Nixpkgs Security Tracker

Permalink CVE-2012-2142

created 1 month ago

The error function in Error.cc in poppler before 0.21.4 allows …

The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.

References

http://www.openwall.com/lists/oss-security/2013/08/09/6 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/08/09/5 x_refsource_MISC
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d0899… x_refsource_MISC
http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4d… x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=789936 x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/08/09/6 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/08/09/5 x_transferred x_refsource_MISC
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d0899… x_transferred x_refsource_MISC
http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4d… x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=789936 x_transferred x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/08/09/6 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/08/09/5 x_refsource_MISC
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d0899… x_refsource_MISC
http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4d… x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=789936 x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/08/09/5 x_transferred x_refsource_MISC
http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d0899… x_transferred x_refsource_MISC
http://cgit.freedesktop.org/poppler/poppler/commit/NEWS?id=2bc48d5369f1dbecfc4d… x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=789936 x_transferred x_refsource_MISC
http://lists.opensuse.org/opensuse-updates/2013-08/msg00049.html x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/08/09/6 x_transferred x_refsource_MISC

Affected products

poppler

==before 0.21.4

Matching in nixpkgs

pkgs.poppler

PDF rendering library

nixos-unstable 25.10.0
- nixpkgs-unstable 25.10.0
- nixos-unstable-small 25.10.0
nixos-25.11 25.10.0
- nixos-25.11-small 25.10.0
- nixpkgs-25.11-darwin 25.10.0

pkgs.poppler_gi

PDF rendering library

nixos-unstable 25.10.0
- nixpkgs-unstable 25.10.0
- nixos-unstable-small 25.10.0
nixos-25.11 25.10.0
- nixos-25.11-small 25.10.0
- nixpkgs-25.11-darwin 25.10.0

pkgs.poppler_min

PDF rendering library

nixos-unstable 25.10.0
- nixpkgs-unstable 25.10.0
- nixos-unstable-small 25.10.0
nixos-25.11 25.10.0
- nixos-25.11-small 25.10.0
- nixpkgs-25.11-darwin 25.10.0

pkgs.poppler_data

Encoding files for Poppler, a PDF rendering library

nixos-unstable 0.4.12
- nixpkgs-unstable 0.4.12
- nixos-unstable-small 0.4.12
nixos-25.11 0.4.12
- nixos-25.11-small 0.4.12
- nixpkgs-25.11-darwin 0.4.12

pkgs.poppler-utils

PDF rendering library

nixos-unstable 25.10.0
- nixpkgs-unstable 25.10.0
- nixos-unstable-small 25.10.0
nixos-25.11 25.10.0
- nixos-25.11-small 25.10.0
- nixpkgs-25.11-darwin 25.10.0

pkgs.libsForQt5.poppler

PDF rendering library

nixos-unstable qt5-25.10.0
- nixpkgs-unstable qt5-25.10.0
- nixos-unstable-small qt5-25.10.0
nixos-25.11 qt5-25.10.0
- nixos-25.11-small qt5-25.10.0
- nixpkgs-25.11-darwin qt5-25.10.0

pkgs.kdePackages.poppler

PDF rendering library

nixos-unstable qt6-25.10.0
- nixpkgs-unstable qt6-25.10.0
- nixos-unstable-small qt6-25.10.0
nixos-25.11 qt6-25.10.0
- nixos-25.11-small qt6-25.10.0
- nixpkgs-25.11-darwin qt6-25.10.0

pkgs.qt6Packages.poppler

PDF rendering library

nixos-unstable qt6-25.10.0
- nixpkgs-unstable qt6-25.10.0
- nixos-unstable-small qt6-25.10.0
nixos-25.11 qt6-25.10.0
- nixos-25.11-small qt6-25.10.0
- nixpkgs-25.11-darwin qt6-25.10.0

pkgs.plasma5Packages.poppler

PDF rendering library

nixos-unstable qt5-25.10.0
- nixpkgs-unstable qt5-25.10.0
- nixos-unstable-small qt5-25.10.0
nixos-25.11 qt5-25.10.0
- nixos-25.11-small qt5-25.10.0
- nixpkgs-25.11-darwin qt5-25.10.0

