Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Project
Proxy Maintainers
Packages
1606
Stabilization
0
Outdated
297
Pull requests
96
Bugs
1397
Security
100
Changelog
Security Bug Reports
app-arch/lrzip: invalid memory read in lzo1x_decompress
682270 - Assigned to Gentoo Security
<mail-mta/sendmail-8.16.1: Reconnections may not use STARTTLS
730890 - Assigned to Gentoo Security
dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})
799785 - Assigned to Gentoo Security
<net-irc/weechat-3.3: Websocket vulnerability in relay plugin
811603 - Assigned to Gentoo Security
<net-ftp/atftp-0.7.5: multiple vulnerabilities
813079 - Assigned to Gentoo Security
<dev-libs/libbpf-0.7.0: multiple vulnerabilities
830368 - Assigned to Gentoo Security
<media-libs/openjpeg-2.5.2: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb
832007 - Assigned to Gentoo Security
<net-irc/atheme-services-7.2.12: authentication bypass with >=net-irc/inspircd-3
832400 - Assigned to Gentoo Security
<app-arch/lrzip-0.650: Multiple vulnerabilities
834456 - Assigned to Gentoo Security
<net-irc/weechat-3.4.1: SSL verification vulnerability
835133 - Assigned to Gentoo Security
net-p2p/go-ethereum: multiple vulnerabilities
835610 - Assigned to Gentoo Security
<app-containers/crun-1.4.4: "exec does not set inheritable capabilities"
835976 - Assigned to Gentoo Security
dev-libs/stb: reachable assertion in stbi__create_png_image_raw
836241 - Assigned to Gentoo Security
app-arch/lrzip: DoS via invalid arithmetic shifts
856055 - Assigned to Gentoo Security
<www-servers/caddy-2.5.2: oob read allows for DoS
860147 - Assigned to Gentoo Security
app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable
864031 - Assigned to Gentoo Security
media-gfx/blender: multiple vulnerabilities
865525 - Assigned to Gentoo Security
<app-backup/amanda-3.5.4: multiple vulnerabilities
870037 - Assigned to Gentoo Security
<app-metrics/node_exporter-1.5.0: basic authentication bypass
883653 - Assigned to Gentoo Security
app-containers/buildah: multiple vulnerabilities
884859 - Assigned to Gentoo Security
<app-text/mupdf-1.11: multiple vulnerabilities
886009 - Assigned to Gentoo Security
<net-libs/libvncserver-0.9.14: multiple vulnerabilities
887067 - Assigned to Gentoo Security
<app-arch/upx-4.0.1-r1 <app-arch/upx-bin-4.0.2: multiple vulnerabilities
890616 - Assigned to Gentoo Security
<net-dialup/freeradius-3.2.2: multiple vulnerabilities
891265 - Assigned to Gentoo Security
<app-crypt/tpm2-tss-3.2.2: Buffer Overflow in TSS2_RC_Decode
891519 - Assigned to Gentoo Security
<media-libs/assimp-5.2.5-r1: heap use after free
891787 - Assigned to Gentoo Security
sys-cluster/glusterfs: multiple vulnerabilities
897926 - Assigned to Jaco Kroon
<net-dns/knot-resolver-5.6.0: DoS via many TCP connections
897928 - Assigned to Gentoo Security
<dev-libs/libtpms-0.9.6: Out-of-bounds access
898504 - Assigned to Gentoo Security
app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection
901393 - Assigned to Gentoo Security
<app-arch/upx-4.0.2 <app-arch/upx-bin-4.0.2: multiple vulnerabilities
903139 - Assigned to Gentoo Security
<net-misc/frr-8.4.1: DoS vulnerability via reachable assertion
903757 - Assigned to Gentoo Security
media-libs/libjxl: multiple vulnerabilities
905094 - Assigned to Gentoo Security
<net-libs/libsignal-protocol-c-2.3.3-r1: unsigned integer overflow in bundled protobuf-c
