alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:57:39Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3848libpng: heap overflow (CVE-2014-9495, CVE-2015-0973)2019-07-23T13:57:39ZAlexander Belouslibpng: heap overflow (CVE-2014-9495, CVE-2015-0973)**CVE-2014-9495:**
Heap-based buffer overflow in the png\_combine\_row function in libpng
before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems,
might allow context-dependent attackers to execute arbitrary code via a
“v...**CVE-2014-9495:**
Heap-based buffer overflow in the png\_combine\_row function in libpng
before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems,
might allow context-dependent attackers to execute arbitrary code via a
“very wide interlaced” PNG image.
•MLIST:\[oss-security\] 20150103 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/04/3
•MLIST:\[png-mng-announce\] 20141222 libpng-1.5.21 and 1.6.16 are
available
•URL: http://sourceforge.net/p/png-mng/mailman/message/33173461/
•MLIST:\[oss-security\] 20150109 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/10/1
•MLIST:\[oss-security\] 20150110 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/10/3
•MLIST:\[png-mng-implement\] 20141221 Re: libpng-1.5.21rc02 and
1.6.16rc02 are available
•URL: http://sourceforge.net/p/png-mng/mailman/message/33172831/
•BID:71820
•URL: http://www.securityfocus.com/bid/71820
•SECTRACK:1031444
•URL: http://www.securitytracker.com/id/1031444
**CVE-2015-0973:**
Buffer overflow in the png\_read\_IDAT\_data function in pngrutil.c in
libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent
attackers to execute arbitrary code via IDAT data with a large width, a
different vulnerability than CVE-2014-9495.
•MLIST:\[oss-security\] 20150109 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/10/1
•MLIST:\[oss-security\] 20150110 Re: CVE Request: libpng 1.6.15 Heap
Overflow
•URL: http://www.openwall.com/lists/oss-security/2015/01/10/3
•MLIST:\[png-mng-announce\] 20141222 libpng-1.5.21 and 1.6.16 are
available
•URL: http://sourceforge.net/p/png-mng/mailman/message/33173461/
•MISC: http://tfpwn.com/files/libpng\_heap\_overflow\_1.6.15.txt
*(from redmine: issue id 3848, created on 2015-02-02, closed on 2015-02-04)*
* Relations:
* child #3849
* child #3850
* child #3851
* child #3852https://gitlab.alpinelinux.org/alpine/aports/-/issues/384732 bit only - linux-grsec-3.14.30-r0 (Alpine Mini disk installs broken) - no ...2019-07-23T13:57:40ZStuart Cardall32 bit only - linux-grsec-3.14.30-r0 (Alpine Mini disk installs broken) - no dirent in archiveThis bug affects 32 bit only
Using an Alpine Mini ISO for a disk install gives:
Installing system on /dev/vda3:
/mnt/boot is device /dev/vda1
ERROR: linux-grsec-3.14.30-r0:
lib/modules/3.14.30-0-grsec/kernel/drivers/net/etherne...This bug affects 32 bit only
Using an Alpine Mini ISO for a disk install gives:
Installing system on /dev/vda3:
/mnt/boot is device /dev/vda1
ERROR: linux-grsec-3.14.30-r0:
lib/modules/3.14.30-0-grsec/kernel/drivers/net/ethernethp/hp100e.ko: no
dirent in archive
ERROR: linux-grsec-3.14.30-r0: BAD archive
100%
\[\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\]/boot
is device /dev/vda1
Installation is complete. Please reboot.
/lib/modules does not get created & mkinitfs does not get run
Can linux-grsec be rebuilt please for 32 bit ? (64 bit installs without
issue from a Mini ISO)
*(from redmine: issue id 3847, created on 2015-02-02, closed on 2016-11-03)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/3846init.d/modloop fails for virt-grsec2019-07-23T13:57:41ZTimo Teräsinit.d/modloop fails for virt-grsecinit.d/modloop now searches modloop based on the uname.
It seems ${kver\#\#\*<s>} is used, but that will return ’grsec’ for my
’3.14.30-1-virt-grsec’ kernel. It works only for flavors that do not
have ’</s>’ in them.
*(from redmine: i...init.d/modloop now searches modloop based on the uname.