pkgs.haskellPackages.gi-poppler

Poppler bindings

nixos-unstable 0.18.30
- nixpkgs-unstable 0.18.30
- nixos-unstable-small 0.18.30
nixos-25.11 0.18.30
- nixos-25.11-small 0.18.30
- nixpkgs-25.11-darwin 0.18.30

pkgs.python312Packages.poppler-qt5

None

nixos-25.11 qt5-21.3.0
- nixos-25.11-small qt5-21.3.0
- nixpkgs-25.11-darwin qt5-21.3.0

pkgs.python313Packages.poppler-qt5

None

nixos-unstable qt5-21.3.0
- nixpkgs-unstable qt5-21.3.0
- nixos-unstable-small qt5-21.3.0
nixos-25.11 qt5-21.3.0
- nixos-25.11-small qt5-21.3.0
- nixpkgs-25.11-darwin qt5-21.3.0

pkgs.python314Packages.poppler-qt5

None

nixos-unstable qt5-21.3.0
- nixpkgs-unstable qt5-21.3.0
- nixos-unstable-small qt5-21.3.0

pkgs.zathuraPkgs.zathura_pdf_poppler

Zathura PDF plugin (poppler)

nixos-unstable 0.3.4
- nixpkgs-unstable 2026.02.03
- nixos-unstable-small 2026.02.03
nixos-25.11 0.3.3
- nixos-25.11-small 0.3.3
- nixpkgs-25.11-darwin 0.3.3

pkgs.python312Packages.python-poppler

Python binding to poppler-cpp

nixos-25.11 0.4.1
- nixos-25.11-small 0.4.1
- nixpkgs-25.11-darwin 0.4.1

pkgs.python313Packages.python-poppler

Python binding to poppler-cpp

nixos-unstable 0.4.1
- nixpkgs-unstable 0.4.1
- nixos-unstable-small 0.4.1
nixos-25.11 0.4.1
- nixos-25.11-small 0.4.1
- nixpkgs-25.11-darwin 0.4.1

pkgs.python314Packages.python-poppler

Python binding to poppler-cpp

nixos-unstable 0.4.1
- nixpkgs-unstable 0.4.1
- nixos-unstable-small 0.4.1

pkgs.tests.pkg-config.defaultPkgConfigPackages.poppler-glib

Test whether poppler-glib-25.07.0 exposes pkg-config modules poppler-glib

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@onny Jonas Heinrich <onny@project-insanity.org>

Permalink CVE-2009-5068

created 1 month ago

There is a file disclosure vulnerability in SMF (Simple Machines …

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords.

References

http://www.openwall.com/lists/oss-security/2013/02/01/4 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/02/01/4 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/02/01/4 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/02/01/4 x_transferred x_refsource_MISC

Affected products

SMF

==through 2.0.3

Matching in nixpkgs

pkgs.smfh

Sleek Manifest File Handler

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.11 1.3
- nixos-25.11-small 1.4
- nixpkgs-25.11-darwin 1.3

pkgs.asmfmt

Go assembler formatter

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2
nixos-25.11 1.3.2
- nixos-25.11-small 1.3.2
- nixpkgs-25.11-darwin 1.3.2

pkgs.libsmf

C library for reading and writing Standard MIDI Files

nixos-unstable 1.3
- nixpkgs-unstable 1.3
- nixos-unstable-small 1.3
nixos-25.11 1.3
- nixos-25.11-small 1.3
- nixpkgs-25.11-darwin 1.3

pkgs.nasmfmt

Formatter for NASM source files

nixos-unstable 2022-09-15
- nixpkgs-unstable 2022-09-15
- nixos-unstable-small 2022-09-15
nixos-25.11 2022-09-15
- nixos-25.11-small 2022-09-15
- nixpkgs-25.11-darwin 2022-09-15

pkgs.mt32emu-smf2wav

Produces a WAVE file from a Standard MIDI file (SMF)

nixos-unstable smf2wav-1.9.0
- nixpkgs-unstable smf2wav-1.9.0
- nixos-unstable-small smf2wav-1.9.0
nixos-25.11 smf2wav-1.9.0
- nixos-25.11-small smf2wav-1.9.0
- nixpkgs-25.11-darwin smf2wav-1.9.0

pkgs.python312Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python313Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.python314Packages.pysmf