905098 - Assigned to Gentoo Security
net-dns/coredns: multiple vulnerabilities
905301 - Assigned to Gentoo Security
media-libs/libjxl: assertion failure
905393 - Assigned to Gentoo Security
<app-admin/filebeat-7.17.16: credential leakage into logs
905879 - Assigned to Gentoo Security
<net-misc/frr-8.4.1: multiple vulnerabilities
905882 - Assigned to Gentoo Security
<media-libs/opencv-4.8.0: multiple vulnerabilities
906106 - Assigned to Gentoo Security
<net-misc/frr-9.0: multiple vulnerabilities
906116 - Assigned to Gentoo Security
<media-libs/openexr-3.1.11: oss-fuzz stack buffer overread
908257 - Assigned to Gentoo Security
<media-libs/libjxl-0.8.2: integer underflow leading to infinite loop
908520 - Assigned to Gentoo Security
<net-libs/rabbitmq-c-0.13.0: credentials passed on command line
908818 - Assigned to Gentoo Security
<net-vpn/i2p-2.3.0: Eepsite deanonymization attack
911550 - Assigned to Gentoo Security
<net-misc/frr-9.0.4: multiple vulnerabilities
913242 - Assigned to Gentoo Security
<app-backup/borgbackup-1.2.6: Archive spoofing vulnerability
913407 - Assigned to Gentoo Security
<net-proxy/squid-6.5: multiple vulnerabilities
916334 - Assigned to Gentoo Security
<media-libs/openexr-3.1.12: oss fuzz issues
916514 - Assigned to Gentoo Security
<net-misc/frr-9.0.2: multiple vulnerabilities
916902 - Assigned to Gentoo Security
<net-libs/pjproject-2.13.1: heap buffer overflow when parsing DNS packet
917463 - Assigned to Gentoo Security
net-libs/pjproject: UAF in SRTP media transport
917613 - Assigned to Gentoo Security
<net-misc/croc-10.0.12: multiple vulnerabilities
918091 - Assigned to Gentoo Security
<www-servers/caddy-2.7.5: http/2 rapid reset vulnerability
918413 - Assigned to Gentoo Security
<net-dns/knot-resolver-5.7.0: DoS via TCP reconnections (again)
918587 - Assigned to Gentoo Security
dev-libs/stb: multiple vulnerabilities
918679 - Assigned to Gentoo Security
<app-shells/fish-3.7.0: command substitution output can trigger shell expansion
919488 - Assigned to Gentoo Security
<net-proxy/squid-6.6: Denial of Service in HTTP Request parsing
920101 - Assigned to Gentoo Security
<mail-mta/sendmail-8.18.1: smtp smuggling
921521 - Assigned to Gentoo Security
dev-libs/modsecurity: WAF bypass
923858 - Assigned to Gentoo Security
<net-dns/knot-resolver-5.7.1: "KeyTrap" DNS DoS vulnerability
924459 - Assigned to Gentoo Security
<www-apps/gitea-1.21.5: allows anonymous container access if RequireSignInView is enabled
925023 - Assigned to Gentoo Security
<net-p2p/kubo-0.29.0-r1: executes downloaded binaries without verification
930853 - Assigned to Gentoo Security
<app-crypt/tpm2-tss-4.0.2: Unchecked magic number in verify quote
931055 - Assigned to Gentoo Security
<app-crypt/tpm2-tools-5.6.1: Missing comparison of PCR selection and uncheck magic number in verify quote
931056 - Assigned to Gentoo Security
<dev-python/flask-cors-4.0.1: log injection when the log level is set to debug
931228 - Assigned to Gentoo Security
<app-containers/skopeo-1.15.1: unexpected authenticated registry accesses
932453 - Assigned to Gentoo Security
<app-containers/podman-5.0.3: unexpected authenticated registry access
936573 - Assigned to Gentoo Security
<media-libs/assimp-5.4.2: heap-based buffer overflow
936586 - Assigned to Gentoo Security
<app-editors/vim-9.1.0794: multiple vulnerabilities
