Packages
Get Gentoo!
gentoo.org sites
gentoo.org
Wiki
Bugs
Forums
Packages
Planet
Archives
Sources
Infra Status
Home
Packages
Maintainers
USE flags
Architectures
About
Gentoo Developer
Zac Medico
Packages
182
Stabilization
18
Outdated
32
Pull requests
1
Bugs
202
Security
37
Changelog
Security Bug Reports
app-text/podofo: multiple vulnerabilities (CVE-2020-{18971,18972}, CVE-2021-{30469,30470,30471,30472})
782706 - Assigned to Gentoo Security
dev-lang/jerryscript: multiple vulnerabilities
795312 - Assigned to Gentoo Security
<app-containers/podman-3.4.3: insufficient network isolation
829896 - Assigned to Gentoo Security
www-apps/chromedriver-bin: CSRF to code execution
833160 - Assigned to Gentoo Security
<www-servers/caddy-2.5.2: oob read allows for DoS
860147 - Assigned to Gentoo Security
app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable
864031 - Assigned to Gentoo Security
dev-lang/starlark-rust: 'cargo audit' reports one or more bundled CRATES as vulnerable
864043 - Assigned to Gentoo Security
<app-containers/podman-4.3.0: incorrect handling of supplementary groups
870931 - Assigned to Gentoo Security
<app-containers/docker-registry-2.8.1: multiple vulnerabilities
872410 - Assigned to Gentoo Security
app-containers/buildah: multiple vulnerabilities
884859 - Assigned to Gentoo Security
<app-admin/consul-1.14.3: DoS via Go http server vulnerability
885997 - Assigned to Gentoo Security
<app-containers/podman-4.5.0: arbitrary host file access
896372 - Assigned to Gentoo Security
app-text/podofo: heap buffer overread
904939 - Assigned to Gentoo Security
dev-lang/jerryscript: multiple vulnerabilities
905089 - Assigned to Gentoo Security
net-dns/coredns: multiple vulnerabilities
905301 - Assigned to Gentoo Security
<app-text/editorconfig-core-c-0.12.6: arbitrary stack write
905308 - Assigned to Gentoo Security
<app-text/podofo-0.10.1: multiple vulnerabilities
906105 - Assigned to Gentoo Security
<dev-db/etcd-3.4.26: key name disclosure
906656 - Assigned to Gentoo Security
<app-admin/consul-1.15.3: multiple vulnerabilities
907925 - Assigned to Gentoo Security
<app-admin/consul-1.15.7: multiple vulnerabilities
917614 - Assigned to Gentoo Security
<www-servers/caddy-2.7.5: http/2 rapid reset vulnerability
918413 - Assigned to Gentoo Security
<dev-db/etcd-3.4.28: http/2 rapid reset vulnerability
918419 - Assigned to Gentoo Security
<app-admin/vault-1.14.5: multiple vulnerabilities
918420 - Assigned to Gentoo Security
<app-text/calibre-5.44.0-r3: local file inclusion vulnerability
918429 - Assigned to Gentoo Security
<dev-python/aiohttp-3.8.0: inconsistent interpretation of the http protocol
918541 - Assigned to Gentoo Security
dev-lang/jerryscript: multiple vulnerabilities
918550 - Assigned to Gentoo Security
<dev-python/aiohttp-3.9.0: CLRF injection via method
918968 - Assigned to Gentoo Security
<app-admin/vault-1.14.8: denial of service via large HTTP requests
920177 - Assigned to Gentoo Security
<app-containers/podman-4.8.3: Terrapin vulnerability
921290 - Assigned to Gentoo Security
<app-containers/buildah-1.33.5 multiple vulnerabilities
923650 - Assigned to Gentoo Security
<app-containers/podman-4.9.2 multiple vulnerabilities
923751 - Assigned to Gentoo Security
<app-admin/consul-1.15.10: multiple vulnerabilities in bundled envoy
925030 - Assigned to Gentoo Security
app-containers/buildah: Denial of Service with invalid JSON input
927499 - Assigned to Gentoo Security
<app-containers/podman-{4.9.4,5.0.0}: Denial of Service with invalid JSON input
927500 - Assigned to Gentoo Security
<app-containers/podman-{5.0.0,4.9.4}: container escape
927501 - Assigned to Gentoo Security
<app-containers/buildah-{1.33.7,1.34.3,1.35.3}: container escape
927502 - Assigned to Gentoo Security
<sys-apps/flatpak-{1.14.6,1.12.9}: Sandbox escape via RequestBackground portal
930202 - Assigned to Gentoo Security
Contact Information
Please file new vulnerability reports on
Gentoo Bugzilla
and assign them to the Gentoo Security product and Vulnerabilities component.