alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:43:27Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4946[3.1] redis: Integer wraparound in lua_struct.c causing stack-based buffer ov...2019-07-23T13:43:27ZAlicha CH[3.1] redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow (CVE-2015-8080)It was found that getnum() function in lua\_struct.c is vulnerable to
integer overflow that
can be used to trigger stack-based buffer overflow. getnum() can be
tricked into an integer
wraparound with a large size number as input, thu...It was found that getnum() function in lua\_struct.c is vulnerable to
integer overflow that
can be used to trigger stack-based buffer overflow. getnum() can be
tricked into an integer
wraparound with a large size number as input, thus returning a negative
value.
This affects all released versions of redis in both 2.8 and 3.0
branches.
2.8.23 and 3.0.5 is affected.
### References:
https://github.com/antirez/redis/issues/2855
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8080
*(from redmine: issue id 4946, created on 2015-12-10, closed on 2015-12-19)*
* Relations:
* parent #49433.1.5Eivind UggedalEivind Uggedalhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4945[3.2] redis: Integer wraparound in lua_struct.c causing stack-based buffer ov...2019-07-23T13:43:27ZAlicha CH[3.2] redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow (CVE-2015-8080)It was found that getnum() function in lua\_struct.c is vulnerable to
integer overflow that
can be used to trigger stack-based buffer overflow. getnum() can be
tricked into an integer
wraparound with a large size number as input, thu...It was found that getnum() function in lua\_struct.c is vulnerable to
integer overflow that
can be used to trigger stack-based buffer overflow. getnum() can be
tricked into an integer
wraparound with a large size number as input, thus returning a negative
value.
This affects all released versions of redis in both 2.8 and 3.0
branches.
2.8.23 and 3.0.5 is affected.
### References:
https://github.com/antirez/redis/issues/2855
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8080
*(from redmine: issue id 4945, created on 2015-12-10, closed on 2015-12-19)*
* Relations:
* parent #4943
* Changesets:
* Revision b11164993a3e522cb2dca0a68037ae342434c534 by Natanael Copa on 2015-12-16T12:44:26Z:
```
main/redis: upgrade to 3.0.5 and security fix for CVE-2015-8080
ref #4943
fixes #4945
```3.2.4Eivind UggedalEivind Uggedalhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4944[3.3] redis: Integer wraparound in lua_struct.c causing stack-based buffer ov...2019-07-23T13:43:29ZAlicha CH[3.3] redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow (CVE-2015-8080)It was found that getnum() function in lua\_struct.c is vulnerable to
integer overflow that
can be used to trigger stack-based buffer overflow. getnum() can be
tricked into an integer
wraparound with a large size number as input, thu...It was found that getnum() function in lua\_struct.c is vulnerable to
integer overflow that
can be used to trigger stack-based buffer overflow. getnum() can be
tricked into an integer
wraparound with a large size number as input, thus returning a negative
value.
This affects all released versions of redis in both 2.8 and 3.0
branches.
2.8.23 and 3.0.5 is affected.
### References:
https://github.com/antirez/redis/issues/2855
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8080
*(from redmine: issue id 4944, created on 2015-12-10, closed on 2015-12-19)*
* Relations:
* parent #4943
* Changesets:
* Revision 143427d67a983d7d05ac3e66b5221316df7b4c7d by Natanael Copa on 2015-12-16T12:37:55Z:
```
main/redis: security fix for CVE-2015-8080
ref #4943
fixes #4944
```3.3.0Eivind UggedalEivind Uggedalhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4943redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow...2019-07-23T13:43:29ZAlicha CHredis: Integer wraparound in lua_struct.c causing stack-based buffer overflow (CVE-2015-8080)It was found that getnum() function in lua\_struct.c is vulnerable to
integer overflow that
can be used to trigger stack-based buffer overflow. getnum() can be
tricked into an integer
wraparound with a large size number as input, thu...It was found that getnum() function in lua\_struct.c is vulnerable to
integer overflow that
can be used to trigger stack-based buffer overflow. getnum() can be
tricked into an integer
wraparound with a large size number as input, thus returning a negative
value.
This affects all released versions of redis in both 2.8 and 3.0
branches.
