aports issues
https://gitlab.alpinelinux.org/alpine/aports/-/issues
2022-01-16T15:20:19Z
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13437
CVE data in SecDB (existing vulns, but missing CVE IDs)
2022-01-16T15:20:19Z
hadasbloom
CVE data in SecDB (existing vulns, but missing CVE IDs)
[Not Urgent]
We noticed that there are a few vulnerabilities in various branches that have only an external ID, but a CVE can be potentially added to them. Posting here in case you want to add the CVEs to the data :slight_smile:
| alp...
[Not Urgent]
We noticed that there are a few vulnerabilities in various branches that have only an external ID, but a CVE can be potentially added to them. Posting here in case you want to add the CVEs to the data :slight_smile:
| alpine_release | package_name | external_id | CVE_to_add |
|----------------|--------------|---------------------|----------------|
| 3.10 | squid | GHSA-572g-rvwr-6c7f | CVE-2021-33620 |
| 3.10 | xen | XSA-235 | CVE-2017-15596 |
| 3.10 | xen | XSA-238 | CVE-2017-15591 |
| 3.10 | xen | XSA-245 | CVE-2017-17046 |
| 3.10 | xen | XSA-246 | CVE-2017-17044 |
| 3.10 | xen | XSA-247 | CVE-2017-17045 |
| 3.10 | xen | XSA-248 | CVE-2017-17566 |
| 3.10 | xen | XSA-249 | CVE-2017-17563 |
| 3.10 | xen | XSA-250 | CVE-2017-17564 |
| 3.10 | xen | XSA-251 | CVE-2017-17565 |
| 3.10 | xen | XSA-253 | CVE-2018-5244 |
| 3.10 | xen | XSA-254 | CVE-2017-5753 |
| 3.10 | xen | XSA-254 | CVE-2017-5715 |
| 3.10 | xen | XSA-254 | CVE-2017-5754 |
| 3.11 | squid | GHSA-572g-rvwr-6c7f | CVE-2021-33620 |
| 3.11 | xen | XSA-235 | CVE-2017-15596 |
| 3.11 | xen | XSA-238 | CVE-2017-15591 |
| 3.11 | xen | XSA-245 | CVE-2017-17046 |
| 3.11 | xen | XSA-246 | CVE-2017-17044 |
| 3.11 | xen | XSA-247 | CVE-2017-17045 |
| 3.11 | xen | XSA-248 | CVE-2017-17566 |
| 3.11 | xen | XSA-249 | CVE-2017-17563 |
| 3.11 | xen | XSA-250 | CVE-2017-17564 |
| 3.11 | xen | XSA-251 | CVE-2017-17565 |
| 3.11 | xen | XSA-253 | CVE-2018-5244 |
| 3.11 | xen | XSA-254 | CVE-2017-5754 |
| 3.11 | xen | XSA-254 | CVE-2017-5715 |
| 3.11 | xen | XSA-254 | CVE-2017-5753 |
| 3.12 | librsvg | RUSTSEC-2020-0146 | CVE-2020-36465 |
| 3.12 | librsvg | RUSTSEC-2021-0030 | CVE-2021-28031 |
| 3.12 | librsvg | RUSTSEC-2020-0059 | CVE-2020-35905 |
| 3.12 | librsvg | RUSTSEC-2020-0060 | CVE-2020-35906 |
| 3.12 | squid | GHSA-572g-rvwr-6c7f | CVE-2021-33620 |
| 3.12 | xen | XSA-235 | CVE-2017-15596 |
| 3.12 | xen | XSA-238 | CVE-2017-15591 |
| 3.12 | xen | XSA-245 | CVE-2017-17046 |
| 3.12 | xen | XSA-246 | CVE-2017-17044 |
| 3.12 | xen | XSA-247 | CVE-2017-17045 |
| 3.12 | xen | XSA-248 | CVE-2017-17566 |
| 3.12 | xen | XSA-249 | CVE-2017-17563 |
| 3.12 | xen | XSA-250 | CVE-2017-17564 |
| 3.12 | xen | XSA-251 | CVE-2017-17565 |
| 3.12 | xen | XSA-253 | CVE-2018-5244 |
| 3.12 | xen | XSA-254 | CVE-2017-5715 |
| 3.12 | xen | XSA-254 | CVE-2017-5754 |
| 3.12 | xen | XSA-254 | CVE-2017-5753 |
| 3.13 | glib | GHSL-2021-045 | CVE-2021-27219 |
