Gentoo Developer

Sam James

Security Bug Reports

• dev-libs/crypto++: vulnerable to private key recovery (CVE-2019-14318)

  702930 - Assigned to Gentoo Security
• dev-libs/libtomcrypt: Out of bounds read (CVE-2019-17362)

  761412 - Assigned to Gentoo Security
• net-analyzer/fail2ban: code exection via malicious whois responses (CVE-2021-32749)

  802513 - Assigned to Gentoo Security
• <dev-libs/crypto++-8.6.0: ElGamal plaintext recovery (CVE-2021-40530)

  811915 - Assigned to Gentoo Security
• dev-db/redis: integer overflow via bundled hiredis

  821346 - Assigned to Gentoo Security
• <dev-lang/duktape-2.7.0: segmentation fault in duk_push_tval

  831659 - Assigned to Gentoo Security
• <dev-libs/botan-2.19.3: OCSP response falsification

  881529 - Assigned to Gentoo Security
• <net-analyzer/tcpdump-4.99.4: OOB write in SMB decoder

  904041 - Assigned to Gentoo Security
• <net-misc/iperf-3.14: Denial of service vulnerability

  910083 - Assigned to Gentoo Security
• <dev-libs/libtommath-1.2.1: Integer overflow

  913880 - Assigned to Gentoo Security
• net-irc/unrealircd: denial-of-service by sending an oversized packet

  920264 - Assigned to Gentoo Security
• dev-libs/crypto++: multiple vulnerabilities

  920284 - Assigned to Gentoo Security
• <net-libs/libpcap-1.10.5: Multiple vulnerabilities

  939952 - Assigned to Gentoo Security
• <app-arch/7zip-24.07: vulnerability in zstandard implementation

  945395 - Assigned to Gentoo Security
• <dev-util/diffoscope-285: Multiple vulnerabilities

  948426 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.43: Multiple vulnerabilities

  951265 - Assigned to Gentoo Security
• <dev-util/diffoscope-295: Potentially unsafe operation on zip files

  955814 - Assigned to Gentoo Security
• <net-analyzer/wireshark-4.4.7: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  957157 - Assigned to Gentoo Security
• <sys-libs/pam-1.7.1: Multiple vulnerabilities

  958320 - Assigned to Gentoo Security
• <app-arch/7zip-25.00: multiple vulnerabilities

  960631 - Assigned to Gentoo Security
• <net-misc/iperf-3.19.1: Multiple vulnerabilities

  960763 - Assigned to Gentoo Security
• <app-arch/7zip-25.01: Arbitrary file write via symlinks in archives

  961281 - Assigned to Gentoo Security
• <www-servers/lighttpd-1.4.80: HTTP/2 MadeYouReset vulnerability

  961511 - Assigned to Gentoo Security
• <www-servers/lighttpd-1.4.81: may not reject disallowed headers

  961817 - Assigned to Gentoo Security
• <dev-libs/libxml2-2.13.9: Multiple vulnerabilities

  962684 - Assigned to Gentoo Security
• <net-analyzer/wireshark-4.4.10: MONGO dissector infinite loop

  963972 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.43-r2: Type confusion in exsltFuncResultComp

  964753 - Assigned to Gentoo Security
• <dev-db/redis-8.2.3:0/8.2: Bug in XACKDEL may lead to stack overflow and potential RCE

  965476 - Assigned to Gentoo Security
• <media-gfx/graphicsmagick-1.3.46: Multiple vulnerabilities

  965832 - Assigned to Gentoo Security
• <net-vpn/tor-0.4.8.21: Multiple vulnerabilities

  965987 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.45: Multiple vulnerabilities

  966901 - Assigned to Gentoo Security
• <dev-libs/libsodium-1.0.21: Insufficient validation in crypto_core_ed25519_is_valid_point

  968296 - Assigned to Gentoo Security
• <net-libs/libpcap-1.10.6: Multiple vulnerabilities

  968315 - Assigned to Gentoo Security
• <net-vpn/tor-0.4.8.22: Out-of-bounds read with V1-formatted EXTEND cells

  969415 - Assigned to Gentoo Security
• <net-analyzer/wireshark-4.6.4: Multiple vulnerabilities

  970622 - Assigned to Gentoo Security
• dev-db/redis: possible data read manipulation by injecting \r\n sequences into a Redis error reply

  970852 - Assigned to Gentoo Security