Nixpkgs: Bug Fix Bonanza: Triage Vulnerabilities Since 16.03 (Vulnerability Roundup 1)

Created on 23 Sep 2016 · 77Comments · Source: NixOS/nixpkgs

Goal

Before 16.09 is official, I think it would be good to try and resolve
as many vulnerabilities as we can. To try and cover as much ground as
possible we have leaned on LWN's list of vulnerabilities.

History

Last release, @fpletz and I went through the list fairly ad-hoc and
addressed as many as we could. This time, I've compiled a list of all
the reports since our last release and grouped them a bit.

Notes on the list

This list is _very_ long, but I think it will go faster than we
expect: A single upgrade of a package may fix all the related bugs. _Already 75% done!_
The reports have been roughly grouped by the package name. This
isn't perfect, but is intended to help identify if a whole group
of reports is resolved already.
Some issues will be duplicated, because it affects multiple packages.
For example, there are sometimes problems that impact thunderbird,
and firefox. LWN might report in one vulnerability "thunderbird
firefox". These names have been split to make sure both packages get
addressed.
By each issue is a link to code search for the package name, and
a Github search by filename. These are to help, but may not return
results when we do in fact package the software. If a search
doesn't turn up, please try altering the search criteria or
looking in nixpkgs manually before asserting we don't have it.

What about Vulnix / monitor.nixos.org?

I'm leery about about leaving the triage completely to automation.
I've found it very difficult to be highly confident in the ability
to match packages and versions to a CVE report.

I believe this list is orthogonal to the automation tools which have
been created, and that those tools could be used to accomplish
the triaging in this report.

Instructions:

Triage a report: If we don't have the software or our version isn't
vulnerable, tick the box or add a comment with the report number,
stating it isn't vulnerable.
Fix the issue: If we do have the software and it is vulnerable,
either leave a comment on this issue saying so, even open a pull
request with the fix. If you open a PR, make sure to tag this
issue so we can coordinate.
When an entire section is completed, move the section to the
"Triaged and Resolved Issues" details block below.

Without further ado...

Total remaining: 0

Triaged and Resolved Issues

389-ds-base (2 issues)

[x] [#699805](https://lwn.net/Vulnerabilities/699805/) (search, files) 389-ds-base: information disclosure
[x] [#675820](https://lwn.net/Vulnerabilities/675820/) (search, files) 389-ds-base: denial of service

