alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T14:00:12Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3543lvm2-2.02.112: vgchange --mknodes returns with error2019-07-23T14:00:12ZNatanael Copalvm2-2.02.112: vgchange --mknodes returns with errorDurin boot `vgchange --mknodes` exits with error.
Returns: Command failed with status code 5.
This caused initramfs init to break and was worked around in
alpine:commit:“6ee6047b74039f32048686d8e6df918f87a1ee68”.
Apparently it als...Durin boot `vgchange --mknodes` exits with error.
Returns: Command failed with status code 5.
This caused initramfs init to break and was worked around in
alpine:commit:“6ee6047b74039f32048686d8e6df918f87a1ee68”.
Apparently it also affects openrc init.d script which will fail unless
lvm was initialized in initramfs.
Upstream seem to have found and fixed the issue:
https://git.fedorahosted.org/cgit/lvm2.git/commit/?id=4dc602f79bd6579eef15a9227aee99fe832a7610
*(from redmine: issue id 3543, created on 2014-11-24, closed on 2014-12-09)*
* Changesets:
* Revision eac4de6dd1ed522902da20170085e08dd910f0d8 by Natanael Copa on 2014-11-24T11:04:18Z:
```
main/lvm2: fix vgscan --mknodes
we backport a patch from upstream and change our init.d script to run
vgchange even if vgscan returns failure.
fixes #3543
```3.1.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/3542squid init.d stop waits too long2019-07-23T14:00:13ZTimo Terässquid init.d stop waits too longSquid pidfile is not removed on squid exit, but the init.d script waits
that to happen on ‘stop’. Should fix the default config somehow.
*(from redmine: issue id 3542, created on 2014-11-24, closed on 2014-12-10)*Squid pidfile is not removed on squid exit, but the init.d script waits
that to happen on ‘stop’. Should fix the default config somehow.
*(from redmine: issue id 3542, created on 2014-11-24, closed on 2014-12-10)*3.1.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3541ship detatched PGP signatures for ISO releases.2019-07-23T14:00:14ZNatanael Copaship detatched PGP signatures for ISO releases.We should sign our release images.
*(from redmine: issue id 3541, created on 2014-11-24, closed on 2015-04-01)*We should sign our release images.
*(from redmine: issue id 3541, created on 2014-11-24, closed on 2015-04-01)*3.1.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3540qt5-qtdeclarative file conflict with qt-x112019-07-23T14:00:15ZNatanael Copaqt5-qtdeclarative file conflict with qt-x11(1/1) Reinstalling qt5-qtdeclarative (5.3.2-r0)
ERROR: qt5-qtdeclarative-5.3.2-r0: trying to overwrite usr/bin/qmlplugindump owned by qt-x11-4.8.6-r0.
*(from redmine: issue id 3540, created on 2014-11-23, closed on 2015-01-06)*
* ...(1/1) Reinstalling qt5-qtdeclarative (5.3.2-r0)
ERROR: qt5-qtdeclarative-5.3.2-r0: trying to overwrite usr/bin/qmlplugindump owned by qt-x11-4.8.6-r0.
*(from redmine: issue id 3540, created on 2014-11-23, closed on 2015-01-06)*
* Changesets:
* Revision a3e918ba47627b60bdd16e22e96bb34b18133a50 by Natanael Copa on 2014-12-31T09:44:48Z:
```
main/qt5-qtdeclarative: fix file conflicts with qt4
fixes #3540
(cherry picked from commit 6df2a6e0a7180b37d10fbb8352a9759e4356ca8d)
```3.1.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3539fontconfig cache regeneration trigger2019-07-23T14:00:16ZTimo Teräsfontconfig cache regeneration triggerCurrently calls:
fc-cache -f
But -f is —force, meaning it ignores timestamps and assumes invalid
cache. This makes it impossible to do “lbu include
/var/cache/fontconfig/” to avoid re-generation of fontcache that can
take 10s of se...Currently calls:
fc-cache -f
But -f is —force, meaning it ignores timestamps and assumes invalid
cache. This makes it impossible to do “lbu include
/var/cache/fontconfig/” to avoid re-generation of fontcache that can
take 10s of seconds on ARM when booting in run-from-ram mode.
