Closed
Milestone
expired on Dec 11, 2017
3.7.1
Bugfix release 3.7.1
(from redmine: created on 2017-11-30)
Unstarted Issues (open and unassigned)
0
Ongoing Issues (open and assigned)
0
Completed Issues (closed)
127
- [3.7] bind: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named (CVE-2018-5740)
- [3.7] unzip: Heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035)
- [3.7] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c. (CVE-2018-10754)
- [3.7] python2: Multiple vulnerabilities (CVE-2018-1060, CVE-2018-1061)
- [3.7] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)
- [3.7] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)
- [3.7] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139)
- [3.7] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)
- [3.7] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)
- [3.7] myrepos: missing URL sanitization (CVE-2018-7032)
- [3.7] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)
- [3.7] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)
- [3.7] clamav: Multiple vulnerabilities (CVE-2018-0360, CVE-2018-0361)
- [3.7] tiff: Multiple vulnerabilities (CVE-2017-9935, CVE-2017-11613, CVE-2018-10963)
- [3.7] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)
- [3.7] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)
- [3.7] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)
- [3.7] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)
- Package name error in alpine-secdb
- [3.7] prosody: insufficient stream header validation (CVE-2018-10847)
- [3.7] firefox-esr: Heap buffer overflow rasterizing paths in SVG with Skia (CVE-2018-6126)
- [3.7] redis: Multiples vulnerabilities (CVE-2018-11218, CVE-2018-11219)
- [3.7] openssl: Client DoS due to large DH parameter (CVE-2018-0732)
- [3.7] libgcrypt: Key Extraction Side Channel (CVE-2018-0495)
- [3.7] gnupg: filename sanitization problem (CVE-2018-12020)
- [3.7] freetype: NULL pointer dereference in the Ins_GETVARIATION() function (CVE-2018-6942)
- [3.7] perl: Directory traversal in Archive::Tar (CVE-2018-12015)
- [3.7] xfsprogs: Security: wrong owner / group on XFS binaries
- [3.7] strongswan: integer underflow leads to buffer overflow and denial of service in stroke_socket.c (CVE-2018-5388)
- [3.7] git: Multiple vulnerabilities (CVE-2018-11233, CVE-2018-11235)
- [3.7] sdl2_image: Multiple vulnerabilities (CVE-2017-12122, CVE-2017-14440, CVE-2017-14441, CVE-2017-14442, CVE-2017-14448, CVE-2017-14450, CVE-2018-3837, CVE-2018-3838, CVE-2018-3839)
- [3.7] wireshark:: Multiple vulnerabilities (CVE-2018-11356, CVE-2018-11357, CVE-2018-11358, CVE-2018-11359, CVE-2018-11360, CVE-2018-11362)
- [3.7] quassel: Multiple vulnerabilities (CVE-2018-1000178, CVE-2018-1000179)
- [3.7] wavpack: Multiple vulnerabilities (CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540)
- [3.7] curl: Multiple vulnerabilities (CVE-2018-1000300, CVE-2018-1000301)
- [3.7] firefox-esr: Multiple vulnerabilities (CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, CVE-2018-5183)
- [3.7] xen: Multiple vulnerabilities (CVE-2018-8897, CVE-2018-10981, CVE-2018-10982)
- [3.7] wget: Cookie injection vulnerability (CVE-2018-0494)
- [3.7] tor: NULL pointer dereference via a misformatted relay descriptor (CVE-2018-0490)
- [3.7] drupal7: Remote Code Execution (CVE-2018-7602)
- [3.7] mbedtls: Multiple vulnerabilities (CVE-2017-18187, CVE-2018-0487, CVE-2018-0488)
- [3.7] mercurial: HTTP server permissions bypass (CVE-2018-1000132)
- [3.7] wireshark:: Multiple vulnerabilities (CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9267, CVE-2018-9259)
- [3.7] openssl: Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
- [3.7] jq: stack exhaustion via jv_dump_term() function (CVE-2016-4074)
- [3.7] perl: Multiple vulnerabilities (CVE-2018-6797, CVE-2018-6798, CVE-2018-6913)
- [3.7] Ruby 2.2.9, 2.3.6, 2.4.3, 2.5.0 Multiple Vulnerabilities
- Ruby: Multiple Vulnerabilities (CVE-2017-17742, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780)
- [3.7] uwsgi: PHP Plugin Directory Traversal (CVE-2018-7490)
- [3.7] apache2: Multiple vulnerabilities (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1283, CVE-2018-1312)
- [3.7] icinga2: Multiple vulnerabilities (CVE-2018-6532, CVE-2018-6534, CVE-2018-6535)
- [3.7] tiff: uncontrolled resource consumption in TIFFSetDirectory function in tif_dir.c (CVE-2018-5784)
- [3.7] firefox-esr: Multiple vulnerabilities (CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145, CVE-2018-5147)
- [3.7] clamav: Multiple vulnerabilities (CVE-2018-0202, CVE-2018-1000085)
- [3.7] mariadb: Multiple vulnerabilities (CVE-2017-10268, CVE-2017-10378, CVE-2017-15365, CVE-2018-2562, CVE-2018-2612, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668)
- [3.7] sqlite: NULL Pointer Dereference (CVE-2018-8740)
- [3.7] rsync: sanitization bypass in parse_argument in options.c (CVE-2018-5764)
- [3.7] libvorbis: out-of-bounds write (CVE-2018-5146)
