Gentoo Developer

William Hubbs

Security Bug Reports

• sys-cluster/kube-apiserver: webhook redirect vulnerability

  813645 - Assigned to Gentoo Security
• <app-containers/docker-cli-20.10.9: May send credentials to non-chosen registry (CVE-2021-41092)

  816321 - Assigned to Gentoo Security
• <mail-mta/postfix-3.6.3: queue file corruption

  822753 - Assigned to Gentoo Security
• <app-metrics/prometheus-2.40.4 app-metrics/prometheus-bin: basic authentication bypass

  883637 - Assigned to Gentoo Security
• <app-metrics/node_exporter-1.5.0: basic authentication bypass

  883653 - Assigned to Gentoo Security
• <app-metrics/prometheus-2.43.0: security fixes in bundled code

  885109 - Assigned to Gentoo Security
• app-metrics/consul_exporter: basic authentication bypass

  890162 - Assigned to Gentoo Security
• dev-util/gitlab-runner: user jumping vulnerability

  891253 - Assigned to Gentoo Security
• <net-vpn/openvpn-2.6.7: Multiple vulnerabilities

  917272 - Assigned to Gentoo Security
• net-vpn/openvpn: DoS via crafted reset packet

  918673 - Assigned to Gentoo Security
• sys-cluster/kube-apiserver: authentication bypass vulnerability

  919131 - Assigned to Gentoo Security
• <mail-mta/postfix-3.8.4: SMTP smuggling

  920509 - Assigned to Gentoo Security
• sys-cluster/nomad: multiple vulnerabilities

  925029 - Assigned to Gentoo Security
• dev-go/protobuf-go: infinite loop with certain forms of invalid JSON

  926531 - Assigned to Gentoo Security
• <net-libs/nodejs-{18.20.1,20.12.1}: multiple vulnerabilities

  928532 - Assigned to Gentoo Security
• <app-containers/skopeo-1.15.1: unexpected authenticated registry accesses

  932453 - Assigned to Gentoo Security
• <net-vpn/openvpn-2.6.12: multiple vulnerabilities

  938533 - Assigned to Gentoo Security
• <dev-libs/dotconf-1.4.1: Multiple vulnerabilities

  939831 - Assigned to Gentoo Security
• <dev-lang/go-1.22.11, <dev-lang/go-1.23.5: multiple vulnerabilities

  948232 - Assigned to Gentoo Security
• <net-libs/nodejs-{18.20.6,20.18.2,22.13.1}: multiple vulnerabilities

  948514 - Assigned to Gentoo Security
• <dev-lang/go-1.22.12,1.23.6}: crypto/elliptic: timing sidechannel for P-256 on ppc64le

  949405 - Assigned to Gentoo Security
• net-vpn/openvpn: Possible DoS (CVE-2025-2704)

  953118 - Assigned to Gentoo Security