Additionally -s or —system-only flag is probably desirable because we
don’t want to scan users’ fonts on package install / upgrade time.
*(from redmine: issue id 3539, created on 2014-11-21, closed on 2014-12-09)*
* Changesets:
* Revision 7b0c97d18d09d5506809218ea3e7b9006c1dc64f by Natanael Copa on 2014-11-24T12:06:00Z:
```
main/fontconfig: improve trigger script
- let fontconfig check the timestamp
- add --system-only since we dont want check user dirs
fixes #3539
```3.1.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3538[v3.1] kernel: KVM DoS triggerable by malicious host userspace (CVE-2014-3690)2019-07-23T14:00:17ZAlexander Belous[v3.1] kernel: KVM DoS triggerable by malicious host userspace (CVE-2014-3690)arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host OS
users to kill arbitrary proc...arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host OS
users to kill arbitrary processes or cause a denial of service (system
disruption) by leveraging /dev/kvm access, as demonstrated by
PR\_SET\_TSC prctl calls within a modified copy of QEMU.
The fix is here:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a
There are no separate patches for 3.14.y and for 3.10.y at the moment.
References:
http://seclists.org/oss-sec/2014/q4/416
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3690
*(from redmine: issue id 3538, created on 2014-11-21, closed on 2017-05-17)*
* Relations:
* parent #35343.1.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3537[v3.0] kernel: KVM DoS triggerable by malicious host userspace (CVE-2014-3690)2019-07-12T14:52:07ZAlexander Belous[v3.0] kernel: KVM DoS triggerable by malicious host userspace (CVE-2014-3690)arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host OS
users to kill arbitrary proc...arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host OS
users to kill arbitrary processes or cause a denial of service (system
disruption) by leveraging /dev/kvm access, as demonstrated by
PR\_SET\_TSC prctl calls within a modified copy of QEMU.
The fix is here:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a
There are no separate patches for 3.14.y and for 3.10.y at the moment.
References:
http://seclists.org/oss-sec/2014/q4/416
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3690
*(from redmine: issue id 3537, created on 2014-11-21, closed on 2017-09-05)*
* Relations:
* parent #35343.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3536[v2.7] kernel: KVM DoS triggerable by malicious host userspace (CVE-2014-3690)2019-07-12T14:52:06ZAlexander Belous[v2.7] kernel: KVM DoS triggerable by malicious host userspace (CVE-2014-3690)arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host OS
users to kill arbitrary proc...arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host OS
users to kill arbitrary processes or cause a denial of service (system
disruption) by leveraging /dev/kvm access, as demonstrated by
PR\_SET\_TSC prctl calls within a modified copy of QEMU.
The fix is here:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a
There are no separate patches for 3.14.y and for 3.10.y at the moment.
References:
http://seclists.org/oss-sec/2014/q4/416
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3690
*(from redmine: issue id 3536, created on 2014-11-21, closed on 2017-09-05)*
* Relations:
* parent #3534Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3535[v2.6] kernel: KVM DoS triggerable by malicious host userspace (CVE-2014-3690)2019-07-12T14:52:06ZAlexander Belous[v2.6] kernel: KVM DoS triggerable by malicious host userspace (CVE-2014-3690)arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host OS
users to kill arbitrary proc...arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host OS
users to kill arbitrary processes or cause a denial of service (system
disruption) by leveraging /dev/kvm access, as demonstrated by
PR\_SET\_TSC prctl calls within a modified copy of QEMU.
The fix is here:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a
There are no separate patches for 3.14.y and for 3.10.y at the moment.
