aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:13:06Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2651[v2.6] php: remote DoS (CVE-2013-6712)2019-07-23T14:13:06ZAlexander Belous[v2.6] php: remote DoS (CVE-2013-6712)The scan function in ext/date/lib/parse\_iso\_intervals.c in PHP through
5.5.6 does not properly restrict creation of DateInterval objects, which
might allow remote attackers to cause a denial of service (heap-based
buffer over-read) via...The scan function in ext/date/lib/parse\_iso\_intervals.c in PHP through
5.5.6 does not properly restrict creation of DateInterval objects, which
might allow remote attackers to cause a denial of service (heap-based
buffer over-read) via a crafted interval specification.
•MISC: https://bugs.php.net/bug.php?id=66060
•CONFIRM:
http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
•SUSE:openSUSE-SU-2013:1963
•URL: http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html
•SUSE:openSUSE-SU-2013:1964
•URL: http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html
*(from redmine: issue id 2651, created on 2014-02-04, closed on 2014-03-05)*
* Relations:
* parent #2648Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2652[v2.7] php: remote DoS (CVE-2013-6712)2019-07-23T14:13:05ZAlexander Belous[v2.7] php: remote DoS (CVE-2013-6712)The scan function in ext/date/lib/parse\_iso\_intervals.c in PHP through
5.5.6 does not properly restrict creation of DateInterval objects, which
might allow remote attackers to cause a denial of service (heap-based
buffer over-read) via...The scan function in ext/date/lib/parse\_iso\_intervals.c in PHP through
5.5.6 does not properly restrict creation of DateInterval objects, which
might allow remote attackers to cause a denial of service (heap-based
buffer over-read) via a crafted interval specification.
•MISC: https://bugs.php.net/bug.php?id=66060
•CONFIRM:
http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
•SUSE:openSUSE-SU-2013:1963
•URL: http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html
•SUSE:openSUSE-SU-2013:1964
•URL: http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html
*(from redmine: issue id 2652, created on 2014-02-04, closed on 2014-02-05)*
* Relations:
* parent #2648
* Changesets:
* Revision 430d2e5e023a5bf045ee81ed0f8c745fce900d24 by Natanael Copa on 2014-02-05T12:12:01Z:
```
main/php: security upgrade to 5.5.8 (CVE-2013-6712)
fixes #2652
```Alpine 2.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2653cups: local leak (CVE-2013-6891)2019-07-23T14:13:04ZAlexander Belouscups: local leak (CVE-2013-6891)lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.c...lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.cups.org/blog.php?L704
•CONFIRM: http://www.cups.org/str.php?L4319
•UBUNTU:USN-2082-1
•URL: http://www.ubuntu.com/usn/USN-2082-1
•SECUNIA:56531
•URL: http://secunia.com/advisories/56531
*(from redmine: issue id 2653, created on 2014-02-04, closed on 2014-07-07)*
* Relations:
* child #2654
* child #2655
* child #2656
* child #2657https://gitlab.alpinelinux.org/alpine/aports/-/issues/2654[v2.4] cups: local leak (CVE-2013-6891)2019-07-23T14:13:03ZAlexander Belous[v2.4] cups: local leak (CVE-2013-6891)lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.c...lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.cups.org/blog.php?L704
•CONFIRM: http://www.cups.org/str.php?L4319
•UBUNTU:USN-2082-1
•URL: http://www.ubuntu.com/usn/USN-2082-1
•SECUNIA:56531
•URL: http://secunia.com/advisories/56531
*(from redmine: issue id 2654, created on 2014-02-04, closed on 2014-06-04)*
* Relations:
* parent #2653Alpine 2.4.12Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2655[v2.5] cups: local leak (CVE-2013-6891)2019-07-23T14:13:02ZAlexander Belous[v2.5] cups: local leak (CVE-2013-6891)lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.c...lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.cups.org/blog.php?L704
•CONFIRM: http://www.cups.org/str.php?L4319