2.8.23 and 3.0.5 is affected.
### References:
https://github.com/antirez/redis/issues/2855
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8080
*(from redmine: issue id 4943, created on 2015-12-10, closed on 2015-12-19)*
* Relations:
* child #4944
* child #4945
* child #4946
* child #4947
* Changesets:
* Revision 143427d67a983d7d05ac3e66b5221316df7b4c7d by Natanael Copa on 2015-12-16T12:37:55Z:
```
main/redis: security fix for CVE-2015-8080
ref #4943
fixes #4944
```
* Revision b11164993a3e522cb2dca0a68037ae342434c534 by Natanael Copa on 2015-12-16T12:44:26Z:
```
main/redis: upgrade to 3.0.5 and security fix for CVE-2015-8080
ref #4943
fixes #4945
```
* Revision 0f1793b2ec36d52a44289dca84e4af6671ed30d9 by Natanael Copa on 2015-12-16T12:49:05Z:
```
main/redis: upgrade to 2.8.23 and security fix for CVE-2015-8080
ref #4943
fixes #4947
```Eivind UggedalEivind Uggedalhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4942[3.0] libsndfile: Heap overflow vulnerability when parsing specially crafted ...2019-07-23T13:43:30ZAlicha CH[3.0] libsndfile: Heap overflow vulnerability when parsing specially crafted AIFF header (CVE-2015-7805)A heap-based buffer overflow vulnerability was found in libsndfile.
Vulnerability is based on the wrong management of the headindex and
headend values.
While parsing a specially crafted AIFF header, the attacker can manage
index valu...A heap-based buffer overflow vulnerability was found in libsndfile.
Vulnerability is based on the wrong management of the headindex and
headend values.
While parsing a specially crafted AIFF header, the attacker can manage
index values
in order to use memcpy(…) to overwrite memory heap.
### Affected versions:
<= 1.0.25
### References:
http://seclists.org/oss-sec/2015/q4/216
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7805
https://www.exploit-db.com/exploits/38447/
*(from redmine: issue id 4942, created on 2015-12-10, closed on 2015-12-30)*
* Relations:
* parent #4939
* Changesets:
* Revision ae940842c2204c5c74f6a79c0ecf98c8d46fa044 by Natanael Copa on 2015-12-16T12:28:13Z:
```
main/libsndfile: security upgrade to 1.0.26 (CVE-2015-7805)
fixes #4942
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4941[3.1] libsndfile: Heap overflow vulnerability when parsing specially crafted ...2019-07-23T13:43:32ZAlicha CH[3.1] libsndfile: Heap overflow vulnerability when parsing specially crafted AIFF header (CVE-2015-7805)A heap-based buffer overflow vulnerability was found in libsndfile.
Vulnerability is based on the wrong management of the headindex and
headend values.
While parsing a specially crafted AIFF header, the attacker can manage
index valu...A heap-based buffer overflow vulnerability was found in libsndfile.
Vulnerability is based on the wrong management of the headindex and
headend values.
While parsing a specially crafted AIFF header, the attacker can manage
index values
in order to use memcpy(…) to overwrite memory heap.
### Affected versions:
<= 1.0.25
### References:
http://seclists.org/oss-sec/2015/q4/216
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7805
https://www.exploit-db.com/exploits/38447/
*(from redmine: issue id 4941, created on 2015-12-10, closed on 2015-12-30)*
* Relations:
* parent #4939
* Changesets:
* Revision 5da3d3b21e6943cd9415ff18fdaa5844630e8a4f by Natanael Copa on 2015-12-16T12:28:04Z:
```
main/libsndfile: security upgrade to 1.0.26 (CVE-2015-7805)
fixes #4941
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4940[3.2] libsndfile: Heap overflow vulnerability when parsing specially crafted ...2019-07-23T13:43:33ZAlicha CH[3.2] libsndfile: Heap overflow vulnerability when parsing specially crafted AIFF header (CVE-2015-7805)A heap-based buffer overflow vulnerability was found in libsndfile.
Vulnerability is based on the wrong management of the headindex and
headend values.
While parsing a specially crafted AIFF header, the attacker can manage
index valu...A heap-based buffer overflow vulnerability was found in libsndfile.