| 3.13 | librsvg | RUSTSEC-2020-0146 | CVE-2020-36465 |
| 3.13 | py3-bleach | GHSA-vv2x-vrpj-qqpq | CVE-2021-23980 |
| 3.13 | squid | GHSA-572g-rvwr-6c7f | CVE-2021-33620 |
| 3.13 | xen | XSA-235 | CVE-2017-15596 |
| 3.13 | xen | XSA-238 | CVE-2017-15591 |
| 3.13 | xen | XSA-245 | CVE-2017-17046 |
| 3.13 | xen | XSA-246 | CVE-2017-17044 |
| 3.13 | xen | XSA-247 | CVE-2017-17045 |
| 3.13 | xen | XSA-248 | CVE-2017-17566 |
| 3.13 | xen | XSA-249 | CVE-2017-17563 |
| 3.13 | xen | XSA-250 | CVE-2017-17564 |
| 3.13 | xen | XSA-251 | CVE-2017-17565 |
| 3.13 | xen | XSA-253 | CVE-2018-5244 |
| 3.13 | xen | XSA-254 | CVE-2017-5754 |
| 3.13 | xen | XSA-254 | CVE-2017-5753 |
| 3.13 | xen | XSA-254 | CVE-2017-5715 |
| 3.14 | librsvg | RUSTSEC-2020-0146 | CVE-2020-36465 |
| 3.14 | py3-bleach | GHSA-vv2x-vrpj-qqpq | CVE-2021-23980 |
| 3.14 | squid | GHSA-572g-rvwr-6c7f | CVE-2021-33620 |
| 3.14 | xen | XSA-235 | CVE-2017-15596 |
| 3.14 | xen | XSA-238 | CVE-2017-15591 |
| 3.14 | xen | XSA-245 | CVE-2017-17046 |
| 3.14 | xen | XSA-246 | CVE-2017-17044 |
| 3.14 | xen | XSA-247 | CVE-2017-17045 |
| 3.14 | xen | XSA-248 | CVE-2017-17566 |
| 3.14 | xen | XSA-249 | CVE-2017-17563 |
| 3.14 | xen | XSA-250 | CVE-2017-17564 |
| 3.14 | xen | XSA-251 | CVE-2017-17565 |
| 3.14 | xen | XSA-253 | CVE-2018-5244 |
| 3.14 | xen | XSA-254 | CVE-2017-5715 |
| 3.14 | xen | XSA-254 | CVE-2017-5753 |
| 3.14 | xen | XSA-254 | CVE-2017-5754 |
| 3.15 | librsvg | RUSTSEC-2020-0146 | CVE-2020-36465 |
| 3.15 | xen | XSA-235 | CVE-2017-15596 |
| 3.15 | xen | XSA-238 | CVE-2017-15591 |
| 3.15 | xen | XSA-245 | CVE-2017-17046 |
| 3.15 | xen | XSA-246 | CVE-2017-17044 |
| 3.15 | xen | XSA-247 | CVE-2017-17045 |
| 3.15 | xen | XSA-248 | CVE-2017-17566 |
| 3.15 | xen | XSA-249 | CVE-2017-17563 |
| 3.15 | xen | XSA-250 | CVE-2017-17564 |
| 3.15 | xen | XSA-251 | CVE-2017-17565 |
| 3.15 | xen | XSA-254 | CVE-2017-5715 |
| 3.15 | xen | XSA-254 | CVE-2017-5753 |
| 3.15 | xen | XSA-254 | CVE-2017-5754 |
| 3.4 | xen | XSA-238 | CVE-2017-15591 |
| 3.4 | zabbix | ZBX-11023 | CVE-2016-10134 |
| 3.5 | wireshark | wnpa-sec-2017-18 | CVE-2017-7747 |
| 3.5 | wireshark | wnpa-sec-2017-19 | CVE-2017-7746 |
| 3.5 | wireshark | wnpa-sec-2017-20 | CVE-2017-7745 |
| 3.5 | wireshark | wnpa-sec-2017-21 | CVE-2017-7748 |
| 3.7 | xen | XSA-235 | CVE-2017-15596 |
| 3.7 | xen | XSA-238 | CVE-2017-15591 |
| 3.7 | xen | XSA-245 | CVE-2017-17046 |
| 3.7 | xen | XSA-246 | CVE-2017-17044 |
| 3.7 | xen | XSA-247 | CVE-2017-17045 |
| 3.7 | xen | XSA-248 | CVE-2017-17566 |
| 3.7 | xen | XSA-249 | CVE-2017-17563 |
| 3.7 | xen | XSA-250 | CVE-2017-17564 |
| 3.7 | xen | XSA-251 | CVE-2017-17565 |
| 3.8 | xen | XSA-235 | CVE-2017-15596 |
| 3.8 | xen | XSA-238 | CVE-2017-15591 |
| 3.8 | xen | XSA-245 | CVE-2017-17046 |
| 3.8 | xen | XSA-246 | CVE-2017-17044 |
| 3.8 | xen | XSA-247 | CVE-2017-17045 |
| 3.8 | xen | XSA-248 | CVE-2017-17566 |
| 3.8 | xen | XSA-249 | CVE-2017-17563 |
| 3.8 | xen | XSA-250 | CVE-2017-17564 |