Python extension module for reading and writing Standard MIDI Files, based on libsmf

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

pkgs.tests.fetchFromGitHub.rootDir

None

nixos-unstable smfyc8dzpa0l
- nixpkgs-unstable smfyc8dzpa0l
- nixos-unstable-small smfyc8dzpa0l

Package maintainers

@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@eclairevoyant éclairevoyant
@Gerg-L Greg Leyda <gregleyda@proton.me>
@NotAShelf NotAShelf <raf@notashelf.dev>

Permalink CVE-2011-3585

created 1 month ago

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs …

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.

References

https://bugzilla.samba.org/show_bug.cgi?id=7179 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=742907 x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/09/27/1 x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/09/30/5 x_refsource_MISC
https://git.samba.org/?p=cifs-utils.git%3Ba=commitdiff%3Bh=810f7e4e0f2dbcbee029… x_refsource_MISC
https://bugzilla.samba.org/show_bug.cgi?id=7179 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=742907 x_transferred x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/09/27/1 x_transferred x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/09/30/5 x_transferred x_refsource_MISC
https://git.samba.org/?p=cifs-utils.git%3Ba=commitdiff%3Bh=810f7e4e0f2dbcbee029… x_transferred x_refsource_MISC
https://bugzilla.samba.org/show_bug.cgi?id=7179 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=742907 x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/09/27/1 x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/09/30/5 x_refsource_MISC
https://git.samba.org/?p=cifs-utils.git%3Ba=commitdiff%3Bh=810f7e4e0f2dbcbee029… x_refsource_MISC
https://bugzilla.samba.org/show_bug.cgi?id=7179 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=742907 x_transferred x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/09/27/1 x_transferred x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/09/30/5 x_transferred x_refsource_MISC
https://git.samba.org/?p=cifs-utils.git%3Ba=commitdiff%3Bh=810f7e4e0f2dbcbee029… x_transferred x_refsource_MISC

Affected products

Samba

==3.6

Matching in nixpkgs

pkgs.samba

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable 4.22.7
- nixpkgs-unstable 4.22.7
- nixos-unstable-small 4.22.7
nixos-25.11 4.22.6
- nixos-25.11-small 4.22.6
- nixpkgs-25.11-darwin 4.22.6

pkgs.samba4

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable 4.22.7
- nixpkgs-unstable 4.22.7
- nixos-unstable-small 4.22.7
nixos-25.11 4.22.6
- nixos-25.11-small 4.22.6
- nixpkgs-25.11-darwin 4.22.6

pkgs.sambamba

SAM/BAM processing tool

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1
nixos-25.11 1.0.1
- nixos-25.11-small 1.0.1
- nixpkgs-25.11-darwin 1.0.1

pkgs.sambaFull

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable 4.22.7
- nixpkgs-unstable 4.22.7
- nixos-unstable-small 4.22.7
nixos-25.11 4.22.6
- nixos-25.11-small 4.22.6
- nixpkgs-25.11-darwin 4.22.6

pkgs.samba4Full

Standard Windows interoperability suite of programs for Linux and Unix

nixos-unstable 4.22.7
- nixpkgs-unstable 4.22.7
- nixos-unstable-small 4.22.7
nixos-25.11 4.22.6
- nixos-25.11-small 4.22.6
- nixpkgs-25.11-darwin 4.22.6

Package maintainers

@aneeshusa Aneesh Agrawal <aneeshusa@gmail.com>
@jbedo Justin Bedő <cu@cua0.org>

Permalink CVE-2011-1489

created 1 month ago

A memory leak in rsyslog before 5.7.6 was found in …

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.