References:
http://seclists.org/oss-sec/2014/q4/416
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3690
*(from redmine: issue id 3535, created on 2014-11-21, closed on 2017-09-05)*
* Relations:
* parent #3534Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3533[v3.0] phpmyadmin: multiple issues (CVE-2014-8958, CVE-2014-8959, CVE-2014-89...2019-07-23T14:00:18ZAlexander Belous[v3.0] phpmyadmin: multiple issues (CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961)CVE-2014-8958:
Announcement-ID: PMASA-2014-13
Date: 2014-11-20
Summary: Multiple XSS vulnerabilities.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solut...CVE-2014-8958:
Announcement-ID: PMASA-2014-13
Date: 2014-11-20
Summary: Multiple XSS vulnerabilities.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.0.10.6 or newer, or 4.1.14.7 or newer,
or 4.2.12 or newer, or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-13.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/d32da348c4de2379482a48661ce968a55eebe5c4
https://github.com/phpmyadmin/phpmyadmin/commit/1bc04ec95038f2356ad33752090001bf1c047208
https://github.com/phpmyadmin/phpmyadmin/commit/2a3b7393d1d5a8ba0543699df94a08a0f5728fe0
https://github.com/phpmyadmin/phpmyadmin/commit/2ffdbf2d7daa0b92541d8b754e2afac555d3ed21
The following commits have been made on the 4.0 branch to fix this
issue:
https://github.com/phpmyadmin/phpmyadmin/commit/c5783321cd387d0b65b32cf399766f08a9acad68
https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820
https://github.com/phpmyadmin/phpmyadmin/commit/58cdd91fc83703a1ab645764fb3708e8e0b7c4a2
https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d
CVE-2014-8959:
Announcement-ID: PMASA-2014-14
Date: 2014-11-20
Summary: Local file inclusion vulnerability.
Description: In the GIS editor feature, a parameter specifying the
geometry type was not correcly validated, opening the door to a local
file inclusion attack.
Severity: We consider this vulnerability to be serious.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.0.10.6 or newer, or 4.1.14.7 or newer,
or 4.2.12 or newer, or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-14.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/80cd40b6687a6717860d345d6eb55bef2908e961
The following commits have been made on the 4.0 branch to fix this
issue:
https://github.com/phpmyadmin/phpmyadmin/commit/2e3f0b9457b3c8f78beb864120bd9d55617a11b5
CVE-2014-8960:
Announcement-ID: PMASA-2014-15
Date: 2014-11-20
Summary: XSS vulnerability in error reporting functionality.
Description: With a crafted file name it is possible to trigger an XSS
in the error reporting page.
Affected Versions: versions 4.1.x (prior to 4.1.14.7) and 4.2.x (prior
to 4.2.12) are affected.
Solution: upgrade to 4.1.14.7 or newer, or 4.2.12 or newer, or apply the
patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-15.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233
CVE-2014-8961:
Announcement-ID: PMASA-2014-16
Date: 2014-11-20
Summary: Leakage of line count of an arbitrary file.
Affected Versions: versions 4.1.x (prior to 4.1.14.7) and 4.2.x (prior
to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.1.14.7 or newer, or 4.2.12 or newer,
or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-16.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994
*(from redmine: issue id 3533, created on 2014-11-21, closed on 2014-12-08)*
* Relations:
* parent #3530
* Changesets:
* Revision 40a853c075a862c24eef267641f5659a76dc4a56 by Natanael Copa on 2014-12-05T15:57:39Z:
```
main/phpmyadmin: security upgrade to 4.2.13.1
fixes #3483
fixes #3533
CVE-2014-8326
CVE-2014-8958
CVE-2014-8959
CVE-2014-8960
CVE-2014-8961
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3532[v2.7] phpmyadmin: multiple issues (CVE-2014-8958, CVE-2014-8959, CVE-2014-89...2019-07-23T14:00:19ZAlexander Belous[v2.7] phpmyadmin: multiple issues (CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961)CVE-2014-8958:
Announcement-ID: PMASA-2014-13
Date: 2014-11-20
Summary: Multiple XSS vulnerabilities.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solut...CVE-2014-8958:
Announcement-ID: PMASA-2014-13
Date: 2014-11-20
Summary: Multiple XSS vulnerabilities.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.0.10.6 or newer, or 4.1.14.7 or newer,
or 4.2.12 or newer, or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-13.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/d32da348c4de2379482a48661ce968a55eebe5c4
https://github.com/phpmyadmin/phpmyadmin/commit/1bc04ec95038f2356ad33752090001bf1c047208
https://github.com/phpmyadmin/phpmyadmin/commit/2a3b7393d1d5a8ba0543699df94a08a0f5728fe0
https://github.com/phpmyadmin/phpmyadmin/commit/2ffdbf2d7daa0b92541d8b754e2afac555d3ed21
The following commits have been made on the 4.0 branch to fix this
issue:
https://github.com/phpmyadmin/phpmyadmin/commit/c5783321cd387d0b65b32cf399766f08a9acad68
https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820
https://github.com/phpmyadmin/phpmyadmin/commit/58cdd91fc83703a1ab645764fb3708e8e0b7c4a2
https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d
CVE-2014-8959:
Announcement-ID: PMASA-2014-14
Date: 2014-11-20
Summary: Local file inclusion vulnerability.
