aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:13:56Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2592replace testing/proxychains with testing/proxychains-ng2019-07-23T14:13:56ZNatanael Copareplace testing/proxychains with testing/proxychains-ngproxychains is old and unmaintained. We should use proxychains-ng
instead (like debian, freebsd, and macbrew does)
http://sourceforge.net/projects/proxychains-ng/
*(from redmine: issue id 2592, created on 2014-01-13, closed on 2015-05...proxychains is old and unmaintained. We should use proxychains-ng
instead (like debian, freebsd, and macbrew does)
http://sourceforge.net/projects/proxychains-ng/
*(from redmine: issue id 2592, created on 2014-01-13, closed on 2015-05-21)*3.2.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2593arpwatch-ethercodes: files installed in wrong location2019-07-23T14:13:55ZNatanael Copaarpwatch-ethercodes: files installed in wrong locationThose files are found in arpwatch-ethercodes-2.1a15-r11.apk:
usr/share/arpwatch/awk/home/buildozer/
usr/share/arpwatch/awk/home/buildozer/aports/
usr/share/arpwatch/awk/home/buildozer/aports/main/
usr/share/arpwatch/awk/...Those files are found in arpwatch-ethercodes-2.1a15-r11.apk:
usr/share/arpwatch/awk/home/buildozer/
usr/share/arpwatch/awk/home/buildozer/aports/
usr/share/arpwatch/awk/home/buildozer/aports/main/
usr/share/arpwatch/awk/home/buildozer/aports/main/arpwatch/
usr/share/arpwatch/awk/home/buildozer/aports/main/arpwatch/src/
usr/share/arpwatch/awk/home/buildozer/aports/main/arpwatch/src/arpwatch-2.1a15/
usr/share/arpwatch/awk/home/buildozer/aports/main/arpwatch/src/arpwatch-2.1a15/d.awk
usr/share/arpwatch/awk/home/buildozer/aports/main/arpwatch/src/arpwatch-2.1a15/duplicates.awk
usr/share/arpwatch/awk/home/buildozer/aports/main/arpwatch/src/arpwatch-2.1a15/p.awk
usr/share/arpwatch/awk/home/buildozer/aports/main/arpwatch/src/arpwatch-2.1a15/euppertolower.awk
usr/share/arpwatch/awk/home/buildozer/aports/main/arpwatch/src/arpwatch-2.1a15/e.awk
home/buildozer shouldn’t be there.
*(from redmine: issue id 2593, created on 2014-01-13, closed on 2014-02-05)*
* Changesets:
* Revision d661e0c9652aec34355b0aeb46400bca29bdd604 by Natanael Copa on 2014-02-05T08:32:04Z:
```
main/arpwatch: fix install dir for arwpatch-ethercodes
ref #2593
```
* Revision c3f3861251ad98480293253f9e0a64d3e80d0e85 by Natanael Copa on 2014-02-05T08:34:03Z:
```
main/arpwatch: fix install dir for arwpatch-ethercodes
fixes #2593
```Alpine 2.7.4Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2594xe-guest-utilities: broken symlinks2019-07-23T14:13:53ZNatanael Copaxe-guest-utilities: broken symlinksThe xe-guest-utilities-6.1.0-r0.apk package contains those broken
symlinks:
lrwxrwxrwx root/root 0 2013-10-28 16:46:01 usr/bin/xenstore-exists -> /home/buildozer/aports/main/xe-guest-utilities/pkg/xe-guest-utilities/usr/bin/...The xe-guest-utilities-6.1.0-r0.apk package contains those broken
symlinks:
lrwxrwxrwx root/root 0 2013-10-28 16:46:01 usr/bin/xenstore-exists -> /home/buildozer/aports/main/xe-guest-utilities/pkg/xe-guest-utilities/usr/bin/xenstore
lrwxrwxrwx root/root 0 2013-10-28 16:46:01 usr/bin/xenstore-list -> /home/buildozer/aports/main/xe-guest-utilities/pkg/xe-guest-utilities/usr/bin/xenstore
lrwxrwxrwx root/root 0 2013-10-28 16:46:01 usr/bin/xenstore-ls -> /home/buildozer/aports/main/xe-guest-utilities/pkg/xe-guest-utilities/usr/bin/xenstore
lrwxrwxrwx root/root 0 2013-10-28 16:46:01 usr/bin/xenstore-write -> /home/buildozer/aports/main/xe-guest-utilities/pkg/xe-guest-utilities/usr/bin/xenstore
lrwxrwxrwx root/root 0 2013-10-28 16:46:01 usr/bin/xenstore-chmod -> /home/buildozer/aports/main/xe-guest-utilities/pkg/xe-guest-utilities/usr/bin/xenstore