It seems ${kver\#\#\*<s>} is used, but that will return ’grsec’ for my
’3.14.30-1-virt-grsec’ kernel. It works only for flavors that do not
have ’</s>’ in them.
*(from redmine: issue id 3846, created on 2015-01-31, closed on 2015-03-20)*
* Changesets:
* Revision 8eee05cbbaca2f797bbeee6bcebf03c6642fe332 on 2015-02-03T10:38:50Z:
```
main/linux-virt-grsec: rename into linux-virtgrsec. Fixes #3846
```3.1.3Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3845Package request: wlc2019-07-14T18:26:10ZJames ReidPackage request: wlcwlc is a Wayland compositor library that can be used to create window
managers for Wayland.
Some projects use it already, so it’d be good to have it up and running
on Alpine for when Window Managers for Wayland and more developed and
r...wlc is a Wayland compositor library that can be used to create window
managers for Wayland.
Some projects use it already, so it’d be good to have it up and running
on Alpine for when Window Managers for Wayland and more developed and
requested.
https://github.com/Cloudef/wlc
Thanks
*(from redmine: issue id 3845, created on 2015-01-31)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/3844Package request: bemenu2019-12-05T05:34:25ZJames ReidPackage request: bemenuIt’s like dmenu but better.
Also works on Wayland, not limited to X11.
https://github.com/Cloudef/bemenu
Thanks.
*(from redmine: issue id 3844, created on 2015-01-31)*It’s like dmenu but better.
Also works on Wayland, not limited to X11.
https://github.com/Cloudef/bemenu
Thanks.
*(from redmine: issue id 3844, created on 2015-01-31)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/3843Automatic upgrade from MySQL to MariaDB when upgrading to edge (3.2)2019-07-23T13:52:58ZTed TraskAutomatic upgrade from MySQL to MariaDB when upgrading to edge (3.2)Upgrading a system with MySQL from Alpine 3.1.x to edge (future 3.2) can
result in a broken system. The mysql packages have been removed and
replaced with mariadb and all packages have been rebuilt against
mariadb. However, an upgrade do...Upgrading a system with MySQL from Alpine 3.1.x to edge (future 3.2) can
result in a broken system. The mysql packages have been removed and
replaced with mariadb and all packages have been rebuilt against
mariadb. However, an upgrade does not replace the mysql packages with
mariadb. So, you end up with mysql running (even though the package
doesn’t exist), and any other packages expecting to see mariadb. Would
be good to do an automatic upgrade from MySQL to MariaDB packages during
the upgrade.
*(from redmine: issue id 3843, created on 2015-01-30, closed on 2015-07-07)*
* Relations:
* relates #4264
* Changesets:
* Revision a9c0910b614a4bb83cf924e9ff1364f5af6ae142 by Natanael Copa on 2015-06-26T10:03:41Z:
```
main/mariadb: fix mysql compat package
ref #3843
```
* Revision 8377e32580040724b2987d68bdd83982539727c6 by Natanael Copa on 2015-06-26T10:57:08Z:
```
main/mariadb: fix mysql compat package
fixes #3843
(cherry picked from commit a9c0910b614a4bb83cf924e9ff1364f5af6ae142)
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3842Maria db database setup fails2019-07-23T13:57:42ZTed TraskMaria db database setup failsUsing mariadb-5.5.41-r1, I see two issues:
1) “/etc/init.d/mariadb start” when there is no db mentions
/etc/init.d/mysql in the output. Just a text error.
2) “/etc/init.d/mariadb setup” when there is no db fails:
>/etc/init.d/mariadb...Using mariadb-5.5.41-r1, I see two issues:
1) “/etc/init.d/mariadb start” when there is no db mentions
/etc/init.d/mysql in the output. Just a text error.
2) “/etc/init.d/mariadb setup” when there is no db fails:
>/etc/init.d/mariadb setup
\* Creating a new MySQL database …
FATAL ERROR: Could not find ./bin/my\_print\_defaults
If you compiled from source, you need to run ‘make install’ to
copy the software into the correct location ready for operation.
If you are using a binary release, you must either be at the top
level of the extracted archive, or pass the —basedir option
pointing to that location.