Description: In the GIS editor feature, a parameter specifying the
geometry type was not correcly validated, opening the door to a local
file inclusion attack.
Severity: We consider this vulnerability to be serious.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.0.10.6 or newer, or 4.1.14.7 or newer,
or 4.2.12 or newer, or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-14.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/80cd40b6687a6717860d345d6eb55bef2908e961
The following commits have been made on the 4.0 branch to fix this
issue:
https://github.com/phpmyadmin/phpmyadmin/commit/2e3f0b9457b3c8f78beb864120bd9d55617a11b5
CVE-2014-8960:
Announcement-ID: PMASA-2014-15
Date: 2014-11-20
Summary: XSS vulnerability in error reporting functionality.
Description: With a crafted file name it is possible to trigger an XSS
in the error reporting page.
Affected Versions: versions 4.1.x (prior to 4.1.14.7) and 4.2.x (prior
to 4.2.12) are affected.
Solution: upgrade to 4.1.14.7 or newer, or 4.2.12 or newer, or apply the
patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-15.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233
CVE-2014-8961:
Announcement-ID: PMASA-2014-16
Date: 2014-11-20
Summary: Leakage of line count of an arbitrary file.
Affected Versions: versions 4.1.x (prior to 4.1.14.7) and 4.2.x (prior
to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.1.14.7 or newer, or 4.2.12 or newer,
or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-16.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994
*(from redmine: issue id 3532, created on 2014-11-21, closed on 2014-12-08)*
* Relations:
* parent #3530
* Changesets:
* Revision 05caa730aa89902c4024077834ffd51f1acc8aa5 by Natanael Copa on 2014-12-05T15:59:40Z:
```
main/phpmyadmin: security upgrade to 4.0.10.7
fixes #3482
fixes #3532
CVE-2014-8326
CVE-2014-8958
CVE-2014-8959
CVE-2014-8960
CVE-2014-8961
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3531[v2.6] phpmyadmin: multiple issues (CVE-2014-8958, CVE-2014-8959, CVE-2014-89...2019-07-23T14:00:20ZAlexander Belous[v2.6] phpmyadmin: multiple issues (CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961)CVE-2014-8958:
Announcement-ID: PMASA-2014-13
Date: 2014-11-20
Summary: Multiple XSS vulnerabilities.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solut...CVE-2014-8958:
Announcement-ID: PMASA-2014-13
Date: 2014-11-20
Summary: Multiple XSS vulnerabilities.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.0.10.6 or newer, or 4.1.14.7 or newer,
or 4.2.12 or newer, or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-13.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/d32da348c4de2379482a48661ce968a55eebe5c4
https://github.com/phpmyadmin/phpmyadmin/commit/1bc04ec95038f2356ad33752090001bf1c047208
https://github.com/phpmyadmin/phpmyadmin/commit/2a3b7393d1d5a8ba0543699df94a08a0f5728fe0
https://github.com/phpmyadmin/phpmyadmin/commit/2ffdbf2d7daa0b92541d8b754e2afac555d3ed21
The following commits have been made on the 4.0 branch to fix this
issue:
https://github.com/phpmyadmin/phpmyadmin/commit/c5783321cd387d0b65b32cf399766f08a9acad68
https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820
https://github.com/phpmyadmin/phpmyadmin/commit/58cdd91fc83703a1ab645764fb3708e8e0b7c4a2
https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d
CVE-2014-8959:
Announcement-ID: PMASA-2014-14
Date: 2014-11-20
Summary: Local file inclusion vulnerability.
