aports issues
https://gitlab.alpinelinux.org/alpine/aports/-/issues
2019-07-23T11:06:12Z
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10653
irssi: Use after free when sending SASL login to the server (CVE-2019-13045)
2019-07-23T11:06:12Z
Alicha CH
irssi: Use after free when sending SASL login to the server (CVE-2019-13045)
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when
SASL is enabled,
has a use after free when sending SASL login to the server.
### Fixed In Version:
Irssi 1.0.8, 1.1.3, 1.2.1
### References:
https://irssi.org/sec...
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when
SASL is enabled,
has a use after free when sending SASL login to the server.
### Fixed In Version:
Irssi 1.0.8, 1.1.3, 1.2.1
### References:
https://irssi.org/security/irssi\_sa\_2019\_06.txt
https://www.openwall.com/lists/oss-security/2019/06/29/1
*(from redmine: issue id 10653, created on 2019-07-04, closed on 2019-07-04)*
* Relations:
* child #10654
* child #10655
* child #10656
* child #10657
* child #10658
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10652
vi can not input Chinese, Chinese chars will be shown as some "..."
2019-07-23T10:35:04Z
Ye Tang
vi can not input Chinese, Chinese chars will be shown as some "..."
Startup /usr//bin/vi then try to input some Chinese,
the Chinese chars will be shown as some …
root in ~
1. ll /usr/bin/vi
lrwxrwxrwx 1 root root 12 May 9 02:41 /usr/bin/vi ->
/bin/busybox\*
*(from redmine: issue id 1...
Startup /usr//bin/vi then try to input some Chinese,
the Chinese chars will be shown as some …
root in ~
1. ll /usr/bin/vi
lrwxrwxrwx 1 root root 12 May 9 02:41 /usr/bin/vi ->
/bin/busybox\*
*(from redmine: issue id 10652, created on 2019-07-03)*
* Uploads:
* ![AlpineLinuxViChineseInputProblem](/uploads/f12abce47b9c065e8cf9faf8565f1120/AlpineLinuxViChineseInputProblem.png)
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10650
stunnel is quite unstable and crashes often
2019-07-23T10:35:56Z
L Horace
stunnel is quite unstable and crashes often
Hello everyone,
Stunnel crashing for one reason or another has been a common pain point
for me in the past. The distinction here being that it crashes quite to
often on 3 different systems for somewhat similar reasons, see below:
m...
Hello everyone,
Stunnel crashing for one reason or another has been a common pain point
for me in the past. The distinction here being that it crashes quite to
often on 3 different systems for somewhat similar reasons, see below:
messages-20190623.gz:Jun 17 16:26:31 redis daemon.crit stunnel: INTERNAL ERROR: Bad magic at client.c, line 1437
messages-20190630.gz:Jun 24 18:10:59 redis daemon.crit stunnel: INTERNAL ERROR: Bad magic at client.c, line 1437
messages-20190630.gz:Jun 24 18:37:21 redis daemon.crit stunnel: INTERNAL ERROR: Bad magic at client.c, line 1437
INTERNAL ERROR: Double free attempt: ptr=0x562630748490 alloc=str.c:174 free#1=log.c:272 free#2=crypto/stack/stack.c:376
Stunnel version: stunnel-5.48-r0
A quirk with muslc ?
*(from redmine: issue id 10650, created on 2019-07-03)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10649
Add Argon2 support for PHP 7.3
2019-07-23T11:06:14Z
Albert Casademont
Add Argon2 support for PHP 7.3
Hi,
It would be great that now that Alpine has the Argon2 libraries, the PHP
package could be compiled with Argon2 support. AFAIK it’s only a matter
of adding a “—with-password-argon2” in the “./configure” options before
compiling.
Tha...
Hi,
It would be great that now that Alpine has the Argon2 libraries, the PHP
package could be compiled with Argon2 support. AFAIK it’s only a matter
of adding a “—with-password-argon2” in the “./configure” options before
compiling.
Thanks!