The latest information about mysql\_install\_db is available at
https://mariadb.com/kb/en/installing-system-tables-mysql\_install\_db
\[ !! \]
*(from redmine: issue id 3842, created on 2015-01-30, closed on 2015-05-21)*3.2.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3841[setup-bootable] Check if syslinux.cfg is correct when doing upgrade2019-07-23T13:57:43ZKevin Daudt[setup-bootable] Check if syslinux.cfg is correct when doing upgradeWhen upgrading from 2.x to 3.x, the setup-bootable script should check
if syslinux.cfg is correct and either fix or warn about it.
The folowing command is recommended when upgrading:
setup-bootable -u alpine-3.1.1-x86_64.iso /media...When upgrading from 2.x to 3.x, the setup-bootable script should check
if syslinux.cfg is correct and either fix or warn about it.
The folowing command is recommended when upgrading:
setup-bootable -u alpine-3.1.1-x86_64.iso /media/$LBU_MEDIA
but it leaves you in an unbootable state, because the kernel files have
been renamed.
*(from redmine: issue id 3841, created on 2015-01-30, closed on 2019-06-11)*Alpine 2.7.10https://gitlab.alpinelinux.org/alpine/aports/-/issues/3839[v3.1] privoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)2019-07-23T13:57:44ZAlexander Belous[v3.1] privoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
•Version 3.0.23 stable \*
...Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
•Version 3.0.23 stable \*
- Bug fixes:
- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled (the default)
they could previously cause Privoxy to abort(). Reported by Matthew
Daley.
- Fixed multiple segmentation faults and memory leaks in the pcrs code.
This fix also increases the chances that an invalid pcrs command is
rejected as such. Previously some invalid commands would be loaded
without error. Note that Privoxy’s pcrs sources (action and filter
files) are considered trustworthy input and should not be writable by
untrusted third-parties.
- Fixed an ‘invalid read’ bug which could at least theoretically cause
Privoxy to crash. So far, no crashes have been observed.
- Compiles with —disable-force again. Reported by Kai Raven.
- Client requests with body that can’t be delivered no longer cause
pipelined requests behind them to be rejected as invalid. Reported by
Basil Hussain.
Some of the issues fixed in 3.0.22 (actual for Alpine Linux v2.6 up to
v3.0) are CVE-2015-1030 and CVE-2015-1031.
References:
http://seclists.org/oss-sec/2015/q1/111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1030
http://www.privoxy.org/announce.txt
*(from redmine: issue id 3839, created on 2015-01-29, closed on 2015-02-04)*
* Relations:
* parent #3835
* Changesets:
* Revision 0ffbacb736c1ec39d301cf1fe71b6ef176d8cf06 by Natanael Copa on 2015-01-30T10:19:00Z:
```
main/privoxy: security upgrade to 3.0.23 (CVE-2015-1030, CVE-2015-1031)
fixes #3839
(cherry picked from commit b49992f595070138cedb536b7320199788836015)
```3.1.2Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3838[v3.0] privoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)2019-07-23T13:57:45ZAlexander Belous[v3.0] privoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
•Version 3.0.23 stable \*
...Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
•Version 3.0.23 stable \*
- Bug fixes:
- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled (the default)
they could previously cause Privoxy to abort(). Reported by Matthew
Daley.
- Fixed multiple segmentation faults and memory leaks in the pcrs code.
This fix also increases the chances that an invalid pcrs command is
rejected as such. Previously some invalid commands would be loaded
without error. Note that Privoxy’s pcrs sources (action and filter
files) are considered trustworthy input and should not be writable by
untrusted third-parties.
- Fixed an ‘invalid read’ bug which could at least theoretically cause
Privoxy to crash. So far, no crashes have been observed.
- Compiles with —disable-force again. Reported by Kai Raven.
- Client requests with body that can’t be delivered no longer cause
pipelined requests behind them to be rejected as invalid. Reported by
Basil Hussain.
Some of the issues fixed in 3.0.22 (actual for Alpine Linux v2.6 up to
v3.0) are CVE-2015-1030 and CVE-2015-1031.