Description: In the GIS editor feature, a parameter specifying the
geometry type was not correcly validated, opening the door to a local
file inclusion attack.
Severity: We consider this vulnerability to be serious.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.0.10.6 or newer, or 4.1.14.7 or newer,
or 4.2.12 or newer, or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-14.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/80cd40b6687a6717860d345d6eb55bef2908e961
The following commits have been made on the 4.0 branch to fix this
issue:
https://github.com/phpmyadmin/phpmyadmin/commit/2e3f0b9457b3c8f78beb864120bd9d55617a11b5
CVE-2014-8960:
Announcement-ID: PMASA-2014-15
Date: 2014-11-20
Summary: XSS vulnerability in error reporting functionality.
Description: With a crafted file name it is possible to trigger an XSS
in the error reporting page.
Affected Versions: versions 4.1.x (prior to 4.1.14.7) and 4.2.x (prior
to 4.2.12) are affected.
Solution: upgrade to 4.1.14.7 or newer, or 4.2.12 or newer, or apply the
patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-15.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233
CVE-2014-8961:
Announcement-ID: PMASA-2014-16
Date: 2014-11-20
Summary: Leakage of line count of an arbitrary file.
Affected Versions: versions 4.1.x (prior to 4.1.14.7) and 4.2.x (prior
to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.1.14.7 or newer, or 4.2.12 or newer,
or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-16.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994
*(from redmine: issue id 3531, created on 2014-11-21, closed on 2014-12-08)*
* Relations:
* parent #3530
* Changesets:
* Revision f65723fd7dc5b04ba6e0f99a608f622995fa319d by Natanael Copa on 2014-12-05T16:01:45Z:
```
main/phpmyadmin: security upgrade to 4.0.10.7
fixes #3481
fixes #3531
CVE-2014-8326
CVE-2014-8958
CVE-2014-8959
CVE-2014-8960
CVE-2014-8961
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3530phpmyadmin: multiple issues (CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE...2019-07-23T14:00:22ZAlexander Belousphpmyadmin: multiple issues (CVE-2014-8958, CVE-2014-8959, CVE-2014-8960, CVE-2014-8961)**CVE-2014-8958:**
Announcement-ID: PMASA-2014-13
Date: 2014-11-20
Summary: Multiple XSS vulnerabilities.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
S...**CVE-2014-8958:**
Announcement-ID: PMASA-2014-13
Date: 2014-11-20
Summary: Multiple XSS vulnerabilities.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.0.10.6 or newer, or 4.1.14.7 or newer,
or 4.2.12 or newer, or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-13.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/d32da348c4de2379482a48661ce968a55eebe5c4
https://github.com/phpmyadmin/phpmyadmin/commit/1bc04ec95038f2356ad33752090001bf1c047208
https://github.com/phpmyadmin/phpmyadmin/commit/2a3b7393d1d5a8ba0543699df94a08a0f5728fe0
https://github.com/phpmyadmin/phpmyadmin/commit/2ffdbf2d7daa0b92541d8b754e2afac555d3ed21
The following commits have been made on the 4.0 branch to fix this
issue:
https://github.com/phpmyadmin/phpmyadmin/commit/c5783321cd387d0b65b32cf399766f08a9acad68
https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820
https://github.com/phpmyadmin/phpmyadmin/commit/58cdd91fc83703a1ab645764fb3708e8e0b7c4a2
https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d
**CVE-2014-8959:**
Announcement-ID: PMASA-2014-14
Date: 2014-11-20
Summary: Local file inclusion vulnerability.