References

https://security-tracker.debian.org/tracker/CVE-2011-1489 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1489 x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html x_refsource_MISC
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6… x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-1489 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1489 x_transferred x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html x_transferred x_refsource_MISC
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6… x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-1489 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1489 x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html x_refsource_MISC
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6… x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1489 x_transferred x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html x_transferred x_refsource_MISC
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6… x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-1489 x_transferred x_refsource_MISC

Affected products

rsyslog

==before 5.7.6

Matching in nixpkgs

pkgs.rsyslog

Enhanced syslog implementation

nixos-unstable 8.2512.0
- nixpkgs-unstable 8.2512.0
- nixos-unstable-small 8.2512.0
nixos-25.11 8.2510.0
- nixos-25.11-small 8.2510.0
- nixpkgs-25.11-darwin 8.2510.0

pkgs.rsyslog-light

Enhanced syslog implementation

nixos-unstable 8.2512.0
- nixpkgs-unstable 8.2512.0
- nixos-unstable-small 8.2512.0
nixos-25.11 8.2510.0
- nixos-25.11-small 8.2510.0
- nixpkgs-25.11-darwin 8.2510.0

Permalink CVE-2012-4524

created 1 month ago

xlockmore before 5.43 'dclock' security bypass vulnerability

References

https://security-tracker.debian.org/tracker/CVE-2012-4524 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4524 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2012-4524 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/79558 x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091108.… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091150.… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091709.… x_refsource_MISC
http://security.gentoo.org/glsa/glsa-201309-03.xml x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/10/17/12 x_refsource_MISC
http://www.securityfocus.com/bid/56169 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2012-4524 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4524 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2012-4524 x_transferred x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/79558 x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091108.… x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091150.… x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091709.… x_transferred x_refsource_MISC
http://security.gentoo.org/glsa/glsa-201309-03.xml x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/10/17/12 x_transferred x_refsource_MISC
http://www.securityfocus.com/bid/56169 x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2012-4524 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4524 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2012-4524 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/79558 x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091108.… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091150.… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091709.… x_refsource_MISC
http://security.gentoo.org/glsa/glsa-201309-03.xml x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/10/17/12 x_refsource_MISC
http://www.securityfocus.com/bid/56169 x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091150.… x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091709.… x_transferred x_refsource_MISC
http://security.gentoo.org/glsa/glsa-201309-03.xml x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/10/17/12 x_transferred x_refsource_MISC
http://www.securityfocus.com/bid/56169 x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2012-4524 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4524 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2012-4524 x_transferred x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/79558 x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091108.… x_transferred x_refsource_MISC

Affected products

xlockmore

==< 5.43

Matching in nixpkgs

pkgs.xlockmore

Screen locker for the X Window System

nixos-unstable 5.87
- nixpkgs-unstable 5.87
- nixos-unstable-small 5.87
nixos-25.11 5.84
- nixos-25.11-small 5.84
- nixpkgs-25.11-darwin 5.84

Package maintainers

@pSub Pascal Wittmann <mail@pascal-wittmann.de>

Permalink CVE-2012-5645

created 1 month ago

A denial of service flaw was found in the way …

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.

References

http://www.openwall.com/lists/oss-security/2012/12/31/2 x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.h… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.h… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.h… x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/22/4 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/30/11 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/30/8 x_refsource_MISC
http://www.securityfocus.com/bid/41352 x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2012-5645 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2012-5645 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/18/5 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2012-5645 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2012-5645 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/18/5 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/31/2 x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.h… x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.h… x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.h… x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/22/4 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/30/11 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/30/8 x_transferred x_refsource_MISC
http://www.securityfocus.com/bid/41352 x_transferred x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306 x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2012-5645 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2012-5645 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/18/5 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/31/2 x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.h… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.h… x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.h… x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/22/4 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/30/11 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/30/8 x_refsource_MISC
http://www.securityfocus.com/bid/41352 x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2012-5645 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2012-5645 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/18/5 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/31/2 x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.h… x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.h… x_transferred x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.h… x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/22/4 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/30/11 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/30/8 x_transferred x_refsource_MISC
http://www.securityfocus.com/bid/41352 x_transferred x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306 x_transferred x_refsource_MISC

