Gentoo Bug List

Wed Oct 15 2008 23:03:23 +0000

185 bugs found.

ID	Sev	Pri	OS	Assignee	Status	Summary
241830	nor	P2	Linu	kde@gentoo.org	NEW	kio_http dies randomly when accessing an SSL-enabled webs...
180159	enh	P2	Linu	security@gentoo.org	NEW	www-client/mozilla-firefox-2.0.0.3 Out-of-bounds memory a...
194151	maj	P2	Linu	security@gentoo.org	NEW	games-sports/racer-bin UDP message buffer overflow (CVE-2...
204067	nor	P2	Linu	security@gentoo.org	NEW	games-fps/{doom3,quake4} * - remote exploitable format st...
204068	nor	P2	Linu	security@gentoo.org	NEW	games-fps/unreal* - remote DoS
207261	nor	P2	Linu	security@gentoo.org	NEW	www-client/mozilla-firefox(-bin)Dialog Spoofing Vulnerabi...
212211	nor	P2	All	security@gentoo.org	NEW	dev-lang/php < 5.2.6_rc1-r1: Multiple crash issues, CVE-2...
212247	enh	P2	Linu	security@gentoo.org	NEW	www-apps/moregroupware security status
212351	nor	P2	Linu	security@gentoo.org	NEW	app-emulation/qemu-softmmu <= 0.9.1-r1 insufficient block...
213318	nor	P2	Linu	security@gentoo.org	NEW	dev-php/PEAR-PhpDocumentor: bundled smarty lib vulnerable...
213322	nor	P2	Linu	security@gentoo.org	NEW	www-apps/gallery: <=2.2.5 affected by bundled smarty (CVE...
215614	enh	P2	Linu	security@gentoo.org	NEW	Java Security Status (Tracker)
217139	nor	P2	All	security@gentoo.org	NEW	dev-lang/php: mod_php can overtake apache file handles (C...
219085	min	P2	Linu	security@gentoo.org	NEW	dev-lang/ruby NTFS/FAT file disclosure (CVE-2008-1891)
223363	nor	P2	Linu	security@gentoo.org	NEW	www-client/mozilla-firefox JSframe Heap Corruption (CVE-2...
224835	min	P2	Linu	security@gentoo.org	NEW	net-misc/asterisk <1.2.29 SIP channel remote crash (CVE-2...
225483	nor	P2	Linu	security@gentoo.org	NEW	app-text/acroread "2008-HI2.pdf" Crash / Code execution? ...
230575	nor	P2	All	security@gentoo.org	NEW	dev-lang/php <5.2.6-r2: safe_mode bypass, code execution,...
231830	nor	P2	Linu	security@gentoo.org	NEW	www-client/opera "Cross-Site Cooking" Session Hijacking (...
231831	nor	P2	Linu	security@gentoo.org	NEW	media-video/ffmpeg <0.4.9_p20070616-r3 libavformat/psxstr...
231834	nor	P2	Linu	security@gentoo.org	NEW	media-plugins/gst-plugins-ffmpeg FFmpeg psxstr.c Buffer o...
232005	nor	P2	Linu	security@gentoo.org	NEW	dev-util/yacc skeleton.c rule reduction stack error (CVE-...
232665	nor	P2	Linu	security@gentoo.org	NEW	app-antivirus/f-prot <6.0.2 Multiple DoS issues (CVE-2008...
232698	nor	P2	Linu	security@gentoo.org	NEW	<net-misc/asterisk-1.2.30 IAX 'POKE' resource exhaustion ...
232999	nor	P2	Linu	security@gentoo.org	NEW	media-libs/win32codecs -multiple vulnerabilities in real ...
233928	min	P2	Linu	security@gentoo.org	NEW	app-antivirus/f-prot infinite loop via a malformed ZIP (C...
233929	nor	P2	Linu	security@gentoo.org	NEW	games-simulation/openttd <0.6.2 TruncateString() Buffer O...
234652	maj	P2	Linu	security@gentoo.org	NEW	app-editors/vim arbitrary command execution when handling...
234806	nor	P2	Linu	security@gentoo.org	NEW	dev-lang/ruby regex.c infinite loop (CVE-2008-3443)
235225	nor	P2	Linu	security@gentoo.org	NEW	net-www/awstats <6.9 awstats.pl Cross-site scripting (CVE...