Description: In the GIS editor feature, a parameter specifying the
geometry type was not correcly validated, opening the door to a local
file inclusion attack.
Severity: We consider this vulnerability to be serious.
Affected Versions: versions 4.0.x (prior to 4.0.10.6), 4.1.x (prior to
4.1.14.7) and 4.2.x (prior to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.0.10.6 or newer, or 4.1.14.7 or newer,
or 4.2.12 or newer, or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-14.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/80cd40b6687a6717860d345d6eb55bef2908e961
The following commits have been made on the 4.0 branch to fix this
issue:
https://github.com/phpmyadmin/phpmyadmin/commit/2e3f0b9457b3c8f78beb864120bd9d55617a11b5
**CVE-2014-8960:**
Announcement-ID: PMASA-2014-15
Date: 2014-11-20
Summary: XSS vulnerability in error reporting functionality.
Description: With a crafted file name it is possible to trigger an XSS
in the error reporting page.
Affected Versions: versions 4.1.x (prior to 4.1.14.7) and 4.2.x (prior
to 4.2.12) are affected.
Solution: upgrade to 4.1.14.7 or newer, or 4.2.12 or newer, or apply the
patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-15.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233
**CVE-2014-8961:**
Announcement-ID: PMASA-2014-16
Date: 2014-11-20
Summary: Leakage of line count of an arbitrary file.
Affected Versions: versions 4.1.x (prior to 4.1.14.7) and 4.2.x (prior
to 4.2.12) are affected.
Solution: upgrade to phpMyAdmin 4.1.14.7 or newer, or 4.2.12 or newer,
or apply the patch listed below.
References:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-16.php
Patches:
The following commits have been made to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994
*(from redmine: issue id 3530, created on 2014-11-21, closed on 2014-12-08)*
* Relations:
* child #3531
* child #3532
* child #3533https://gitlab.alpinelinux.org/alpine/aports/-/issues/3528Package request: Prayer2019-07-23T14:00:23ZJames ReidPackage request: PrayerA minimal webmail server. I think it’s the only webmail that isn’t
over-complex. Would be really nice to have it on Alpine.
Thanks.
http://www-uxsup.csx.cam.ac.uk/~dpc22/prayer/
*(from redmine: issue id 3528, created on 2014-11-20, ...A minimal webmail server. I think it’s the only webmail that isn’t
over-complex. Would be really nice to have it on Alpine.
Thanks.
http://www-uxsup.csx.cam.ac.uk/~dpc22/prayer/
*(from redmine: issue id 3528, created on 2014-11-20, closed on 2015-12-17)*Bartłomiej PiotrowskiBartłomiej Piotrowskihttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3527acf-kamailio doesn't recognize postgres role2019-07-23T14:00:24ZRobert Boisvertacf-kamailio doesn't recognize postgres roleThe “Search Database” tab of the kamailio ACF shows the error “LuaSQL:
error connecting to database. PostgreSQL: FATAL: role ”“kamailio”" does
not exist" even though the database has been configured correctly and
the kamailio role exists...The “Search Database” tab of the kamailio ACF shows the error “LuaSQL:
error connecting to database. PostgreSQL: FATAL: role ”“kamailio”" does
not exist" even though the database has been configured correctly and
the kamailio role exists. It gives the impression that it is trying to
use a role named “kamailio” (double quotes included as part of the
name). The “Database” tab has the “Create Database” button but clicking
on it creates an error that says “ERROR: database ”kamailio" already
exists."
The packages installed are:
acf-kamailio-0.7.2-r0
kamailio-4.0.4-r3
postgresql-9.3.3-r1
Kamailio database was successfully created using “yes | kamdbctl create
kamailio”.
