aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:52:16Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7425[3.6] firefox-esr: Multiple vulnerabilities (CVE-2017-5470, CVE-2017-5472, CV...2019-07-23T11:52:16ZAlicha CH[3.6] firefox-esr: Multiple vulnerabilities (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7778)**CVE-2017-5470**: Memory safety bugs
**CVE-2017-5472**: Use-after-free using destroyed node when regenerating
trees
**CVE-2017-7749**: Use-after-free during docshell reloading
**CVE-2017-7750**: Use-after-free with track elements ...**CVE-2017-5470**: Memory safety bugs
**CVE-2017-5472**: Use-after-free using destroyed node when regenerating
trees
**CVE-2017-7749**: Use-after-free during docshell reloading
**CVE-2017-7750**: Use-after-free with track elements
**CVE-2017-7751**: Use-after-free with content viewer listeners
**CVE-2017-7752**: Use-after-free with IME input
**CVE-2017-7754**: Out-of-bounds read in WebGL with ImageInfo object
**CVE-2017-7756**: Use-after-free and use-after-scope logging XHR header
errors
**CVE-2017-7757**: Use-after-free in IndexedDB
**CVE-2017-7758**: Out-of-bounds read in Opus encoder
**CVE-2017-7764**: Domain spoofing with combination of Canadian
Syllabics and other unicode blocks
**CVE-2017-7778**: Vulnerabilities in the Graphite 2 library
### Fixed in:
Firefox ESR 52.2
### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
*(from redmine: issue id 7425, created on 2017-06-15, closed on 2017-06-15)*
* Changesets:
* Revision c6c27a817956fb07eff80f8a11ccb24d197bd5ac by Natanael Copa on 2017-06-15T13:56:39Z:
```
community/firefox-esr: security upgrade to 52.2.0
fixes #7425
```3.6.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7422[3.6] webkit2gtk: Several vulnerabilities (Various CVEs)2019-07-23T11:52:18ZAlicha CH[3.6] webkit2gtk: Several vulnerabilities (Various CVEs)**CVE-2016-9643**:The regex code in WebKit allows remote attackers to
cause a denial of service (memory consumption) as demonstrated in a
large number of
($ (open parenthesis and dollar) followed by {-2,16} and a large number
of +) (pl...**CVE-2016-9643**:The regex code in WebKit allows remote attackers to
cause a denial of service (memory consumption) as demonstrated in a
large number of
($ (open parenthesis and dollar) followed by {-2,16} and a large number
of +) (plus close parenthesis).
Versions affected: WebKitGTK+ before 2.14.6
**CVE-2017-2367**: This issue allows remote attackers to bypass the Same
Origin Policy and obtain sensitive information via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2377**: This issue involves the “WebKit Web Inspector”
component. It allows attackers to cause a denial of service (memory
corruption and application crash)
by leveraging a window-close action during a debugger-pause state.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2392**: This issue allows attackers to execute arbitrary code
or cause a denial of service (memory corruption) via a crafted app.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2394**: This issue allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2415**: This issue allows remote attackers to execute
arbitrary code by leveraging an unspecified “type confusion.”.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2419**: This issue allows remote attackers to bypass a
Content Security Policy protection mechanism via unspecified vectors.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2442**: This issue involves the “WebKit JavaScript Bindings”
component. It allows remote attackers to bypass the Same Origin Policy
and
obtain sensitive information via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2446**: This issue allows remote attackers to execute
arbitrary code via a crafted web site that leverages the mishandling of
strict mode functions.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2454**: This issue allows allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2459**: This issue allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2460**: This issue allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2465**: This issue allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2466**: This issue allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2468**: This issue allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2470**: This issue allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2471**: A use-after-free vulnerability allows remote
attackers to execute arbitrary code via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2475**: This issue allows remote attackers to conduct
Universal XSS (UXSS) attacks via crafted use of frames on a web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2476**: This issue allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
**CVE-2017-2481**: This issue allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.
Versions affected: WebKitGTK+ before 2.14.6.