Assorted (312 issues)
[x] [#701147](https://lwn.net/Vulnerabilities/701147/) (search, files) moin: unspecified
[x] [#688207](https://lwn.net/Vulnerabilities/688207/) (search, files) bugzilla: cross-site scripting
[x] [#685287](https://lwn.net/Vulnerabilities/685287/) (search, files) rpm: two vulnerabilities
[x] [#686450](https://lwn.net/Vulnerabilities/686450/) (search, files) dhcp: denial of service
[x] [#701629](https://lwn.net/Vulnerabilities/701629/) (search, files) pidgin: mysterious vulnerabilities
[x] [#676089](https://lwn.net/Vulnerabilities/676089/) (search, files) asterisk: file descriptor exhaustion
[x] [#681270](https://lwn.net/Vulnerabilities/681270/) (search, files) redmine: unspecified information disclosure vulnerabilities
[x] [#683992](https://lwn.net/Vulnerabilities/683992/) (search, files) cryptopp: information disclosure
[x] [#695093](https://lwn.net/Vulnerabilities/695093/) (search, files) openstack-neutron: three vulnerabilities
[x] [#691101](https://lwn.net/Vulnerabilities/691101/) (search, files) opera: multiple vulnerabilities
[x] [#671736](https://lwn.net/Vulnerabilities/671736/) (search, files) isc-dhcp: denial of service
[x] [#664752](https://lwn.net/Vulnerabilities/664752/) (search, files) lib32-libpng: denial of service
[x] [#675227](https://lwn.net/Vulnerabilities/675227/) (search, files) firebird: denial of service
[x] [#677963](https://lwn.net/Vulnerabilities/677963/) (search, files) ia32-libs: multiple vulnerabilities
[x] [#698139](https://lwn.net/Vulnerabilities/698139/) (search, files) mingw-lcms2: heap memory leak
[x] [#475668](https://lwn.net/Vulnerabilities/475668/) (search, files) plib: arbitrary code execution
[x] [#692849](https://lwn.net/Vulnerabilities/692849/) (search, files) libdwarf: multiple vulnerabilities
[x] [#693578](https://lwn.net/Vulnerabilities/693578/) (search, files) libircclient: insecure cipher suites
[x] [#675823](https://lwn.net/Vulnerabilities/675823/) (search, files) mozilla: two vulnerabilities
[x] [#692378](https://lwn.net/Vulnerabilities/692378/) (search, files) python2.7: three vulnerabilities
[x] [#695323](https://lwn.net/Vulnerabilities/695323/) (search, files) kf5-karchive: command execution
[x] [#689266](https://lwn.net/Vulnerabilities/689266/) (search, files) libfpx: denial of service
[x] [#689256](https://lwn.net/Vulnerabilities/689256/) (search, files) kf5-kinit: privilege escalation
[x] [#678161](https://lwn.net/Vulnerabilities/678161/) (search, files) KDE Frameworks: multiple vulnerabilities
[x] [#700116](https://lwn.net/Vulnerabilities/700116/) (search, files) file-roller: file deletion
[x] [#695092](https://lwn.net/Vulnerabilities/695092/) (search, files) java: unspecified vulnerability
[x] [#690411](https://lwn.net/Vulnerabilities/690411/) (search, files) libpdfbox-java: XML External Entity (XXE) attacks
[x] [#676797](https://lwn.net/Vulnerabilities/676797/) (search, files) obs-service-download_files: code injection
[x] [#686448](https://lwn.net/Vulnerabilities/686448/) (search, files) mplayer: code execution
[x] [#681395](https://lwn.net/Vulnerabilities/681395/) (search, files) webkit2: many vulnerabilities
[x] [#679404](https://lwn.net/Vulnerabilities/679404/) (search, files) openstack-nova: information exposure
[x] [#680797](https://lwn.net/Vulnerabilities/680797/) (search, files) webkitgtk3: multiple vulnerabilities
[x] [#674494](https://lwn.net/Vulnerabilities/674494/) (search, files) openstack-heat: denial of service
[x] [#700654](https://lwn.net/Vulnerabilities/700654/) (search, files) webkit2gtk: multiple vulnerabilities
[x] [#696699](https://lwn.net/Vulnerabilities/696699/) (search, files) bsdiff: denial of service
[x] [#667315](https://lwn.net/Vulnerabilities/667315/) (search, files) libphp-phpmailer: header injection
[x] [#676272](https://lwn.net/Vulnerabilities/676272/) (search, files) hamster-time-tracker: two denial of service flaws
[x] [#692027](https://lwn.net/Vulnerabilities/692027/) (search, files) horizon: cross-site scripting
[x] [#677956](https://lwn.net/Vulnerabilities/677956/) (search, files) openstack-glance: authorization bypass
[x] [#694623](https://lwn.net/Vulnerabilities/694623/) (search, files) atomic-openshift: information leak
[x] [#688205](https://lwn.net/Vulnerabilities/688205/) (search, files) ose3.1: unauthorized access
[x] [#675698](https://lwn.net/Vulnerabilities/675698/) (search, files) mozilla: denial of service
[x] [#641431](https://lwn.net/Vulnerabilities/641431/) (search, files) qt: multiple vulnerabilities