Affected products

freeciv

==before 2.3.4

Matching in nixpkgs

pkgs.freeciv

Multiplayer (or single player), turn-based strategy game

nixos-unstable 3.2.2
- nixpkgs-unstable 3.2.2
- nixos-unstable-small 3.2.2
nixos-25.11 3.2.1
- nixos-25.11-small 3.2.1
- nixpkgs-25.11-darwin 3.2.1

pkgs.freeciv_qt

Multiplayer (or single player), turn-based strategy game

nixos-unstable 3.2.2
- nixpkgs-unstable 3.2.2
- nixos-unstable-small 3.2.2
nixos-25.11 3.2.1
- nixos-25.11-small 3.2.1
- nixpkgs-25.11-darwin 3.2.1

pkgs.freeciv_gtk

Multiplayer (or single player), turn-based strategy game

nixos-unstable 3.2.2
- nixpkgs-unstable 3.2.2
- nixos-unstable-small 3.2.2
nixos-25.11 3.2.1
- nixos-25.11-small 3.2.1
- nixpkgs-25.11-darwin 3.2.1

pkgs.freeciv_sdl2

Multiplayer (or single player), turn-based strategy game

nixos-unstable 3.2.2
- nixpkgs-unstable 3.2.2
- nixos-unstable-small 3.2.2
nixos-25.11 3.2.1
- nixos-25.11-small 3.2.1
- nixpkgs-25.11-darwin 3.2.1

Package maintainers

@nbp Nicolas B. Pierron <nixos@nbp.name>

Permalink CVE-2011-2187

created 1 month ago

xscreensaver before 5.14 crashes during activation and leaves the screen …

xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382 x_refsource_MISC
[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated x_refsource_MLIST mailing-list
https://www.jwz.org/xscreensaver/changelog.html x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-2187 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-2187 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-2187 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-2187 x_transferred x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382 x_transferred x_refsource_MISC
[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated x_refsource_MLIST mailing-list x_transferred
https://www.jwz.org/xscreensaver/changelog.html x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-2187 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-2187 x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382 x_refsource_MISC
[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated x_refsource_MLIST mailing-list
https://www.jwz.org/xscreensaver/changelog.html x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-2187 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2187 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-2187 x_transferred x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627382 x_transferred x_refsource_MISC
[oss-security] 20110606 Re: CVE Request -- xscreensaver -- exits when activated x_refsource_MLIST mailing-list x_transferred
https://www.jwz.org/xscreensaver/changelog.html x_transferred x_refsource_MISC

Affected products

xscreensaver

==before 5.14

Matching in nixpkgs

pkgs.xscreensaver

Set of screensavers

nixos-unstable 6.13
- nixpkgs-unstable 6.13
- nixos-unstable-small 6.13
nixos-25.11 6.12
- nixos-25.11-small 6.12
- nixpkgs-25.11-darwin 6.12

Package maintainers

@7c6f434c Michael Raskin <7c6f434c@mail.ru>

Permalink CVE-2011-1934

created 1 month ago

lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.

References

https://access.redhat.com/security/cve/cve-2011-1934 x_refsource_MISC
[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap x_refsource_MLIST mailing-list
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103 x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2011-1934 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-1934 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1934 x_transferred x_refsource_MISC
[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap x_refsource_MLIST mailing-list x_transferred
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103 x_transferred x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2011-1934 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1934 x_refsource_MISC
[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap x_refsource_MLIST mailing-list
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103 x_refsource_CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615103 x_transferred x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2011-1934 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1934 x_transferred x_refsource_MISC
[oss-security] 20110519 Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap x_refsource_MLIST mailing-list x_transferred

Affected products

lilo

==23.1

Matching in nixpkgs

pkgs.lilo

Linux bootloader

nixos-unstable 24.2
- nixpkgs-unstable 24.2
- nixos-unstable-small 24.2
nixos-25.11 24.2
- nixos-25.11-small 24.2
- nixpkgs-25.11-darwin 24.2

Package maintainers

@KAction Dmitry Bogatov <KAction@disroot.org>

Permalink CVE-2011-4938

created 1 month ago

Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote …

Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php.

