Closed
Milestone
expired on Aug 5, 2014
3.0.2
Bugfix release 3.0.2
(from redmine: created on 2014-06-26)
Unstarted Issues (open and unassigned)
0
Ongoing Issues (open and assigned)
0
Completed Issues (closed)
49
- [v3.0] cacti: multiple XSS vulnerabilities (CVE-2014-5025 CVE-2014-5026)
- [v3.0] cups: incomplete fix for CVE-2014-3537 (CVE-2014-5029 CVE-2014-5030 CVE-2014-5031)
- [v3.0] ansible: input sanitization errors (CVE-2014-4966 CVE-2014-4967)
- [v3.0] php: SPL Iterators use-after-free (CVE-2014-4670).
- [v3.0] file: remote DoS (CVE-2014-3538)
- [v3.0] php: multiple issues fixed in new 5.5.14
- [v3.0] krb5: remote DoS (CVE-2014-4341 CVE-2014-4342)
- [v3.0] apache2: multiple issues (CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231)
- [v3.0] phpmyadmin: multiple issues (CVE-2014-4987 CVE-2014-4986 CVE-2014-4955 CVE-2014-4954)
- [v3.0] perl-email-address: inefficient regular expressions could cause DoS (CVE-2014-0477 CVE-2014-4720)
- [v3.0] mysql: SRINFOSC and SRCHAR related issues (CVE-2014-4258 CVE-2014-4260)
- [v3.0] transmission: peer communication vulnerability (CVE-2014-4909)
- [v3.0] php: sensitive information leak from process memory (CVE-2014-4721)
- [v3.0] ruby-rails: vulnerabilities in PostgreSQL adapter for Active Record (CVE-2014-3482 CVE-2014-3483)
- [v3.0] dbus: bugs in file descriptor passing (CVE-2014-3532 CVE-2014-3533)
- [v3.0] ansible: remote data checking code fixes (CVE-2014-4678 and related)
- [v3.0] cacti: multiple fixes (CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 CVE-2014-2708 CVE-2014-2709 CVE-2014-4002)
- kernel: integer overflow in kernels with LZ4 support (CVE-2014-4611)
- [v3.0] ffmpeg: vulnerability in lzo implementation (CVE-2014-4609 CVE-2014-4610)
- [v3.0] lzo: potential integer overflow (CVE-2014-4607)
- [v3.0] gnupg: infinite loop in g10/compress.c (CVE-2014-4617)
- [v3.0] kernel: net: sctp: inherit auth_capable on INIT collisions (CVE-2014-5077)
- [v3.0] kernel: fs: umount on symlink leaks mnt count (CVE-2014-5045)
- quagga: ipv6 doesn't work with zebra
- bb top report bogus memory usage on 3.0.1
- libvirtd can't find dnsmasq if it's not a make dependency
- [v3.0] kernel: gain privileges in net/l2tp/l2tp_ppp.c (CVE-2014-4943)
- perl-db package needs bump+rebuild
- Package perl-compress-raw-zlib is 2.035-r5, but amavisd-new package now requires 2.063 or later
- [v3.0] kernel: shmem: fix faulting into a hole while it's punched (CVE-2014-4171)
- [v3.0] kernel: force IRET path after a ptrace_stop() (CVE-2014-4699)
- Boot error from iso: cp: can't stat '/var/run/*': No such file or directory
- rsync: missing ipv6 support
- busybox-initscripts: klogd should not provide logger
- alpine-vanilla will install grsec kernel
- upgrading kernel will break extlinux.conf
- setup-bootable produce unreadable syslinux.cfg and other files
- [v3.0] nagios-plugins: multiple fixes (CVE-2014-4701 CVE-2014-4702 CVE-2014-4703)
- [v3.0] kernel: integer overflow in kernels with LZO support (CVE-2014-4608)
- Kamailio create database fails with syntax error in kamdbctl.base
- acf-kamailio is broken
- acf-freeswitch and acf-freeswitch-vmail aren't built for Alpine 3.0
- setup-disk and sfdisk throw warning under alpine 3.0.1
- Awall in Alpine 3.0.1 will not perform activate or translate functions
- mdev error on boot using Via Nano hardware
- mdev rules for dahdi devices
- Behavior of I/O functions is different in 3.0 from earlier versions
- perl-io-compress: file conflict with perl
- Full/Partial RELRO