937126 - Assigned to Gentoo Security
<net-proxy/squid-6.10: buffer underflow in ESI
938814 - Assigned to Gentoo Security
<dev-db/redict-7.3.1 <dev-db/redis-{6.2.16,7.2.6,7.4.1}: multiple vulnerabilities
940609 - Assigned to Gentoo Security
<app-emulation/xen-4.18.4_pre0: Deadlock in vlapic_error()
940632 - Assigned to Gentoo Security
<app-containers/podman-5.2.4: improper input validation
941217 - Assigned to Gentoo Security
<app-containers/containers-common-0.60.4: improper file path handling when FIPS mode is enabled
941218 - Assigned to Gentoo Security
<app-containers/podman-5.2.5: symlink traversal can result in denial of service via OOM
942556 - Assigned to Gentoo Security
<app-containers/buildah-1.37.5; symlink traversal can result in denial of service via OOM
942557 - Assigned to Gentoo Security
<app-containers/containers-storage-1.55.1: symlink traversal can result in denial of service via OOM
942559 - Assigned to Gentoo Security
<net-fs/openafs-1.8.13: multiple vulnerabilities
943361 - Assigned to Gentoo Security
<app-emulation/xen-4.18.4_pre1: multiple vulnerabilities
944489 - Assigned to Tomáš Mózes
<dev-java/json-smart-2.5.1: possible stack overflow
947204 - Assigned to Gentoo Security
<dev-db/redict-7.3.2, <dev-db/redis-{6.2.17,7.2.7,7.4.2}: multiple vulnerabilities
947749 - Assigned to Gentoo Security
<app-editors/vim-9.1.1436: heap-buffer-overflow when switching buffers in visual mode
947924 - Assigned to Gentoo Security
<www-servers/nginx-1.26.3: SNI allowed to reuse SSL sessions in a different virtual server
949354 - Assigned to Gentoo Security
dev-libs/olm: multiple vulnerabilities
951441 - Assigned to Gentoo Security
<www-apps/icingaweb2-module-director-1.11.4: Rest API endpoints accessible to restricted users
953028 - Assigned to Gentoo Security
<dev-cpp/abseil-cpp-20250127.1: potential integer overflow in hash container create/resize
953451 - Assigned to Gentoo Security
<dev-db/redict-7.3.3 <dev-db/redis-{6.2.18,7.2.8,7.4.3}: An unauthenticated client can cause an unlimited growth of output buffers
954265 - Assigned to Gentoo Security
<net-dns/dnsdist-1.9.9: vulnerability to CVE-2025-30194 (DOS via crafted DoH exchange)
955071 - Assigned to Gentoo Security
<net-dns/dnsdist-1.9.10: DOS via crafted TCP exchange
956344 - Assigned to Gentoo Security
<net-analyzer/wireshark-4.4.7: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
957157 - Assigned to Gentoo Security
<dev-libs/libtpms-0.10.1: Out-of-bound access in HMAC Signing
957795 - Assigned to Gentoo Security
<media-libs/libavif-1.3.0: integer and resultant buffer overflow
958975 - Assigned to Gentoo Security
<dev-db/redict-7.3.5 <dev-db/redis-{6.2.19, 7.2.10, 7.4.5, 8.0.3}: Multiple vulnerabilities
959657 - Assigned to Gentoo Security
<www-apps/icingadb-web-1.2.2: Exposure of Sensitive Information to an Unauthorized User of Icinga Dependency Views
960512 - Assigned to Gentoo Security
net-misc/asterisk security: GHSA-mrq5-74j5-f5cr & GHSA-v9q8-9j8m-5xwp & GHSA-64qc-9x89-rx5j
960930 - Assigned to Gentoo Security
<net-dns/dnsdist-1.9.11: DoS in HTTP/2 due to client triggered stream reset
962197 - Assigned to Gentoo Security
www-apps/redmine: multiple vulnerabilities
963180 - Assigned to Gentoo Security
<net-analyzer/wireshark-4.4.10: MONGO dissector infinite loop
963972 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.