*(from redmine: issue id 10649, created on 2019-07-02, closed on 2019-07-11)*
* Changesets:
* Revision 43d556c0cb086ef5d94e22fc362c779cd2268042 by Andy Postnikov on 2019-07-06T18:57:20Z:
```
community/php7: add argon2 support
Closes #10649
```
* Revision 0a97585438e0dcc3f84c179edb26426db1e950b4 by Andy Postnikov on 2019-07-08T09:37:38Z:
```
community/php7: add argon2 support
Closes #10649
(cherry picked from commit 43d556c0cb086ef5d94e22fc362c779cd2268042)
```
3.10.1
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10647
[3.7] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:16Z
Alicha CH
[3.7] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10647, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision 263042b4f11c9dbc797bdf7eef8c0ebdda9efe4a on 2019-07-04T19:27:53Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10647
```
3.7.4
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10646
[3.8] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:17Z
Alicha CH
[3.8] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10646, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision 48ec283be13e799c70aae6c045c2c93e39d262a0 on 2019-07-04T19:26:46Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10646
```
3.8.5
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10645
[3.9] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:18Z
Alicha CH
[3.9] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10645, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision d8ead9ace841cece4ee4f90c91900ea12aecb759 on 2019-07-04T19:25:48Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10645
```
3.9.5
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10644
[3.10] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:19Z
Alicha CH
[3.10] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10644, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision f47a9e1da5b7f33cf5d46c0541deb454729eee51 on 2019-07-04T19:24:02Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10644
```
3.10.1
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10643
[3.11] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:20Z
Alicha CH
[3.11] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10643, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision 53b02f8b1597aabb4ec836bb5aa421e0d1f95189 on 2019-07-04T15:37:46Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10643
```
3.11.0
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10642
bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:21Z
Alicha CH
bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10642, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* child #10643
* child #10644
* child #10645
* child #10646
* child #10647
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10641
[3.7] postgresql: Stack-based buffer overflow via setting a password (CVE-201...
2019-07-23T11:06:22Z
Alicha CH
[3.7] postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are
vulnerable to a stack-based buffer overflow. Any authenticated user can
overflow a stack-based buffer
by changing the user’s own password to a purpose-crafted value...
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are
vulnerable to a stack-based buffer overflow. Any authenticated user can
overflow a stack-based buffer
by changing the user’s own password to a purpose-crafted value. This
often suffices to execute arbitrary code as the PostgreSQL operating
system account.
### References:
https://www.postgresql.org/support/security/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10164
### Patches:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=90adc16ea13750a6b6f704c6cf65dc0f1bdb845c
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d72a7e4da1001b29a661a4b1a52cb5c4d708bab0
*(from redmine: issue id 10641, created on 2019-07-02, closed on 2019-07-04)*
* Relations:
* relates #10640
* Changesets:
* Revision 16dcb2a286d4881fa56bf8669a72f6bb6af651db by Milan P. Stanić on 2019-07-04T07:26:29Z:
```
main/postgresql: security upgrade to 10.9
CVE-2019-10164
other upstream bugfixes
fixes #10641
```
3.7.4
Jakub Jirutka
Jakub Jirutka
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10639
Missing files for the mate-control-center package on the edge repository.
2019-07-14T21:26:13Z
Kacper Grobelny
Missing files for the mate-control-center package on the edge repository.
![](https://i.imgur.com/E4ColrT.png)
*(from redmine: issue id 10639, created on 2019-07-01)*
![](https://i.imgur.com/E4ColrT.png)
*(from redmine: issue id 10639, created on 2019-07-01)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10638
Exim package with SPF support
2019-12-05T07:44:14Z
Daniel DeLacrua
Exim package with SPF support
Current Exim package on Alpine 3.9 without SPF support:
exim-4.92-r0 x86\_64 {exim} (GPL-2.0-or-later) \[installed\]
1. exim —version
Exim version 4.92 \#4 built 10-Jun-2019 15:40:40
Copyright © University of Cambridge, 19...
Current Exim package on Alpine 3.9 without SPF support:
exim-4.92-r0 x86\_64 {exim} (GPL-2.0-or-later) \[installed\]
1. exim —version
Exim version 4.92 \#4 built 10-Jun-2019 15:40:40
Copyright © University of Cambridge, 1995 - 2018
© The Exim Maintainers and contributors in ACKNOWLEDGMENTS file,
2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq IPv6 Expand\_dlfunc OpenSSL
move\_frozen\_messages Content\_Scanning DKIM DNSSEC Event OCSP PRDR
PROXY TCP\_Fast\_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch
dsearch passwd
Authenticators: cram\_md5 dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute
queryprogram redirect
Transports: appendfile/maildir autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie
clamd mksd avast sock cmdline
Fixed never\_users: 0
Configure owner: 0:0
Size of off\_t: 8
2019-07-01 17:48:24 Warning: purging the environment.