235227	min	P2	All	security@gentoo.org	NEW	net-mail/uw-imap: possible exposure of SSL keys (missing ...
236167	maj	P2	Linu	security@gentoo.org	NEW	app-emulation/vmware-* multiple vulnerabilities (CVE-2007...
236205	tri	P2	Linu	security@gentoo.org	NEW	games-server/crossfire-server 1.11.0: Insecure temporary ...
237166	nor	P2	Linu	security@gentoo.org	NEW	dev-db/mysql <5.0.66 b'' Server DoS (CVE-2008-3963)
237385	nor	P2	Linu	security@gentoo.org	NEW	dev-ruby/rails <2.1.1 :limit and :offset SQL injection (C...
237476	nor	P2	Linu	security@gentoo.org	NEW	net-misc/asterisk username disclosure (CVE-2008-3903)
238117	min	P2	Linu	security@gentoo.org	NEW	dev-db/mysql DATA / INDEX DIRECTORY symlink attack (CVE-2...
238118	tri	P2	Linu	security@gentoo.org	NEW	dev-python/pydns Insufficient randomness in transaction I...
238120	nor	P2	Linu	security@gentoo.org	NEW	app-editors/vim <7.2.010 control-k command execution (CVE...
238535	nor	P2	Linu	security@gentoo.org	NEW	Mozilla Firefox, Thunderbird, Seamonkey, Xulrunner: ".17"...
238571	nor	P2	Linu	security@gentoo.org	NEW	www-apps/drupal Insecure cookie session hijacking (CVE-20...
238574	nor	P2	Linu	security@gentoo.org	NEW	net-misc/openswan livetest Insecure temporary file creati...
238575	nor	P2	Linu	security@gentoo.org	NEW	app-accessibility/emacspeak extract-table.pl Insecure tem...
238762	min	P2	Linu	security@gentoo.org	NEW	net-ftp/proftpd Cross-Site Request Forgery Vulnerability ...
238976	maj	P2	Linu	security@gentoo.org	NEW	net-print/cups <1.3.8-r2 Multiple buffer overflows (CVE-2...
239047	nor	P2	Linu	security@gentoo.org	NEW	net-ftp/netkit-ftpd Cross-Site Request Forgery Vulnerabil...
239054	min	P2	Linu	security@gentoo.org	NEW	mail-client/squirrelmail <1.4.16 Insecure cookie session ...
239538	nor	P2	Linu	security@gentoo.org	NEW	dev-libs/icu<r23572 and dev-java/icu4j<r23606 XSS (CVE-20...
239543	min	P2	Linu	security@gentoo.org	NEW	net-www/netscape-flash <10.0.12.36 clipboard and clickjac...
239547	min	P2	Linu	security@gentoo.org	NEW	sys-boot/grub<=0.97 authentication passwords problem (CVE...
239557	min	P2	Linu	security@gentoo.org	NEW	<=games-fps/ut2004-3369 DOS & NULL pointer dereference (C...
239565	nor	P2	Linu	security@gentoo.org	NEW	<=kde-base/konqueror-3.5.10 DOS via Javascript (CVE-2008-...
240407	min	P2	Linu	security@gentoo.org	NEW	dev-db/mysql: XSS in command line client of MySQL 5.0.{26...
240576	min	P2	Linu	security@gentoo.org	NEW	sys-cluster/fence-2.02.00-r1 symlink vulnerability
241146	min	P2	Linu	security@gentoo.org	NEW	app-emulation/libvirt priviledge escalation (CVE-2008-4405)
241150	nor	P2	Linu	security@gentoo.org	NEW	app-emulation/vmware-* privilege escalation from guest (C...
240592	tri	P4	Linu	security@gentoo.org	NEW	www-client/mozilla-firefox<=3.0.3 user interface event di...
241112	min	P4	Linu	security@gentoo.org	NEW	kde-base/konqueror-3.5.9 HTML parser DOS (CVE-2008-4514)
149062	cri	P1	Linu	security@gentoo.org	ASSI	sys-apps/portage does not set sticky bit on $PORTAGE_TMPDIR
168196	maj	P1	Linu	security@gentoo.org	ASSI	net-mail/courier-imap remote execution vulnerability
81958	maj	P2	All	security@gentoo.org	ASSI	app-arch/unace: buffer overflows and directory traversal
122407	enh	P2	Linu	security@gentoo.org	ASSI	games-arcade/xkobo: insecure file creation
125902	enh	P2	Linu	security@gentoo.org	ASSI	games-roguelike/nethack: local privilege escalation and i...