lrwxrwxrwx root/root 0 2013-10-28 16:46:01 usr/bin/xenstore-rm -> /home/buildozer/aports/main/xe-guest-utilities/pkg/xe-guest-utilities/usr/bin/xenstore
lrwxrwxrwx root/root 0 2013-10-28 16:46:01 usr/bin/xenstore-read -> /home/buildozer/aports/main/xe-guest-utilities/pkg/xe-guest-utilities/usr/bin/xenstore
*(from redmine: issue id 2594, created on 2014-01-13, closed on 2014-02-05)*
* Changesets:
* Revision ec7617bdc408c12343bead5f91ffdf746950d156 by Natanael Copa on 2014-02-05T08:42:11Z:
```
main/xe-guest-utilities: fix symlinks
fixes #2594
```
* Revision 6e5fb0574b15e54f8eb58dc2e6a3222a68e751ca by Natanael Copa on 2014-02-05T08:56:04Z:
```
main/xe-guest-utilities: fix symlinks
fixes #2594
(cherry picked from commit ec7617bdc408c12343bead5f91ffdf746950d156)
```Alpine 2.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2595spice: remote DoS (CVE-2013-4282)2019-07-23T14:13:53ZAlexander Belousspice: remote DoS (CVE-2013-4282)Stack-based buffer overflow in the reds\_handle\_ticket function in
server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial
of service (crash) via a long password in a SPICE ticket.
•CONFIRM:
http://cgit.freedesktop.org/...Stack-based buffer overflow in the reds\_handle\_ticket function in
server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial
of service (crash) via a long password in a SPICE ticket.
•CONFIRM:
http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
•REDHAT:RHSA-2013:1460
•URL: http://rhn.redhat.com/errata/RHSA-2013-1460.html
•REDHAT:RHSA-2013:1473
•URL: http://rhn.redhat.com/errata/RHSA-2013-1473.html
•REDHAT:RHSA-2013:1474
•URL: http://rhn.redhat.com/errata/RHSA-2013-1474.html
•UBUNTU:USN-2027-1
•URL: http://www.ubuntu.com/usn/USN-2027-1
*(from redmine: issue id 2595, created on 2014-01-14, closed on 2014-01-15)*
* Relations:
* child #2596
* Changesets:
* Revision ce226a62f71dead174acea9eb908ef3e81db49b2 by Natanael Copa on 2014-01-14T16:04:41Z:
```
main/spice: security fix for CVE-2013-4282
ref #2595
```
* Revision 696075127a242308f9c2de72590a6c5cd5935c16 by Natanael Copa on 2014-01-14T16:06:03Z:
```
main/spice: security fix for CVE-2013-4282
ref #2595
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/2596[v2.5] spice: remote DoS (CVE-2013-4282)2019-07-23T14:13:52ZAlexander Belous[v2.5] spice: remote DoS (CVE-2013-4282)Stack-based buffer overflow in the reds\_handle\_ticket function in
server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial
of service (crash) via a long password in a SPICE ticket.
•CONFIRM:
http://cgit.freedesktop.org/...Stack-based buffer overflow in the reds\_handle\_ticket function in
server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial
of service (crash) via a long password in a SPICE ticket.
•CONFIRM:
http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
•REDHAT:RHSA-2013:1460
•URL: http://rhn.redhat.com/errata/RHSA-2013-1460.html
•REDHAT:RHSA-2013:1473
•URL: http://rhn.redhat.com/errata/RHSA-2013-1473.html
•REDHAT:RHSA-2013:1474
•URL: http://rhn.redhat.com/errata/RHSA-2013-1474.html
•UBUNTU:USN-2027-1
•URL: http://www.ubuntu.com/usn/USN-2027-1
*(from redmine: issue id 2596, created on 2014-01-14, closed on 2014-01-15)*
* Relations:
* parent #2595
* Changesets:
* Revision e421253291b959c3b83d358f6edd24a919e714f4 by Natanael Copa on 2014-01-14T16:14:56Z:
```
main/spice: security fix for CVE-2013-4282
fixes #2596
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2597kernel: multiple vulnerabilities (before 3.12)2019-07-23T14:13:51ZAlexander Belouskernel: multiple vulnerabilities (before 3.12)The KVM subsystem in the Linux kernel through 3.12.5 allows local
users to gain privileges or cause a denial of service (system crash)
via a VAPIC synchronization operation involving a page-end address
(CVE-2013-6368).
