Todo Lists - Arch Linux
Scheduled advisories
| Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|
| ASA-202204-14 | AVG-2677 | mediawiki | Medium | cross-site scripting |
| ASA-202204-13 | AVG-2662 | gvim | High | arbitrary code execution |
| ASA-202204-12 | AVG-2662 | vim | High | arbitrary code execution |
| ASA-202204-11 | AVG-2655 | powerdns | Low | denial of service |
| ASA-202204-10 | AVG-2656 | powerdns-recursor | Low | denial of service |
Pending advisories
| Group | Package | Severity | Affected | Fixed | Ticket |
|---|---|---|---|---|---|
| AVG-2679 | git | Unknown | 2.35.2-1 | 2.35.3-1 | |
| AVG-2672 | linux-zen | High | 5.17.0-1 | 5.17.1-1 | |
| AVG-2673 | linux | High | 5.17.0-1 | 5.17.1-1 |
Bumped packages
| Group | Package | Severity | Affected | Current | Ticket |
|---|---|---|---|---|---|
| AVG-2626 | zaproxy | Critical | 2.11.0-1 |
2.11.1-1 [community] |
FS#72975 |
| AVG-2651 | webkit2gtk-5.0 | High | 2.34.5-1 |
2.36.0-3 [extra] |
|
| AVG-2650 | webkit2gtk-4.1 | High | 2.34.5-1 |
2.36.0-3 [extra] |
|
| AVG-2649 | webkit2gtk | High | 2.34.5-1 |
2.36.0-3 [extra] |
|
| AVG-2317 | lib32-openssl-1.0 | High | 1.0.2.u-1 |
1.0.2.u-2 [multilib] |
|
| AVG-2190 | jre8-openjdk-headless, jdk8-openjdk | High | 8.u292-1 |
8.332.u04-1 [extra] |
|
| AVG-2645 | clementine | Medium | 1.4.0rc1+759+gd033b38c4-1 |
1.4.0rc1+776+gcefe81d0c-1 [community] |
|
| AVG-2630 | perl | Medium | 5.34.0-3 |
5.34.1-1 [core] |
|
| AVG-2616 | privoxy | Medium | 3.0.32-1 |
3.0.33-1 [community] |
|
| AVG-2584 | gerbv | Medium | 2.8.1-1 |
2.8.1-2 [community] |
|
| AVG-2520 | libheif | Medium | 1.12.0-2 |
1.12.0-3 [extra] |
|
| AVG-2493 | gitlab-gitaly | Medium | 14.3.0-3 |
14.4.5-2 [community] |
|
| AVG-2406 | redis | Medium | 6.2.6-1 |
6.2.6-2 [community] |
|
| AVG-2396 | libde265 | Medium | 1.0.8-1 |
1.0.8-2 [extra] |
|
| AVG-2394 | kube-apiserver | Medium | 1.23.0-1 |
1.23.5-1 [community] |
|
| AVG-2367 | openvpn | Medium | 2.5.5-1 |
2.5.6-1 [extra] |
|
| AVG-2345 | linux | Medium | 5.15.8.arch1-1 |
5.17.3.arch1-1 [core] |
|
| AVG-2333 | rsync | Medium | 3.2.3-4 |
3.2.4-1 [testing] 3.2.3-4 [extra] |
|
| AVG-2273 | trojita | Medium | 0.7-5 |
0.7-7 [community] |
|
| AVG-2264 | perl | Medium | 5.34.0-3 |
5.34.1-1 [core] |
|
| AVG-2186 | lib32-libsndfile | Medium | 1.0.31-1 |
1.1.0-1 [multilib] |
|
| AVG-2142 | prusa-slicer | Medium | 2.3.3-3 |
2.4.1-1 [community] |
|
| AVG-2114 | tensorflow | Medium | 2.7.0-4 |
2.8.0-5 [community] |
|
| AVG-2067 | opendmarc | Medium | 1.4.1.1-2 |
1.4.2-2 [community] |
FS#72812 |
| AVG-2014 | lib32-libgcrypt15 | Medium | 1.5.6-5 |
1.5.6-7 [multilib] |
|
| AVG-2013 | libgcrypt15 | Medium | 1.5.6-4 |
1.5.6-6 [community] |
|
| AVG-1941 | ansible-core | Medium | 2.12.1-1 |
2.12.4-1 [community] |
|
| AVG-1898 | qemu | Medium | 6.1.0-5 |
6.2.0-4 [extra] |
|
| AVG-1881 | linux-hardened | Medium | 5.15.7.hardened1-1 |
5.16.20.hardened1-1 [extra] |
|
| AVG-1880 | linux-zen | Medium | 5.15.8.zen1-1 |
5.17.3.zen1-1 [extra] |
|
| AVG-1879 | linux | Medium | 5.15.8.arch1-1 |
5.17.3.arch1-1 [core] |
|
| AVG-1823 | gpac | Medium | 1:1.0.1-1 |
1:1.0.1-3 [community] |
|
| AVG-1741 | linux-lts | Medium | 5.10.85-1 |
5.15.34-1 [core] |
|
| AVG-1516 | evolution | Medium | 3.42.2-1 |
3.44.0-1 [extra] |
|
| AVG-1486 | bitcoin-daemon | Medium | 22.0-1 |
22.0-2 [community] |
|
| AVG-1360 | edk2-shell | Medium | 202111-4 |
202202-2 [extra] |
|
| AVG-1354 | xerces-c | Medium | 3.2.3-5 |
3.2.3-6 [extra] |
|
| AVG-1342 | pass | Medium | 1.7.4-1 |
1.7.4-2 [community] |
|
| AVG-2615 | ruby-bundler | Low | 2.2.26-1 |
2.3.10-1 [community] |
|
| AVG-2569 | go-ethereum | Low | 1.10.13-1 |
1.10.17-1 [community] |
|
| AVG-2545 | nomacs | Low | 1:3.17.2206-5 |
1:3.17.2206-7 [community] |
|
| AVG-2404 | faust | Low | 2.37.3-1 |
2.40.0-1 [community] |
|
| AVG-2104 | imagemagick | Low | 7.1.0.17-1 |
7.1.0.30-1 [extra] |
|
| AVG-2091 | manuskript | Low | 0.12.0-1 |
0.13.1-1 [community] |
