Gentoo Project

Proxy Maintainers

Security Bug Reports

• media-gfx/transfig: Multiple vulnerabilities

  753962 - Assigned to Gentoo Security
• net-p2p/bitcoind: Information leak via RPC calls (CVE-2021-3195)

  766983 - Assigned to Gentoo Security
• media-gfx/transfig: Out of bounds read (CVE-2021-3561)

  792333 - Assigned to Gentoo Security
• dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})

  799785 - Assigned to Gentoo Security
• <net-irc/weechat-3.3: Websocket vulnerability in relay plugin

  811603 - Assigned to Gentoo Security
• <net-ftp/atftp-0.7.5: multiple vulnerabilities

  813079 - Assigned to Gentoo Security
• sys-cluster/teleport: multiple vulnerabilities

  813702 - Assigned to Gentoo Security
• <media-libs/gegl-0.4.34: shell expansion via pathname in system()

  829880 - Assigned to Gentoo Security
• <media-libs/openjpeg-2.5.2: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb

  832007 - Assigned to Gentoo Security
• <net-irc/atheme-services-7.2.12: authentication bypass with >=net-irc/inspircd-3

  832400 - Assigned to Gentoo Security
• <net-irc/weechat-3.4.1: SSL verification vulnerability

  835133 - Assigned to Gentoo Security
• net-p2p/go-ethereum: multiple vulnerabilities

  835610 - Assigned to Gentoo Security
• <app-containers/crun-1.4.4: "exec does not set inheritable capabilities"

  835976 - Assigned to Gentoo Security
• dev-libs/stb: reachable assertion in stbi__create_png_image_raw

  836241 - Assigned to Gentoo Security
• <media-gfx/gimp-2.10.32: memory exhaustion via crafted file

  845402 - Assigned to Gentoo Security
• <media-gfx/gimp-2.10.32: DoS via crafted XCF file

  856283 - Assigned to Gentoo Security
• <www-servers/caddy-2.5.2: oob read allows for DoS

  860147 - Assigned to Gentoo Security
• app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable

  864031 - Assigned to Gentoo Security
• <www-client/w3m-20230121: oob write

  865249 - Assigned to Gentoo Security
• media-gfx/blender: multiple vulnerabilities

  865525 - Assigned to Gentoo Security
• sys-cluster/teleport: remote code execution

  866356 - Assigned to Gentoo Security
• <app-backup/amanda-3.5.4: multiple vulnerabilities

  870037 - Assigned to Gentoo Security
• <app-metrics/node_exporter-1.5.0: basic authentication bypass

  883653 - Assigned to Gentoo Security
• app-containers/buildah: multiple vulnerabilities

  884859 - Assigned to Gentoo Security
• app-text/mupdf: multiple vulnerabilities

  886009 - Assigned to Gentoo Security
• <net-libs/libvncserver-0.9.14: multiple vulnerabilities

  887067 - Assigned to Gentoo Security
• <app-arch/upx-4.0.1-r1 <app-arch/upx-bin-4.0.2: multiple vulnerabilities

  890616 - Assigned to Gentoo Security
• <app-crypt/tpm2-tss-3.2.2: Buffer Overflow in TSS2_RC_Decode

  891519 - Assigned to Gentoo Security
• <www-apache/mod_security-2.9.7, <dev-libs/modsecurity-3.0.9: multiple vulnerabilities

  891777 - Assigned to Gentoo Security
• app-emulation/dynamips: use of uninitialized variable

  891779 - Assigned to Gentoo Security
• <media-libs/assimp-5.2.5-r1: heap use after free

  891787 - Assigned to Gentoo Security
• sys-cluster/glusterfs: multiple vulnerabilities

  897926 - Assigned to Jaco Kroon
• <dev-libs/libtpms-0.9.6: Out-of-bounds access

  898504 - Assigned to Gentoo Security
• app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection

  901393 - Assigned to Gentoo Security
• <app-arch/upx-4.0.2 <app-arch/upx-bin-4.0.2: multiple vulnerabilities

  903139 - Assigned to Gentoo Security
• <net-misc/frr-8.4.1: DoS vulnerability via reachable assertion

  903757 - Assigned to Gentoo Security
• media-libs/libjxl: multiple vulnerabilities

  905094 - Assigned to Gentoo Security
• <net-libs/libsignal-protocol-c-2.3.3-r1: unsigned integer overflow in bundled protobuf-c

  905098 - Assigned to Gentoo Security
• net-dns/coredns: multiple vulnerabilities

  905301 - Assigned to Gentoo Security
• media-libs/libjxl: assertion failure

  905393 - Assigned to Gentoo Security
• <app-admin/filebeat-7.17.16: credential leakage into logs

  905879 - Assigned to Gentoo Security
• net-misc/frr: multiple vulnerabilities

  905882 - Assigned to Gentoo Security
• <media-libs/opencv-4.8.0: multiple vulnerabilities

  906106 - Assigned to Gentoo Security
• <app-editors/vim-9.0.1627: multiple "vulnerabilities"

  906109 - Assigned to Gentoo Security
• <net-misc/frr-9.0: multiple vulnerabilities

  906116 - Assigned to Gentoo Security
• <media-libs/openexr-3.1.11: oss-fuzz stack buffer overread

