Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 168
    • Merge Requests 168
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Milestones
  • 3.7.2

Closed
Milestone

3.7.2

Bugfix release 3.7.2

(from redmine: created on 2018-09-11)

  • Issues 60
  • Merge Requests 0
  • Participants 7
  • Labels 5
Unstarted Issues (open and unassigned)
0
Ongoing Issues (open and assigned)
0
Completed Issues (closed)
60
  • [3.7] py-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)
    #10022 Normal tag:security type:bug
  • [3.7] py-django: memory exhaustion in django.utils.numberformat.format() (CVE-2019-6975)
    #10006 Normal tag:security type:bug
  • [3.7] openssh: Multiple vulnerabilities (CVE-2018-20685, CVE-2019-6109, CVE-2019-6111)
    #9999 Normal tag:security type:bug
  • [3.7] curl: Multiple vulnerabilities (CVE-2018-16890, CVE-2019-3822, CVE-2019-3823)
    #9993 Normal tag:security type:bug
  • [3.7] spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
    #9942 Normal tag:security type:bug
  • [3.7] wavpack: Multiple vulnerabilities (CVE-2018-19840, CVE-2018-19841)
    #9917 Normal tag:security type:bug
  • [3.7] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199)
    #9908 Normal tag:security type:bug
  • [3.7] aria2: Metadata and potential password leak (CVE-2019-3500)
    #9900 Normal tag:security type:bug
  • [3.7] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)
    #9886 Normal tag:security type:bug
  • [3.7] zeromq: Integer overflow in zmq::v2_decoder_t::size_ready (CVE-2019-6250)
    #9878 Normal tag:security type:bug
  • [3.7] py-openssl: Multiple vulnerabilities (CVE-2018-1000807, CVE-2018-1000808)
    #9867 Normal tag:security type:bug
  • [3.7] tar: Infinite read loop in sparse_dump_region function in sparse.c (CVE-2018-20482)
    #9849 Normal tag:security type:bug
  • [3.7] xen: Multiple vulnerabilities (CVE-2018-19961, CVE-2018-19962, CVE-2018-18883, CVE-2018-19965, CVE-2018-19966, CVE-2018-19967)
    #9845 Normal tag:security type:bug
  • [3.7] tinc: Multiple issues (CVE-2018-16737, CVE-2018-16738, CVE-2018-16758)
    #9841 Normal tag:security type:bug
  • [3.7] wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
    #9819 Normal tag:security type:bug
  • [3.7] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)
    #9804 Normal tag:security type:bug
  • [3.7] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)
    #9799 Normal tag:security type:bug
  • [3.7] sqlite: integer overflow (resulting in buffer overflow) for FTS3 queries (CVE-2018-20346)
    #9793 Normal tag:security type:bug
  • [3.7] mariadb: Multiple vulnerabilities (CVE-2016-9843, CVE-2018-2755, CVE-2018-2761, CVE-2018-2766, CVE…, CVE-2018-3251, CVE-2018-3282)
    #9789 Normal tag:security type:bug
  • [3.7] cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)
    #9760 Normal tag:security type:bug
  • [3.7] polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788)
    #9755 Normal tag:security type:bug
  • [3.7] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314)
    #9729 Normal tag:security type:bug
  • [3.7] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)
    #9717 Normal tag:security type:bug
  • [3.7] git: Improper handling of PATH allows for commands to executed from current directory (CVE-2018-19486)
    #9712 Normal tag:security type:bug
  • [3.7] samba: Multiple vulnerabilities (CVE-2018-14629, CVE-2018-16841, CVE-2018-16851)
    #9708 Normal tag:security type:bug
  • [3.7] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477)
    #9692 Normal tag:security type:bug
  • [3.7] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)
    #9687 Normal tag:security type:bug
  • [3.7] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)
    #9681 Normal tag:security type:bug
  • [3.7] cabextract: Buffer overflow (CVE-2018-18584)
    #9670 Normal tag:security type:bug