References

http://www.rul3z.de/advisories/SSCHADV2011-038.txt x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/03/09/4 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/03/10/6 x_refsource_MISC
http://bugs.ariadne-cms.org/view.php?id=277 x_refsource_MISC
https://seclists.org/bugtraq/2011/Dec/7 x_refsource_MISC
http://www.rul3z.de/advisories/SSCHADV2011-038.txt x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/03/09/4 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/03/10/6 x_transferred x_refsource_MISC
http://bugs.ariadne-cms.org/view.php?id=277 x_transferred x_refsource_MISC
https://seclists.org/bugtraq/2011/Dec/7 x_transferred x_refsource_MISC
http://www.rul3z.de/advisories/SSCHADV2011-038.txt x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/03/09/4 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/03/10/6 x_refsource_MISC
http://bugs.ariadne-cms.org/view.php?id=277 x_refsource_MISC
https://seclists.org/bugtraq/2011/Dec/7 x_refsource_MISC
http://www.rul3z.de/advisories/SSCHADV2011-038.txt x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/03/09/4 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/03/10/6 x_transferred x_refsource_MISC
http://bugs.ariadne-cms.org/view.php?id=277 x_transferred x_refsource_MISC
https://seclists.org/bugtraq/2011/Dec/7 x_transferred x_refsource_MISC

Affected products

Ariadne

==2.7.6

Matching in nixpkgs

pkgs.python312Packages.ariadne

Python library for implementing GraphQL servers using schema-first approach

nixos-25.11 0.27.0
- nixos-25.11-small 0.27.0
- nixpkgs-25.11-darwin 0.27.0

pkgs.python313Packages.ariadne

Python library for implementing GraphQL servers using schema-first approach

nixos-unstable 0.28.0
- nixpkgs-unstable 0.28.0
- nixos-unstable-small 0.28.0
nixos-25.11 0.27.0
- nixos-25.11-small 0.27.0
- nixpkgs-25.11-darwin 0.27.0

pkgs.python314Packages.ariadne

Python library for implementing GraphQL servers using schema-first approach

nixos-unstable 0.28.0
- nixpkgs-unstable 0.28.0
- nixos-unstable-small 0.28.0

Package maintainers

@samuela Samuel Ainsworth <skainsworth@gmail.com>

Permalink CVE-2012-4439

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
10 packages
- jenkins-job-builder
- python312Packages.jenkinsapi
- python313Packages.jenkinsapi
- python314Packages.jenkinsapi
- python312Packages.python-jenkins
- python313Packages.python-jenkins
- python314Packages.python-jenkins
- python312Packages.jenkins-job-builder
- python313Packages.jenkins-job-builder
- python314Packages.jenkins-job-builder
1 month ago

Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS …

Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.

References

https://security-tracker.debian.org/tracker/CVE-2012-4439 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/09/21/2 x_refsource_MISC
https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439 x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439 x_transferred x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2012-4439 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/09/21/2 x_transferred x_refsource_MISC
https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/09/21/2 x_refsource_MISC
https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439 x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2012-4439 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2012-4439 x_transferred x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/09/21/2 x_transferred x_refsource_MISC
https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439 x_transferred x_refsource_CONFIRM

Affected products

jenkins

==1.447.2

Matching in nixpkgs

pkgs.jenkins

Extendable open source continuous integration server

nixos-unstable 2.541.1
- nixpkgs-unstable 2.541.1
- nixos-unstable-small 2.541.1
nixos-25.11 2.541.1
- nixos-25.11-small 2.541.1
- nixpkgs-25.11-darwin 2.541.1

