Closed
Milestone
expired on Nov 1, 2018
3.9.0
Stable 3.9 release
(from redmine: created on 2018-06-26)
Unstarted Issues (open and unassigned)
0
Ongoing Issues (open and assigned)
0
Completed Issues (closed)
88
- [3.9] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199, CVE-2019-0190)
- [3.9] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)
- [3.9] irssi: Use-after-free when hidden lines were expired from the scroll (CVE-2019-5882)
- [3.9] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, CVE-2018-19046)
- [3.9] wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
- [3.9] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)
- [3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)
- [3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-19968, CVE-2018-19969, CVE-2018-19970)
- [3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628)
- [3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314)
- [3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)
- [3.9] webkit2gtk: Multiple memory corruption issues (CVE-2018-4372)
- [3.9] roundcubemail: Cross-site Scripting issue in email attachments (CVE-2018-19206)
- [3.9] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477)
- [3.9] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)
- [3.9] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)
- [3.9] cabextract: Buffer overflow (CVE-2018-18584)
- [3.9] libmspack: Multiple vulnerabilities (CVE-2018-18584, CVE-2018-18585, CVE-2018-18586)
- [3.9] wireshark: Multiple vulnerabilities (CVE-2018-12086, CVE-2018-18225, CVE-2018-18226, CVE-2018-18227)
- [3.9] xorg-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665)
- [3.9] tiff: Multiple vulnerabilities (CVE-2018-10779, CVE-2018-17100, CVE-2018-17101)
- [3.9] apache2: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
- [3.9] libxml2: Multiple vulnerabilities (CVE-2018-9251, CVE-2018-14404, CVE-2018-14567)
- [3.9] libx11: Multiple vulnerabilities (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600)
- [3.9] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)
- [3.9] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)
- [3.9] strongswan: Multiple vulnerabilities (CVE-2018-16151, CVE-2018-16152)
- [3.9] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)
- [3.9] hylafax: JPEG support code execution (CVE-2018-17141)
- [3.9] webkit2gtk: Multiple vulnerabilities (CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911)
- [3.9] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)
- [3.9] ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802)
- [3.9] libjpeg-turbo: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF (CVE-2018-11813)
- [3.9] wireshark: Multiple vulnerabilities (CVE-2018-16056, CVE-2018-16057, CVE-2018-16058)
- [3.9] curl: NTLM password overflow via integer overflow (CVE-2018-14618)
- [3.9] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)
- [3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)
- [3.9] dropbear: User enumeration vulnerability (CVE-2018-15599)
- [3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637)
- [3.9] openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)
- [3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
- [3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)
- [3.9] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)
- [3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)
- [3.9] libao: Invalid memory allocation in _tokenize_matrix function in audio_out.c (CVE-2017-11548)
- [3.9] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)
- [3.9] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)
- [3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)
- [3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)
- [3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)
- [3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)
- [3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-7557, CVE-2018-10001, CVE-2018-12458, CVE-2018-13300, CVE-2018-13302)
- [3.9] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)
- [3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-12581, CVE-2018-12613)
- ca-certificates is broken and needs an update
- dovecot split protocol default config error
- grub-mkconfig can't properly setup f2fs root fs
- Firefox: tidy-up for Alpine 3.9 release
- busybox-initscripts: add ttyUSB[0-9] to dialout group
- init.d/urandom: increase saved entropy
- Qemu Guest Agent can't shut down Alpine
- Support for xenpci in initramfs so we can build XEN storage driver domains with alpine
- [3.9] curl: Multiple vulnerabilities (CVE-2018-16839, CVE-2018-16840, CVE-2018-16842)
- glib-dev 2.58: don't depend on perl
- Freeswitch: upgrade to 1.8
- Upgrade gnutls to 3.6.4 to support TLS 1.3
- mariadb: testsuite hangs on aarch64
- libressl fails on kernels without getrandom (like debian 8)
- open-vm-tools: /etc/modules-load.d/open-vm-tools missing.conf extension
- postfix 3.3.1-r1 is broken
- compile busybox cp with reflink support
- PHP5 EOL
- chrt from util-linux not working
- please upgrade community/wxgtk
- Update smokeping to 2.7.x
- if grub is used, why to load /etc/update-extlinux.conf
- open-vm-tools floods logs
- Improve fuse and fuse3 packaging to make them co-installable
- MonetDB package
- PowerDNS: "service pdns reload" fails because of guardian=no
- Add cntlm package
- request, enable perf tools
- Missing packages virtualbox-additions-virtgrsec, virtualbox-guest-additions (x86)
- main/busybox: enable -w option for ps
- easy-rsa not compatible with libressl
- open-vm-tools (vmtoolsd) segfaults when hypervisor sents shutdown request
- ocfs2-tools: fails to build with musl
- open-vm-tools in edge fails to install
Loading
Loading
Loading