127167	enh	P2	Linu	security@gentoo.org	ASSI	games-roguelike/slashem: insecure save game creation and ...
127319	enh	P2	Linu	security@gentoo.org	ASSI	games-roguelike/falconseye: local privilege escalation
135645	nor	P2	Linu	security@gentoo.org	ASSI	games-fps/quake3-*, rtcw, enemy-territory, maybe more: Qu...
142392	enh	P2	Linu	security@gentoo.org	ASSI	games-strategy/ufo2000 - multiple issues (CVE-2006-{3788,...
154995	enh	P2	Linu	security@gentoo.org	ASSI	net-misc/xsupplicant "eap_do_notify()" Buffer Overflow Vu...
159556	min	P2	Linu	security@gentoo.org	ASSI	sys-block/partimage: insecure temporary file creation
168529	enh	P2	Linu	security@gentoo.org	ASSI	www-apps/wordpress security status
168584	enh	P2	Linu	security@gentoo.org	ASSI	net-misc/ssh: SFTP restriction evasion (CVE-2006-0705)
169563	nor	P2	Linu	security@gentoo.org	ASSI	games-fps/enemy-territory: security update for Enemy Terr...
172525	enh	P2	Linu	security@gentoo.org	ASSI	www-apps/xoops security status
178575	nor	P2	Linu	security@gentoo.org	ASSI	dev-java/sun-jdk-1.6.0* and dev-java/sun-jre-bin-1.6.0* i...
179162	nor	P2	Linu	security@gentoo.org	ASSI	app-emulation/emul-linux-x86-java-1.6*: internal copy of ...
181361	enh	P2	Linu	security@gentoo.org	ASSI	www-client/mozilla-firefox{,bin} - multiple vulnerabilities
182824	nor	P2	Linu	security@gentoo.org	ASSI	dev-java/blackdown-{jdk\|jre} probably affected by GLSA 20...
190835	enh	P2	Linu	security@gentoo.org	ASSI	games-fps/doomsday < 1.9.0-beta5.2 Multiple Vulnerabiliti...
192989	min	P2	Linu	security@gentoo.org	ASSI	dev-perl/Archive-Tar < 1.38 Directory traversal flaws (CV...
194607	maj	P2	Linu	security@gentoo.org	ASSI	games-fps/{doom3,quake4}* Engine Format String Vulnerabil...
195386	min	P2	Linu	security@gentoo.org	ASSI	www-client/opera Remote DNS rebinding attack vulnerabilit...
195978	min	P2	Linu	security@gentoo.org	ASSI	www-client/mozilla-firefox[-bin] CSS Vulnerabilty (CVE-20...
196865	maj	P2	Linu	security@gentoo.org	ASSI	app-emulation/emul-linux-x86-baselibs: Multiple issues
198988	tri	P2	Linu	security@gentoo.org	ASSI	dev-db/mysql < 5.0.44-r2 dev-db/mysql-community InnoDB "C...
199207	min	P2	Linu	security@gentoo.org	ASSI	app-crypt/heimdal ftpd uninitialized vulnerability (CVE-2...
200159	nor	P2	All	security@gentoo.org	ASSI	dev-ruby/rails < 1.2.6 Session fixation vulnerability (CV...
201434	min	P2	Linu	security@gentoo.org	ASSI	app-emulation/qemu TranslationBlock (code_gen_buffer) buf...
203084	enh	P2	Linu	security@gentoo.org	ASSI	www-apps/mambo security status
203532	enh	P2	Linu	security@gentoo.org	ASSI	media-video/nemesi Multiple buffer overflows with remote ...
203536	enh	P2	Linu	security@gentoo.org	ASSI	media-video/fenice Multiple vulnerabilities (CVE-2007-{66...
204063	min	P2	Linu	security@gentoo.org	ASSI	media-sound/mt-daapd <= 0.2.4.1 remote DoS
204335	enh	P2	Linu	security@gentoo.org	ASSI	www-apps/joomla security status
206847	nor	P2	Linu	security@gentoo.org	ASSI	net-dns/bind-* libbind "inet_network()" Off-By-One Vulner...