References:
http://seclists.org/oss-sec/2015/q1/111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1030
http://www.privoxy.org/announce.txt
*(from redmine: issue id 3838, created on 2015-01-29, closed on 2015-02-04)*
* Relations:
* parent #3835
* Changesets:
* Revision 8b765bdd7c31ecf1ea1e117248905f522a0ac431 by Natanael Copa on 2015-02-02T11:48:44Z:
```
main/privoxy: security upgrade to 3.0.23 (CVE-2015-1030, CVE-2015-1031)
fixes #3838
(cherry picked from commit b49992f595070138cedb536b7320199788836015)
Conflicts:
main/privoxy/APKBUILD
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3837[v2.7] privoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)2019-07-23T13:57:46ZAlexander Belous[v2.7] privoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
•Version 3.0.23 stable \*
...Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
•Version 3.0.23 stable \*
- Bug fixes:
- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled (the default)
they could previously cause Privoxy to abort(). Reported by Matthew
Daley.
- Fixed multiple segmentation faults and memory leaks in the pcrs code.
This fix also increases the chances that an invalid pcrs command is
rejected as such. Previously some invalid commands would be loaded
without error. Note that Privoxy’s pcrs sources (action and filter
files) are considered trustworthy input and should not be writable by
untrusted third-parties.
- Fixed an ‘invalid read’ bug which could at least theoretically cause
Privoxy to crash. So far, no crashes have been observed.
- Compiles with —disable-force again. Reported by Kai Raven.
- Client requests with body that can’t be delivered no longer cause
pipelined requests behind them to be rejected as invalid. Reported by
Basil Hussain.
Some of the issues fixed in 3.0.22 (actual for Alpine Linux v2.6 up to
v3.0) are CVE-2015-1030 and CVE-2015-1031.
References:
http://seclists.org/oss-sec/2015/q1/111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1030
http://www.privoxy.org/announce.txt
*(from redmine: issue id 3837, created on 2015-01-29, closed on 2015-02-04)*
* Relations:
* parent #3835
* Changesets:
* Revision 24a56c2c5fb9e091609e1ed04970167c11ab7626 by Natanael Copa on 2015-02-02T11:50:09Z:
```
main/privoxy: security upgrade to 3.0.23 (CVE-2015-1030, CVE-2015-1031)
fixes #3837
(cherry picked from commit b49992f595070138cedb536b7320199788836015)
Conflicts:
main/privoxy/APKBUILD
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3836[v2.6] privoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)2019-07-23T13:57:47ZAlexander Belous[v2.6] privoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
•Version 3.0.23 stable \*
...Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
•Version 3.0.23 stable \*
- Bug fixes:
- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled (the default)
they could previously cause Privoxy to abort(). Reported by Matthew
Daley.
- Fixed multiple segmentation faults and memory leaks in the pcrs code.
This fix also increases the chances that an invalid pcrs command is
rejected as such. Previously some invalid commands would be loaded
without error. Note that Privoxy’s pcrs sources (action and filter
files) are considered trustworthy input and should not be writable by
untrusted third-parties.
- Fixed an ‘invalid read’ bug which could at least theoretically cause
Privoxy to crash. So far, no crashes have been observed.
- Compiles with —disable-force again. Reported by Kai Raven.
- Client requests with body that can’t be delivered no longer cause
pipelined requests behind them to be rejected as invalid. Reported by
Basil Hussain.
Some of the issues fixed in 3.0.22 (actual for Alpine Linux v2.6 up to
v3.0) are CVE-2015-1030 and CVE-2015-1031.
References:
http://seclists.org/oss-sec/2015/q1/111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1030
http://www.privoxy.org/announce.txt
*(from redmine: issue id 3836, created on 2015-01-29, closed on 2015-02-04)*
* Relations:
* parent #3835
* Changesets:
* Revision 5c3814ef267959e82b537a3364aa29ab38667acc by Natanael Copa on 2015-02-02T11:52:04Z:
```
main/privoxy: security upgrade to 3.0.23 (CVE-2015-1030, CVE-2015-1031)
fixes #3836
(cherry picked from commit b49992f595070138cedb536b7320199788836015)
Conflicts:
main/privoxy/APKBUILD
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3835privoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)2019-07-23T13:57:48ZAlexander Belousprivoxy: multiple fixes (CVE-2015-1030, CVE-2015-1031 etc.)Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
**\* Version 3.0.23 stable**\...Privoxy 3.0.23 stable is a bug-fix release, but some of the fixed bugs
are security issues (CVE requests pending).
Alpine branches are from 3.0.21 to 3.0.22 at the moment and should be
upgraded to 3.0.23.
