aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:36:03Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8519xen: Multiple vulnerabilities (CVE-2017-17563, CVE-2017-17564, CVE-2017-17565...2019-07-23T11:36:03ZAlicha CHxen: Multiple vulnerabilities (CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)**CVE-2017-17566, XSA-248**: x86 PV guests may gain access to internally
used pages
### Reference:
http://xenbits.xen.org/xsa/advisory-248.html
**CVE-2017-17563, XSA-249**: broken x86 shadow mode refcount overflow
check
### Reference...**CVE-2017-17566, XSA-248**: x86 PV guests may gain access to internally
used pages
### Reference:
http://xenbits.xen.org/xsa/advisory-248.html
**CVE-2017-17563, XSA-249**: broken x86 shadow mode refcount overflow
check
### Reference:
http://xenbits.xen.org/xsa/advisory-249.html
**CVE-2017-17564, XSA-250**: improper x86 shadow mode refcount error
handling
### Reference:
http://xenbits.xen.org/xsa/advisory-250.html
**CVE-2017-17565, XSA-251**: improper bug check in x86 log-dirty
handling
### Reference:
http://xenbits.xen.org/xsa/advisory-251.html
**CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, XSA-254**: Information
leak via side effects of speculative execution
### Reference:
http://xenbits.xen.org/xsa/advisory-254.html
*(from redmine: issue id 8519, created on 2018-02-20, closed on 2018-03-05)*
* Relations:
* child #8520
* child #8521
* child #8522
* child #8523Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8518[3.4] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)2019-07-23T11:36:04ZAlicha CH[3.4] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows ...CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function
vorbis\_analysis\_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2328
### Bug introduced in:
https://github.com/xiph/vorbis/commit/4b67376da7de
### Patch:
https://github.com/xiph/vorbis/commit/10064bfdd51f7c59
CVE-2017-14633: Out-of-bounds array read in the function mapping0\_forward()
----------------------------------------------------------------------------
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0\_forward() in mapping0.c,
which may lead to DoS when operating on a crafted audio file with
vorbis\_analysis().
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2329
### Patches:
https://github.com/xiph/vorbis/commit/a79ec216cd1190
https://github.com/xiph/vorbis/commit/c1c2831fc7306d
*(from redmine: issue id 8518, created on 2018-02-20, closed on 2018-03-05)*
* Relations:
* parent #8514
* Changesets:
* Revision dec24efcb4cf9a0e74e36f84bb285702f8945207 on 2018-02-27T14:37:10Z:
```
main/libvorbis: security fixes (CVE-2017-14632, CVE-2017-14633)
Fixes #8518
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8517[3.5] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)2019-07-23T11:36:05ZAlicha CH[3.5] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows ...CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function
vorbis\_analysis\_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2328
### Bug introduced in:
https://github.com/xiph/vorbis/commit/4b67376da7de
### Patch:
https://github.com/xiph/vorbis/commit/10064bfdd51f7c59
CVE-2017-14633: Out-of-bounds array read in the function mapping0\_forward()
----------------------------------------------------------------------------
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0\_forward() in mapping0.c,
which may lead to DoS when operating on a crafted audio file with
vorbis\_analysis().
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2329
### Patches:
https://github.com/xiph/vorbis/commit/a79ec216cd1190
https://github.com/xiph/vorbis/commit/c1c2831fc7306d
*(from redmine: issue id 8517, created on 2018-02-20, closed on 2018-03-05)*
* Relations:
* parent #8514
* Changesets:
* Revision d95b3b237a1cf432689df21b9a0d143e5101245b on 2018-02-27T14:34:14Z:
```
main/libvorbis: security fixes (CVE-2017-14632, CVE-2017-14633)
Fixes #8517
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8516[3.6] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)2019-07-23T11:36:07ZAlicha CH[3.6] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows ...CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function
vorbis\_analysis\_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2328
### Bug introduced in:
https://github.com/xiph/vorbis/commit/4b67376da7de
### Patch:
https://github.com/xiph/vorbis/commit/10064bfdd51f7c59
CVE-2017-14633: Out-of-bounds array read in the function mapping0\_forward()
----------------------------------------------------------------------------
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0\_forward() in mapping0.c,
which may lead to DoS when operating on a crafted audio file with
vorbis\_analysis().
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2329
### Patches:
https://github.com/xiph/vorbis/commit/a79ec216cd1190
https://github.com/xiph/vorbis/commit/c1c2831fc7306d
*(from redmine: issue id 8516, created on 2018-02-20, closed on 2018-03-05)*
* Relations:
* parent #8514
* Changesets:
* Revision 29cff9d10275a6ccef556496c68890e438c82a5d on 2018-02-27T14:31:55Z:
```
main/libvorbis: security fixes (CVE-2017-14632, CVE-2017-14633)
Fixes #8516
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8515[3.7] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)2019-07-23T11:36:08ZAlicha CH[3.7] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows ...CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function
vorbis\_analysis\_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2328
### Bug introduced in:
https://github.com/xiph/vorbis/commit/4b67376da7de
### Patch:
https://github.com/xiph/vorbis/commit/10064bfdd51f7c59
CVE-2017-14633: Out-of-bounds array read in the function mapping0\_forward()
----------------------------------------------------------------------------
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0\_forward() in mapping0.c,
which may lead to DoS when operating on a crafted audio file with
vorbis\_analysis().
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2329
### Patches:
https://github.com/xiph/vorbis/commit/a79ec216cd1190
https://github.com/xiph/vorbis/commit/c1c2831fc7306d
*(from redmine: issue id 8515, created on 2018-02-20, closed on 2018-03-05)*
* Relations:
* parent #8514
* Changesets:
* Revision c42d614e4be200793b593469247613c411424a83 on 2018-02-27T14:27:44Z:
```
main/libvorbis: security fixes (CVE-2017-14632, CVE-2017-14633)
Fixes #8515
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8514libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)2019-07-23T11:36:09ZAlicha CHlibvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows ...CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function
vorbis\_analysis\_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2328
### Bug introduced in:
https://github.com/xiph/vorbis/commit/4b67376da7de
### Patch:
https://github.com/xiph/vorbis/commit/10064bfdd51f7c59
CVE-2017-14633: Out-of-bounds array read in the function mapping0\_forward()
----------------------------------------------------------------------------
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0\_forward() in mapping0.c,
which may lead to DoS when operating on a crafted audio file with
vorbis\_analysis().
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2329
### Patches:
https://github.com/xiph/vorbis/commit/a79ec216cd1190
https://github.com/xiph/vorbis/commit/c1c2831fc7306d
*(from redmine: issue id 8514, created on 2018-02-20, closed on 2018-03-05)*
* Relations:
* child #8515
* child #8516
* child #8517
* child #8518Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8512[3.7] webkit2gtk: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE...2019-07-23T11:36:10ZAlicha CH[3.7] webkit2gtk: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)**CVE-2017-5753**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-cha...**CVE-2017-5753**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-channel
analysis. This variant of the
Spectre vulnerability triggers the speculative execution by performing a
bounds-check bypass.
Description: Security improvements are included to mitigate the effects.
**CVE-2017-5715**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-channel
analysis. This variant of the
Spectre vulnerability triggers the speculative execution by utilizing
branch target injection.
Description: Security improvements are included to mitigate the effects.
### References:
https://webkitgtk.org/security/WSA-2018-0001.html
**CVE-2018-4088**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2018-4096**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-7153**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Visiting a malicious website may lead to user interface
spoofing.
Description: Redirect responses to 401 Unauthorized may allow a
malicious website to incorrectly
display the lock icon on mixed content. This issue was addressed through
improved URL display logic.
**CVE-2017-7160**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-7161**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: A command injection issue existed in Web Inspector. This
issue was addressed through
improved escaping of special characters.
**CVE-2017-7165**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-13884**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-13885**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
### References:
https://webkitgtk.org/security/WSA-2018-0002.html
*(from redmine: issue id 8512, created on 2018-02-20, closed on 2018-02-20)*
* Relations:
* parent #8509
* Changesets:
* Revision 62ad1de0cde874d84bce247ef48116a2feac92d0 by Natanael Copa on 2018-02-20T15:15:15Z:
```
community/webkit2gtk: upgrade to 2.18.6
fixes #8512
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8510[3.8] webkit2gtk: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE...2019-07-23T11:36:11ZAlicha CH[3.8] webkit2gtk: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)**CVE-2017-5753**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-cha...**CVE-2017-5753**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-channel
analysis. This variant of the
Spectre vulnerability triggers the speculative execution by performing a
bounds-check bypass.
Description: Security improvements are included to mitigate the effects.
**CVE-2017-5715**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-channel
analysis. This variant of the
Spectre vulnerability triggers the speculative execution by utilizing
branch target injection.
Description: Security improvements are included to mitigate the effects.
### References:
https://webkitgtk.org/security/WSA-2018-0001.html
**CVE-2018-4088**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2018-4096**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-7153**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Visiting a malicious website may lead to user interface
spoofing.
Description: Redirect responses to 401 Unauthorized may allow a
malicious website to incorrectly
display the lock icon on mixed content. This issue was addressed through
improved URL display logic.
**CVE-2017-7160**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-7161**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: A command injection issue existed in Web Inspector. This
issue was addressed through
improved escaping of special characters.
**CVE-2017-7165**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-13884**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-13885**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
### References:
https://webkitgtk.org/security/WSA-2018-0002.html
*(from redmine: issue id 8510, created on 2018-02-20, closed on 2018-02-20)*
* Relations:
* parent #8509
* Changesets:
* Revision 3e460aa505a805018391bdf58fe8dfd86f3fc57d by Natanael Copa on 2018-02-20T14:48:09Z:
```
community/webkit2gtk: upgrade to 2.18.6
fixes #8510
```3.8.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/8509webkit2gtk: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2018-...2019-07-23T11:36:13ZAlicha CHwebkit2gtk: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)**CVE-2017-5753**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-cha...**CVE-2017-5753**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-channel
analysis. This variant of the
Spectre vulnerability triggers the speculative execution by performing a
bounds-check bypass.
Description: Security improvements are included to mitigate the effects.
**CVE-2017-5715**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-channel
analysis. This variant of the
Spectre vulnerability triggers the speculative execution by utilizing
branch target injection.
Description: Security improvements are included to mitigate the effects.
### References:
https://webkitgtk.org/security/WSA-2018-0001.html
**CVE-2018-4088**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2018-4096**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-7153**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Visiting a malicious website may lead to user interface
spoofing.
Description: Redirect responses to 401 Unauthorized may allow a
malicious website to incorrectly
display the lock icon on mixed content. This issue was addressed through
improved URL display logic.
**CVE-2017-7160**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-7161**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: A command injection issue existed in Web Inspector. This
issue was addressed through
improved escaping of special characters.
**CVE-2017-7165**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-13884**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-13885**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
### References:
https://webkitgtk.org/security/WSA-2018-0002.html
*(from redmine: issue id 8509, created on 2018-02-20, closed on 2018-02-20)*
* Relations:
* child #8510
* child #8512https://gitlab.alpinelinux.org/alpine/aports/-/issues/8508[3.7] libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERV...2019-07-23T11:36:14ZAlicha CH[3.7] libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871)LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
Vulnerable versions of LibreOffice allow
WEBSERVICE to take a local file URL (e.g file://) which can be used to
inject local files into the spreadsheet without
wa...LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
Vulnerable versions of LibreOffice allow
WEBSERVICE to take a local file URL (e.g file://) which can be used to
inject local files into the spreadsheet without
warning the user. Subsequent formulas can operate on that inserted data
and construct a remote URL whose
path leaks the local data to a remote attacker.
In later versions of LibreOffice without this flaw, WEBSERVICE has now
been limited to accessing http and https URLs
along with bringing WEBSERVICE URLs under LibreOffice Calc’s link
management infrastructure.
### Fixed in:
LibreOffice 5.4.5/6.0.1
### References:
https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/
https://nvd.nist.gov/vuln/detail/CVE-2018-6871
### Patch:
https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a
*(from redmine: issue id 8508, created on 2018-02-20, closed on 2018-02-20)*
* Relations:
* parent #8506
* Changesets:
* Revision 9aefcdb6487a7730076a803db4952a8ec98223a9 by Natanael Copa on 2018-02-20T15:09:17Z:
```
community/libreoffice: security upgrade to 5.4.5.1 (CVE-2018-6871)
fixes #8508
```3.7.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8507[3.8] libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERV...2019-07-23T11:36:15ZAlicha CH[3.8] libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871)LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
Vulnerable versions of LibreOffice allow
WEBSERVICE to take a local file URL (e.g file://) which can be used to
inject local files into the spreadsheet without
wa...LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
Vulnerable versions of LibreOffice allow
WEBSERVICE to take a local file URL (e.g file://) which can be used to
inject local files into the spreadsheet without
warning the user. Subsequent formulas can operate on that inserted data
and construct a remote URL whose
path leaks the local data to a remote attacker.
In later versions of LibreOffice without this flaw, WEBSERVICE has now
been limited to accessing http and https URLs
along with bringing WEBSERVICE URLs under LibreOffice Calc’s link
management infrastructure.
### Fixed in:
LibreOffice 5.4.5/6.0.1
### References:
https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/
https://nvd.nist.gov/vuln/detail/CVE-2018-6871
### Patch:
https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a
*(from redmine: issue id 8507, created on 2018-02-20, closed on 2018-02-20)*
* Relations:
* parent #8506
* Changesets:
* Revision d230c882820f6df1af223c97dc6cd51873cfc506 by Natanael Copa on 2018-02-20T13:57:01Z:
```
community/libreoffice: security upgrade to 5.4.5.1 (CVE-2018-6871)
fixes #8507
```3.8.0Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8506libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE fo...2019-07-23T11:36:16ZAlicha CHlibreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871)LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
Vulnerable versions of LibreOffice allow
WEBSERVICE to take a local file URL (e.g file://) which can be used to
inject local files into the spreadsheet without
wa...LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
Vulnerable versions of LibreOffice allow
WEBSERVICE to take a local file URL (e.g file://) which can be used to
inject local files into the spreadsheet without
warning the user. Subsequent formulas can operate on that inserted data
and construct a remote URL whose
path leaks the local data to a remote attacker.
In later versions of LibreOffice without this flaw, WEBSERVICE has now
been limited to accessing http and https URLs
along with bringing WEBSERVICE URLs under LibreOffice Calc’s link
management infrastructure.
### Fixed in:
LibreOffice 5.4.5/6.0.1
### References:
https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/
https://nvd.nist.gov/vuln/detail/CVE-2018-6871
### Patch:
https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a
*(from redmine: issue id 8506, created on 2018-02-20, closed on 2018-02-20)*
* Relations:
* child #8507
* child #8508Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8505[3.7] exim: buffer overflow (CVE-2018-6789)2020-10-20T12:17:36ZAlicha CH[3.7] exim: buffer overflow (CVE-2018-6789)In Exim 4.90 and earlier, there is a buffer overflow in an utility
function, if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.
### References:
https://exim.org/static/doc/securit...In Exim 4.90 and earlier, there is a buffer overflow in an utility
function, if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.
### References:
https://exim.org/static/doc/security/CVE-2018-6789.txt
http://openwall.com/lists/oss-security/2018/02/07/2
### Patch:
https://github.com/Exim/exim/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
*(from redmine: issue id 8505, created on 2018-02-19, closed on 2018-02-20)*
* Changesets:
* Revision e95c80cf3e6df7464ca979ceb06ea853249403e3 by Valery Kartel on 2018-02-19T15:09:27Z:
```
community/exim: security upgrade to 4.90.1 (CVE-2018-6789)
Fixes #8505
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8504[3.4] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018...2019-07-12T15:32:51ZAlicha CH[3.4] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053)**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2...**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
**CVE-2018-5206**: When the channel topic is set without specifying a
sender, Irssi may dereference NULL pointer.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
**CVE-2018-5207**: When using an incomplete variable argument, Irssi may
access data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
**CVE-2018-5208**: A calculation error in the completion code could
cause a heap buffer overflow when completing certain strings.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
**CVE-2018-7050**: Null pointer dereference when an “empty” nick has
been observed by Irssi.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7051**: Certain nick names could result in out of bounds
access when printing theme strings.
### Affected versions:
Irssi 0.8.7 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7052**: When the number of windows exceed the available
space,
Irssi would crash due to Null pointer dereference.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7053**: Use after free when SASL messages are received in
unexpected order.
### Affected Versions:
Irssi 0.8.18 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
*(from redmine: issue id 8504, created on 2018-02-19, closed on 2018-02-20)*
* Relations:
* parent #85003.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8503[3.5] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018...2019-07-12T15:32:51ZAlicha CH[3.5] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053)**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2...**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
**CVE-2018-5206**: When the channel topic is set without specifying a
sender, Irssi may dereference NULL pointer.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
**CVE-2018-5207**: When using an incomplete variable argument, Irssi may
access data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
**CVE-2018-5208**: A calculation error in the completion code could
cause a heap buffer overflow when completing certain strings.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
**CVE-2018-7050**: Null pointer dereference when an “empty” nick has
been observed by Irssi.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7051**: Certain nick names could result in out of bounds
access when printing theme strings.
### Affected versions:
Irssi 0.8.7 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7052**: When the number of windows exceed the available
space,
Irssi would crash due to Null pointer dereference.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7053**: Use after free when SASL messages are received in
unexpected order.
### Affected Versions:
Irssi 0.8.18 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
*(from redmine: issue id 8503, created on 2018-02-19, closed on 2018-02-19)*
* Relations:
* parent #85003.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8502[3.6] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018...2019-07-23T11:36:18ZAlicha CH[3.6] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054)**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2...**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
**CVE-2018-5206**: When the channel topic is set without specifying a
sender, Irssi may dereference NULL pointer.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
**CVE-2018-5207**: When using an incomplete variable argument, Irssi may
access data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
**CVE-2018-5208**: A calculation error in the completion code could
cause a heap buffer overflow when completing certain strings.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
**CVE-2018-7050**: Null pointer dereference when an “empty” nick has
been observed by Irssi.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7051**: Certain nick names could result in out of bounds
access when printing theme strings.
### Affected versions:
Irssi 0.8.7 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7052**: When the number of windows exceed the available
space,
Irssi would crash due to Null pointer dereference.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7053**: Use after free when SASL messages are received in
unexpected order.
### Affected Versions:
Irssi 0.8.18 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7054**: Use after free when server is disconnected during
netsplits.
### Affected Versions:
Irssi 1.0.0 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
*(from redmine: issue id 8502, created on 2018-02-19, closed on 2018-02-20)*
* Relations:
* parent #8500
* Changesets:
* Revision 5ea4be178b85d817f049fdf01ba85be7923c6904 on 2018-02-19T15:01:56Z:
```
main/irssi: security upgrade to 1.0.6
CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050,
CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054
Fixes #8502
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8501[ 3.7] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-201...2019-07-23T11:36:20ZAlicha CH[ 3.7] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054)**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2...**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
**CVE-2018-5206**: When the channel topic is set without specifying a
sender, Irssi may dereference NULL pointer.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
**CVE-2018-5207**: When using an incomplete variable argument, Irssi may
access data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
**CVE-2018-5208**: A calculation error in the completion code could
cause a heap buffer overflow when completing certain strings.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
**CVE-2018-7050**: Null pointer dereference when an “empty” nick has
been observed by Irssi.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7051**: Certain nick names could result in out of bounds
access when printing theme strings.
### Affected versions:
Irssi 0.8.7 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7052**: When the number of windows exceed the available
space,
Irssi would crash due to Null pointer dereference.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7053**: Use after free when SASL messages are received in
unexpected order.
### Affected Versions:
Irssi 0.8.18 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7054**: Use after free when server is disconnected during
netsplits.