•UBUNTU:USN-2082-1
•URL: http://www.ubuntu.com/usn/USN-2082-1
•SECUNIA:56531
•URL: http://secunia.com/advisories/56531
*(from redmine: issue id 2655, created on 2014-02-04, closed on 2014-07-07)*
* Relations:
* parent #2653Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2656[v2.6] cups: local leak (CVE-2013-6891)2019-07-23T14:13:01ZAlexander Belous[v2.6] cups: local leak (CVE-2013-6891)lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.c...lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.cups.org/blog.php?L704
•CONFIRM: http://www.cups.org/str.php?L4319
•UBUNTU:USN-2082-1
•URL: http://www.ubuntu.com/usn/USN-2082-1
•SECUNIA:56531
•URL: http://secunia.com/advisories/56531
*(from redmine: issue id 2656, created on 2014-02-04, closed on 2014-07-07)*
* Relations:
* parent #2653Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2657[v2.7] cups: local leak (CVE-2013-6891)2019-07-23T14:12:59ZAlexander Belous[v2.7] cups: local leak (CVE-2013-6891)lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.c...lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.cups.org/blog.php?L704
•CONFIRM: http://www.cups.org/str.php?L4319
•UBUNTU:USN-2082-1
•URL: http://www.ubuntu.com/usn/USN-2082-1
•SECUNIA:56531
•URL: http://secunia.com/advisories/56531
*(from redmine: issue id 2657, created on 2014-02-04, closed on 2014-02-05)*
* Relations:
* parent #2653
* Changesets:
* Revision 463d66f4cb7fe8b689c0dd463671e28f722f803c by Natanael Copa on 2014-02-05T13:06:33Z:
```
main/cups: security upgrade to 1.7.1 (CVE-2013-6891)
fixes #2657
```Alpine 2.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2658net-snmp: remote DoS (CVE-2012-6151)2019-07-23T14:12:58ZAlexander Belousnet-snmp: remote DoS (CVE-2012-6151)Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subage...Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subagent to timeout.
•MLIST:\[oss-security\] 20131202 NMPD DoS \#2411 snmpd crashes/hangs
when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/398
•MLIST:\[oss-security\] 20131202 Re: SNMPD DoS \#2411 snmpd
crashes/hangs when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/415
•MISC: http://sourceforge.net/p/net-snmp/bugs/2411/
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1038007
•BID:64048
•URL: http://www.securityfocus.com/bid/64048
•XF:netsnmp-cve20126151-dos(89485)
•URL: http://xforce.iss.net/xforce/xfdb/89485
*(from redmine: issue id 2658, created on 2014-02-04, closed on 2014-03-05)*
* Relations:
* child #2659
* child #2660
* child #2661
* child #2662https://gitlab.alpinelinux.org/alpine/aports/-/issues/2659[v2.4] net-snmp: remote DoS (CVE-2012-6151)2019-07-23T14:12:57ZAlexander Belous[v2.4] net-snmp: remote DoS (CVE-2012-6151)Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subage...Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subagent to timeout.
•MLIST:\[oss-security\] 20131202 NMPD DoS \#2411 snmpd crashes/hangs
when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/398
•MLIST:\[oss-security\] 20131202 Re: SNMPD DoS \#2411 snmpd
crashes/hangs when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/415
•MISC: http://sourceforge.net/p/net-snmp/bugs/2411/
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1038007
•BID:64048
•URL: http://www.securityfocus.com/bid/64048
•XF:netsnmp-cve20126151-dos(89485)
•URL: http://xforce.iss.net/xforce/xfdb/89485
*(from redmine: issue id 2659, created on 2014-02-04, closed on 2014-03-05)*
* Relations:
* parent #2658
* Changesets:
* Revision e760d56c82e3b69f4ee2bc3f3790a63f01cdae49 on 2014-03-04T14:53:24Z:
```
main/net-snmp: security fix CVE-2012-6151. Fixes #2659
```Alpine 2.4.12Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2660[v2.5] net-snmp: remote DoS (CVE-2012-6151)2019-07-23T14:12:56ZAlexander Belous[v2.5] net-snmp: remote DoS (CVE-2012-6151)Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subage...Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subagent to timeout.
