aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:22:57Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1959[v2.3] libXrandr <= 1.4.0 CVE-2013-19862019-07-23T14:22:57ZPeter Kotcauer[v2.3] libXrandr <= 1.4.0 CVE-2013-1986*(from redmine: issue id 1959, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 933231c9ba54bd2c00a05cd74406011031315a46 by Natanael Copa on 2013-05-27T16:06:58Z:
```
main/libxrandr...*(from redmine: issue id 1959, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 933231c9ba54bd2c00a05cd74406011031315a46 by Natanael Copa on 2013-05-27T16:06:58Z:
```
main/libxrandr: fix CVE-2013-1986
ref #1931
fixes #1959
(cherry picked from commit 0df792b849962f1e9302b2405f6d846e414e27bc)
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1955[v2.3] libXp <= 1.0.1 CVE-2013-20622019-07-23T14:23:00ZPeter Kotcauer[v2.3] libXp <= 1.0.1 CVE-2013-2062*(from redmine: issue id 1955, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 2010f65d8cec7910f3adaacca95203a06ae98c4a by Natanael Copa on 2013-05-27T16:06:58Z:
```
main/libxp: fi...*(from redmine: issue id 1955, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 2010f65d8cec7910f3adaacca95203a06ae98c4a by Natanael Copa on 2013-05-27T16:06:58Z:
```
main/libxp: fix CVE-2013-2062
ref #1931
fixes #1955
(cherry picked from commit 596f76568714ab83fed8fef00c69f6493e6996e3)
(cherry picked from commit 04fca7445c2068e588b79b32e01639ef1a0de1b6)
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1951[v2.3] libXinerama <= 1.1.2 CVE-2013-19852019-07-23T14:23:04ZPeter Kotcauer[v2.3] libXinerama <= 1.1.2 CVE-2013-1985*(from redmine: issue id 1951, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 98a1bfcf7b3b47dda59ab80e2ac1b665eb179903 by Natanael Copa on 2013-05-27T16:06:57Z:
```
main/libxinera...*(from redmine: issue id 1951, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 98a1bfcf7b3b47dda59ab80e2ac1b665eb179903 by Natanael Copa on 2013-05-27T16:06:57Z:
```
main/libxinerama: upgrade to 1.1.2 and fix CVE-2013-1985
ref #1931
fixes #1951
(cherry picked from commit 3e5921fae9eef23dbc7c56b7905ccbf9de168cea)
(cherry picked from commit 33a1152b1f5f134b0fe6439b0eaec2a46574b561)
Conflicts:
main/libxinerama/APKBUILD
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1947[v2.3] libXi <= 1.7.1 CVE-2013-1984 CVE-2013-1995 CVE-2013-19982019-07-23T14:23:08ZPeter Kotcauer[v2.3] libXi <= 1.7.1 CVE-2013-1984 CVE-2013-1995 CVE-2013-1998*(from redmine: issue id 1947, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision daf9b293c5e40e9edb1b89794e235f3dcbfe9917 by Natanael Copa on 2013-05-27T16:06:57Z:
```
main/libxi: fi...*(from redmine: issue id 1947, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision daf9b293c5e40e9edb1b89794e235f3dcbfe9917 by Natanael Copa on 2013-05-27T16:06:57Z:
```
main/libxi: fix CVE-2013-1984,CVE-2013-1995,CVE-2013-1998
ref #1931
fixes #1947