**\* Version 3.0.23 stable**\*
- Bug fixes:
- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled (the default)
they could previously cause Privoxy to abort(). Reported by Matthew
Daley.
- Fixed multiple segmentation faults and memory leaks in the pcrs code.
This fix also increases the chances that an invalid pcrs command is
rejected as such. Previously some invalid commands would be loaded
without error. Note that Privoxy’s pcrs sources (action and filter
files) are considered trustworthy input and should not be writable by
untrusted third-parties.
- Fixed an ‘invalid read’ bug which could at least theoretically cause
Privoxy to crash. So far, no crashes have been observed.
- Compiles with —disable-force again. Reported by Kai Raven.
- Client requests with body that can’t be delivered no longer cause
pipelined requests behind them to be rejected as invalid. Reported by
Basil Hussain.
Some of the issues fixed in 3.0.22 (actual for Alpine Linux v2.6 up to
v3.0) are CVE-2015-1030 and CVE-2015-1031.
References:
http://seclists.org/oss-sec/2015/q1/111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1030
http://www.privoxy.org/announce.txt
*(from redmine: issue id 3835, created on 2015-01-29, closed on 2015-02-04)*
* Relations:
* child #3836
* child #3837
* child #3838
* child #3839https://gitlab.alpinelinux.org/alpine/aports/-/issues/3834[v2.7] roundcubemail: possible CSRF attacks (CVE-2014-9587)2019-07-23T13:57:49ZAlexander Belous[v2.7] roundcubemail: possible CSRF attacks (CVE-2014-9587)Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube
Webmail before 1.0.4 allow remote attackers to hijack the authentication
of unspecified victims via unknown vectors, related to (1) address book
operations or the (2...Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube
Webmail before 1.0.4 allow remote attackers to hijack the authentication
of unspecified victims via unknown vectors, related to (1) address book
operations or the (2) ACL or (3) Managesieve plugins.
References:
http://seclists.org/oss-sec/2015/q1/113
CONFIRM:
https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9587
*(from redmine: issue id 3834, created on 2015-01-29, closed on 2015-03-18)*
* Relations:
* parent #3832Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3833[v2.6] roundcubemail: possible CSRF attacks (CVE-2014-9587)2019-07-23T13:57:50ZAlexander Belous[v2.6] roundcubemail: possible CSRF attacks (CVE-2014-9587)Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube
Webmail before 1.0.4 allow remote attackers to hijack the authentication
of unspecified victims via unknown vectors, related to (1) address book
operations or the (2...Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube
Webmail before 1.0.4 allow remote attackers to hijack the authentication
of unspecified victims via unknown vectors, related to (1) address book
operations or the (2) ACL or (3) Managesieve plugins.
References:
http://seclists.org/oss-sec/2015/q1/113
CONFIRM:
https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9587
*(from redmine: issue id 3833, created on 2015-01-29, closed on 2015-03-18)*
* Relations:
* parent #3832Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3832roundcubemail: possible CSRF attacks (CVE-2014-9587)2019-07-23T13:57:51ZAlexander Belousroundcubemail: possible CSRF attacks (CVE-2014-9587)Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube
Webmail before 1.0.4 allow remote attackers to hijack the authentication
of unspecified victims via unknown vectors, related to (1) address book
operations or the (2...Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube
Webmail before 1.0.4 allow remote attackers to hijack the authentication
of unspecified victims via unknown vectors, related to (1) address book
operations or the (2) ACL or (3) Managesieve plugins.
References:
http://seclists.org/oss-sec/2015/q1/113
CONFIRM:
https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9587
*(from redmine: issue id 3832, created on 2015-01-29, closed on 2015-03-18)*
* Relations:
* child #3833
* child #3834https://gitlab.alpinelinux.org/alpine/aports/-/issues/3831[v3.1] p7zip: remote directory traversal flaw (CVE-2015-1038)2019-07-12T14:54:34ZAlexander Belous[v3.1] p7zip: remote directory traversal flaw (CVE-2015-1038)p7zip 9.20.1 allows remote attackers to write to arbitrary files via a
symlink attack in an archive.
References:
•MLIST:\[oss-security\] 20150111 Re: CVE request for directory traversal
flaw in p7zip
•URL: http://www.openwall.com/li...p7zip 9.20.1 allows remote attackers to write to arbitrary files via a
symlink attack in an archive.