•MLIST:\[oss-security\] 20131202 NMPD DoS \#2411 snmpd crashes/hangs
when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/398
•MLIST:\[oss-security\] 20131202 Re: SNMPD DoS \#2411 snmpd
crashes/hangs when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/415
•MISC: http://sourceforge.net/p/net-snmp/bugs/2411/
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1038007
•BID:64048
•URL: http://www.securityfocus.com/bid/64048
•XF:netsnmp-cve20126151-dos(89485)
•URL: http://xforce.iss.net/xforce/xfdb/89485
*(from redmine: issue id 2660, created on 2014-02-04, closed on 2014-03-05)*
* Relations:
* parent #2658Alpine 2.5.5Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2411[v2.6] CVE-2013-5607: nspr2019-07-23T14:12:55ZAlexander Belous[v2.6] CVE-2013-5607: nsprInteger overflow in the PL\_ArenaAllocate function in Mozilla Netscape
Portable Runtime (NSPR) before 4.10.2, as used in Firefox before
25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and
SeaMonkey before 2.22.1, al...Integer overflow in the PL\_ArenaAllocate function in Mozilla Netscape
Portable Runtime (NSPR) before 4.10.2, as used in Firefox before
25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and
SeaMonkey before 2.22.1, allows remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact
via a crafted X.509 certificate, a related issue to CVE-2013-1741
(CVE-2013-5607).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607
*(from redmine: issue id 2411, created on 2013-11-22, closed on 2014-03-03)*
* Relations:
* parent #2408Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2661[v2.6] net-snmp: remote DoS (CVE-2012-6151)2019-07-23T14:12:54ZAlexander Belous[v2.6] net-snmp: remote DoS (CVE-2012-6151)Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subage...Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subagent to timeout.
•MLIST:\[oss-security\] 20131202 NMPD DoS \#2411 snmpd crashes/hangs
when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/398
•MLIST:\[oss-security\] 20131202 Re: SNMPD DoS \#2411 snmpd
crashes/hangs when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/415
•MISC: http://sourceforge.net/p/net-snmp/bugs/2411/
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1038007
•BID:64048
•URL: http://www.securityfocus.com/bid/64048
•XF:netsnmp-cve20126151-dos(89485)
•URL: http://xforce.iss.net/xforce/xfdb/89485
*(from redmine: issue id 2661, created on 2014-02-04, closed on 2014-02-04)*
* Relations:
* parent #2658Alpine 2.6.7Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2662[v2.7] net-snmp: remote DoS (CVE-2012-6151)2019-07-23T14:12:53ZAlexander Belous[v2.7] net-snmp: remote DoS (CVE-2012-6151)Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subage...Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB
and processing GETNEXT requests, allows remote attackers to cause a
denial of service (crash or infinite loop, CPU consumption, and hang) by
causing the AgentX subagent to timeout.
•MLIST:\[oss-security\] 20131202 NMPD DoS \#2411 snmpd crashes/hangs
when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/398
•MLIST:\[oss-security\] 20131202 Re: SNMPD DoS \#2411 snmpd
crashes/hangs when AgentX subagent times-out
•URL: http://seclists.org/oss-sec/2013/q4/415
•MISC: http://sourceforge.net/p/net-snmp/bugs/2411/
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1038007
•BID:64048
•URL: http://www.securityfocus.com/bid/64048
•XF:netsnmp-cve20126151-dos(89485)
•URL: http://xforce.iss.net/xforce/xfdb/89485
*(from redmine: issue id 2662, created on 2014-02-04, closed on 2014-02-04)*
* Relations:
* parent #2658Alpine 2.7.4Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2663elinks: does not properly verify SSL certificates2019-07-23T14:12:52ZAlexander Belouselinks: does not properly verify SSL certificatesWhen verifying SSL certificates, elinks fails to warn the user if the
hostname of the certificate does not match the hostname of the
website.
Elinks 0.11.7 should be patched or upgraded to 0.12\_pre6.