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1940[v2.3] libXfixes <= 5.0 CVE-2013-19832019-07-23T14:23:14ZPeter Kotcauer[v2.3] libXfixes <= 5.0 CVE-2013-1983*(from redmine: issue id 1940, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 6211fb83065e085a07d01cb7fe64f0ca338c3b00 by Natanael Copa on 2013-05-27T15:59:54Z:
```
main/libxfixes...*(from redmine: issue id 1940, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 6211fb83065e085a07d01cb7fe64f0ca338c3b00 by Natanael Copa on 2013-05-27T15:59:54Z:
```
main/libxfixes: fix for CVE-2013-1983
ref #1931
fixes #1940
(cherry picked from commit adad53cfd12db1c1f98f8beafae12554e5a9a8f1)
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1936[v2.3] libXext <= 1.3.1 CVE-2013-19822019-07-23T14:23:18ZPeter Kotcauer[v2.3] libXext <= 1.3.1 CVE-2013-1982*(from redmine: issue id 1936, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 25d30f9478810a90f9cb37d2e07f8852701d2c27 by Natanael Copa on 2013-05-27T16:06:57Z:
```
main/libxext: ...*(from redmine: issue id 1936, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision 25d30f9478810a90f9cb37d2e07f8852701d2c27 by Natanael Copa on 2013-05-27T16:06:57Z:
```
main/libxext: fix CVE-2013-1982
ref #1931
fixes #1936
(cherry picked from commit adf915bf8b5c4ff1c07648f42cee8ab4d804dede)
(cherry picked from commit 24d0ce7a8c4c75342428d763b97a7f4e69b0a118)
Conflicts:
main/libxext/APKBUILD
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1935[v2.3] libX11 <= 1.5.99.901 (1.6 RC1) CVE-2013-1981 CVE-2013-1997 CVE-2013-20042019-07-23T14:23:19ZPeter Kotcauer[v2.3] libX11 <= 1.5.99.901 (1.6 RC1) CVE-2013-1981 CVE-2013-1997 CVE-2013-2004*(from redmine: issue id 1935, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision bb8271270a6c29531b9708ed6ac6025575c0d180 by Natanael Copa on 2013-05-24T16:59:25Z:
```
main/libx11: s...*(from redmine: issue id 1935, created on 2013-05-23, closed on 2013-05-29)*
* Relations:
* parent #1931
* Changesets:
* Revision bb8271270a6c29531b9708ed6ac6025575c0d180 by Natanael Copa on 2013-05-24T16:59:25Z:
```
main/libx11: security fix (CVE-2013-1981,CVE-2013-1997,CVE-2013-2004)
ref #1931
fixes #1935
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1888[v2.3] Multiple vulnerabilities in mysql < 5.5.31 allows remote code exection2019-07-23T14:24:01ZLeonardo Arena[v2.3] Multiple vulnerabilities in mysql < 5.5.31 allows remote code exectionSeveral issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to a new upstream
version, 5.5.31, which includes additional changes, such as
performance
improvements and corre...Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to a new upstream
version, 5.5.31, which includes additional changes, such as
performance
improvements and corrections for data loss defects.
CVE ID : CVE-2013-1502 CVE-2013-1511 CVE-2013-1532 CVE-2013-1544
CVE-2013-2375 CVE-2013-2376 CVE-2013-2389 CVE-2013-2391
CVE-2013-2392
*(from redmine: issue id 1888, created on 2013-05-16, closed on 2013-05-20)*
* Changesets:
* Revision cd012b8a5260e3c1b667747299719928d4951591 by Natanael Copa on 2013-05-16T14:14:37Z:
```
main/mysql: security upgrade to 5.5.31 (CVE-2013-1502...)