| 3.8 | xen | XSA-251 | CVE-2017-17565 |
| 3.8 | xen | XSA-253 | CVE-2018-5244 |
| 3.8 | xen | XSA-254 | CVE-2017-5753 |
| 3.8 | xen | XSA-254 | CVE-2017-5754 |
| 3.8 | xen | XSA-254 | CVE-2017-5715 |
| 3.8 | xen | XSA-284 | CVE-2019-17340 |
| 3.8 | xen | XSA-285 | CVE-2019-17341 |
| 3.8 | xen | XSA-286 | CVE-2020-27674 |
| 3.8 | xen | XSA-287 | CVE-2017-17342 |
| 3.8 | xen | XSA-288 | CVE-2019-17343 |
| 3.8 | xen | XSA-290 | CVE-2017-17344 |
| 3.8 | xen | XSA-291 | CVE-2019-17345 |
| 3.8 | xen | XSA-292 | CVE-2019-17346 |
| 3.8 | xen | XSA-293 | CVE-2019-17347 |
| 3.8 | xen | XSA-294 | CVE-2019-17348 |
| 3.8 | xen | XSA-295 | CVE-2019-17349 |
| 3.8 | xen | XSA-295 | CVE-2019-17350 |
| 3.8 | xen | XSA-296 | CVE-2019-18420 |
| 3.9 | xen | XSA-235 | CVE-2017-15596 |
| 3.9 | xen | XSA-238 | CVE-2017-15591 |
| 3.9 | xen | XSA-245 | CVE-2017-17046 |
| 3.9 | xen | XSA-246 | CVE-2017-17044 |
| 3.9 | xen | XSA-247 | CVE-2017-17045 |
| 3.9 | xen | XSA-248 | CVE-2017-17566 |
| 3.9 | xen | XSA-249 | CVE-2017-17563 |
| 3.9 | xen | XSA-250 | CVE-2017-17564 |
| 3.9 | xen | XSA-251 | CVE-2017-17565 |
| 3.9 | xen | XSA-253 | CVE-2018-5244 |
| 3.9 | xen | XSA-254 | CVE-2017-5754 |
| 3.9 | xen | XSA-254 | CVE-2017-5715 |
| 3.9 | xen | XSA-254 | CVE-2017-5753 |
Ariadne Conill
ariadne@ariadne.space
Ariadne Conill
ariadne@ariadne.space
https://gitlab.alpinelinux.org/alpine/aports/-/issues/8222
[3.4] xen: Multiple vulnerabilities (CVE-2017-17044, CVE-2017-17045)
2019-07-23T11:39:33Z
Alicha CH
[3.4] xen: Multiple vulnerabilities (CVE-2017-17044, CVE-2017-17045)
**CVE-2017-17044, XSA-246**: x86: infinite loop due to missing PoD error
checking
Xen versions from 3.4.x onwards are affected.
### References:
http://xenbits.xen.org/xsa/advisory-246.html
http://openwall.com/lists/oss-security/2017...
**CVE-2017-17044, XSA-246**: x86: infinite loop due to missing PoD error
checking
Xen versions from 3.4.x onwards are affected.
### References:
http://xenbits.xen.org/xsa/advisory-246.html
http://openwall.com/lists/oss-security/2017/11/30/6
**CVE-2017-17045, XSA-247**: Missing p2m error checking in PoD code
All systems from Xen 3.4 are vulnerable.
### References:
http://xenbits.xen.org/xsa/advisory-247.html
http://openwall.com/lists/oss-security/2017/11/30/7
*(from redmine: issue id 8222, created on 2017-12-01, closed on 2018-01-02)*
* Relations:
* parent #8219
* Changesets:
* Revision 281e53a30c8aa84e268d44b195124c69e4655a3d on 2018-01-01T08:51:41Z:
```
main/xen: security fixes
CVE-2017-17044, CVE-2017-17045
Fixes #8222
```
3.4.7
Ariadne Conill
ariadne@ariadne.space
Ariadne Conill
ariadne@ariadne.space
https://gitlab.alpinelinux.org/alpine/aports/-/issues/8221
[3.5] xen: Multiple vulnerabilities (CVE-2017-17044, CVE-2017-17045)
2019-07-23T11:39:34Z
Alicha CH
[3.5] xen: Multiple vulnerabilities (CVE-2017-17044, CVE-2017-17045)
**CVE-2017-17044, XSA-246**: x86: infinite loop due to missing PoD error
checking
Xen versions from 3.4.x onwards are affected.