References:
https://bugs.mageia...When verifying SSL certificates, elinks fails to warn the user if the
hostname of the certificate does not match the hostname of the
website.
Elinks 0.11.7 should be patched or upgraded to 0.12\_pre6.
References:
https://bugs.mageia.org/show\_bug.cgi?id=11460
http://repo.or.cz/w/elinks.git/shortlog/refs/tags/elinks-0.11.7
COMMIT: http://repo.or.cz/w/elinks.git/commitdiff/0c3f3e09
*(from redmine: issue id 2663, created on 2014-02-04, closed on 2014-03-05)*
* Relations:
* child #2664
* child #2665https://gitlab.alpinelinux.org/alpine/aports/-/issues/2664[v2.4] elinks: does not properly verify SSL certificates2019-07-23T14:12:51ZAlexander Belous[v2.4] elinks: does not properly verify SSL certificatesWhen verifying SSL certificates, elinks fails to warn the user if the
hostname of the certificate does not match the hostname of the
website.
Elinks 0.11.7 should be patched or upgraded to 0.12\_pre6.
References:
https://bugs.mageia...When verifying SSL certificates, elinks fails to warn the user if the
hostname of the certificate does not match the hostname of the
website.
Elinks 0.11.7 should be patched or upgraded to 0.12\_pre6.
References:
https://bugs.mageia.org/show\_bug.cgi?id=11460
http://repo.or.cz/w/elinks.git/shortlog/refs/tags/elinks-0.11.7
COMMIT: http://repo.or.cz/w/elinks.git/commitdiff/0c3f3e09
*(from redmine: issue id 2664, created on 2014-02-04, closed on 2014-03-05)*
* Relations:
* parent #2663
* Changesets:
* Revision 4fba92816c0e71757a88cc344de763867564d734 on 2014-03-04T13:42:25Z:
```
main/elinks: secuirty fix. Fixes #2664
```Alpine 2.4.12Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2665[v2.5] elinks: does not properly verify SSL certificates2019-07-23T14:12:50ZAlexander Belous[v2.5] elinks: does not properly verify SSL certificatesWhen verifying SSL certificates, elinks fails to warn the user if the
hostname of the certificate does not match the hostname of the
website.
Elinks 0.11.7 should be patched or upgraded to 0.12\_pre6.
References:
https://bugs.mageia...When verifying SSL certificates, elinks fails to warn the user if the
hostname of the certificate does not match the hostname of the
website.
Elinks 0.11.7 should be patched or upgraded to 0.12\_pre6.
References:
https://bugs.mageia.org/show\_bug.cgi?id=11460
http://repo.or.cz/w/elinks.git/shortlog/refs/tags/elinks-0.11.7
COMMIT: http://repo.or.cz/w/elinks.git/commitdiff/0c3f3e09
*(from redmine: issue id 2665, created on 2014-02-04, closed on 2014-03-05)*
* Relations:
* parent #2663
* Changesets:
* Revision 6eee88539b76461eb172cd3fa76ae0e3bd2b1c75 on 2014-03-04T13:35:04Z:
```
main/elinks: security fix. Fixes #2665
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2666augeas: CVE-2012-0786 CVE-2012-0787 CVE-2013-64122019-07-23T14:12:48ZAlexander Belousaugeas: CVE-2012-0786 CVE-2012-0787 CVE-2013-6412Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for
example, an application run...Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for
example, an application running as root that is updating files in a
directory owned by a non-root service user) could have been tricked into
overwriting arbitrary files or leaking information via a symbolic link
or mount point attack (CVE-2012-0786, CVE-2012-0787).