208464	nor	P2	Linu	security@gentoo.org	ASSI	dev-lang/tk, dev-util/sourcenav, dev-util/insight, dev-pe...
209148	nor	P2	All	security@gentoo.org	ASSI	dev-lang/php < 5.2.5_p20080206: vulnerable pcre, several ...
209903	maj	P2	Linu	security@gentoo.org	ASSI	games-mud/tintin <1.98.0 add_line_buffer Buffer Overflow ...
212147	maj	P2	Linu	security@gentoo.org	ASSI	dev-php/smarty < 2.6.19 Remote arbitrary PHP function cal...
212368	enh	P2	Linu	security@gentoo.org	ASSI	www-apps/net2ftp security status
212429	tri	P2	Linu	security@gentoo.org	ASSI	app-emulation/xen Qemu: insufficient block device address...
213320	nor	P2	Linu	security@gentoo.org	ASSI	www-apps/tikiwiki: < 2.0 affected by bundled smarty and o...

ID	Sev	Pri	OS	Assignee	Status	Summary
213548	nor	P2	Linu	security@gentoo.org	ASSI	app-emulation/vmware-workstation +server +player Multiple...
213770	min	P2	Linu	security@gentoo.org	ASSI	app-pda/synce-dccm <0.10.1 vdccm Multiple vulnerabilities...
213823	nor	P2	Linu	security@gentoo.org	ASSI	<app-emulation/emul-linux-x86-baselibs-20080316; <net-nds...
215266	nor	P2	Linu	security@gentoo.org	ASSI	dev-lang/php < 5.2.6_rc4: multiple vulnerabilities (CVE-2...
215699	enh	P2	Linu	security@gentoo.org	ASSI	net-misc/ltsp-4 Multiple vulnerabilities
215701	tri	P2	Linu	security@gentoo.org	ASSI	sys-auth/policykit <0.8 Format String Vulnerability (CVE-...
216319	nor	P2	Linu	security@gentoo.org	ASSI	net-proxy/squid <2.6.18 arrayShrink assert Denial of Serv...
217986	nor	P2	Linu	security@gentoo.org	ASSI	media-sound/mt-daapd <0.2.4.2 ws_getpostvars() Integer ov...
218064	nor	P2	Linu	security@gentoo.org	ASSI	app-arch/unrar-gpl <0.0.1_p20080417 : rar overflow (CVE-2...
218966	nor	P2	Linu	security@gentoo.org	ASSI	<net-misc/asterisk-1.2.28 IAX2 vulnerability (CVE-2008-1897)
221197	nor	P2	All	security@gentoo.org	ASSI	app-editors/emacs <=21.4-r16 fast-lock-mode arbitrary lis...
221943	min	P2	Linu	security@gentoo.org	ASSI	app-emulation/qemu-softmmu < 0.9.1-r3 "drive_init()" secu...
222119	maj	P2	All	security@gentoo.org	ASSI	games-fps/tremulous < svn rev 778: Q3 Engine "remapShader...
222121	nor	P2	Linu	security@gentoo.org	ASSI	net-analyzer/sarg Multiple stack-based buffer overflows (...
222649	min	P2	Linu	security@gentoo.org	ASSI	www-apps/mantisbt <1.2.0a1? Remote code execution, CSRF, ...
222819	nor	P2	Linu	security@gentoo.org	ASSI	media-libs/jasper <1.900.1-r2 multiple vulnerabilities (C...
223217	min	P2	Linu	security@gentoo.org	ASSI	net-analyzer/snort <2.8.1 Snort IP Fragment TTL Evasion V...
223649	nor	P2	All	security@gentoo.org	ASSI	app-emulation/qemu-softmmu: vulnerable to CVE-2007-1320 (...
224637	nor	P2	Linu	security@gentoo.org	ASSI	VMware Multiple vulnerabilities (CVE-2007-5671,CVE-2008-{...
224949	min	P2	Linu	security@gentoo.org	ASSI	net-misc/asterisk-addons < 1.2.9 Remote crash vulnerabili...
225465	maj	P2	Linu	security@gentoo.org	ASSI	dev-lang/ruby <1.8.6_p287 Multiple vulnerabilities (CVE-2...
225477	min	P2	Linu	security@gentoo.org	ASSI	www-servers/tomcat <5.5.27 <6.0.18 Information disclosure...