The apic\_g...The KVM subsystem in the Linux kernel through 3.12.5 allows local
users to gain privileges or cause a denial of service (system crash)
via a VAPIC synchronization operation involving a page-end address
(CVE-2013-6368).
The apic\_get\_tmcct function in arch/x86/kvm/lapic.c in the KVM
subsystem in the Linux kernel through 3.12.5 allows guest OS users
to cause a denial of service (divide-by-zero error and host OS crash)
via crafted modifications of the TMICT value (CVE-2013-6367).
Multiple buffer underflows in the XFS implementation in the
Linux kernel through 3.12.1 allow local users to cause a denial
of service (memory corruption) or possibly have unspecified
other impact by leveraging the CAP\_SYS\_ADMIN capability for a (1)
XFS\_IOC\_ATTRLIST\_BY\_HANDLE or (2) XFS\_IOC\_ATTRLIST\_BY\_HANDLE\_32
ioctl
call with a crafted length value, related to the
xfs\_attrlist\_by\_handle
function in fs/xfs/xfs\_ioctl.c and the
xfs\_compat\_attrlist\_by\_handle
function in fs/xfs/xfs\_ioctl32.c (CVE-2013-6382).
Array index error in the kvm\_vm\_ioctl\_create\_vcpu function in
virt/kvm/kvm\_main.c in the KVM subsystem in the Linux kernel through
3.12.5 allows local users to gain privileges via a large id value
(CVE-2013-4587).
The mISDN\_sock\_recvmsg function in drivers/isdn/mISDN/socket.c in
the Linux kernel before 3.12.4 does not ensure that a certain length
value is consistent with the size of an associated data structure,
which allows local users to obtain sensitive information from kernel
memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call
(CVE-2013-7266).
The atalk\_recvmsg function in net/appletalk/ddp.c in the Linux kernel
before 3.12.4 updates a certain length value without ensuring that an
associated data structure has been initialized, which allows local
users to obtain sensitive information from kernel memory via a (1)
recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7267).
The ipx\_recvmsg function in net/ipx/af\_ipx.c in the Linux kernel
before 3.12.4 updates a certain length value without ensuring that an
associated data structure has been initialized, which allows local
users to obtain sensitive information from kernel memory via a (1)
recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7268).
The nr\_recvmsg function in net/netrom/af\_netrom.c in the Linux
kernel
before 3.12.4 updates a certain length value without ensuring that an
associated data structure has been initialized, which allows local
users to obtain sensitive information from kernel memory via a (1)
recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7269).
The packet\_recvmsg function in net/packet/af\_packet.c in the Linux
kernel before 3.12.4 updates a certain length value before ensuring
that an associated data structure has been initialized, which allows
local users to obtain sensitive information from kernel memory via a
(1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7270).
The x25\_recvmsg function in net/x25/af\_x25.c in the Linux kernel
before 3.12.4 updates a certain length value without ensuring that an
associated data structure has been initialized, which allows local
users to obtain sensitive information from kernel memory via a (1)
recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7271).
The Linux kernel before 3.12.4 updates certain length values before
ensuring that associated data structures have been initialized,
which allows local users to obtain sensitive information from kernel
stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c (CVE-2013-7263).
The l2tp\_ip\_recvmsg function in net/l2tp/l2tp\_ip.c in the Linux
kernel
before 3.12.4 updates a certain length value before ensuring that an
associated data structure has been initialized, which allows local
users to obtain sensitive information from kernel stack memory via a
(1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7264).
The pn\_recvmsg function in net/phonet/datagram.c in the Linux kernel
before 3.12.4 updates a certain length value before ensuring that an
associated data structure has been initialized, which allows local
users to obtain sensitive information from kernel stack memory via a
(1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7265).
The dgram\_recvmsg function in net/ieee802154/dgram.c in the Linux
kernel before 3.12.4 updates a certain length value without ensuring
that an associated data structure has been initialized, which
allows local users to obtain sensitive information from kernel stack
memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call
(CVE-2013-7281).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7281
*(from redmine: issue id 2597, created on 2014-01-14, closed on 2014-04-17)*
* Relations:
* child #2598
* child #2599
* child #2600
* child #2601https://gitlab.alpinelinux.org/alpine/aports/-/issues/2598[v2.4] kernel: multiple vulnerabilities (before 3.12)2019-07-23T14:13:50ZAlexander Belous[v2.4] kernel: multiple vulnerabilities (before 3.12)Multiple vulnerabilities in kernel found (see the parent for details):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?...Multiple vulnerabilities in kernel found (see the parent for details):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7281
*(from redmine: issue id 2598, created on 2014-01-14, closed on 2014-04-17)*
* Relations:
* parent #2597Alpine 2.4.12Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2599[v2.5] kernel: multiple vulnerabilities (before 3.12)2019-07-23T14:13:49ZAlexander Belous[v2.5] kernel: multiple vulnerabilities (before 3.12)Multiple vulnerabilities in kernel found (see the parent for details):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?...Multiple vulnerabilities in kernel found (see the parent for details):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7281
*(from redmine: issue id 2599, created on 2014-01-14, closed on 2014-04-17)*
* Relations:
* parent #2597Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2600[v2.6] kernel: multiple vulnerabilities (before 3.12)2019-07-23T14:13:47ZAlexander Belous[v2.6] kernel: multiple vulnerabilities (before 3.12)Multiple vulnerabilities in kernel found (see the parent for details):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?...Multiple vulnerabilities in kernel found (see the parent for details):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7281
*(from redmine: issue id 2600, created on 2014-01-14, closed on 2014-04-17)*
* Relations:
* parent #2597Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2601[v2.7] kernel: multiple vulnerabilities (before 3.12)2019-07-23T14:13:46ZAlexander Belous[v2.7] kernel: multiple vulnerabilities (before 3.12)Multiple vulnerabilities in kernel found (see the parent for details):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?...Multiple vulnerabilities in kernel found (see the parent for details):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7281
*(from redmine: issue id 2601, created on 2014-01-14, closed on 2014-04-17)*
* Relations:
* parent #2597Alpine 2.7.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2602Package request: dovecot-antispam-plugin2019-07-23T14:13:46ZIvan KozakPackage request: dovecot-antispam-pluginThe antispam plugin allows you to retrain the spam filter by simply
moving emails in and out of the Spam folder.
Main URL: http://wiki2.dovecot.org/Plugins/Antispam
Src: hg clone http://hg.dovecot.org/dovecot-antispam-plugin
*(from ...The antispam plugin allows you to retrain the spam filter by simply
moving emails in and out of the Spam folder.
Main URL: http://wiki2.dovecot.org/Plugins/Antispam
Src: hg clone http://hg.dovecot.org/dovecot-antispam-plugin
*(from redmine: issue id 2602, created on 2014-01-15, closed on 2015-12-17)*Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2603Update aports tree description2019-07-23T14:13:45ZAlan LacerdaUpdate aports tree descriptionUpdate the informations found at:
http://wiki.alpinelinux.org/wiki/Aports\_tree
There is no an unstable directory anymore
*(from redmine: issue id 2603, created on 2014-01-15, closed on 2014-12-01)*Update the informations found at:
http://wiki.alpinelinux.org/wiki/Aports\_tree
There is no an unstable directory anymore
*(from redmine: issue id 2603, created on 2014-01-15, closed on 2014-12-01)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/2609graphviz: buffer overflow (CVE-2014-0978 CVE-2014-1236)2019-07-23T14:13:37ZAlexander Belousgraphviz: buffer overflow (CVE-2014-0978 CVE-2014-1236)Two buffer overflow vulnerabilities were reported in Graphviz, a rich
collection of graph drawing tools. The Common Vulnerabilities and
Exposures project identifies the following issues:
CVE-2014-0978
It was discovered that user-su...Two buffer overflow vulnerabilities were reported in Graphviz, a rich
collection of graph drawing tools. The Common Vulnerabilities and
Exposures project identifies the following issues:
CVE-2014-0978
It was discovered that user-supplied input used in the yyerror()
function in lib/cgraph/scan.l is not bound-checked before beeing
copied into an insufficiently sized memory buffer. A
context-dependent attacker could supply a specially crafted input
file containing a long line to cause a stack-based buffer overlow,
resulting in a denial of service (application crash) or potentially
allowing the execution of arbitrary code.