[x] [#688206](https://lwn.net/Vulnerabilities/688206/) (search, files) ose3.2: two vulnerabilities
[x] [#675045](https://lwn.net/Vulnerabilities/675045/) (search, files) kscreenlocker: restriction bypass
[x] [#694515](https://lwn.net/Vulnerabilities/694515/) (search, files) firefox: code execution
[x] [#629676](https://lwn.net/Vulnerabilities/629676/) (search, files) kde-runtime: misuse of crypto
[x] [#693472](https://lwn.net/Vulnerabilities/693472/) (search, files) openstack-ironic: authentication bypass
[x] [#681991](https://lwn.net/Vulnerabilities/681991/) (search, files) libqt4: unsafe SSL ciphers
[x] [#678163](https://lwn.net/Vulnerabilities/678163/) (search, files) libqt5-qtbase: two vulnerabilities
[x] [#699957](https://lwn.net/Vulnerabilities/699957/) (search, files) java: unspecified vulnerability
[x] [#678161](https://lwn.net/Vulnerabilities/678161/) (search, files) KDE Frameworks: multiple vulnerabilities
[x] [#687227](https://lwn.net/Vulnerabilities/687227/) (search, files) ocaml: information leak
[x] [#695459](https://lwn.net/Vulnerabilities/695459/) (search, files) uclibc: three vulnerabilities
[x] [#686293](https://lwn.net/Vulnerabilities/686293/) (search, files) xerces-j2: denial of service
[x] [#692375](https://lwn.net/Vulnerabilities/692375/) (search, files) setroubleshoot: multiple vulnerabilities
[x] [#695956](https://lwn.net/Vulnerabilities/695956/) (search, files) libdbd-mysql-perl: code execution
[x] [#683998](https://lwn.net/Vulnerabilities/683998/) (search, files) qpid-proton: TLS to plaintext downgrade
[x] [#676927](https://lwn.net/Vulnerabilities/676927/) (search, files) libssh2: insecure ssh sessions
[x] [#699175](https://lwn.net/Vulnerabilities/699175/) (search, files) canl-c: proxy manipulation
[x] [#672559](https://lwn.net/Vulnerabilities/672559/) (search, files) bind9: denial of service
[x] [#697947](https://lwn.net/Vulnerabilities/697947/) (search, files) firewalld: authentication bypass
[x] [#680031](https://lwn.net/Vulnerabilities/680031/) (search, files) pidgin-otr: code execution
[x] [#578785](https://lwn.net/Vulnerabilities/578785/) (search, files) typo3-src: multiple vulnerabilities
[x] [#636684](https://lwn.net/Vulnerabilities/636684/) (search, files) osc: command injection
[x] [#688456](https://lwn.net/Vulnerabilities/688456/) (search, files) networkmanager: information leak
[x] [#687716](https://lwn.net/Vulnerabilities/687716/) (search, files) atheme: two vulnerabilities
[x] [#684456](https://lwn.net/Vulnerabilities/684456/) (search, files) apparmor: profile updates
[x] [#701139](https://lwn.net/Vulnerabilities/701139/) (search, files) jackrabbit: cross-site request forgery
[x] [#514067](https://lwn.net/Vulnerabilities/514067/) (search, files) mozilla: multiple vulnerabilities
[x] [#693003](https://lwn.net/Vulnerabilities/693003/) (search, files) xguest: insecure password creation
[x] [#561443](https://lwn.net/Vulnerabilities/561443/) (search, files) lcms2: denial of service
[x] [#696815](https://lwn.net/Vulnerabilities/696815/) (search, files) openntpd/busybox: denial of service
[x] [#666133](https://lwn.net/Vulnerabilities/666133/) (search, files) cyrus-imapd: two vulnerabilities
[x] [#683452](https://lwn.net/Vulnerabilities/683452/) (search, files) cairo: denial of service
[x] [#699682](https://lwn.net/Vulnerabilities/699682/) (search, files) jsch: path traversal
[x] [#643372](https://lwn.net/Vulnerabilities/643372/) (search, files) erlang: man-in-the-middle attack
[x] [#699952](https://lwn.net/Vulnerabilities/699952/) (search, files) icu: code execution
[x] [#677961](https://lwn.net/Vulnerabilities/677961/) (search, files) bsh: code execution
[x] [#699684](https://lwn.net/Vulnerabilities/699684/) (search, files) tiff3: two vulnerabilities
[x] [#688728](https://lwn.net/Vulnerabilities/688728/) (search, files) bozohttpd: two vulnerabilities
[x] [#681096](https://lwn.net/Vulnerabilities/681096/) (search, files) foomatic: code execution
[x] [#698794](https://lwn.net/Vulnerabilities/698794/) (search, files) tryton-server: two vulnerabilities
[x] [#691098](https://lwn.net/Vulnerabilities/691098/) (search, files) libjpeg: memory leak
[x] [#682385](https://lwn.net/Vulnerabilities/682385/) (search, files) lhasa: code execution
[x] [#633536](https://lwn.net/Vulnerabilities/633536/) (search, files) pigz: directory traversal
[x] [#699955](https://lwn.net/Vulnerabilities/699955/) (search, files) libstorage: password disclosure
[x] [#694515](https://lwn.net/Vulnerabilities/694515/) (search, files) firefox: code execution
[x] [#658939](https://lwn.net/Vulnerabilities/658939/) (search, files) fuseiso: two vulnerabilities