227453	maj	P2	Linu	security@gentoo.org	ASSI	app-editors/vim-core <7.1.319 Shell Command Injection Vul...
227913	enh	P2	Linu	security@gentoo.org	ASSI	net-misc/quagga 0.99.10 version bump - security fixes
228369	nor	P2	Linu	security@gentoo.org	ASSI	dev-lang/php <5.2.6-r3: safe_mode bypass (CVE-2008-{2665,...
228505	min	P2	Linu	security@gentoo.org	ASSI	www-apps/horde-turba < 2.2.1 XSS vulnerability in contact...
229157	nor	P2	Linu	security@gentoo.org	ASSI	net-im/tmsnc <0.3.2-r1 UBX Stack-based buffer overflow (C...
229329	min	P2	All	security@gentoo.org	ASSI	dev-db/mysql <= 5.0.60-r1: GRANT statement DoS
230045	nor	P2	Linu	security@gentoo.org	ASSI	net-im/pidgin File transfer filename vulnerability, DoS (...
230591	maj	P2	Linu	security@gentoo.org	ASSI	net-wireless/bluez-libs < 3.36 SDP payload processing vul...
231283	enh	P2	Linu	security@gentoo.org	ASSI	net-dns/posadis affected by cache poisoning issue VU#8001...
231285	min	P2	Linu	security@gentoo.org	ASSI	net-dns/pdnsd < 1.2.7 cache poisoning issue + DoS (CVE-20...
231292	nor	P2	Linu	security@gentoo.org	ASSI	net-misc/openssh do_authloop() Format String Privilege Es...
231337	maj	P2	Linu	security@gentoo.org	ASSI	dev-java/sun-{jdk,jre-bin}\|app-emulation/emul-linux-x86-j...
231616	nor	P2	Linu	security@gentoo.org	ASSI	www-client/mozilla-firefox(-bin) lol-firefox.gif crash (C...
231836	nor	P2	Linu	security@gentoo.org	ASSI	media-video/mplayer < 1.0_rc2_p27725 FFmpeg psxstr.c Buff...
232831	nor	P2	Linu	security@gentoo.org	ASSI	net-firewall/ipsec-tools <0.7.1 racoon DoS (CVE-2008-3651...
232890	cri	P2	Linu	security@gentoo.org	ASSI	app-editors/vim < 7.2 configure.in Makefile-conf temporar...
233543	min	P2	Linu	security@gentoo.org	ASSI	dev-libs/opensc <0.11.6 CardOS initialization with improp...
233562	min	P2	Linu	security@gentoo.org	ASSI	dev-lang/mono ASP.net XSS, Sys.Web Header injection (CVE-...
233652	nor	P2	Linu	security@gentoo.org	ASSI	dev-java/ibm-jdk-bin and ibm-jre-bin: multiple vulnerabil...
233959	min	P2	Linu	security@gentoo.org	ASSI	net-print/hplip <2.8.5 DoS (CVE-2008-2940,CVE-2008-2941)
234032	min	P2	Linu	security@gentoo.org	ASSI	net-dns/pdns <2.9.21.1 Ignoring invalid DNS queries eases...
234099	nor	P2	Linu	security@gentoo.org	ASSI	dev-libs/libxml2 <2.7.0 xmlStringLenDecodeEntities() Deni...
234102	maj	P2	All	security@gentoo.org	ASSI	dev-lang/php < 5.2.6-r6: arbitrary code execution, DoS, s...
234135	nor	P2	Linu	security@gentoo.org	ASSI	net-im/pidgin < 2.5.1 Failure to verify SSL certificate (...
234137	min	P2	Linu	security@gentoo.org	ASSI	www-apps/gallery <1.5.8 Multiple vulnerabilities (CVE-200...
234777	maj	P2	Linu	security@gentoo.org	ASSI	media-libs/xine-lib <1.1.15-r1 Multiple issues (CVE-2008-...
234819	min	P2	Linu	security@gentoo.org	ASSI	media-sound/ventrilo-server-bin decryption NULL reference...
235052	maj	P2	All	security@gentoo.org	ASSI	www-apps/phpcollab: SQL / shell command / PHP code inject...
235053	nor	P2	Linu	security@gentoo.org	ASSI	www-apps/online-bookmarks <0.6.28 Login bypass, XSS, SQL ...
235219 </