ALT-BU-2020-3717-3
Branch sisyphus update bulletin.
Package python-module-dateutil updated to version 2.8.1-alt1 for branch sisyphus in task 248266.
Closed bugs
Просьба обновить до 2.8.0
Closed vulnerabilities
Modified: 2024-11-21
CVE-2019-15785
FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.
- https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c
- https://github.com/fontforge/fontforge/pull/3886
- https://security.gentoo.org/glsa/202004-14
- https://github.com/fontforge/fontforge/commit/626f751752875a0ddd74b9e217b6f4828713573c
- https://github.com/fontforge/fontforge/pull/3886
- https://security.gentoo.org/glsa/202004-14
Modified: 2024-11-21
CVE-2020-25690
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Modified: 2024-11-21
CVE-2020-5395
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html
- https://github.com/fontforge/fontforge/issues/4084
- https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2S75EAVF4KPCH3WFBMZADUAU7EAXA7ZQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6PKVQLBKIO7LQPDXB3MKI5I6AMDCN6/
- https://security.gentoo.org/glsa/202004-14
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html
- https://github.com/fontforge/fontforge/issues/4084
- https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2S75EAVF4KPCH3WFBMZADUAU7EAXA7ZQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MH6PKVQLBKIO7LQPDXB3MKI5I6AMDCN6/
- https://security.gentoo.org/glsa/202004-14
Modified: 2024-11-21
CVE-2020-5496
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html
- https://github.com/fontforge/fontforge/issues/4085
- https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
- https://security.gentoo.org/glsa/202004-14
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html
- https://github.com/fontforge/fontforge/issues/4085
- https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html
- https://security.gentoo.org/glsa/202004-14
Closed bugs
ignore exclude by default in gear-update
Closed vulnerabilities
Modified: 2026-03-24
CVE-2019-25585
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.
Modified: 2026-03-24
CVE-2019-25586
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash.