aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-12T14:29:36Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/793webkit-1.6.1-r0 has textrels2019-07-12T14:29:36ZLeonardo Arenawebkit-1.6.1-r0 has textrels~$ midori
Can’t modify /usr/lib/libjavascriptcoregtk-1.0.so.0’s text section. Use
GCC option -fPIC for shared objects, please.
~$ apk info -v | grep midori
midori-0.4.1-r0
*(from redmine: issue id 793, created on 2011-11-02, clos...~$ midori
Can’t modify /usr/lib/libjavascriptcoregtk-1.0.so.0’s text section. Use
GCC option -fPIC for shared objects, please.
~$ apk info -v | grep midori
midori-0.4.1-r0
*(from redmine: issue id 793, created on 2011-11-02, closed on 2011-11-14)*
* Changesets:
* Revision 08927d07ec02e105a236333719fe255f4c54d93d by Natanael Copa on 2011-11-06T17:03:02Z:
```
main/webkit: fix textrels
ref #793
```
* Revision 8d233790ee52a5611711ee974ad280d446ed16a5 by Natanael Copa on 2011-11-06T21:11:20Z:
```
main/webkit: fix textrels
fixes #793
(cherry picked from commit 08927d07ec02e105a236333719fe255f4c54d93d)
```Alpine 2.3.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/794Multiple Vulnerabilities in wireshark < 1.6.3 May Cause a Local Denial of Ser...2019-07-12T14:29:37ZLeonardo ArenaMultiple Vulnerabilities in wireshark < 1.6.3 May Cause a Local Denial of Servicehttp://www.wireshark.org/security/wnpa-sec-2011-17.html
http://www.wireshark.org/security/wnpa-sec-2011-18.html
http://www.wireshark.org/security/wnpa-sec-2011-19.html
Affected:
\- All Alpine releases including Edge
Not affected:
\...http://www.wireshark.org/security/wnpa-sec-2011-17.html
http://www.wireshark.org/security/wnpa-sec-2011-18.html
http://www.wireshark.org/security/wnpa-sec-2011-19.html
Affected:
\- All Alpine releases including Edge
Not affected:
\- NA
Solution:
Upgrade to latest version 1.6.3
*(from redmine: issue id 794, created on 2011-11-03, closed on 2011-11-14)*
* Changesets:
* Revision cf7aa2ec8545b2e14c8adeb8e2532b6855de8e64 by Natanael Copa on 2011-11-10T07:40:58Z:
```
main/wireshark: security upgrade to 1.6.3
CVE-2011-4100
CVE-2011-4101
CVE-2011-4102
ref #794
(cherry picked from commit 201cb4e2b967da9f838be557cad898f4283eaf4f)
```
* Revision 04225e4a1da865af8715e41b3fdce939e51211eb by Natanael Copa on 2011-11-10T14:08:00Z:
```
main/wireshark: security upgrade to 1.4.10 (CVE-2011-4101, CVE-2011-4102)
ref #794
```
* Revision 42eb005f0be1da33d13139e8ed7debe7c032436a by Natanael Copa on 2011-11-10T14:13:39Z:
```
main/wireshark: security upgrade to 1.4.10 (CVE-2011-4101, CVE-2011-4102)
fixes #794
(cherry picked from commit 04225e4a1da865af8715e41b3fdce939e51211eb)
```Alpine 2.3.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/802Multiple Vulnerabilities in openjdk6 < 1.6.0.29 May Allow Remote Code Execution2019-07-12T14:29:42ZLeonardo ArenaMultiple Vulnerabilities in openjdk6 < 1.6.0.29 May Allow Remote Code Executionhttp://www.gentoo.org/security/en/glsa/glsa-201111-02.xml
Affected:
\- Edge (1.6.0\_p22)
\- Alpine 2.3 (1.6.0\_p22)
\- Alpine 2.2 (1.6.0\_p22)
Not affected:
\- NA
Solution:
Upgrade to 1.6.0.29
*(from redmine: issue id 802, crea...http://www.gentoo.org/security/en/glsa/glsa-201111-02.xml
Affected:
\- Edge (1.6.0\_p22)
\- Alpine 2.3 (1.6.0\_p22)
\- Alpine 2.2 (1.6.0\_p22)
Not affected:
\- NA
Solution:
Upgrade to 1.6.0.29
*(from redmine: issue id 802, created on 2011-11-07, closed on 2011-11-14)*
* Changesets:
* Revision 0389c0810effbe38de6d05d68e3ab6bb08a8aaef by Timo Teräs on 2011-11-11T06:23:22Z:
```
main/openjdk6: security upgrade icedtea6 to 1.10.4
ref #802
icedtea6 1.10.4 includes patches for the following security issues:
CVE-2011-3547: InputStream skip() information leak
CVE-2011-3548: mutable static AWTKeyStroke.ctor
CVE-2011-3551: Java2D TransformHelper integer overflow
CVE-2011-3552: excessive default UDP socket limit under SecurityManager
CVE-2011-3553: JAX-WS stack-traces information leak
CVE-2011-3544: missing SecurityManager checks in scripting engine
CVE-2011-3521: IIOP deserialization code execution
CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
CVE-2011-3556: RMI DGC server remote code execution
CVE-2011-3557: RMI registry privileged code execution
CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
icedtea6 1.10.2 security patches (since upgrading from icedtea6 1.10.1):
CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)
CVE-2011-0865: Vulnerability in deserialization
CVE-2011-0815: Heap overflow vulnerability in FileDialog.show()
CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
CVE-2011-0867: NetworkInterface.toString can reveal bindings
CVE-2011-0869: Vulnerability in SAAJ
CVE-2011-0870: Vulnerability in SAAJ
CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero
CVE-2011-0871: ImageIcon creates Component with null acc
CVE-2011-0864: JSR rewriting can overflow memory address size variables
```
* Revision 2cc2ea43aa32fe3dbc3aa6e34c45ccdca32b033e by Timo Teräs on 2011-11-11T13:31:21Z:
```
main/openjdk6: security upgrade icedtea6 to 1.10.4
ref #802
icedtea6 1.10.4 includes patches for the following security issues:
CVE-2011-3547: InputStream skip() information leak
CVE-2011-3548: mutable static AWTKeyStroke.ctor
CVE-2011-3551: Java2D TransformHelper integer overflow
CVE-2011-3552: excessive default UDP socket limit under SecurityManager
CVE-2011-3553: JAX-WS stack-traces information leak
CVE-2011-3544: missing SecurityManager checks in scripting engine
CVE-2011-3521: IIOP deserialization code execution
CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
CVE-2011-3556: RMI DGC server remote code execution
CVE-2011-3557: RMI registry privileged code execution
CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
icedtea6 1.10.2 security patches (since upgrading from icedtea6 1.10.1):
CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win)
CVE-2011-0865: Vulnerability in deserialization
CVE-2011-0815: Heap overflow vulnerability in FileDialog.show()
CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code
CVE-2011-0867: NetworkInterface.toString can reveal bindings
CVE-2011-0869: Vulnerability in SAAJ
CVE-2011-0870: Vulnerability in SAAJ
CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero
CVE-2011-0871: ImageIcon creates Component with null acc
CVE-2011-0864: JSR rewriting can overflow memory address size variables
(cherry picked from commit 0389c0810effbe38de6d05d68e3ab6bb08a8aaef)
```Alpine 2.3.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/805Vulnerability in gimp <= 2.6.11 May Allow Remote Code Execution2019-07-12T14:29:44ZLeonardo ArenaVulnerability in gimp <= 2.6.11 May Allow Remote Code Executionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896
Affected:
\- All Alpine releases including Edge
Not Affected:
\- NA
Solution:
\- Patch:
http://git.gnome.org/browse/gimp/patch/plug-ins/common/file-gif-load.c?id=376ad788c...http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896
Affected:
\- All Alpine releases including Edge
Not Affected:
\- NA
Solution:
\- Patch:
http://git.gnome.org/browse/gimp/patch/plug-ins/common/file-gif-load.c?id=376ad788c1a1c31d40f18494889c383f6909ebfc
*(from redmine: issue id 805, created on 2011-11-08, closed on 2011-11-14)*
* Changesets:
* Revision 82c89b6953e72f3652e3610ee22f7965e667cacd by Natanael Copa on 2011-11-10T10:04:41Z:
```
main/gimp: security fix (CVE-2011-2896)
ref #805
```
* Revision c9c0645ddaa14afbaf40dc5cae9124b032a32d63 by Natanael Copa on 2011-11-10T10:05:40Z:
```
main/gimp: security fix (CVE-2011-2896)
ref #805
(cherry picked from commit 82c89b6953e72f3652e3610ee22f7965e667cacd)
```
* Revision cf120983c4afc050bba7d2ed16a55204e78cc5a0 by Natanael Copa on 2011-11-10T10:49:37Z:
```
main/gimp: security fix (CVE-2011-2896)
ref #805
```
* Revision b55d8c5bb2959583afa2186c8a6c00805d146ef9 on 2011-11-10T11:01:57Z:
```
main/gimp: security fix (CVE-2011-2896)
fixes #805
(cherry picked from commit cf120983c4afc050bba7d2ed16a55204e78cc5a0)
Conflicts:
main/gimp/APKBUILD
```Alpine 2.3.1Natanael CopaNatanael Copa