Vulnerability is based on the wrong management of the headindex and
headend values.
While parsing a specially crafted AIFF header, the attacker can manage
index values
in order to use memcpy(…) to overwrite memory heap.
### Affected versions:
<= 1.0.25
### References:
http://seclists.org/oss-sec/2015/q4/216
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7805
https://www.exploit-db.com/exploits/38447/
*(from redmine: issue id 4940, created on 2015-12-10, closed on 2015-12-30)*
* Relations:
* parent #4939
* Changesets:
* Revision cec9e6589c13fdd175c1b642057403179addb0df by Natanael Copa on 2015-12-16T12:27:52Z:
```
main/libsndfile: security upgrade to 1.0.26 (CVE-2015-7805)
fixes #4940
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4939libsndfile: Heap overflow vulnerability when parsing specially crafted AIFF h...2019-07-23T13:43:34ZAlicha CHlibsndfile: Heap overflow vulnerability when parsing specially crafted AIFF header (CVE-2015-7805)A heap-based buffer overflow vulnerability was found in libsndfile.
Vulnerability is based on the wrong management of the headindex and
headend values.
While parsing a specially crafted AIFF header, the attacker can manage
index valu...A heap-based buffer overflow vulnerability was found in libsndfile.
Vulnerability is based on the wrong management of the headindex and
headend values.
While parsing a specially crafted AIFF header, the attacker can manage
index values
in order to use memcpy(…) to overwrite memory heap.
### Affected versions:
<= 1.0.25
### References:
http://seclists.org/oss-sec/2015/q4/216
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7805
https://www.exploit-db.com/exploits/38447/
*(from redmine: issue id 4939, created on 2015-12-10, closed on 2015-12-30)*
* Relations:
* child #4940
* child #4941
* child #4942Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4938Varnish 4.1 segfault2019-07-23T13:43:35ZChingis SVarnish 4.1 segfaultHi everone,
I’m trying to use Varnish 4.1 with Docker (1.9.1). I’ve built a docker
image in Alpine Linux 3.2 with its musl-libc to reduce the image size.
Dockerfile:
FROM alpine:3.2
RUN echo 'http://dl-4.alpinelinux.org/...Hi everone,
I’m trying to use Varnish 4.1 with Docker (1.9.1). I’ve built a docker
image in Alpine Linux 3.2 with its musl-libc to reduce the image size.
Dockerfile:
FROM alpine:3.2
RUN echo 'http://dl-4.alpinelinux.org/alpine/v3.3/main' >> /etc/apk/repositories && \
apk update && apk upgrade -U -a && \
apk add --update varnish \
&& rm -rf /var/cache/apk/*
When I try to run inside of the container, sometimes I get a segfault,
but sometimes I don’t:
# varnishd -F -W epoll -f /etc/varnish/default.vcl
child (4081) Started
Pushing vcls failed:
CLI communication error (hdr)
Stopping Child
Child (4081) died signal=11
Child (4081) Panic message:
Assert error in child_sigsegv_handler(), mgt/mgt_child.c line 297:
Condition(Segmentation fault by instruction at 0x7f8bec8af9e8) not true.
version = varnish-4.1.0 revision 3041728
ident = Linux,3.13.0-66-generic,x86_64,-junix,-smalloc,-smalloc,-hcritbit,epoll
Could not create _.vsm.4071: File exists
Sometimes when I get 2-3 segfaults in a row and 3rd, 4th time it runs
successfully.
My environment:
# gcc --version
gcc (Alpine 5.2.0) 5.2.0
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.2.3
PRETTY_NAME="Alpine Linux v3.2"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
# ldd --version
musl libc
Version 1.1.12
# docker version
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.4.2
Git commit: a34a1d5
Built: Fri Nov 20 13:12:04 UTC 2015
OS/Arch: linux/amd64
Server:
Version: 1.9.1
API version: 1.21
Go version: go1.4.2
Git commit: a34a1d5
Built: Fri Nov 20 13:12:04 UTC 2015
OS/Arch: linux/amd64
Also, when I run it successfully and try to clear cache (ban), child
process exits with a segfault.
Is it caused by musl-libc?