Suggested action: use keep\_environment.
2019-07-01 17:48:24 cwd=/home/dd 2 args: exim —version
2019-07-01 17:48:24 Exim configuration error in line 453 of
/etc/exim/exim.conf:
error in ACL: unknown ACL condition/modifier in “spf = fail”
*(from redmine: issue id 10638, created on 2019-07-01)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10637
error sourcing scripts in /etc/profile
2019-07-23T11:06:26Z
Raini Hixon
error sourcing scripts in /etc/profile
In /etc/profile, scripts ending in .sh are sourced from directory
/etc/profile.d. In version 3.10 there is a file called color\_prompt in
that directory, which I assume should have .sh on its filename or the
/etc/profile script needs to ...
In /etc/profile, scripts ending in .sh are sourced from directory
/etc/profile.d. In version 3.10 there is a file called color\_prompt in
that directory, which I assume should have .sh on its filename or the
/etc/profile script needs to be changed to source everything in the
folder. In the latter case, here is a patch for /etc/profile:
—- /etc/profile.orig
<span class="underline"></span>+ /etc/profile
@@ –5,7 +5,7 @@
export PS1=‘\\h:\\w\\$ ’
umask 022
-for script in /etc/profile.d/\*.sh ; do
+for script in /etc/profile.d/\* ; do
if \[ -r $script \] ; then
. $script
fi
*(from redmine: issue id 10637, created on 2019-06-30, closed on 2019-06-30)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10636
linux-vanilla should not depend on linux-firmware
2019-07-23T11:06:26Z
Drew DeVault
linux-vanilla should not depend on linux-firmware
It’s not possible to cherry-pick your firmware packages because
linux-vanilla depends on all of linux-firmware. Instead, setup-disks
should add linux-firmware to the list of packages to install by default.
*(from redmine: issue id 1063...
It’s not possible to cherry-pick your firmware packages because
linux-vanilla depends on all of linux-firmware. Instead, setup-disks
should add linux-firmware to the list of packages to install by default.
*(from redmine: issue id 10636, created on 2019-06-30, closed on 2019-06-30)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10633
[3.7] expat: large number of colons in input makes parser consume high amount...
2019-07-23T11:06:27Z
Alicha CH
[3.7] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10633, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* parent #10629
* Changesets:
* Revision 300e04f0a6e629e4ff15327ae3ecbfe34be7b7ca by Natanael Copa on 2019-06-30T12:24:25Z:
```
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10633
```
3.7.4
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10632
[3.8] expat: large number of colons in input makes parser consume high amount...
2019-07-23T11:06:28Z
Alicha CH
[3.8] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10632, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* parent #10629
* Changesets:
* Revision abd03a5937dcef5fe1be86ae1f9efa05beb2d3c6 by Natanael Copa on 2019-06-30T12:23:19Z:
```
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10632
```
3.8.5
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10631
[3.9] expat: large number of colons in input makes parser consume high amount...
2019-07-23T11:06:29Z
Alicha CH
[3.9] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10631, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* parent #10629
* Changesets:
* Revision 9b9ed53cc550d0aacdafa85a40ef29dc9229bfaa by Natanael Copa on 2019-06-30T12:21:30Z:
```
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10631
```
3.9.5
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10630
[3.10] expat: large number of colons in input makes parser consume high amoun...
2019-07-23T11:06:30Z
Alicha CH
[3.10] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10630, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* parent #10629
* Changesets:
* Revision 8ac1f86999bc295c903af1be590a9e898605e2cc by Natanael Copa on 2019-06-30T12:20:14Z:
```
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10630
```
3.10.1
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10629
expat: large number of colons in input makes parser consume high amount of re...
2019-07-23T11:06:31Z
Alicha CH
expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10629, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* child #10630
* child #10631
* child #10632
* child #10633
Carlo Landmeter
Carlo Landmeter