A flaw was found in the way Augeas handled certain umask settings when
creating new configuration files. This flaw could result in
configuration files being created as world writable, allowing
unprivileged local users to modify their content (CVE-2013-6412).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412
https://rhn.redhat.com/errata/RHSA-2013-1537.html
https://rhn.redhat.com/errata/RHSA-2014-0044.html
*(from redmine: issue id 2666, created on 2014-02-04, closed on 2014-03-03)*
* Relations:
* child #2667
* child #2668
* child #2669
* child #2670https://gitlab.alpinelinux.org/alpine/aports/-/issues/2667[v2.4] augeas: CVE-2012-0786 CVE-2012-0787 CVE-2013-64122019-07-23T14:12:47ZAlexander Belous[v2.4] augeas: CVE-2012-0786 CVE-2012-0787 CVE-2013-6412Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for
example, an application run...Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for
example, an application running as root that is updating files in a
directory owned by a non-root service user) could have been tricked into
overwriting arbitrary files or leaking information via a symbolic link
or mount point attack (CVE-2012-0786, CVE-2012-0787).
A flaw was found in the way Augeas handled certain umask settings when
creating new configuration files. This flaw could result in
configuration files being created as world writable, allowing
unprivileged local users to modify their content (CVE-2013-6412).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412
https://rhn.redhat.com/errata/RHSA-2013-1537.html
https://rhn.redhat.com/errata/RHSA-2014-0044.html
*(from redmine: issue id 2667, created on 2014-02-04, closed on 2014-03-03)*
* Relations:
* parent #2666
* Changesets:
* Revision 934da98b301e08141380811b39affba078ff7118 by Natanael Copa on 2014-03-03T14:36:15Z:
```
main/augeas: security fix for CVE-2012-0786 and CVE-2012-0787
fixes #2667
```Alpine 2.4.12Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2668[v2.5] augeas: CVE-2012-0786 CVE-2012-0787 CVE-2013-64122019-07-23T14:12:46ZAlexander Belous[v2.5] augeas: CVE-2012-0786 CVE-2012-0787 CVE-2013-6412Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for
example, an application run...Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for
example, an application running as root that is updating files in a
directory owned by a non-root service user) could have been tricked into
overwriting arbitrary files or leaking information via a symbolic link
or mount point attack (CVE-2012-0786, CVE-2012-0787).
A flaw was found in the way Augeas handled certain umask settings when
creating new configuration files. This flaw could result in
configuration files being created as world writable, allowing
unprivileged local users to modify their content (CVE-2013-6412).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412
https://rhn.redhat.com/errata/RHSA-2013-1537.html
https://rhn.redhat.com/errata/RHSA-2014-0044.html
*(from redmine: issue id 2668, created on 2014-02-04, closed on 2014-03-03)*
* Relations:
* parent #2666
* Changesets:
* Revision 925aedc7db715e20edabddbb624db5477441d4cf by Natanael Copa on 2014-03-03T14:32:46Z:
```
main/augeas: security fix for CVE-2012-0786 and CVE-2012-0787
fixes #2668
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2669[v2.6] augeas: CVE-2012-0786 CVE-2012-0787 CVE-2013-64122019-07-23T14:12:45ZAlexander Belous[v2.6] augeas: CVE-2012-0786 CVE-2012-0787 CVE-2013-6412Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for
example, an application run...Multiple flaws were found in the way Augeas handled configuration files
when updating them. An application using Augeas to update configuration
files in a directory that is writable to by a different user (for
example, an application running as root that is updating files in a
directory owned by a non-root service user) could have been tricked into
overwriting arbitrary files or leaking information via a symbolic link
or mount point attack (CVE-2012-0786, CVE-2012-0787).
A flaw was found in the way Augeas handled certain umask settings when
creating new configuration files. This flaw could result in
configuration files being created as world writable, allowing
unprivileged local users to modify their content (CVE-2013-6412).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412
https://rhn.redhat.com/errata/RHSA-2013-1537.html
https://rhn.redhat.com/errata/RHSA-2014-0044.html
*(from redmine: issue id 2669, created on 2014-02-04, closed on 2014-03-03)*
* Relations:
* parent #2666
* Changesets:
* Revision 4744e3fa9a1427f912e8e2cc6beed29c3f908cbc by Natanael Copa on 2014-03-03T14:10:36Z:
```
main/augeas: security fix for CVE-2013-6412
fixes #2669
```Alpine 2.6.7Natanael CopaNatanael Copa