs/gegl-0.4.34: shell expansion via pathname in system()

  829880 - Assigned to Gentoo Security
• <app-containers/podman-3.4.3: insufficient network isolation

  829896 - Assigned to Gentoo Security
• <app-admin/usbview-2.2: root privilege escalation via insecure polkit settings

  831756 - Assigned to Gentoo Security
• media-libs/openjpeg: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb

  832007 - Assigned to Gentoo Security
• <net-irc/atheme-services-7.2.12: authentication bypass with >=net-irc/inspircd-3

  832400 - Assigned to Gentoo Security
• <net-vpn/strongswan-5.9.5: authentication bypass

  832460 - Assigned to Gentoo Security
• <dev-lang/mujs-1.2.0: heap buffer overflow

  833453 - Assigned to Gentoo Security
• net-nds/389-ds-base: double free in persistent searches

  833631 - Assigned to Gentoo Security
• net-nds/389-ds-base: multiple vulnerabilities

  835611 - Assigned to Gentoo Security
• <app-containers/crun-1.4.4: "exec does not set inheritable capabilities"

  835976 - Assigned to Gentoo Security
• dev-libs/stb: reachable assertion in stbi__create_png_image_raw

  836241 - Assigned to Gentoo Security
• dev-php/composer: VcsDriver::getFileContent() command execution

  838268 - Assigned to Gentoo Security
• <app-antivirus/clamav-0.103.6: multiple vulnerabilities

  842813 - Assigned to Gentoo Security
• dev-lang/janet: array mishandling

  845036 - Assigned to Gentoo Security
• <dev-lang/mujs-1.3.0: multiple vulnerabilities

  845399 - Assigned to Gentoo Security
• <media-gfx/gimp-2.10.32: memory exhaustion via crafted file

  845402 - Assigned to Gentoo Security
• net-nds/389-ds-base: access control bypass vulnerability

  849401 - Assigned to Gentoo Security
• <media-gfx/gimp-2.10.32: DoS via crafted XCF file

  856283 - Assigned to Gentoo Security
• app-emulation/xen: retbleed

  858122 - Assigned to Gentoo Security
• <net-proxy/squid-5.7: DoS via long Gopher server responses

  858845 - Assigned to Gentoo Security
• <www-servers/caddy-2.5.2: oob read allows for DoS

  860147 - Assigned to Gentoo Security
• app-misc/broot: 'cargo audit' reports one or more bundled CRATES as vulnerable

  864016 - Assigned to Gentoo Security
• app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable

  864031 - Assigned to Gentoo Security
• <www-client/w3m-20230121: oob write

  865249 - Assigned to Gentoo Security
• media-gfx/blender: multiple vulnerabilities

  865525 - Assigned to Gentoo Security
• <app-text/hunspell-1.7.1: multiple vulnerabilities

  866093 - Assigned to Gentoo Security
• sys-cluster/teleport: remote code execution

  866356 - Assigned to Gentoo Security
• app-backup/amanda: multiple vulnerabilities

  870037 - Assigned to Gentoo Security
• <app-containers/podman-4.3.0: incorrect handling of supplementary groups

  870931 - Assigned to Gentoo Security
• <net-proxy/squid-5.7: multiple vulnerabilities (SQUID-2022:{1,2})

  872551 - Assigned to Gentoo Security
• <app-emulation/xen-4.15.4_pre1: multiple vulnerabilities

  876790 - Assigned to Gentoo Security
• <net-vpn/strongswan-5.9.8: DoS via revocation pointing to attacker server

  878887 - Assigned to Gentoo Security
• app-emulation/xen: multiple vulnerabilities

  879031 - Assigned to Gentoo Security
• <dev-lang/mujs-1.3.2: code execution via UAF via crafted javascript

  882775 - Assigned to Gentoo Security
• app-containers/buildah: multiple vulnerabilities

  884859 - Assigned to Gentoo Security
• app-text/mupdf: multiple vulnerabilities

  886009 - Assigned to Gentoo Security
• <net-libs/libvncserver-0.9.14: multiple vulnerabilities

  887067 - Assigned to Gentoo Security
• <app-arch/upx-4.0.1-r1 <app-arch/upx-bin-4.0.2: multiple vulnerabilities

  890616 - Assigned to Gentoo Security
• <app-crypt/tpm2-tss-3.2.2: Buffer Overflow in TSS2_RC_Decode

  891519 - Assigned to Gentoo Security
• dev-libs/modsecurity: multiple vulnerabilities

  891777 - Assigned to Gentoo Security
• app-emulation/dynamips: use of uninitialized variable

  891779 - Assigned to Gentoo Security
• <media-libs/assimp-5.2.5-r1: heap use after free

  891787 - Assigned to Gentoo Security
• app-containers/podman: arbitrary host file access

  896372 - Assigned to Gentoo Security
• sys-cluster/glusterfs: multiple vulnerabilities

  897926 - Assigned to Jaco Kroon
• <dev-libs/libtpms-0.9.6: Out-of-bounds access

  898504 - Assigned to Gentoo Security
• <net-vpn/strongswan-5.9.10: denial of service but possibly even remote code execution

  899964 - Assigned to Gentoo Security
• <net-news/liferea-1.12.10: Fix RCE vulnerability on feed enrichment

  901085 - Assigned to Gentoo Security
• app-admin/doas vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection

  901393 - Assigned to Gentoo Security
• <dev-db/redis-7.0.10: Specially crafted MSETNX command can lead to assertion and denial-of-service

  902501 - Assigned to Gentoo Security
• <app-arch/upx-4.0.2 <app-arch/upx-bin-4.0.2: multiple vulnerabilities

  903139 - Assigned to Gentoo Security
• <net-misc/frr-8.4.1: DoS vulnerability via reachable assertion

  903757 - Assigned to Gentoo Security
• media-libs/libjxl: multiple vulnerabilities

  905094 - Assigned to Gentoo Security
• <net-libs/libsignal-protocol-c-2.3.3-r1: unsigned integer overflow in bundled protobuf-c

  905098 - Assigned to Gentoo Security
• <sci-astronomy/stellarium-23.1: arbitrary file write vulnerability

  905300 - Assigned to Gentoo Security
• <dev-libs/libmemcached-awesome-1.1.4: request confusion

  905335 - Assigned to Gentoo Security
• <app-editors/vim-9.0.1503, <app-editors/vim-core-9.0.1503, <app-editors/gvim-9.0.1503: Multiple vulnerabilities

  905373 - Assigned to Gentoo Security
• <app-emulation/xen-{4.16.4,4.17.1}: multiple vulnerabilities

  905389 - Assigned to Gentoo Security
• media-libs/libjxl: assertion failure

  905393 - Assigned to Gentoo Security
• app-admin/filebeat: credential leakage into logs

  905879 - Assigned to Gentoo Security
• net-misc/frr: multiple vulnerabilities

  905882 - Assigned to Gentoo Security
• <app-editors/vim-9.0.1627: multiple "vulnerabilities"

  906109 - Assigned to Gentoo Security
• net-misc/frr: multiple vulnerabilities

  906116 - Assigned to Gentoo Security
• <dev-cpp/cpp-httplib-0.12.4: clrf injection

  907934 - Assigned to Gentoo Security
• <net-nntp/sabnzbd-4.0.2: remote code execution via notification script parameter manipulation

  908032 - Assigned to Gentoo Security
• net-p2p/bitcoind: denial of service

  908084 - Assigned to Gentoo Security
• app-crypt/acme-sh: Remote code execution

  908104 - Assigned to Gentoo Security
• media-libs/openexr: oss-fuzz stack buffer overread

  908257 - Assigned to Gentoo Security
• media-libs/libjxl: integer underflow leading to infinite loop

  908520 - Assigned to Gentoo Security
• <dev-db/redis-{6.2.13, 7.0.12}: Multiple vulnerabilities

  910191 - Assigned to Gentoo Security
• <net-vpn/i2p-2.3.0: Eepsite deanonymization attack

  911550 - Assigned to Gentoo Security
• net-misc/frr: Denial of service vulnerability

  913242 - Assigned to Gentoo Security
• <dev-db/redis-{7.0.13, 7.2.1}: Redis SORT_RO may bypass ACL configuration

  913741 - Assigned to Gentoo Security