*(from redmine: issue id 4938, created on 2015-12-08, closed on 2016-03-18)*
* Changesets:
* Revision 58fbf6804b9f155bc2f8e467e949b79132c7df3c by Natanael Copa on 2016-01-08T08:21:15Z:
```
main/varnish: add -dbg
ref #4938
```
* Revision 2e4fa20349066e203b84df45a3ec428ecc827a39 by Natanael Copa on 2016-03-02T10:22:03Z:
```
main/varnish: fix stack overflow
ref #4938
```
* Revision 043207f7a3dc7a69739299962b540a8abfccb586 by Natanael Copa on 2016-03-02T10:26:08Z:
```
main/varnish: fix stack overflow
fixes #4938
```3.3.2https://gitlab.alpinelinux.org/alpine/aports/-/issues/4937[3.2] nodejs: a high-impact denial of service vulnerability (CVE-2015-8027)2019-07-23T13:43:36ZAlicha CH[3.2] nodejs: a high-impact denial of service vulnerability (CVE-2015-8027)### CVE-2015-8027: a high-impact denial of service vulnerability
A bug exists in Node.js, all versions of v0.12.x through to v5.x
inclusive, whereby an external
attacker can cause a denial of service. The severity of this issue is
hig...### CVE-2015-8027: a high-impact denial of service vulnerability
A bug exists in Node.js, all versions of v0.12.x through to v5.x
inclusive, whereby an external
attacker can cause a denial of service. The severity of this issue is
high (see CVSS scoring below)
and users of the affected versions should plan to upgrade when a fix is
made available.
Versions 0.10.x of Node.js are not affected.
Versions **0.12.x** of Node.js are vulnerable.
Versions **4.x**, including LTS Argon, of Node.js are vulnerable.
Versions **5.x** of Node.js are vulnerable.
### References:
https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/
https://nodejs.org/en/blog/vulnerability/cve-2015-8027\_cve-2015-6764/
*(from redmine: issue id 4937, created on 2015-12-08, closed on 2015-12-09)*
* Relations:
* parent #4935
* Changesets:
* Revision 3ce61e03fdba213e6606d14fb493a8ab3cb71973 on 2015-12-09T15:43:40Z:
```
main/nodejs: security upgrade to 0.12.9 (CVE-2015-8027). Fixes #4937
```3.2.4Eivind UggedalEivind Uggedalhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4936[3.3] nodejs: multiple issues (CVE-2015-6764, CVE-2015-8027)2019-07-23T13:43:37ZAlicha CH[3.3] nodejs: multiple issues (CVE-2015-6764, CVE-2015-8027)### CVE-2015-8027: a high-impact denial of service vulnerability
A bug exists in Node.js, all versions of v0.12.x through to v5.x
inclusive, whereby an external
attacker can cause a denial of service. The severity of this issue is
hig...### CVE-2015-8027: a high-impact denial of service vulnerability
A bug exists in Node.js, all versions of v0.12.x through to v5.x
inclusive, whereby an external
attacker can cause a denial of service. The severity of this issue is
high (see CVSS scoring below)
and users of the affected versions should plan to upgrade when a fix is
made available.
Versions 0.10.x of Node.js are not affected.
Versions **0.12.x** of Node.js are vulnerable.
Versions **4.x**, including LTS Argon, of Node.js are vulnerable.
Versions **5.x** of Node.js are vulnerable.
### CVE-2015-6764: a low-impact V8 out-of-bounds access vulnerability
An additional bug exists in Node.js, all versions of v4.x and v5.x,
whereby an attacker may be able to trigger an out-of-bounds access
and/or denial of service if user-supplied JavaScript can be executed by
an application. The severity of this issue is considered medium for
Node.js users (see CVSS scoring below), but only under circumstances
where an attacker may cause user-supplied JavaScript to be executed
within a Node.js application. Fixes will be shipped for the v4.x and
v5.x release lines along with fixes for CVE-2015-8027.
Versions 0.10.x of Node.js are not affected.
Versions 0.12.x of Node.js are not affected.
Versions **4.x**, including LTS Argon, of Node.js are vulnerable.
Versions **5.x** of Node.js are vulnerable.