*(from redmine: issue id 3527, created on 2014-11-19, closed on 2015-01-24)*Ted TraskTed Traskhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3526error compiling NDpi2019-07-23T14:00:24ZVíctor Diex Díaz Deveraerror compiling NDpiI have tried to build a package from NDpi
(http://www.ntop.org/products/ndpi/) this guide
https://github.com/betolj/ndpi-netfilter/blob/master/ndpi.install but
when trying to compile I get this error,
ispos:/home/develop/nDPI\# make
m...I have tried to build a package from NDpi
(http://www.ntop.org/products/ndpi/) this guide
https://github.com/betolj/ndpi-netfilter/blob/master/ndpi.install but
when trying to compile I get this error,
ispos:/home/develop/nDPI\# make
make all-recursive
make\[1\]: Entering directory ‘/home/develop/nDPI’
Making all in src/lib
make\[2\]: Entering directory ‘/home/develop/nDPI/src/lib’
/bin/bash ../../libtool —tag=CC —mode=compile gcc -DHAVE\_CONFIG\_H -I.
-I../.. -I../../src/include/ -I../../src/lib/third\_party/include/ -g
-O2 -MT libndpi\_la-ndpi\_main.lo -MD -MP -MF
.deps/libndpi\_la-ndpi\_main.Tpo -c -o libndpi\_la-ndpi\_main.lo \`test
-f ‘ndpi\_main.c’ || echo ‘./’\`ndpi\_main.c
libtool: compile: gcc -DHAVE\_CONFIG\_H -I. -I../.. -I../../src/include/
-I../../src/lib/third\_party/include/ -g -O2 -MT
libndpi\_la-ndpi\_main.lo -MD -MP -MF .deps/libndpi\_la-ndpi\_main.Tpo
-c ndpi\_main.c -fPIC -DPIC -o .libs/libndpi\_la-ndpi\_main.o
In file included from ../../src/include/ndpi\_unix.h:28:0,
from ../../src/include/ndpi\_main.h:67,
from ../../src/include/ndpi\_api.h:29,
from ndpi\_main.c:32:
../../src/include/linux\_compat.h:51:3: error: unknown type name
‘u\_char’
u\_char h\_dest\[6\]; /\* destination eth addr \*/
^
…………………………………………………………….
I’m sure it has something to do with musl libc , that in debian compiles
without problems, any advice to solve this problem?
*(from redmine: issue id 3526, created on 2014-11-18, closed on 2014-12-09)*3.1.0Víctor Diex Díaz DeveraVíctor Diex Díaz Deverahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3525rp-pppoe2019-07-23T14:00:25ZVíctor Diex Díaz Deverarp-pppoerp-ppoe package has no support for the kernel module, to activate
https://projects.archlinux.org/svntogit/packages.git/plain/trunk/kmode.patch?h=packages/rp-pppoe
use the patch, I built the package and it works great, sorry for my bad
En...rp-ppoe package has no support for the kernel module, to activate
https://projects.archlinux.org/svntogit/packages.git/plain/trunk/kmode.patch?h=packages/rp-pppoe
use the patch, I built the package and it works great, sorry for my bad
English but I’m from Venezuela and I only speak Spanish
*(from redmine: issue id 3525, created on 2014-11-18, closed on 2014-12-10)*
* Uploads:
* [kmode.patch](/uploads/432607e41deea1be080cfb4631dc342d/kmode.patch)3.1.0Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3524Package request: Python 32019-07-23T14:00:27ZOrion MillerPackage request: Python 3The python scripting language, version 3 is the current standard.
“Python 3.0 was released in 2008. The final 2.x version 2.7 release came
out in mid-2010, with a statement of extended support for this
end-of-life release. The 2.x branc...The python scripting language, version 3 is the current standard.
“Python 3.0 was released in 2008. The final 2.x version 2.7 release came
out in mid-2010, with a statement of extended support for this
end-of-life release. The 2.x branch will see no new major releases after
that. 3.x is under active development and has already seen over five
years of stable releases, including version 3.3 in 2012 and 3.4 in 2014.