### Reference:
https://webkitgtk.org/security/WSA-2017-0003.html
*(from redmine: issue id 7422, created on 2017-06-13, closed on 2017-06-14)*
* Changesets:
* Revision 52d9e7b149a47445bc334c456fbc736550584b66 by Natanael Copa on 2017-06-14T07:56:46Z:
```
community/webkit2gtk: upgrade to 2.16.3
and enable on ppc64le and aarch64
CVE-2016-9642, CVE-2016-9643, CVE-2017-2364, CVE-2017-2367,
CVE-2017-2376, CVE-2017-2377, CVE-2017-2386, CVE-2017-2392,
CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405,
CVE-2017-2415, CVE-2017-2419, CVE-2017-2433, CVE-2017-2442,
CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454,
CVE-2017-2455, CVE-2017-2457, CVE-2017-2459, CVE-2017-2460,
CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468,
CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2475,
CVE-2017-2476, CVE-2017-2481
CVE-2017-2496, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506,
CVE-2017-2508, CVE-2017-2510, CVE-2017-2514, CVE-2017-2515,
CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528,
CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2539,
CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980,
CVE-2017-6984.
fixes #7422
```3.6.2https://gitlab.alpinelinux.org/alpine/aports/-/issues/7420[3.3] gnutls: Crash upon receiving well-formed status_request extension (CVE-...2019-07-23T11:52:19ZAlicha CH[3.3] gnutls: Crash upon receiving well-formed status_request extension (CVE-2017-7507)### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commi...### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
*(from redmine: issue id 7420, created on 2017-06-12, closed on 2017-06-14)*
* Relations:
* parent #7416
* Changesets:
* Revision f6e9f6a1a399506bb539502f4b1a99ca6655db05 on 2017-06-13T12:06:07Z:
```
main/gnutls: upgrade to 3.4.17. Security fixes #7420 (CVE-2017-7507)
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7419[3.4] gnutls: Crash upon receiving well-formed status_request extension (CVE-...2019-07-23T11:52:20ZAlicha CH[3.4] gnutls: Crash upon receiving well-formed status_request extension (CVE-2017-7507)### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commi...### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
*(from redmine: issue id 7419, created on 2017-06-12, closed on 2017-06-14)*
* Relations:
* parent #7416
* Changesets:
* Revision e70623340aaf431d3acca55c9739230d554a0b17 on 2017-06-13T12:01:13Z:
```
main/gnutls: upgrade to 3.4.17. Security fixes #7419 (CVE-2017-7507)
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7418[3.5] gnutls: Crash upon receiving well-formed status_request extension (CVE-...2019-07-23T11:52:21ZAlicha CH[3.5] gnutls: Crash upon receiving well-formed status_request extension (CVE-2017-7507)### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commi...### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
*(from redmine: issue id 7418, created on 2017-06-12, closed on 2017-06-14)*
* Relations:
* parent #7416
* Changesets:
* Revision 1a7a0bb86ac263a19cc8a474a3cf99ef533f54a1 on 2017-06-13T11:57:42Z:
```
main/gnutls: security fixes #7418 (CVE-2017-7507)
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7417[3.6] gnutls: Crash upon receiving well-formed status_request extension (CVE-...2019-07-23T11:52:22ZAlicha CH[3.6] gnutls: Crash upon receiving well-formed status_request extension (CVE-2017-7507)### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commi...### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
*(from redmine: issue id 7417, created on 2017-06-12, closed on 2017-06-14)*
* Relations:
* parent #7416
* Changesets:
* Revision d41da612f88d05e5f3c29088e6303e3bd3804b98 on 2017-06-13T10:19:45Z:
```
main/gnutls: security upgrade to 3.5.13 (CVE-2017-7507). Fixes #7417
```3.6.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7416gnutls: Crash upon receiving well-formed status_request extension (CVE-2017-7...2019-07-23T11:52:23ZAlicha CHgnutls: Crash upon receiving well-formed status_request extension (CVE-2017-7507)### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commi...### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
*(from redmine: issue id 7416, created on 2017-06-12, closed on 2017-06-14)*
* Relations:
* child #7417
* child #7418
* child #7419
* child #7420Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7413[3.5] openvpn: Multiple vulnerabilities (CVE-2017-7478, CVE-2017-7479)2019-07-23T11:52:24ZAlicha CH[3.5] openvpn: Multiple vulnerabilities (CVE-2017-7478, CVE-2017-7479)**CVE-2017-7478**: OpenVPN version 2.3.12 and newer is vulnerable to
unauthenticated Denial of Service of server via received large control
packet.