### References:
https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/
https://nodejs.org/en/blog/vulnerability/cve-2015-8027\_cve-2015-6764/
*(from redmine: issue id 4936, created on 2015-12-08, closed on 2015-12-09)*
* Relations:
* parent #4935
* Changesets:
* Revision f678033759637af9f55151d32f2203ea41c7de9a on 2015-12-09T15:22:16Z:
```
main/nodejs: security upgrade to 4.2.3 (CVE-2015-8027,CVE-2015-6764). Fixes #4936
```3.3.0Eivind UggedalEivind Uggedalhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4935nodejs: multiple issues (CVE-2015-6764 CVE-2015-8027)2019-07-23T13:43:38ZAlicha CHnodejs: multiple issues (CVE-2015-6764 CVE-2015-8027)### CVE-2015-8027: a high-impact denial of service vulnerability
A bug exists in Node.js, all versions of v0.12.x through to v5.x
inclusive, whereby an external
attacker can cause a denial of service. The severity of this issue is
hig...### CVE-2015-8027: a high-impact denial of service vulnerability
A bug exists in Node.js, all versions of v0.12.x through to v5.x
inclusive, whereby an external
attacker can cause a denial of service. The severity of this issue is
high (see CVSS scoring below)
and users of the affected versions should plan to upgrade when a fix is
made available.
Versions 0.10.x of Node.js are not affected.
Versions **0.12.x** of Node.js are vulnerable.
Versions **4.x**, including LTS Argon, of Node.js are vulnerable.
Versions **5.x** of Node.js are vulnerable.
### CVE-2015-6764: a low-impact V8 out-of-bounds access vulnerability
An additional bug exists in Node.js, all versions of v4.x and v5.x,
whereby an attacker may be able to trigger an out-of-bounds access
and/or denial of service if user-supplied JavaScript can be executed by
an application. The severity of this issue is considered medium for
Node.js users (see CVSS scoring below), but only under circumstances
where an attacker may cause user-supplied JavaScript to be executed
within a Node.js application. Fixes will be shipped for the v4.x and
v5.x release lines along with fixes for CVE-2015-8027.
Versions 0.10.x of Node.js are not affected.
Versions 0.12.x of Node.js are not affected.
Versions **4.x**, including LTS Argon, of Node.js are vulnerable.
Versions **5.x** of Node.js are vulnerable.
### References:
https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/
https://nodejs.org/en/blog/vulnerability/cve-2015-8027\_cve-2015-6764/
*(from redmine: issue id 4935, created on 2015-12-08, closed on 2015-12-09)*
* Relations:
* child #4936
* child #4937Eivind UggedalEivind Uggedalhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4934Package request: xmlstarlet2019-07-23T13:43:39ZPrzemysław PawełczykPackage request: xmlstarletXMLStarlet is a set of command line utilities (tools) which can be used
to transform, query, validate, and edit XML documents and files using
simple set of shell commands in similar way it is done for plain text
files using UNIX grep, se...XMLStarlet is a set of command line utilities (tools) which can be used
to transform, query, validate, and edit XML documents and files using
simple set of shell commands in similar way it is done for plain text
files using UNIX grep, sed, awk, diff, patch, join, etc commands.
Home page: http://xmlstar.sourceforge.net/
Version:
[1.6.1](http://sourceforge.net/p/xmlstar/code/ci/master/tree/NEWS)
\[2014-08-09\]
Source:
http://sourceforge.net/projects/xmlstar/files/xmlstarlet/1.6.1/xmlstarlet-1.6.1.tar.gz/download
*(from redmine: issue id 4934, created on 2015-12-06, closed on 2015-12-18)*
* Changesets:
* Revision 2566377b7a5e650c109a6535a55e02a9d572a256 on 2015-12-15T21:42:25Z:
```
testing/xmlstarlet: new aport. Fixes #4934
```3.3.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/4933Package request: html-xml-utils2019-07-23T13:43:40ZPrzemysław PawełczykPackage request: html-xml-utilsA number of simple utilities for manipulating HTML and XML files.