|
| AVG-1915 | kubelet, kube-controller-manager, kube-proxy, kube-scheduler, kube-apiserver | Low | 1.23.0-1 |
1.23.5-1 [community] |
|
| AVG-1777 | vigra | Low | 1.11.1.r45+g8acd73a5-5 |
1.11.1.r67+g093d57d1-1 [community] |
|
| AVG-1673 | kexec-tools | Low | 2.0.21-1 |
2.0.23-1 [extra] |
|
| AVG-1594 | linux | Low | 5.15.8.arch1-1 |
5.17.3.arch1-1 [core] |
|
| AVG-1311 | audacity | Low | 1:2.4.1-4 |
1:2.4.1-7 [community] |
Undetermined groups
| Group | Package | Severity | Affected | Status |
|---|---|---|---|---|
| AVG-2669 | linux-hardened | High | 5.15.14-1 | Unknown |
Issues missing details
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-28209 | Critical | Unknown | Unknown | An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof... |
| CVE-2022-28206 | Critical | Unknown | Unknown | An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the... |
| CVE-2022-28205 | Critical | Unknown | Unknown | An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a... |
| CVE-2022-28144 | Medium | Yes | Unknown | Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several... |
| CVE-2022-28142 | High | Yes | Unknown | Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally... |
| CVE-2022-28139 | Medium | Yes | Unknown | A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows... |
| CVE-2022-28137 | Medium | Yes | Unknown | A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and... |
| CVE-2022-28134 | Medium | Yes | Unknown | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission... |
| CVE-2022-27942 | Unknown | Unknown | Unknown | tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c |
| CVE-2022-27941 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in... |
| CVE-2022-27940 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c |
| CVE-2022-27939 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c |
| CVE-2022-24765 | Unknown | Unknown | Unknown | |
| CVE-2022-24303 | Unknown | Unknown | Unknown | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames... |
| CVE-2022-23901 | Unknown | Unknown | Unknown | A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. |
| CVE-2022-22817 | Unknown | Unknown | Unknown | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such... |
| CVE-2022-22816 | Unknown | Unknown | Unknown | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization... |
| CVE-2022-22815 | Unknown | Unknown | Unknown | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path |
| CVE-2022-1172 | Medium | Unknown | Unknown | Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEV |
| CVE-2022-1106 | Unknown | Unknown | Unknown | use after free in mrb_vm_exec in mruby prior to 3.2 |
Orphan issues
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-45046 | Medium | Yes | Denial of service | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete... |
| CVE-2022-1106 | Unknown | Unknown | Unknown | use after free in mrb_vm_exec in mruby prior to 3.2 |
| CVE-2022-1172 | Medium | Unknown | Unknown | Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEV |
| CVE-2022-22815 | Unknown | Unknown | Unknown | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path |
| CVE-2022-22816 | Unknown | Unknown | Unknown | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization... |
| CVE-2022-22817 | Unknown | Unknown | Unknown | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such... |
| CVE-2022-23901 | Unknown | Unknown | Unknown | A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. |
| CVE-2022-24303 | Unknown | Unknown | Unknown | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames... |
| CVE-2022-27939 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c |
| CVE-2022-27940 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c |
| CVE-2022-27941 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in... |
| CVE-2022-27942 | Unknown | Unknown | Unknown | tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c |