GitLab

CVE-2020-14345
CVE-2020-14346
CVE-2020-14361
CVE-2020-14362

See: #12035

fixes commit 75675628 (main/unbound: fix CVE-2020-12662 and
CVE-2020-12663)

ref #11914

ref #11914

CVE-2019-5747 was fixed in 1.29.3-r10 commit cf43a775
(main/busybox: security fixes (CVE-2018-20679, CVE-2019-5747))

The backported patch was later removed in commit 397f0cd9
(main/busybox: upgrade to 1.30.0) and added back again in 1.30.1-r2,
commit d310e6a3 (main/busybox: backport fix for CVE-2019-5747).

Adjust secfixes comment accordingly.

ref #11914

The CVE was backported and fixed in 2.7-r3.

ref #11914

This reverts commit bda7554d.

we backported the secfixes to 2.6-r7
ref #11914

Upstream claimed[1] that CVE-2018-10393 is a duplicate of CVE-2017-14160
but added follow up patch[2]. We applied this patch in 1.3.6-r2.

[1]: https://gitlab.xiph.org/xiph/vorbis/-/issues/2334#note_52200
[2]: https://gitlab.xiph.org/xiph/vorbis/-/commit/a9eb99a5bd6f2d7da02d6cd13a428baf3a1bf48c

ref #11914

Fix for CVE-2019-3832 was incomplete and got a follow up CVE-2019-3832.
They were fixed in 1.0.28-r8. Update secfixes comment accordingly.

ref https://nvd.nist.gov/vuln/detail/CVE-2019-3832
ref #11914

ref #11914

fix typo from commit 30233633 (main/sqlite: security fixes
(CVE-2019-19242, CVE-2019-19244)).

ref #11914

CVE-2018-14629 was fixed in 4.8.11 according
https://www.samba.org/samba/history/samba-4.8.11.html

ref #11914

We moved to 2.4 after 2.2.8. Adjust secfixes comment accordingly. Fixes
commit e8d61b9a (community/wireshark: security upgrade to 2.6.20).

ref #11914

CVE-2017-9410, CVE-2017-9411, CVE-2017-9412, CVE-2015-9099 were all
fixed in 3.99.5-r6.

ref #11914

ref #11914

remove duplicate entry in secfixes comment and unused patch for
CVE-2019-6116.

The compressed .tgz patch that was added in 9.26-r1 was never applied.
The issue was fixed in 9.26-r2.

ref #11914

fixes #11919

See: #12003