Home page: http://www.w3.org/Tools/HTML-XML-utils/
Version: [6.9](http://www.w3.org/Tools/HTML-XML-utils/ChangeLog)
\[2014-10-21\]
Source: http://www.w3.org/Tools/HTM...A number of simple utilities for manipulating HTML and XML files.
Home page: http://www.w3.org/Tools/HTML-XML-utils/
Version: [6.9](http://www.w3.org/Tools/HTML-XML-utils/ChangeLog)
\[2014-10-21\]
Source: http://www.w3.org/Tools/HTML-XML-utils/html-xml-utils-6.9.tar.gz
*(from redmine: issue id 4933, created on 2015-12-06, closed on 2015-12-18)*
* Changesets:
* Revision 11810c91c0a74a290242c06ab40318cea1d87325 on 2015-12-15T22:12:04Z:
```
testing/html-xml-utils: new aport. Fixes #4933
```3.3.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/4932[3.0] cups-filters: foomatic-rip did not consider the back tick as an illegal...2019-07-23T13:43:41ZAlicha CH[3.0] cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character (CVE-2015-8327)\- cups-browsed: When using IP-address-based device URIs via
the “IPBasedDeviceURIs” directive in cups-browsed.conf, add
two additional settings to restrict the used IP addresses to
either only IPv4 addresses or only IPv6 addresses...\- cups-browsed: When using IP-address-based device URIs via
the “IPBasedDeviceURIs” directive in cups-browsed.conf, add
two additional settings to restrict the used IP addresses to
either only IPv4 addresses or only IPv6 addresses.
- foomatic-rip: SECURITY FIX: Also consider the back tick
(‘\`’) as an illegal shell escape character.
### Fixed In Version:
cups-filters **1.2.0**
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=1287523
https://lists.debian.org/debian-printing/2015/11/msg00020.html
Patch:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
*(from redmine: issue id 4932, created on 2015-12-04, closed on 2015-12-09)*
* Relations:
* parent #4929
* Changesets:
* Revision 22d19ae2549dce27eef57e63f84720df9bcf1866 on 2015-12-09T15:41:03Z:
```
main/cups-filters: security fix CVE-2015-8327. Fixes #4932
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4931[3.1] cups-filters: foomatic-rip did not consider the back tick as an illegal...2019-07-23T13:43:42ZAlicha CH[3.1] cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character (CVE-2015-8327)\- cups-browsed: When using IP-address-based device URIs via
the “IPBasedDeviceURIs” directive in cups-browsed.conf, add
two additional settings to restrict the used IP addresses to
either only IPv4 addresses or only IPv6 addresses...\- cups-browsed: When using IP-address-based device URIs via
the “IPBasedDeviceURIs” directive in cups-browsed.conf, add
two additional settings to restrict the used IP addresses to
either only IPv4 addresses or only IPv6 addresses.
- foomatic-rip: SECURITY FIX: Also consider the back tick
(‘\`’) as an illegal shell escape character.
### Fixed In Version:
cups-filters **1.2.0**
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=1287523
https://lists.debian.org/debian-printing/2015/11/msg00020.html
Patch:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
*(from redmine: issue id 4931, created on 2015-12-04, closed on 2015-12-09)*
* Relations:
* parent #4929
* Changesets:
* Revision ecc59cf595e9eff68838813344f2ade7a5c51b89 on 2015-12-09T15:32:33Z:
```
main/cups-filters: security fix CVE-2015-8327. Fixes #4931
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4930[3.2] cups-filters: foomatic-rip did not consider the back tick as an illegal...2019-07-23T13:43:44ZAlicha CH[3.2] cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character (CVE-2015-8327)\- cups-browsed: When using IP-address-based device URIs via
the “IPBasedDeviceURIs” directive in cups-browsed.conf, add
two additional settings to restrict the used IP addresses to
either only IPv4 addresses or only IPv6 addresses...\- cups-browsed: When using IP-address-based device URIs via
the “IPBasedDeviceURIs” directive in cups-browsed.conf, add
two additional settings to restrict the used IP addresses to
either only IPv4 addresses or only IPv6 addresses.
- foomatic-rip: SECURITY FIX: Also consider the back tick
(‘\`’) as an illegal shell escape character.