•MLIST:\[oss-security\] 20140107 CVE Request: graphviz: stack-based
buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/28
•MLIST:\[oss-security\] 20140107 Re: CVE Request: graphviz: stack-based
buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/38
•MISC: https://bugs.gentoo.org/show\_bug.cgi?id=497274
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1049165
•CONFIRM:
https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
•BID:64674
•URL: http://www.securityfocus.com/bid/64674
•SECUNIA:55666
•URL: http://secunia.com/advisories/55666
•XF:graphviz-yyerror-bo(90085)
•URL: http://xforce.iss.net/xforce/xfdb/90085
CVE-2014-1236
Sebastian Krahmer reported an overflow condition in the chkNum()
function in lib/cgraph/scan.l that is triggered as the used regular
expression accepts an arbitrary long digit list. With a specially
crafted input file, a context-dependent attacker can cause a
stack-based buffer overflow, resulting in a denial of service
(application crash) or potentially allowing the execution of
arbitrary code.
•MLIST:\[oss-security\] 20140108 Re: CVE Request: graphviz: stack-based
buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/54
•MLIST:\[oss-security\] 20140108 Re: Re: CVE Request: graphviz:
stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/46
•MLIST:\[oss-security\] 20140108 Re: Re: CVE Request: graphviz:
stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/51
•CONFIRM:
https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
•SECUNIA:55666
•URL: http://secunia.com/advisories/55666
*(from redmine: issue id 2609, created on 2014-01-15, closed on 2014-02-07)*
* Relations:
* child #2610https://gitlab.alpinelinux.org/alpine/aports/-/issues/2610[v2.7] graphviz: buffer overflow (CVE-2014-0978 CVE-2014-1236)2019-07-23T14:13:36ZAlexander Belous[v2.7] graphviz: buffer overflow (CVE-2014-0978 CVE-2014-1236)CVE-2014-0978
It was discovered that user-supplied input used in the yyerror()
function in lib/cgraph/scan.l is not bound-checked before beeing
copied into an insufficiently sized memory buffer. A
context-dependent attacker could ...CVE-2014-0978
It was discovered that user-supplied input used in the yyerror()
function in lib/cgraph/scan.l is not bound-checked before beeing
copied into an insufficiently sized memory buffer. A
context-dependent attacker could supply a specially crafted input
file containing a long line to cause a stack-based buffer overlow,
resulting in a denial of service (application crash) or potentially
allowing the execution of arbitrary code.
•MLIST:\[oss-security\] 20140107 CVE Request: graphviz: stack-based
buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/28
•MLIST:\[oss-security\] 20140107 Re: CVE Request: graphviz: stack-based
buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/38
•MISC: https://bugs.gentoo.org/show\_bug.cgi?id=497274
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1049165
•CONFIRM:
https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
•BID:64674
•URL: http://www.securityfocus.com/bid/64674
•SECUNIA:55666
•URL: http://secunia.com/advisories/55666
•XF:graphviz-yyerror-bo(90085)
•URL: http://xforce.iss.net/xforce/xfdb/90085
CVE-2014-1236
Sebastian Krahmer reported an overflow condition in the chkNum()
function in lib/cgraph/scan.l that is triggered as the used regular
expression accepts an arbitrary long digit list. With a specially
crafted input file, a context-dependent attacker can cause a
stack-based buffer overflow, resulting in a denial of service
(application crash) or potentially allowing the execution of
arbitrary code.