### References:
http://xenbits.xen.org/xsa/advisory-246.html
http://openwall.com/lists/oss-security/2017...
**CVE-2017-17044, XSA-246**: x86: infinite loop due to missing PoD error
checking
Xen versions from 3.4.x onwards are affected.
### References:
http://xenbits.xen.org/xsa/advisory-246.html
http://openwall.com/lists/oss-security/2017/11/30/6
**CVE-2017-17045, XSA-247**: Missing p2m error checking in PoD code
All systems from Xen 3.4 are vulnerable.
### References:
http://xenbits.xen.org/xsa/advisory-247.html
http://openwall.com/lists/oss-security/2017/11/30/7
*(from redmine: issue id 8221, created on 2017-12-01, closed on 2018-01-02)*
* Relations:
* parent #8219
* Changesets:
* Revision 9e642dbbba00fb0048b96bf18001863bafa7ae86 on 2018-01-01T08:16:29Z:
```
main/xen: security fixes
CVE-2017-17044, CVE-2017-17045
Fixes #8221
```
3.5.3
Ariadne Conill
ariadne@ariadne.space
Ariadne Conill
ariadne@ariadne.space
https://gitlab.alpinelinux.org/alpine/aports/-/issues/8220
[3.6] xen: Multiple vulnerabilities (CVE-2017-17044, CVE-2017-17045)
2019-07-23T11:39:35Z
Alicha CH
[3.6] xen: Multiple vulnerabilities (CVE-2017-17044, CVE-2017-17045)
**CVE-2017-17044, XSA-246**: x86: infinite loop due to missing PoD error
checking
Xen versions from 3.4.x onwards are affected.
### References:
http://xenbits.xen.org/xsa/advisory-246.html
http://openwall.com/lists/oss-security/2017...
**CVE-2017-17044, XSA-246**: x86: infinite loop due to missing PoD error
checking
Xen versions from 3.4.x onwards are affected.
### References:
http://xenbits.xen.org/xsa/advisory-246.html
http://openwall.com/lists/oss-security/2017/11/30/6
**CVE-2017-17045, XSA-247**: Missing p2m error checking in PoD code
All systems from Xen 3.4 are vulnerable.
### References:
http://xenbits.xen.org/xsa/advisory-247.html
http://openwall.com/lists/oss-security/2017/11/30/7
*(from redmine: issue id 8220, created on 2017-12-01, closed on 2018-01-02)*
* Relations:
* parent #8219
* Changesets:
* Revision de42cedd7793fc30ecdbaf536a34d14f17503137 on 2017-12-29T12:55:17Z:
```
main/xen: security fixes (CVE-2017-17044, CVE-2017-17045)
Fixes #8220
```
3.6.3
Ariadne Conill
ariadne@ariadne.space
Ariadne Conill
ariadne@ariadne.space
https://gitlab.alpinelinux.org/alpine/aports/-/issues/8219
xen: Multiple vulnerabilities (CVE-2017-17044, CVE-2017-17045)
2019-07-23T11:39:36Z
Alicha CH
xen: Multiple vulnerabilities (CVE-2017-17044, CVE-2017-17045)
**CVE-2017-17044, XSA-246**: x86: infinite loop due to missing PoD error
checking
Xen versions from 3.4.x onwards are affected.
### References:
http://xenbits.xen.org/xsa/advisory-246.html
http://openwall.com/lists/oss-security/2017...
**CVE-2017-17044, XSA-246**: x86: infinite loop due to missing PoD error
checking
Xen versions from 3.4.x onwards are affected.
### References:
http://xenbits.xen.org/xsa/advisory-246.html
http://openwall.com/lists/oss-security/2017/11/30/6
**CVE-2017-17045, XSA-247**: Missing p2m error checking in PoD code
All systems from Xen 3.4 are vulnerable.
### References:
http://xenbits.xen.org/xsa/advisory-247.html
http://openwall.com/lists/oss-security/2017/11/30/7
*(from redmine: issue id 8219, created on 2017-12-01, closed on 2018-01-02)*
* Relations:
* child #8220
* child #8221
* child #8222
Ariadne Conill
ariadne@ariadne.space
Ariadne Conill
ariadne@ariadne.space