### Fixed In Version:
cups-filters **1.2.0**
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=1287523
https://lists.debian.org/debian-printing/2015/11/msg00020.html
Patch:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
*(from redmine: issue id 4930, created on 2015-12-04, closed on 2015-12-09)*
* Relations:
* parent #4929
* Changesets:
* Revision ef4b8bc0255cdb792949b437c0896dfc748769d5 on 2015-12-09T15:27:56Z:
```
main/cups-filters: security fix CVE-2015-8327. Fixes #4930
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4929cups-filters: foomatic-rip did not consider the back tick as an illegal shell...2019-07-23T13:43:45ZAlicha CHcups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character (CVE-2015-8327)\- cups-browsed: When using IP-address-based device URIs via
the “IPBasedDeviceURIs” directive in cups-browsed.conf, add
two additional settings to restrict the used IP addresses to
either only IPv4 addresses or only IPv6 addresses...\- cups-browsed: When using IP-address-based device URIs via
the “IPBasedDeviceURIs” directive in cups-browsed.conf, add
two additional settings to restrict the used IP addresses to
either only IPv4 addresses or only IPv6 addresses.
- foomatic-rip: SECURITY FIX: Also consider the back tick
(‘\`’) as an illegal shell escape character.
### Fixed In Version:
cups-filters **1.2.0**
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=1287523
https://lists.debian.org/debian-printing/2015/11/msg00020.html
Patch:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
*(from redmine: issue id 4929, created on 2015-12-04, closed on 2015-12-09)*
* Relations:
* child #4930
* child #4931
* child #4932Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4928sysctl net.ipv4.ip_forward=1 error, unknown key2019-07-23T13:43:45ZAhto Taatsysctl net.ipv4.ip_forward=1 error, unknown keyI was following the wiki page at
[http://wiki.alpinelinux.org/wiki/Wireless\_AP\_with\_udhcpd\_and\_NAT\#Test](http://wiki.alpinelinux.org/wiki/Wireless\_AP\_with\_udhcpd\_and\_NAT\#Test)
and got error message while trying to
sysctl n...I was following the wiki page at
[http://wiki.alpinelinux.org/wiki/Wireless\_AP\_with\_udhcpd\_and\_NAT\#Test](http://wiki.alpinelinux.org/wiki/Wireless\_AP\_with\_udhcpd\_and\_NAT\#Test)
and got error message while trying to
sysctl net.ipv4.ip\_forward=1
Error message on console was
>sysctl, Error, ‘net.ipv4.ip\_forward=1’ is an unknown key
Also, as side note. There was no package named ‘udhcpd’ (mentioned in
the wiki page above) in package repositories. In case it’s included into
base system, Wiki pages need overhaul.
Still, net.ipv4.ip\_forward missing key was main showstopper.
Tried it on Alpine Linux versions 3.2.3 and some version I had burned on
the cd during early spring, it probably being thus 3.1.4
Was it somehow left out of the kernel?
*(from redmine: issue id 4928, created on 2015-12-04, closed on 2017-04-07)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/4927Package upgrade: jsoncpp2019-07-23T13:43:46ZPrzemysław PawełczykPackage upgrade: jsoncppAlpine version:
[1.6.0](https://github.com/open-source-parsers/jsoncpp/releases/tag/1.6.0)
\[2015-03-15\] since commit:663da2b942d3 \[2015-03-18\]
Latest version:
[1.6.5](https://github.com/open-source-parsers/jsoncpp/releases/tag/1.6....Alpine version:
[1.6.0](https://github.com/open-source-parsers/jsoncpp/releases/tag/1.6.0)
\[2015-03-15\] since commit:663da2b942d3 \[2015-03-18\]
Latest version:
[1.6.5](https://github.com/open-source-parsers/jsoncpp/releases/tag/1.6.5)
\[2015-07-23\]
*(from redmine: issue id 4927, created on 2015-12-03, closed on 2015-12-15)*
* Changesets:
* Revision 8075d0400a849669b3c0da650404d07bdbe1e863 by Natanael Copa on 2015-12-04T13:20:09Z:
```
main/jsoncpp: upgrade to 1.6.5
fixes #4927
```3.3.0Natanael CopaNatanael Copa