- [3.7] samba: Multiple vulnerabilities (CVE-2018-1050, CVE-2018-1057)
- [3.7] wireshark: Multiple vulnerabilities (CVE-2018-7320, CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE..., CVE-2018-7419, CVE-2018-7420)
- [3.7] curl: Multiple vulnerabilities (CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122)
- [3.7] py-django: Multiple vulnerabilitie (CVE-2018-7536, CVE-2018-7537)
- [3.7] xen: Multiple vulnerabilitie (CVE-2018-7540, CVE-2018-7541, CVE-2018-7542)
- [3.7] wavpack: Multiple vulnerabilities (CVE-2018-6767, CVE-2018-7253, CVE-2018-7254)
- [3.7] phpmyadmin: Multiple vulnerabilities (CVE-2017-1000499, CVE-2018-7260)
- [3.7] libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c ((CVE-2018-7225)
- [3.7] squid: Multiple vulnerabilities (CVE-2018-1000024, CVE-2018-1000027)
- [3.7] go: arbitrary code execution during go get (CVE-2018-6574)
- [3.7] p7zip: Multiple vulnerabilities (CVE-2017-17969, CVE-2018-5996)
- [3.7] libtasn1: Stack exhaustion due to indefinite recursion during BER decoding (CVE-2018-6003)
- [3.7] xen: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
- [3.7] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)
- [3.7] webkit2gtk: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)
- [3.7] libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871)
- [3.7] exim: buffer overflow (CVE-2018-6789)
- [ 3.7] irssi: Multiple vulnerabilities (CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208, CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054)
- [3.7] Tiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() (CVE-2017-18013)
- [3.7] curl: Multiple vulnerabilities (CVE-2018-1000005, CVE-2018-1000007)
- [3.7] wireshark: Multiple vulnerabilities (CVE-2018-5334, CVE-2018-5335, CVE-2018-5336)
- [3.7] bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145)
- [3.7] ncurses:Stack based buffer overflow (CVE-2017-16879)
- [3.7] awstats: Path traversal flaws (CVE-2017-1000501)
- [3.7) gimp: Multiple vulnerabilities (CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789)
- [3.7] libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function (CVE-2017-16910)
- [3.7] webkit2gtk: Multiple vulnerabilities (CVE-2017-7156, CVE-2017-13856, CVE-2017-13866, CVE-2017-13870)
- [3.7] firefox-esr: Multiple vulnerabilities (CVE-2017-7843, CVE-2017-7845)
- [3.7] rsync: Several vulnerabilities (CVE-2017-16548, CVE-2017-17433, CVE-2017-17434)
- [3.7] bzr: does not strip bzr+ssh SSH options (CVE-2017-14176)
- [3.7] heimdal: NULL pointer dereference via crafted UDP packets (CVE-2017-17439)
- [3.7] exim: infinite loop and stack exhaustion in receive_msg function via vectors involving BDAT commands (CVE-2017-16944)
- [3.7] openssh: Improper write operations in readonly mode allow for zero-length file creation (CVE-2017-15906)
- [3.7] openssl: Multiple vulnerabilities (CVE-2017-3737, CVE-2017-3738)
- [3.7] wireshark: Multiple vulnerabilities (CVE-2017-17083, CVE-2017-17084, CVE-2017-17085)
- [3.7] pdns-recursor: Multiple vulnerabilities (CVE-2017-15090, CVE-2017-15092, CVE-2017-15093, CVE-2017-15094)
- [3.7] pdns: Missing check on API operations (CVE-2017-15091)
- [3.7] tor: Multiple vulnerabilities (CVE-2017-8819, CVE-2017-8820, CVE-2017-8821, CVE-2017-8822, CVE-2017-8823)
- [3.7] tiff: Heap-based buffer overflow bug in pal2rgb (CVE-2017-17095)
- [3.7] pcre: match() stack overflow (CVE-2017-16231)
- [3.7] graphicsmagick: Multiple vulnerabilities (CVE-2017-14314, CVE-2017-14504, CVE-2017-14733, CVE-2017-14994 CVE-2017-14997, CVE-2017-15930)
- Broken python2.7 and icu in alpine v3.7
- [3.7] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018-5710)
- Tidylibs got deleted from main repository?
- IPv6 addresses on VLAN interfaces
- openssh-server compiled with privsep-user=sshd, but doesn't create sshd user, resulting in error
- apache2-ssl (2.4.33-r0) post install fails (Alpine 3.6 + 3.7)
- Request for Facter Package (multiarch)
- [3.7] webkit2gtk: Multiple vulnerabilities (CVE-2018-4101, CVE-2018-4113, CVE…, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165)
- enable 48-bit virtual addresses for aarch64
- Package libseccomp-dev missing dependency
- [3.7] mupdf: Multiple vulnerabilities (CVE-2018-6187, CVE-2018-6192, CVE-2018-6544, CVE-2018-1000051)
- [3.7] curl doesn't support SSH based protocols
- samba packages - update to 4.7.4
- opam: missing dependency
- ocaml: missing dependencies
- Bash 4.4.12-r2 jobs hangs on arm (alpine 3.7)
- audit kernel support missing
- zutils
- Possible bug in installation location for postgis
- GDB 8.0.1 is now built without "--with-python" flag, please include that again
- py3-httplib2 broken
- php7-imagick is missing a dependency in Alpine 3.7
- My bash script stopped working (hangs) after upgrading to v3.7
- bash-4.3.48-r2.post-upgrade lingers
- openssh manual is broken
- Linux kernel can't be compressed with lzop
- Failed to mount cryptsetup + btrfs stripe (raid 0) on boot
- python strftime doesn't work properly on Alpine Linux.