### Fixed In Version:
**openvpn 2.3.15**, openvpn 2.4.2
References:
https://community...**CVE-2017-7478**: OpenVPN version 2.3.12 and newer is vulnerable to
unauthenticated Denial of Service of server via received large control
packet.
### Fixed In Version:
**openvpn 2.3.15**, openvpn 2.4.2
References:
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7478
Patch:
https://github.com/OpenVPN/openvpn/commit/feb35ee5cac605edddd6e9dc62941e2c53f96fb3
**CVE-2017-7479**: OpenVPN versions before 2.3.15 and before 2.4.2 are
vulnerable to reachable assertion when packet-ID
counter rolls over resulting into Denial of Service of server by
authenticated attacker.
### Fixed In Version:
**openvpn 2.3.15**, openvpn 2.4.2
### References:
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
https://nvd.nist.gov/vuln/detail/CVE-2017-7479
### Patch:
https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578
*(from redmine: issue id 7413, created on 2017-06-11, closed on 2017-06-14)*
* Changesets:
* Revision 039751f5ad720c2660cf25b5d8c2e36579668098 on 2017-06-13T09:50:46Z:
```
main/openvpn: security upgrade to 2.3.15 (CVE-2017-7478, CVE-2017-7479). Fixes #7413
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7403[3.6] chicken: Unsafe pointer dereference due to incorrect pair? check in Sch...2019-07-23T11:52:30ZAlicha CH[3.6] chicken: Unsafe pointer dereference due to incorrect pair? check in Scheme "length" procedure (CVE-2017-9334)An incorrect “pair?” check in the Scheme “length” procedure results in
an unsafe pointer dereference in all CHICKEN Scheme versions prior to
4.13,
which allows an attacker to cause a denial of service by passing an
improper list to an ...An incorrect “pair?” check in the Scheme “length” procedure results in
an unsafe pointer dereference in all CHICKEN Scheme versions prior to
4.13,
which allows an attacker to cause a denial of service by passing an
improper list to an application that calls “length” on it.
### Fixed In Version:
chicken 4.13
http://openwall.com/lists/oss-security/2017/06/01/2
https://nvd.nist.gov/vuln/detail/CVE-2017-9334
### Patch:
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/txtR8ZFTRaiUi.txt
*(from redmine: issue id 7403, created on 2017-06-09, closed on 2017-06-15)*
* Relations:
* parent #7401
* Changesets:
* Revision 73556d997143937fe09a607debe5c16f29c989d7 on 2017-06-15T13:51:39Z:
```
community/chicken: security fixes #7403 (CVE-2017-9334)
```3.6.2https://gitlab.alpinelinux.org/alpine/aports/-/issues/7402[3.7] chicken: Unsafe pointer dereference due to incorrect pair? check in Sch...2019-07-23T11:52:31ZAlicha CH[3.7] chicken: Unsafe pointer dereference due to incorrect pair? check in Scheme "length" procedure (CVE-2017-9334)An incorrect “pair?” check in the Scheme “length” procedure results in
an unsafe pointer dereference in all CHICKEN Scheme versions prior to
4.13,
which allows an attacker to cause a denial of service by passing an
improper list to an ...An incorrect “pair?” check in the Scheme “length” procedure results in
an unsafe pointer dereference in all CHICKEN Scheme versions prior to
4.13,
which allows an attacker to cause a denial of service by passing an
improper list to an application that calls “length” on it.
