ALT-BU-2022-6815-1
Branch sisyphus_mipsel update bulletin.
Package arj updated to version 3.10.22-alt9 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-0557
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
- FEDORA-2015-5603
- FEDORA-2015-5603
- FEDORA-2015-5546
- FEDORA-2015-5546
- FEDORA-2015-5524
- FEDORA-2015-5524
- DSA-3213
- DSA-3213
- MDVSA-2015:201
- MDVSA-2015:201
- [oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash
- [oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash
- [oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash
- [oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash
- 71895
- 71895
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435
- GLSA-201612-15
- GLSA-201612-15
Closed bugs
Зависает при создании архивов
Package libvncserver updated to version 0.9.13-alt3 for branch sisyphus_mipsel.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-29260
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().
- https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec
- https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec
- [debian-lts-announce] 20220929 [SECURITY] [DLA 3125-1] libvncserver security update
- [debian-lts-announce] 20220929 [SECURITY] [DLA 3125-1] libvncserver security update
Package make-initrd updated to version 2.32.0-alt1 for branch sisyphus_mipsel.
Closed bugs
Выдавать критическую ошибку при неудачной проверки sysinit
Package libarchive updated to version 3.6.1-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2022-01973
Уязвимость реализации функции zipx_lzma_alone_init() библиотеки архивирования libarchive, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-26280
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.