•MLIST:\[oss-security\] 20140108 Re: CVE Request: graphviz: stack-based
buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/54
•MLIST:\[oss-security\] 20140108 Re: Re: CVE Request: graphviz:
stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/46
•MLIST:\[oss-security\] 20140108 Re: Re: CVE Request: graphviz:
stack-based buffer overflow in yyerror()
•URL: http://seclists.org/oss-sec/2014/q1/51
•CONFIRM:
https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
•SECUNIA:55666
•URL: http://secunia.com/advisories/55666
*(from redmine: issue id 2610, created on 2014-01-15, closed on 2014-02-05)*
* Relations:
* parent #2609
* Changesets:
* Revision 0881bdc909bd6034308671867df3728563753c05 by Natanael Copa on 2014-02-05T09:27:13Z:
```
main/graphviz: security fixes for CVE-2014-0978, CVE-2014-1235, CVE-2014-1236
fixes #2610
```Alpine 2.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2611Package Freeradius 32019-07-23T14:13:36ZLeonardo ArenaPackage Freeradius 3*(from redmine: issue id 2611, created on 2014-01-16, closed on 2014-05-30)**(from redmine: issue id 2611, created on 2014-01-16, closed on 2014-05-30)*3.0.0Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2613Wiki does not confirm email correctly2019-07-23T14:13:35ZEdward TunnahWiki does not confirm email correctlyThe wiki sends the confirmation email, I click it and it says it is
confirmed. The wiki does not reflect the confirmation.
*(from redmine: issue id 2613, created on 2014-01-20, closed on 2019-05-02)*The wiki sends the confirmation email, I click it and it says it is
confirmed. The wiki does not reflect the confirmation.
*(from redmine: issue id 2613, created on 2014-01-20, closed on 2019-05-02)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/2615zoneminder sets wrong permissions on /tmp2019-07-23T14:13:33ZCarlo Landmeterzoneminder sets wrong permissions on /tmpapk add zoneminder will change permissions of tmp, which afterwards
prevents to install mysql.
*(from redmine: issue id 2615, created on 2014-01-27, closed on 2015-12-09)*apk add zoneminder will change permissions of tmp, which afterwards
prevents to install mysql.
*(from redmine: issue id 2615, created on 2014-01-27, closed on 2015-12-09)*Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2618nagios: remote DoS and leak (CVE-2013-7108 CVE-2013-7205)2019-07-23T14:13:31ZAlexander Belousnagios: remote DoS and leak (CVE-2013-7108 CVE-2013-7205)Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and
Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow
remote authenticated users to obtain sensitive information from process
memory or cause a denial...Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and
Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow
remote authenticated users to obtain sensitive information from process
memory or cause a denial of service (crash) via a long string in the
last key value in the variable list to the process\_cgivars function in
(1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c,
(6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10)
summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer
over-read (CVE-2013-7108).
•MLIST:\[oss-security\] 20131224 Re: CVE request: denial of service in
Nagios (process\_cgivars())
•URL: http://www.openwall.com/lists/oss-security/2013/12/24/1
•CONFIRM:
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
•CONFIRM: https://dev.icinga.org/issues/5251
•CONFIRM:
https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
•SUSE:openSUSE-SU-2014:0016
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html
•SUSE:openSUSE-SU-2014:0039
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html
•SUSE:openSUSE-SU-2014:0069
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html
•SECUNIA:55976
•URL: http://secunia.com/advisories/55976
•SECUNIA:56316
•URL: http://secunia.com/advisories/56316
Off-by-one error in the process\_cgivars function in contrib/daemonchk.c
in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated
users to obtain sensitive information from process memory or cause a
denial of service (crash) via a long string in the last key value in the
variable list, which triggers a heap-based buffer over-read
(CVE-2013-7205).
•MLIST:\[oss-security\] 20131224 Re: CVE request: denial of service in
Nagios (process\_cgivars())
•URL: http://www.openwall.com/lists/oss-security/2013/12/24/1
•CONFIRM:
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
•SECUNIA:55976
•URL: http://secunia.com/advisories/55976
*(from redmine: issue id 2618, created on 2014-02-04, closed on 2014-04-18)*
* Relations:
* child #2619
* child #2620
* child #2621
* child #2622https://gitlab.alpinelinux.org/alpine/aports/-/issues/2619[v2.4] nagios: remote DoS and leak (CVE-2013-7108 CVE-2013-7205)2019-07-23T14:13:30ZAlexander Belous[v2.4] nagios: remote DoS and leak (CVE-2013-7108 CVE-2013-7205)Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and
Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow
remote authenticated users to obtain sensitive information from process
memory or cause a denial...Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and
Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow
remote authenticated users to obtain sensitive information from process
memory or cause a denial of service (crash) via a long string in the
last key value in the variable list to the process\_cgivars function in
(1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c,
(6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10)
summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer
over-read (CVE-2013-7108).
•MLIST:\[oss-security\] 20131224 Re: CVE request: denial of service in
Nagios (process\_cgivars())
•URL: http://www.openwall.com/lists/oss-security/2013/12/24/1
•CONFIRM:
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
•CONFIRM: https://dev.icinga.org/issues/5251
•CONFIRM:
https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
•SUSE:openSUSE-SU-2014:0016
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html
•SUSE:openSUSE-SU-2014:0039
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html
•SUSE:openSUSE-SU-2014:0069
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html
•SECUNIA:55976
•URL: http://secunia.com/advisories/55976
•SECUNIA:56316
•URL: http://secunia.com/advisories/56316
Off-by-one error in the process\_cgivars function in contrib/daemonchk.c
in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated
users to obtain sensitive information from process memory or cause a
denial of service (crash) via a long string in the last key value in the
variable list, which triggers a heap-based buffer over-read
(CVE-2013-7205).
•MLIST:\[oss-security\] 20131224 Re: CVE request: denial of service in
Nagios (process\_cgivars())
•URL: http://www.openwall.com/lists/oss-security/2013/12/24/1
•CONFIRM:
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
•SECUNIA:55976
•URL: http://secunia.com/advisories/55976
*(from redmine: issue id 2619, created on 2014-02-04, closed on 2014-04-18)*
* Relations:
* parent #2618
* Changesets:
* Revision ea378e00bf8b68874150bc606edc6818b9ff233f by Natanael Copa on 2014-04-17T11:21:05Z:
```
main/nagios: security fix for CVE-2013-7108, CVE-2013-7205
fixes #2619
(cherry picked from commit 0fc285b2ea702c82941928cdfa4e521addba1705)
Conflicts:
main/nagios/APKBUILD
```Alpine 2.4.12Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2620[v2.5] nagios: remote DoS and leak (CVE-2013-7108 CVE-2013-7205)2019-07-23T14:13:28ZAlexander Belous[v2.5] nagios: remote DoS and leak (CVE-2013-7108 CVE-2013-7205)Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and
Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow
remote authenticated users to obtain sensitive information from process
memory or cause a denial...Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and
Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow
remote authenticated users to obtain sensitive information from process
memory or cause a denial of service (crash) via a long string in the
last key value in the variable list to the process\_cgivars function in
(1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c,
(6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10)
summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer
over-read (CVE-2013-7108).
•MLIST:\[oss-security\] 20131224 Re: CVE request: denial of service in
Nagios (process\_cgivars())
•URL: http://www.openwall.com/lists/oss-security/2013/12/24/1
•CONFIRM:
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
•CONFIRM: https://dev.icinga.org/issues/5251
•CONFIRM:
https://www.icinga.org/2013/12/17/icinga-security-releases-1-10-2-1-9-4-1-8-5/
•SUSE:openSUSE-SU-2014:0016
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00010.html
•SUSE:openSUSE-SU-2014:0039
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00028.html
•SUSE:openSUSE-SU-2014:0069
•URL: http://lists.opensuse.org/opensuse-updates/2014-01/msg00046.html
•SECUNIA:55976
•URL: http://secunia.com/advisories/55976
•SECUNIA:56316
•URL: http://secunia.com/advisories/56316
Off-by-one error in the process\_cgivars function in contrib/daemonchk.c
in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated
users to obtain sensitive information from process memory or cause a
denial of service (crash) via a long string in the last key value in the
variable list, which triggers a heap-based buffer over-read
(CVE-2013-7205).
•MLIST:\[oss-security\] 20131224 Re: CVE request: denial of service in
Nagios (process\_cgivars())
•URL: http://www.openwall.com/lists/oss-security/2013/12/24/1
•CONFIRM:
http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
•SECUNIA:55976
•URL: http://secunia.com/advisories/55976
*(from redmine: issue id 2620, created on 2014-02-04, closed on 2014-04-18)*
* Relations:
* parent #2618
* Changesets:
* Revision 0fc285b2ea702c82941928cdfa4e521addba1705 by Natanael Copa on 2014-04-17T10:48:29Z:
```
main/nagios: security fix for CVE-2013-7108, CVE-2013-7205
fixes #2620
```Alpine 2.5.5Carlo LandmeterCarlo Landmeter