fixes #1888
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1873[v2.3] linux-vserver: perf_swevent_enabled array out-of-bound access (CVE-201...2019-07-23T14:24:10ZNatanael Copa[v2.3] linux-vserver: perf_swevent_enabled array out-of-bound access (CVE-2013-2094)*(from redmine: issue id 1873, created on 2013-05-16, closed on 2013-05-16)*
* Relations:
* parent #1859
* Changesets:
* Revision c7e76b9df52243240364dcfbe0feb100cf30a764 by Natanael Copa on 2013-05-16T11:11:48Z:
```
main/linux-vse...*(from redmine: issue id 1873, created on 2013-05-16, closed on 2013-05-16)*
* Relations:
* parent #1859
* Changesets:
* Revision c7e76b9df52243240364dcfbe0feb100cf30a764 by Natanael Copa on 2013-05-16T11:11:48Z:
```
main/linux-vserver: security fix (CVE-2013-2094)
fixes #1873
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1862[v2.3] CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access2019-07-23T14:24:19ZNatanael Copa[v2.3] CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access*(from redmine: issue id 1862, created on 2013-05-15, closed on 2013-05-16)*
* Relations:
* parent #1859
* Changesets:
* Revision b11f5fc72df8cab1c3213ef01e1ee771e627b5a7 by Natanael Copa on 2013-05-15T12:31:03Z:
```
main/linux-grs...*(from redmine: issue id 1862, created on 2013-05-15, closed on 2013-05-16)*
* Relations:
* parent #1859
* Changesets:
* Revision b11f5fc72df8cab1c3213ef01e1ee771e627b5a7 by Natanael Copa on 2013-05-15T12:31:03Z:
```
main/linux-grsec: security fix for CVE-2013-2094
fixes #1862
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1828[v2.3] Multiple vulnerabilities in util-linux allows information disclosure2019-07-23T14:24:30ZLeonardo Arena[v2.3] Multiple vulnerabilities in util-linux allows information disclosurehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0157
https://bugzilla.redhat.com/show\_bug.cgi?id=892330
This was originally reported by Jann Horn (jannhorn@googlemail.com):
mount discloses information about folders not access...http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0157
https://bugzilla.redhat.com/show\_bug.cgi?id=892330
This was originally reported by Jann Horn (jannhorn@googlemail.com):
mount discloses information about folders not accessible for a user:
$ ls -ld /root/.ssh
ls: cannot access /root/.ssh: Permission denied
$ ls -ld /root/.foo
ls: cannot access /root/.foo: Permission denied
First variant:
$ mount —guess-fstype /root/.ssh/../../dev/sda1
ext4
$ mount —guess-fstype /root/.foo/../../dev/sda1
unknown
Second one:
$ mount /root/.ssh/../../dev/cdrom
mount: no medium found on /dev/sr0
$ mount /root/.foo/../../dev/cdrom
mount: can’t find /root/.foo/../../dev/cdrom in /etc/fstab or /etc/mtab
The following upstream commits address this issue:
(For both util-linux as well as util-linux-ng)
1. Adds canonicalize\_path\_restricted() to canonicalize without suid
permisssions
http://git.kernel.org/?p=utils/util-linux/util-linux.git;a=commit;h=33c5fd0c5a774458470c86f9d318d8c48a9c9ccb
2. sanitize path for non-root users (mount):
http://git.kernel.org/?p=utils/util-linux/util-linux.git;a=commit;h=5ebbc3865d1e53ef42e5f121c41faab23dd59075
3. sanitize path for non-root users (umount):
http://git.kernel.org/?p=utils/util-linux/util-linux.git;a=commit;h=cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f
4. drop the —guess-fstype option:
http://git.kernel.org/?p=utils/util-linux/util-linux.git;a=commit;h=0377ef91270d06592a0d4dd009c29e7b1ff9c9b8
*(from redmine: issue id 1828, created on 2013-04-30, closed on 2013-11-11)*
* Relations:
* parent #1825Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1824[v2.3] Multiple vulnerabilities in mod_dav_svn < 1.7.9 allows remote denial o...2019-07-23T14:24:34ZLeonardo Arena[v2.3] Multiple vulnerabilities in mod_dav_svn < 1.7.9 allows remote denial of serviceSubversion's mod\_dav\_svn Apache HTTPD server module will use
excessive
amounts of memory when a large number of properties are set or deleted
on a node. This can lead to a DoS. There are no known instances of
this problem being o...Subversion's mod\_dav\_svn Apache HTTPD server module will use
excessive
amounts of memory when a large number of properties are set or deleted
on a node. This can lead to a DoS. There are no known instances of
this problem being observed in the wild (CVE-2013-1845).
Subversion's mod\_dav\_svn Apache HTTPD server module will crash when
a LOCK request is made against activity URLs. This can lead to a
DoS. There are no known instances of this problem being observed in
the wild (CVE-2013-1846).
Subversion's mod\_dav\_svn Apache HTTPD server module will crash in
some circumstances when a LOCK request is made against a non-existent
URL. This can lead to a DoS. There are no known instances of this
problem being observed in the wild (CVE-2013-1847).
Subversion's mod\_dav\_svn Apache HTTPD server module will crash when
a PROPFIND request is made against activity URLs. This can lead to a
DoS. There are no known instances of this problem being observed in
the wild, but the details of how to exploit it have been disclosed
on the full disclosure mailing list (CVE-2013-1849).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
http://subversion.apache.org/security/CVE-2013-1849-advisory.txt
*(from redmine: issue id 1824, created on 2013-04-30, closed on 2013-05-13)*
* Changesets:
* Revision 622b89d286a08fc3b9762b7929fee388faef12a2 by Natanael Copa on 2013-05-03T13:53:55Z:
```
main/subversion: security upgrade to 1.7.9 (CVE-2013-1845,CVE-2013-1846,CVE-2013-1847,CVE-2013-1849)
fixes #1824
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1818[v2.3] Vulnerability in tinc < 1.0.21 allows remote code execution2019-07-23T14:24:40ZLeonardo Arena[v2.3] Vulnerability in tinc < 1.0.21 allows remote code executionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428
http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html
Because of a security vulnerability in tinc that was recently
discovered, we
hereby release tinc versions 1.0....http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428
http://www.tinc-vpn.org/pipermail/tinc/2013-April/003240.html
Because of a security vulnerability in tinc that was recently
discovered, we
hereby release tinc versions 1.0.21 and 1.1pre7. Here is a summary of
the
changes in tinc 1.0.21:
\* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Here is a summary of the changes in tinc 1.1pre7:
\* Fixed large latencies on Windows.
\* Renamed the tincctl tool to tinc.
\* Simplified changing the configuration using the tinc tool.
\* Added a full description of the ExperimentalProtocol to the manual.
\* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
Thanks to Martin Schobert for auditing tinc and reporting the
vulnerability.
He discovered a potential stack overflow that can be triggered by an
authenticated peer. This can be used to cause a tinc daemon to crash, or
in the
worst case, it might be possible to execute code on another node as the
user
running tincd. This bug has been present in all versions of tinc. All
users of
tinc should upgrade to 1.0.21 or 1.1pre7 as soon as possible.
*(from redmine: issue id 1818, created on 2013-04-24, closed on 2013-05-03)*
* Relations:
* parent #1815
* Changesets:
* Revision 521799bfd7b00cb81dc138322fab44cca0743e3a by Natanael Copa on 2013-04-25T10:55:47Z:
```
main/tinc: security upgrade to 1.0.21 (CVE-2013-1428)
fixes #1818
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1813[v2.3] Vulnerability in curl < 7.30.0 allows session hijack2019-07-23T14:24:45ZLeonardo Arena[v2.3] Vulnerability in curl < 7.30.0 allows session hijackhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
http://curl.haxx.se/docs/adv\_20130412.html
1. VULNERABILITY
libcurl is vulnerable to a cookie leak vulnerability when doing
requests
across domains with matching tails.
...http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
http://curl.haxx.se/docs/adv\_20130412.html
1. VULNERABILITY
libcurl is vulnerable to a cookie leak vulnerability when doing
requests
across domains with matching tails.
When communicating over HTTP (S) and having libcurl’s cookie engine
enabled,
libcurl will store and hold cookies for use when subsequent requests
are
done to hosts and paths that match those kept cookies. Due to a bug in
the
tailmatching function, libcurl could wrongly send cookies meant for
the
domain ‘ample.com’ when communicating with ‘example.com’.
This vulnerability can be used to hijack sessions in targetted attacks
since
registering domains using a known domain’s name as an ending is trivial.
Both curl the command line tool and applications using the libcurl
library
are vulnerable.
There are no known exploits available at this time.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name
CVE-2013-1944 to this issue.
2. AFFECTED VERSIONS
Affected versions: all versions to and including 7.29.0
Not affected versions: curl >= 7.30.0
libcurl is used by many applications, but not always advertised as such!
3. THE SOLUTION
libcurl 7.30.0 implements the function properly and will not send
cookies to
sites just because the host names use the same tail.
