Gentoo Developer

Sam James

Security Bug Reports

• dev-libs/crypto++: vulnerable to private key recovery (CVE-2019-14318)

  702930 - Assigned to Gentoo Security
• dev-libs/libtomcrypt: Out of bounds read (CVE-2019-17362)

  761412 - Assigned to Gentoo Security
• <sys-fs/zfs-{2.1.15,2.2.0}: ipv6 access control confusion (CVE-2013-20001)

  770337 - Assigned to Gentoo Security
• net-analyzer/fail2ban: code exection via malicious whois responses (CVE-2021-32749)

  802513 - Assigned to Gentoo Security
• <dev-libs/botan-2.18.2: ElGamal plaintext recovery (CVE-2021-40529)

  811906 - Assigned to Gentoo Security
• <dev-libs/crypto++-8.6.0: ElGamal plaintext recovery (CVE-2021-40530)

  811915 - Assigned to Gentoo Security
• dev-db/redis: integer overflow via bundled hiredis

  821346 - Assigned to Gentoo Security
• <dev-lang/duktape-2.7.0: segmentation fault in duk_push_tval

  831659 - Assigned to Gentoo Security
• <dev-libs/botan-2.19.3: OCSP response falsification

  881529 - Assigned to Gentoo Security
• <net-irc/ergo-2.11.1: Websocket denial of service issue

  891803 - Assigned to Gentoo Security
• <net-analyzer/tcpdump-4.99.4: OOB write in SMB decoder

  904041 - Assigned to Gentoo Security
• <net-misc/iperf-3.14: Denial of service vulnerability

  910083 - Assigned to Gentoo Security
• <dev-libs/libtommath-1.2.1: Integer overflow

  913880 - Assigned to Gentoo Security
• net-irc/unrealircd: denial-of-service by sending an oversized packet

  920264 - Assigned to Gentoo Security
• dev-libs/crypto++: multiple vulnerabilities

  920284 - Assigned to Gentoo Security
• <sys-libs/pam-1.6.1: local denial of service vulnerability in `pam_namespace.so`

  922397 - Assigned to Gentoo Security
• <dev-libs/botan-{2.19.4, 3.3.0}: Denial of service via ECC parameters

  925147 - Assigned to Gentoo Security
• <sys-fs/zfs-{2.1.15,2.2.3}: Bundled old Lua is vulnerable to CVE-2020-24370

  925290 - Assigned to Gentoo Security
• <dev-libs/libxml2-{2.11.8, 2.12.7}: Buffer overread with xmllint --htmlout

  931977 - Assigned to Gentoo Security
• <net-irc/ergo-2.13.1: exploitable deadlock leading to denial of service

  936197 - Assigned to Gentoo Security
• <net-libs/libpcap-1.10.5: Multiple vulnerabilities

  939952 - Assigned to Gentoo Security
• <net-analyzer/wireshark-{4.2.8, 4.4.1}: Multiple vulnerabilities

  941560 - Assigned to Gentoo Security
• <sys-libs/pam-1.7.0_p20241230: password leakage via speculative ROP chain

  942075 - Assigned to Gentoo Security
• <dev-libs/libxml2-{2.11.9, 2.12.9}: Regression in consumer protection from CVE-2012-0037

  943198 - Assigned to Gentoo Security
• <app-arch/7zip-24.07: vulnerability in zstandard implementation

  945395 - Assigned to Gentoo Security
• <dev-util/diffoscope-285: Multiple vulnerabilities

  948426 - Assigned to Gentoo Security
• <dev-libs/libxml2-{2.12.10, 2.13.6}: Multiple vulnerabilities

  949914 - Assigned to Gentoo Security
• <net-misc/socat-1.8.0.3: readline.sh log file is world-writable

  950117 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.43: Multiple vulnerabilities

  951265 - Assigned to Gentoo Security