### Fixed In Version:
chicken 4.13
http://openwall.com/lists/oss-security/2017/06/01/2
https://nvd.nist.gov/vuln/detail/CVE-2017-9334
### Patch:
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/txtR8ZFTRaiUi.txt
*(from redmine: issue id 7402, created on 2017-06-09, closed on 2017-06-15)*
* Relations:
* parent #7401
* Changesets:
* Revision 2b37087c38da0bca5f8f8e7b6595be427e426f6b on 2017-06-15T12:29:04Z:
```
community/chicken: security fixes #7402 (CVE-2017-9334)
```3.7.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/7401chicken: Unsafe pointer dereference due to incorrect pair? check in Scheme "l...2019-07-23T11:52:32ZAlicha CHchicken: Unsafe pointer dereference due to incorrect pair? check in Scheme "length" procedure (CVE-2017-9334)An incorrect “pair?” check in the Scheme “length” procedure results in
an unsafe pointer dereference in all CHICKEN Scheme versions prior to
4.13,
which allows an attacker to cause a denial of service by passing an
improper list to an ...An incorrect “pair?” check in the Scheme “length” procedure results in
an unsafe pointer dereference in all CHICKEN Scheme versions prior to
4.13,
which allows an attacker to cause a denial of service by passing an
improper list to an application that calls “length” on it.
### Fixed In Version:
chicken 4.13
http://openwall.com/lists/oss-security/2017/06/01/2
https://nvd.nist.gov/vuln/detail/CVE-2017-9334
### Patch:
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/txtR8ZFTRaiUi.txt
*(from redmine: issue id 7401, created on 2017-06-09, closed on 2017-06-15)*
* Relations:
* child #7402
* child #7403https://gitlab.alpinelinux.org/alpine/aports/-/issues/7398[3.3] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)2019-07-23T11:52:32ZAlicha CH[3.3] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
ht...**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
**CVE-2017-9469**: When receiving certain incorrectly quoted DCC files,
Irssi would
try to find the terminating quote one byte before the allocated memory.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
*(from redmine: issue id 7398, created on 2017-06-07, closed on 2017-06-15)*
* Relations:
* parent #7393
* Changesets:
* Revision 43292ea0557456d228867641d0d5e83a7e14dcee on 2017-06-15T11:51:08Z:
```
main/irssi: security fixes (CVE-2017-9468)
Fixes #7398. Not affected by CVE-2017-9469.
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7397[3.4] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)2019-07-23T11:52:33ZAlicha CH[3.4] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
ht...**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
**CVE-2017-9469**: When receiving certain incorrectly quoted DCC files,
Irssi would
try to find the terminating quote one byte before the allocated memory.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
*(from redmine: issue id 7397, created on 2017-06-07, closed on 2017-06-15)*
* Relations:
* parent #7393
* Changesets:
* Revision 7035909736145894afa3682e1a631ed2913eecbf on 2017-06-15T11:49:41Z:
```
main/irssi: security fixes (CVE-2017-9468)
Fixes #7397. Not affected by CVE-2017-9469.
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7396[3.5] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)2019-07-23T11:52:35ZAlicha CH[3.5] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
ht...**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
**CVE-2017-9469**: When receiving certain incorrectly quoted DCC files,
Irssi would
try to find the terminating quote one byte before the allocated memory.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
*(from redmine: issue id 7396, created on 2017-06-07, closed on 2017-06-15)*
* Relations:
* parent #7393
* Changesets:
* Revision 0cd6b82ab0565b03af3afd13944a6c2a806191a6 on 2017-06-15T11:43:51Z:
```
main/irssi: security fixes (CVE-2017-9468)
Fixes #7396. Not affected by CVE-2017-9469.