### Affected Versions:
Irssi 1.0.0 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
*(from redmine: issue id 8501, created on 2018-02-19, closed on 2018-02-20)*
* Relations:
* parent #8500
* Changesets:
* Revision 0e2a4ec9e83009442eb881b140c63d8de286d2c9 on 2018-02-19T14:59:36Z:
```
main/irssi: security upgrade to 1.0.6
CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050,
CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054
Fixes #8501
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8500irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018-5207,...2019-07-23T11:36:21ZAlicha CHirssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054)**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2...**CVE-2018-5205**: When using incomplete escape codes, Irssi may access
data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
**CVE-2018-5206**: When the channel topic is set without specifying a
sender, Irssi may dereference NULL pointer.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
**CVE-2018-5207**: When using an incomplete variable argument, Irssi may
access data beyond the end of the string.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
**CVE-2018-5208**: A calculation error in the completion code could
cause a heap buffer overflow when completing certain strings.
### Affected Versions:
All Irssi versions.
### Fixed In:
Irssi 1.0.6
### References:
https://irssi.org/security/irssi\_sa\_2018\_01.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
**CVE-2018-7050**: Null pointer dereference when an “empty” nick has
been observed by Irssi.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7051**: Certain nick names could result in out of bounds
access when printing theme strings.
### Affected versions:
Irssi 0.8.7 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7052**: When the number of windows exceed the available
space,
Irssi would crash due to Null pointer dereference.
### Affected versions:
All Irssi versions
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7053**: Use after free when SASL messages are received in
unexpected order.
### Affected Versions:
Irssi 0.8.18 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
**CVE-2018-7054**: Use after free when server is disconnected during
netsplits.
### Affected Versions:
Irssi 1.0.0 and later
### Fixed in:
Irssi 1.0.7, 1.1.1
### References:
https://irssi.org/security/irssi\_sa\_2018\_02.txt
*(from redmine: issue id 8500, created on 2018-02-19, closed on 2018-02-20)*
* Relations:
* child #8501
* child #8502
* child #8503
* child #8504Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8499Package request: lrzsz2019-07-23T11:36:22ZalgitbotPackage request: lrzszHello. Seeking lrzsz (zmodem transfer) to compliment busybox’s telnet.
GPL’d sources here:
&lt;https://ohse.de/uwe/software/lrzsz.html&gt;
Thank you for your consideration.
*(from redmine: issue id 8499, created on 2018-02-18, close...Hello. Seeking lrzsz (zmodem transfer) to compliment busybox’s telnet.
GPL’d sources here:
<https://ohse.de/uwe/software/lrzsz.html>
Thank you for your consideration.
*(from redmine: issue id 8499, created on 2018-02-18, closed on 2018-06-26)*3.8.0Roberto OliveiraRoberto Oliveirahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8498zfs unmount fails because of double umount call2020-01-19T14:38:48ZAlexander Zubkovzfs unmount fails because of double umount callWhen I try to unmount zfs dataset, I get and error:
1. zfs create pool/root/test
2. strace -ff zfs unmount pool/root/test
umount: can’t unmount /test: Invalid argument
cannot unmount ‘/test’: umount failed
If I run it und...When I try to unmount zfs dataset, I get and error:
1. zfs create pool/root/test
2. strace -ff zfs unmount pool/root/test
umount: can’t unmount /test: Invalid argument
cannot unmount ‘/test’: umount failed
If I run it under strace (), I see that it calls umount2() twice:
1. strace -ff zfs unmount pool/root/test
…
\[pid 957\] umount2(“/test”, 0) = 0
\[pid 957\] open(“/test”, O\_RDONLY|O\_NONBLOCK|O\_CLOEXEC|O\_PATH)
= 6
\[pid 957\] readlink(“/proc/self/fd/6”, “/test”, 4095) = 5
\[pid 957\] fstat(6, {st\_mode=S\_IFDIR|0755, st\_size=2, …}) = 0
\[pid 957\] stat(“/test”, {st\_mode=S\_IFDIR|0755, st\_size=2, …}) =
0
\[pid 957\] close(6) = 0
\[pid 957\] umount2(“/test”, 0) = –1 EINVAL (Invalid argument)
…
So it actually unmounts the dataset during the first syscall, but trying
to do it again and fails during the second. It not such a problem when
running by hands. But for example lxd fails to work with zfs storage
driver because of that.
I have access to non-alpine systems with zfs (but much older version
0.6.3) - there are no problems. And I found nothing during googling. So
I think it could be Alpine-specific bug.
*(from redmine: issue id 8498, created on 2018-02-18)*