  • [3.7] libmspack: Multiple vulnerabilities (CVE-2018-18584, CVE-2018-18585, CVE-2018-18586)
    #9665 Normal tag:security type:bug
  • [3.7] nginx: Multiple vulnerabilities (CVE-2018-16843, CVE-2018-16844, CVE-2018-16845)
    #9660 Normal tag:security type:bug
  • [3.7] curl: Multiple vulnerabilities (CVE-2018-16839, CVE-2018-16840, CVE-2018-16842)
    #9613 Normal tag:security type:bug
  • [3.7] xorg-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665)
    #9599 Normal tag:security type:bug
  • [3.7] tiff: Multiple vulnerabilities (CVE-2018-10779, CVE-2018-17100, CVE-2018-17101)
    #9585 Normal tag:security type:bug
  • [3.7] apache2: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
    #9579 Normal tag:security type:bug
  • [3.7] libssh: Authentication Bypass due to improper message callbacks implementation (CVE-2018-10933)
    #9570 Normal tag:security type:bug
  • [3.7] libxml2: Multiple vulnerabilities (CVE-2018-9251, CVE-2018-14404, CVE-2018-14567)
    #9566 Normal tag:security type:bug
  • [3.7] Git RCE vulnerability regarding submodules (CVE-2018-17456)
    #9542 Normal tag:security type:bug
  • [3.7] libx11: Multiple vulnerabilities (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600)
    #9535 Normal tag:security type:bug
  • [3.7] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)
    #9523 Normal tag:security type:bug
  • [3.7] strongswan: heap buffer overflow using crafted certificates (CVE-2018-17540)
    #9517 Normal tag:security type:bug
  • [3.7] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)
    #9500 Normal tag:security type:bug
  • [3.7] strongswan: Multiple vulnerabilities (CVE-2018-16151, CVE-2018-16152)
    #9485 Normal tag:security type:bug
  • [3.7] ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
    #9468 Normal tag:security type:bug
  • [3.7] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)
    #9464 Normal tag:security type:bug
  • [3.7] hylafax: JPEG support code execution (CVE-2018-17141)
    #9458 Normal tag:security type:bug
  • [3.7] pango: application crash triggered by unicode chars in pango-emoji.c (CVE-2018-15120)
    #9450 Normal tag:security type:bug
  • [3.7] ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802)
    #9435 Normal tag:security type:bug
  • [3.7] libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)
    #9429 Normal tag:security type:bug
  • [3.7] curl: NTLM password overflow via integer overflow (CVE-2018-14618)
    #9395 Normal tag:security type:bug
  • [3.7] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)
    #9384 Normal tag:security type:bug
  • [3.7] dnsmasq: Improper validation of wildcard synthesized NSEC records (CVE-2017-15107)
    #9378 Normal tag:security type:bug
  • [3.7] dropbear: User enumeration vulnerability (CVE-2018-15599)
    #9349 Normal tag:security type:bug
  • [3.7] openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)
    #9319 Normal tag:security type:bug
  • [3.7] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
    #9308 Normal tag:security type:bug
  • [3.7] libao: Invalid memory allocation in _tokenize_matrix function in audio_out.c (CVE-2017-11548)
    #9210 Normal tag:security type:bug
  • [3.7] py-django: Content spoofing via URL path in default 404 page (CVE-2019-3498)
    #9835 Normal type:bug
  • python3.6.5 upgrade pip says [Error relocating /usr/lib/libexpat.so.1: getrandom: symbol not found]
    #9642 High type:bug
  • [3.7] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)
    #9445 Normal Rejected type:bug
  • [3.7] vlc: type conversion vulnerability (CVE-2017-17670)
    #8315 Normal Rejected type:bug
100% complete
100%
Start date
No start date
None
Due date
No due date
60
Issues 60 New issue
Open: 0 Closed: 60
0
Merge requests 0
Open: 0 Closed: 0 Merged: 0
0
Releases
None
Reference: alpine/aports%"3.7.2"