  908257 - Assigned to Gentoo Security
• <media-libs/libjxl-0.8.2: integer underflow leading to infinite loop

  908520 - Assigned to Gentoo Security
• <net-libs/rabbitmq-c-0.13.0: credentials passed on command line

  908818 - Assigned to Gentoo Security
• <net-vpn/i2p-2.3.0: Eepsite deanonymization attack

  911550 - Assigned to Gentoo Security
• net-misc/frr: multiple vulnerabilities

  913242 - Assigned to Gentoo Security
• <net-proxy/squid-6.5: multiple vulnerabilities

  916334 - Assigned to Gentoo Security
• <media-libs/openexr-3.1.12: oss fuzz issues

  916514 - Assigned to Gentoo Security
• <net-misc/frr-9.0.2: multiple vulnerabilities

  916902 - Assigned to Gentoo Security
• <media-gfx/gimp-2.10.36: multiple vulnerabilities

  917406 - Assigned to Gentoo Security
• <net-libs/pjproject-2.13.1: heap buffer overflow when parsing DNS packet

  917463 - Assigned to Gentoo Security
• net-libs/pjproject: UAF in SRTP media transport

  917613 - Assigned to Gentoo Security
• <net-misc/croc-10.0.12: multiple vulnerabilities

  918091 - Assigned to Gentoo Security
• <www-servers/caddy-2.7.5: http/2 rapid reset vulnerability

  918413 - Assigned to Gentoo Security
• <app-editors/vim-9.0.2167: multiple vulnerabilities

  918537 - Assigned to Gentoo Security
• <app-editors/vim-9.0.2092: multiple vulnerabilities

  918538 - Assigned to Gentoo Security
• www-client/w3m: multiple vulnerabilities

  918564 - Assigned to Gentoo Security
• dev-libs/stb: multiple vulnerabilities

  918679 - Assigned to Gentoo Security
• <net-misc/asterisk-{18.20.2,20.5.2}: denial of service via dtls hello

  920026 - Assigned to Gentoo Security
• <net-proxy/squid-6.6: Denial of Service in HTTP Request parsing

  920101 - Assigned to Gentoo Security
• <net-vpn/strongswan-5.9.13: buffer overflow and potential RCE

  920105 - Assigned to Gentoo Security
• <media-libs/jasper-4.1.2: Invalid memory write

  922075 - Assigned to Gentoo Security
• dev-libs/modsecurity: WAF bypass

  923858 - Assigned to Gentoo Security
• <www-apps/gitea-1.21.5: allows anonymous container access if RequireSignInView is enabled

  925023 - Assigned to Gentoo Security
• <sys-apps/eza-0.18.6: local arbitrary code execution via .git/HEAD and .git/objects components

  926532 - Assigned to Gentoo Security
• <net-p2p/kubo-0.29.0-r1: executes downloaded binaries without verification

  930853 - Assigned to Gentoo Security
• <gui-wm/hyprland-0.40.0: privilege escalation via unsafe permissions & handling of temporary files

  930945 - Assigned to Gentoo Security
• <app-crypt/tpm2-tss-4.0.2: Unchecked magic number in verify quote

  931055 - Assigned to Gentoo Security
• <app-crypt/tpm2-tools-5.6.1: Missing comparison of PCR selection and uncheck magic number in verify quote

  931056 - Assigned to Gentoo Security
• <dev-python/flask-cors-4.0.1: log injection when the log level is set to debug

  931228 - Assigned to Gentoo Security
• <app-containers/skopeo-1.15.1: unexpected authenticated registry accesses

  932453 - Assigned to Gentoo Security
• <app-containers/podman-5.0.3: unexpected authenticated registry access

  936573 - Assigned to Gentoo Security
• <media-libs/assimp-5.4.2: heap-based buffer overflow

  936586 - Assigned to Gentoo Security
• app-editors/vim: multiple vulnerabilities

  937126 - Assigned to Gentoo Security
• <net-proxy/squid-6.10: buffer underflow in ESI

  938814 - Assigned to Gentoo Security
• <net-misc/asterisk-{18.24.3,20.9.3,21.4.3}: denial of service (crash) bug

  939159 - Assigned to Gentoo Security
• <dev-db/redict-7.3.1 <dev-db/redis-{6.2.16,7.2.6,7.4.1}: multiple vulnerabilities

  940609 - Assigned to Gentoo Security
• <app-emulation/xen-4.18.4_pre0: Deadlock in vlapic_error()

  940632 - Assigned to Gentoo Security
• <app-containers/podman-5.2.4: improper input validation

  941217 - Assigned to Gentoo Security
• app-containers/containers-common: improper file path handling when FIPS mode is enabled

  941218 - Assigned to Gentoo Security
• <app-containers/podman-5.2.5: symlink traversal can result in denial of service via OOM

  942556 - Assigned to Gentoo Security
• <app-containers/buildah-1.37.5; symlink traversal can result in denial of service via OOM

  942557 - Assigned to Gentoo Security
• <app-containers/containers-storage-1.55.1: symlink traversal can result in denial of service via OOM

  942559 - Assigned to Gentoo Security
• net-libs/mbedtls: multiple vulnerabilities

  943337 - Assigned to Gentoo Security