Ignored packages (10)

pkgs.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable 6.4.2
- nixpkgs-unstable 6.4.2
- nixos-unstable-small 6.4.2
nixos-25.11 6.4.2
- nixos-25.11-small 6.4.2
- nixpkgs-25.11-darwin 6.4.2

pkgs.python312Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

nixos-25.11 0.3.15
- nixos-25.11-small 0.3.15
- nixpkgs-25.11-darwin 0.3.15

pkgs.python313Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

nixos-unstable 0.3.15
- nixpkgs-unstable 0.3.15
- nixos-unstable-small 0.3.15
nixos-25.11 0.3.15
- nixos-25.11-small 0.3.15
- nixpkgs-25.11-darwin 0.3.15

pkgs.python314Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

nixos-unstable 0.3.15
- nixpkgs-unstable 0.3.15
- nixos-unstable-small 0.3.15

pkgs.python312Packages.python-jenkins

Python bindings for the remote Jenkins API

nixos-25.11 1.8.3
- nixos-25.11-small 1.8.3
- nixpkgs-25.11-darwin 1.8.3

pkgs.python313Packages.python-jenkins

Python bindings for the remote Jenkins API

nixos-unstable 1.8.3
- nixpkgs-unstable 1.8.3
- nixos-unstable-small 1.8.3
nixos-25.11 1.8.3
- nixos-25.11-small 1.8.3
- nixpkgs-25.11-darwin 1.8.3

pkgs.python314Packages.python-jenkins

Python bindings for the remote Jenkins API

nixos-unstable 1.8.3
- nixpkgs-unstable 1.8.3
- nixos-unstable-small 1.8.3

pkgs.python312Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-25.11 6.4.2
- nixos-25.11-small 6.4.2
- nixpkgs-25.11-darwin 6.4.2

pkgs.python313Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable 6.4.2
- nixpkgs-unstable 6.4.2
- nixos-unstable-small 6.4.2
nixos-25.11 6.4.2
- nixos-25.11-small 6.4.2
- nixpkgs-25.11-darwin 6.4.2

pkgs.python314Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable 6.4.2
- nixpkgs-unstable 6.4.2
- nixos-unstable-small 6.4.2

Package maintainers

@coreyoconnor Corey O'Connor <coreyoconnor@gmail.com>
@earldouglas James Earl Douglas <james@earldouglas.com>
@NeQuissimus Tim Steinbach <tim@nequissimus.com>

Automatically generated suggestions

References

Affected products

Matching in nixpkgs

pkgs.poppler

pkgs.poppler_gi

pkgs.poppler_min

pkgs.poppler_data

pkgs.poppler-utils

pkgs.libsForQt5.poppler

pkgs.kdePackages.poppler

pkgs.qt6Packages.poppler

pkgs.plasma5Packages.poppler

pkgs.haskellPackages.gi-poppler

pkgs.python312Packages.poppler-qt5

pkgs.python313Packages.poppler-qt5

pkgs.python314Packages.poppler-qt5

pkgs.zathuraPkgs.zathura_pdf_poppler

pkgs.python312Packages.python-poppler

pkgs.python313Packages.python-poppler

pkgs.python314Packages.python-poppler

pkgs.tests.pkg-config.defaultPkgConfigPackages.poppler-glib

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.smfh

pkgs.asmfmt

pkgs.libsmf

pkgs.nasmfmt

pkgs.mt32emu-smf2wav

pkgs.python312Packages.pysmf

pkgs.python313Packages.pysmf

pkgs.python314Packages.pysmf

pkgs.tests.fetchFromGitHub.rootDir

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.samba

pkgs.samba4

pkgs.sambamba

pkgs.sambaFull

pkgs.samba4Full

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.rsyslog

pkgs.rsyslog-light

References

Affected products

Matching in nixpkgs

pkgs.xlockmore

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.freeciv

pkgs.freeciv_qt

pkgs.freeciv_gtk

pkgs.freeciv_sdl2

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.xscreensaver

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.lilo

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.ariadne

pkgs.python313Packages.ariadne

pkgs.python314Packages.ariadne

Package maintainers