4. RECOMMENDATIONS
We suggest you take one of the following actions immediately, in order
of
preference:
A - Upgrade to curl and libcurl 7.30.0
B - Apply this patch and rebuild libcurl
http://curl.haxx.se/curl-tailmatch.patch
C - Disable use of cookies or HTTP entirely in your application
5. TIME LINE
Vulnerability found and patched by YAMADA Yasuharu.
It was reported (publicly) to the curl project on April 9th 2013.
curl 7.30.0 was released on April 12th 2013, coordinated with the
publication of this advisory.
6. CREDITS
Reported and fixed by YAMADA Yasuharu. Thanks a lot!
*(from redmine: issue id 1813, created on 2013-04-24, closed on 2013-04-24)*
* Relations:
* duplicates #1780Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1809[2.3] Vulnerability in libarchive allow remote code execution2019-07-23T14:24:49ZLeonardo Arena[2.3] Vulnerability in libarchive allow remote code executionA vulnerability has been found and corrected in libarchive:
Fabian Yamaguchi reported a read buffer overflow flaw in
libarchive on 64-bit systems where sizeof(size\_t) is equal
to 8. In the archive\_write\_zip\_data() function in li...A vulnerability has been found and corrected in libarchive:
Fabian Yamaguchi reported a read buffer overflow flaw in
libarchive on 64-bit systems where sizeof(size\_t) is equal
to 8. In the archive\_write\_zip\_data() function in libarchive/
archive\_write\_set\_format\_zip.c, the "s" parameter is of type
size\_t
(64 bit, unsigned) and is cast to a 64 bit signed integer. If "s"
is
larger than MAX\_INT, it will not be set to
"zip->remaining\_data\_bytes"
even though it is larger than "zip->remaining\_data\_bytes",
which
leads to a buffer overflow when calling deflate(). This can lead to a
segfault in an application that uses libarchive to create ZIP archives
(CVE-2013-0211).
https://bugzilla.redhat.com/show\_bug.cgi?id=902998
https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4.patch
*(from redmine: issue id 1809, created on 2013-04-23, closed on 2013-04-25)*
* Relations:
* parent #1806
* Changesets:
* Revision 00162863df7b8b7a3299cb8def2840baeea7d262 by Natanael Copa on 2013-04-24T15:41:08Z:
```
main/libarchive: security fix (CVE-2013-0211)
fixes #1809
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1796[v2.3] Vulnerability in xorg-server allows local information disclosure2019-07-23T14:25:02ZLeonardo Arena[v2.3] Vulnerability in xorg-server allows local information disclosurehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1940
David Airlie and Peter Hutterer of Red Hat discovered that
xorg-server,
the Xorg X server was vulnerable to an information disclosure flaw
related to input handling and dev...http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1940
David Airlie and Peter Hutterer of Red Hat discovered that
xorg-server,
the Xorg X server was vulnerable to an information disclosure flaw
related to input handling and devices hotplug.
When an X server is running but not on front (for example because of a
VT
switch), a newly plugged input device would still be recognized and
handled by the X server, which would actually transmit input events to
its clients on the background.
This could allow an attacker to recover some input events not intended
for the X clients, including sensitive information.
Patch:
http://cgit.freedesktop.org/xorg/xserver/patch/?id=6ca03b9161d33b1d2b55a3a1a913cf88deb2343f
*(from redmine: issue id 1796, created on 2013-04-19, closed on 2013-05-03)*
* Relations:
* parent #1793
* Changesets:
* Revision fabe21949c545ebcd527118b2672d331a424b792 by Natanael Copa on 2013-04-25T14:11:02Z:
```
main/xorg-server: security fix (CVE-2013-1940)
fixes #1796
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1785[v2.3] Vulnerability in poppler < 0.22.1 allows remote denial of service2019-07-23T14:25:11ZLeonardo Arena[v2.3] Vulnerability in poppler < 0.22.1 allows remote denial of servicehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788
poppler before 0.22.1 allows context-dependent attackers to cause a
denial of service (crash) and possibly execute arbitrary code via
vectors that trigger an “invalid memory ac...http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788
poppler before 0.22.1 allows context-dependent attackers to cause a
denial of service (crash) and possibly execute arbitrary code via
vectors that trigger an “invalid memory access” in (1) splash/Splash.cc,
(2) poppler/Function.cc, and (3) poppler/Stream.cc.