This means that all recent standard library improvements, for example,
are only available by default in Python 3.x.”
https://wiki.python.org/moin/Python2orPython3
*(from redmine: issue id 3524, created on 2014-11-18, closed on 2016-12-22)*3.5.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/3523LXC: Can't install an ubuntu container2019-07-23T14:00:28ZJeff Bilykjbilyk@gmail.comLXC: Can't install an ubuntu containerTrying to install a basic ubuntu guest and getting the following error.
Not sure whether arch is already packaged, but at the very least, it
should likely be a dependency of lxc in Alpine 2.7, and maybe
lxc-templates in 3.x
Another rela...Trying to install a basic ubuntu guest and getting the following error.
Not sure whether arch is already packaged, but at the very least, it
should likely be a dependency of lxc in Alpine 2.7, and maybe
lxc-templates in 3.x
Another related bug is that debootstrap should maybe be a dependency as
well so that debian guests can be installed.
localhost:~\# apk version alpine-base
Installed: Available:
alpine-base-2.7.9-r0 = 2.7.9-r0
localhost:~\# uname -a
Linux localhost 3.10.44-0-grsec \#1-Alpine SMP Tue Jun 24 14:47:21 UTC
2014 x86\_64 Linux
localhost:~\# lxc-create -n mongotest -t ubuntu -f
/etc/lxc/default.conf
/usr/share/lxc/templates/lxc-ubuntu: line 606: arch: command not found
lxc-create: failed to execute template ‘ubuntu’
lxc-create: aborted
*(from redmine: issue id 3523, created on 2014-11-13, closed on 2019-06-19)*3.10.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3522[v3.0] wpa_supplicant, hostapd: wpa_cli and hostapd_cli action script executi...2019-07-23T14:00:29ZAlexander Belous[v3.0] wpa_supplicant, hostapd: wpa_cli and hostapd_cli action script execution vulnerability (CVE-2014-3686)wpa\_supplicant and hostapd 0.7.2 through 2.2, when running with certain
configurations and using wpa\_cli or hostapd\_cli with action scripts,
allows remote attackers to execute arbitrary commands via a crafted
frame.
References:
htt...wpa\_supplicant and hostapd 0.7.2 through 2.2, when running with certain
configurations and using wpa\_cli or hostapd\_cli with action scripts,
allows remote attackers to execute arbitrary commands via a crafted
frame.
References:
http://seclists.org/oss-sec/2014/q4/267
•MLIST:\[oss-security\] 20141009 wpa\_cli and hostapd\_cli action script
execution vulnerability
•URL: http://www.openwall.com/lists/oss-security/2014/10/09/28
•CONFIRM: http://w1.fi/security/2014-1/
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1151259
•DEBIAN:DSA-3052
•URL: http://www.debian.org/security/2014/dsa-3052
•SUSE:openSUSE-SU-2014:1313
•URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00027.html
•SUSE:openSUSE-SU-2014:1314
•URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00028.html
•UBUNTU:USN-2383-1
•URL: http://www.ubuntu.com/usn/USN-2383-1
•BID:70396
•URL: http://www.securityfocus.com/bid/70396
•SECUNIA:60366
•URL: http://secunia.com/advisories/60366
•SECUNIA:60428
•URL: http://secunia.com/advisories/60428
•SECUNIA:61271
•URL: http://secunia.com/advisories/61271
*(from redmine: issue id 3522, created on 2014-11-12, closed on 2015-06-16)*
* Relations:
* parent #3518
* Changesets:
* Revision a190cd664abf51fb096ce04c5833b64815b5a23a by Natanael Copa on 2015-06-15T12:02:59Z:
```
main/wpa_supplicant: upgrade to 2.3 and various security fixes
CVE-2014-3686
CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146
fixes #4342
fixes #4268
fixes #3522
```
* Revision 74dfdf99d3bb3e423fae117bb123e620a2852293 by Natanael Copa on 2015-06-15T12:06:03Z:
```
main/hostapd: security upgrade to 2.3 (CVE-2014-3686)
fixes #3522
```3.0.7Natanael CopaNatanael Copa