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7395[3.6] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)2019-07-23T11:52:35ZAlicha CH[3.6] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
ht...**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
**CVE-2017-9469**: When receiving certain incorrectly quoted DCC files,
Irssi would
try to find the terminating quote one byte before the allocated memory.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
*(from redmine: issue id 7395, created on 2017-06-07, closed on 2017-06-15)*
* Relations:
* parent #7393
* Changesets:
* Revision 193541208f498e8907a0a72a35ea442df88b7bfc on 2017-06-15T10:26:54Z:
```
main/irssi: security upgrade to 1.0.3 (CVE-2017-9468, CVE-2017-9469)
Fixes #7395
```3.6.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7394[3.7] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)2019-07-23T11:52:36ZAlicha CH[3.7] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
ht...**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
**CVE-2017-9469**: When receiving certain incorrectly quoted DCC files,
Irssi would
try to find the terminating quote one byte before the allocated memory.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
*(from redmine: issue id 7394, created on 2017-06-07, closed on 2017-06-15)*
* Relations:
* parent #73933.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7393irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)2019-07-23T11:52:37ZAlicha CHirssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
ht...**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
**CVE-2017-9469**: When receiving certain incorrectly quoted DCC files,
Irssi would
try to find the terminating quote one byte before the allocated memory.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
*(from redmine: issue id 7393, created on 2017-06-07, closed on 2017-06-15)*
* Relations:
* child #7394
* child #7395
* child #7396
* child #7397
* child #7398https://gitlab.alpinelinux.org/alpine/aports/-/issues/7388Ruby 2.3.1-r0 - Multiple vulnerabilities2019-07-23T11:52:42ZKamil GrabowskiRuby 2.3.1-r0 - Multiple vulnerabilitiesRuby 2.3.1-r0 has multiple vulnerabilities:
CVE-2017-9227 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227
CVE-2017-9228 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228
CVE-2017-9226 -
https://cve.mitre....Ruby 2.3.1-r0 has multiple vulnerabilities:
CVE-2017-9227 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227
CVE-2017-9228 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228
CVE-2017-9226 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9226
CVE-2017-9224 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9224
CVE-2017-9225 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9225
CVE-2016-2339 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2339
CVE-2016-2337 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2337
CVE-2016-2336 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2336
CVE-2009-5147 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5147
CVE-2017-6181 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6181
CVE-2017-9229 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229
*(from redmine: issue id 7388, created on 2017-06-05, closed on 2019-05-03)*3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7387yaml 0.1.6-r1 (CVE-2014-9130)2019-07-23T11:52:43ZKamil Grabowskiyaml 0.1.6-r1 (CVE-2014-9130)Alpine Linux 3.4, package yaml 0.1.6-r1 has vulnerability (CVE-2014-9130
\[1\]).
\[1\] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130
*(from redmine: issue id 7387, created on 2017-06-05, closed on 2017-06-05)*
* Change...Alpine Linux 3.4, package yaml 0.1.6-r1 has vulnerability (CVE-2014-9130
\[1\]).
\[1\] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130
*(from redmine: issue id 7387, created on 2017-06-05, closed on 2017-06-05)*
* Changesets:
* Revision b4b9f27388f692e5981e2380a2530597d780e00a on 2017-06-05T17:30:34Z:
```
main/yaml: added commment in APKBUID for CVE-2014-9130. Fixes #7387
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7385[3.3] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE...2019-07-23T11:52:45ZAlicha CH[3.3] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
**postgresql 9.4.12**, postgresql 9.5.7, postgresql 9.6.3
### References:
...CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
**postgresql 9.4.12**, postgresql 9.5.7, postgresql 9.6.3
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7484
CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
--------------------------------------------------------------
### Fixed In Version:
**postgresql 9.4.12**, postgresql 9.5.7, postgresql 9.6.3
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7485
CVE-2017-7486: pg\_user\_mappings view discloses foreign server passwords
-------------------------------------------------------------------------
### Fixed In Version:
postgresql 9.2.21, postgresql 9.3.17, **postgresql 9.4.12**, postgresql
9.5.7, postgresql 9.6.3
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7486
*(from redmine: issue id 7385, created on 2017-06-05, closed on 2017-06-13)*
* Relations:
* parent #7381
* Changesets:
* Revision d0be17ae8d8f3272088069ac60a286ef7749f270 on 2017-06-13T07:27:47Z:
```
main/postgresql: security upgrade to 9.4.12 (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)
Fixes #7385
```3.3.4Natanael CopaNatanael Copa