\- Fix invalid memory access in 1150.pdf.asan.8.69 \[1\].
\- Fix invalid memory access in 2030.pdf.asan.69.463 \[2\].
\- Fix another invalid memory access in 1091.pdf.asan.72.42 \[3\].
\- Fix invalid memory accesses in 1091.pdf.asan.72.42 \[4\].
- Fix invalid memory accesses in 1036.pdf.asan.23.17 \[5\].
\[1\]
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=8b6dc55e530b2f5ede6b9dfb64aafdd1d5836492
\[2\]
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=e14b6e9c13d35c9bd1e0c50906ace8e707816888
\[3\]
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=0388837f01bc467045164f9ddaff787000a8caaa
\[4\]
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696
\[5\]
http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959
*(from redmine: issue id 1785, created on 2013-04-17, closed on 2013-05-03)*
* Changesets:
* Revision f0d180a0a32dc75f918cee757f7ae1b0a78ec5c2 by Natanael Copa on 2013-04-17T11:19:40Z:
```
main/poppler: security fix (CVE-2013-1788,CVE-2013-1790)
fixes #1785
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1780[v2.3] curl < 7.30.0 cookie leak vulnerability (CVE-2013-1944)2019-07-23T14:25:17ZNatanael Copa[v2.3] curl < 7.30.0 cookie leak vulnerability (CVE-2013-1944)apply http://curl.haxx.se/curl-tailmatch.patch
*(from redmine: issue id 1780, created on 2013-04-12, closed on 2013-04-17)*
* Relations:
* duplicates #1813
* parent #1776
* Changesets:
* Revision e732f7b6f180b5ecd0819d576d8603bb...apply http://curl.haxx.se/curl-tailmatch.patch
*(from redmine: issue id 1780, created on 2013-04-12, closed on 2013-04-17)*
* Relations:
* duplicates #1813
* parent #1776
* Changesets:
* Revision e732f7b6f180b5ecd0819d576d8603bb5bb10dd3 by Natanael Copa on 2013-04-12T15:19:24Z:
```
main/curl: security fix (CVE-2013-1944)
fixes #1780
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1770[v2.3] Multiple vulnerabilities in clamav < 0.97.72019-07-23T14:25:25ZLeonardo Arena[v2.3] Multiple vulnerabilities in clamav < 0.97.7http://www.clamav.net/lang/en/
“ClamAV 0.97.7 addresses several reported potential security bugs.
Thanks to
Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google
Security
Team for finding and reporting these issues.”
...http://www.clamav.net/lang/en/
“ClamAV 0.97.7 addresses several reported potential security bugs.
Thanks to
Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google
Security
Team for finding and reporting these issues.”
*(from redmine: issue id 1770, created on 2013-04-05, closed on 2013-05-03)*
* Relations:
* parent #1768
* Changesets:
* Revision dba5b77045e14bad8a473fbadb77e72c1a8798a6 by Natanael Copa on 2013-04-25T15:39:29Z:
```
main/clamav: security upgrade to 0.97.8 (fixes #1770)
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1763Vulnerability in automake < 1.11.6 allows local privilege escalation2019-07-23T14:25:31ZLeonardo ArenaVulnerability in automake < 1.11.6 allows local privilege escalationhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
The “make distcheck” rule in GNU Automake before 1.11.6 and 1.12.x
before 1.12.2 grants world-writable permissions to the extraction
directory, which introduces a race conditio...http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
The “make distcheck” rule in GNU Automake before 1.11.6 and 1.12.x
before 1.12.2 grants world-writable permissions to the extraction
directory, which introduces a race condition that allows local users to
execute arbitrary code via unspecified vectors.
*(from redmine: issue id 1763, created on 2013-04-05, closed on 2013-04-17)*
* Relations:
* parent #1762
* Changesets:
* Revision 34b273c51b4fce732e99c67ea3f9100ae6fbddbe by Natanael Copa on 2013-04-12T14:49:40Z:
```
main/automake: security fix (CVE-2012-3386)
fixes #1763
```Alpine 2.3.7