References:
•MLIST:\[oss-security\] 20150111 Re: CVE request for directory traversal
flaw in p7zip
•URL: http://www.openwall.com/lists/oss-security/2015/01/11/2
•MISC: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660
•MISC: https://bugzilla.redhat.com/show\_bug.cgi?id=1179505
•BID:71890
•URL: http://www.securityfocus.com/bid/71890
•XF:p7zip-cve20151038-symlink(99970)
•URL: http://xforce.iss.net/xforce/xfdb/99970
*(from redmine: issue id 3831, created on 2015-01-29, closed on 2017-09-05)*
* Relations:
* parent #38273.1.5Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3830[v3.0] p7zip: remote directory traversal flaw (CVE-2015-1038)2019-07-12T14:54:34ZAlexander Belous[v3.0] p7zip: remote directory traversal flaw (CVE-2015-1038)p7zip 9.20.1 allows remote attackers to write to arbitrary files via a
symlink attack in an archive.
References:
•MLIST:\[oss-security\] 20150111 Re: CVE request for directory traversal
flaw in p7zip
•URL: http://www.openwall.com/li...p7zip 9.20.1 allows remote attackers to write to arbitrary files via a
symlink attack in an archive.
References:
•MLIST:\[oss-security\] 20150111 Re: CVE request for directory traversal
flaw in p7zip
•URL: http://www.openwall.com/lists/oss-security/2015/01/11/2
•MISC: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660
•MISC: https://bugzilla.redhat.com/show\_bug.cgi?id=1179505
•BID:71890
•URL: http://www.securityfocus.com/bid/71890
•XF:p7zip-cve20151038-symlink(99970)
•URL: http://xforce.iss.net/xforce/xfdb/99970
*(from redmine: issue id 3830, created on 2015-01-29, closed on 2017-09-05)*
* Relations:
* parent #38273.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3829[v2.7] p7zip: remote directory traversal flaw (CVE-2015-1038)2020-02-08T01:57:20ZAlexander Belous[v2.7] p7zip: remote directory traversal flaw (CVE-2015-1038)p7zip 9.20.1 allows remote attackers to write to arbitrary files via a
symlink attack in an archive.
References:
•MLIST:\[oss-security\] 20150111 Re: CVE request for directory traversal
flaw in p7zip
•URL: http://www.openwall.com/li...p7zip 9.20.1 allows remote attackers to write to arbitrary files via a
symlink attack in an archive.
References:
•MLIST:\[oss-security\] 20150111 Re: CVE request for directory traversal
flaw in p7zip
•URL: http://www.openwall.com/lists/oss-security/2015/01/11/2
•MISC: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660
•MISC: https://bugzilla.redhat.com/show\_bug.cgi?id=1179505
•BID:71890
•URL: http://www.securityfocus.com/bid/71890
•XF:p7zip-cve20151038-symlink(99970)
•URL: http://xforce.iss.net/xforce/xfdb/99970
*(from redmine: issue id 3829, created on 2015-01-29, closed on 2017-09-05)*
* Relations:
* parent #3827Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3828[v2.6] p7zip: remote directory traversal flaw (CVE-2015-1038)2019-07-12T14:54:33ZAlexander Belous[v2.6] p7zip: remote directory traversal flaw (CVE-2015-1038)p7zip 9.20.1 allows remote attackers to write to arbitrary files via a
symlink attack in an archive.
References:
•MLIST:\[oss-security\] 20150111 Re: CVE request for directory traversal
flaw in p7zip
•URL: http://www.openwall.com/li...p7zip 9.20.1 allows remote attackers to write to arbitrary files via a
symlink attack in an archive.
References:
•MLIST:\[oss-security\] 20150111 Re: CVE request for directory traversal
flaw in p7zip
•URL: http://www.openwall.com/lists/oss-security/2015/01/11/2
•MISC: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660
•MISC: https://bugzilla.redhat.com/show\_bug.cgi?id=1179505
•BID:71890
•URL: http://www.securityfocus.com/bid/71890
•XF:p7zip-cve20151038-symlink(99970)
•URL: http://xforce.iss.net/xforce/xfdb/99970
*(from redmine: issue id 3828, created on 2015-01-29, closed on 2017-09-05)*
* Relations:
* parent #3827Alpine 2.6.7Natanael CopaNatanael Copa