[x] [#688729](https://lwn.net/Vulnerabilities/688729/) (search, files) ruby-mail: SMTP injection
[x] [#687713](https://lwn.net/Vulnerabilities/687713/) (search, files) ioprocess: invalid md5sum
[x] [#694784](https://lwn.net/Vulnerabilities/694784/) (search, files) ruby-eventmachine: denial of service
[x] [#689258](https://lwn.net/Vulnerabilities/689258/) (search, files) libimobiledevice: sockets listening on INADDR_ANY
[x] [#692856](https://lwn.net/Vulnerabilities/692856/) (search, files) libcommons-fileupload-java: denial of service
[x] [#692176](https://lwn.net/Vulnerabilities/692176/) (search, files) nfdump: multiple vulnerabilities
[x] [#688051](https://lwn.net/Vulnerabilities/688051/) (search, files) p7zip: two code execution flaws
[x] [#697440](https://lwn.net/Vulnerabilities/697440/) (search, files) pulp: two vulnerabilities
[x] [#665242](https://lwn.net/Vulnerabilities/665242/) (search, files) uglify-js: malicious code obfuscation
[x] [#691095](https://lwn.net/Vulnerabilities/691095/) (search, files) nspr: buffer overflow
[x] [#669405](https://lwn.net/Vulnerabilities/669405/) (search, files) activemq: unsafe deserialization
[x] [#685139](https://lwn.net/Vulnerabilities/685139/) (search, files) mod_nss: invalid handling of +CIPHER operator
[x] [#699946](https://lwn.net/Vulnerabilities/699946/) (search, files) kibana: two vulnerabilties
[x] [#685892](https://lwn.net/Vulnerabilities/685892/) (search, files) ubuntu-core-launcher: code execution
[x] [#678811](https://lwn.net/Vulnerabilities/678811/) (search, files) roundup: information leak
[x] [#696419](https://lwn.net/Vulnerabilities/696419/) (search, files) hawk2: clickjacking prevention
[x] [#661900](https://lwn.net/Vulnerabilities/661900/) (search, files) cakephp: denial of service
[x] [#695326](https://lwn.net/Vulnerabilities/695326/) (search, files) gnugk: denial of service
[x] [#696553](https://lwn.net/Vulnerabilities/696553/) (search, files) python-autobahn: insecure origin validation
[x] [#671739](https://lwn.net/Vulnerabilities/671739/) (search, files) shotwell: validate TLS certificates
[x] [#652551](https://lwn.net/Vulnerabilities/652551/) (search, files) ghostscript: buffer overflow
[x] [#681753](https://lwn.net/Vulnerabilities/681753/) (search, files) kamailio: code execution
[x] [#685412](https://lwn.net/Vulnerabilities/685412/) (search, files) oxide-qt: code execution
[x] [#692924](https://lwn.net/Vulnerabilities/692924/) (search, files) movabletype-opensource: SQL injection
[x] [#697949](https://lwn.net/Vulnerabilities/697949/) (search, files) knot: denial of service
[x] [#691094](https://lwn.net/Vulnerabilities/691094/) (search, files) mantis: cross-site scripting
[x] [#675832](https://lwn.net/Vulnerabilities/675832/) (search, files) xdelta3: code execution
[x] [#701142](https://lwn.net/Vulnerabilities/701142/) (search, files) distribution-gpg-keys: privilege escalation
[x] [#682756](https://lwn.net/Vulnerabilities/682756/) (search, files) oar: privilege escalation
[x] [#682974](https://lwn.net/Vulnerabilities/682974/) (search, files) libmaxminddb: multiple vulnerabilities
[x] [#684751](https://lwn.net/Vulnerabilities/684751/) (search, files) varnish: access control bypass
[x] [#679766](https://lwn.net/Vulnerabilities/679766/) (search, files) php-htmLawed: unspecified vulnerability
[x] [#691497](https://lwn.net/Vulnerabilities/691497/) (search, files) monit: disable SSLv3
[x] [#675834](https://lwn.net/Vulnerabilities/675834/) (search, files) eog: code execution
[x] [#686291](https://lwn.net/Vulnerabilities/686291/) (search, files) jq: two vulnerabilities
[x] [#692635](https://lwn.net/Vulnerabilities/692635/) (search, files) kernel-rt: denial of service
[x] [#698986](https://lwn.net/Vulnerabilities/698986/) (search, files) mozilla-thunderbird: unspecified vulnerabilities
[x] [#682157](https://lwn.net/Vulnerabilities/682157/) (search, files) thunderbird: unspecified vulnerabilities
[x] [#680040](https://lwn.net/Vulnerabilities/680040/) (search, files) oracle-jre-bin: code execution
[x] [#676094](https://lwn.net/Vulnerabilities/676094/) (search, files) pcre: multiple vulnerabilities
[x] [#679630](https://lwn.net/Vulnerabilities/679630/) (search, files) php-udan11-sql-parser: multiple vulnerabilities
[x] [#677332](https://lwn.net/Vulnerabilities/677332/) (search, files) pixman: code execution
[x] [#682977](https://lwn.net/Vulnerabilities/682977/) (search, files) python-rsa: unspecified
[x] [#665241](https://lwn.net/Vulnerabilities/665241/) (search, files) latex2rtf: code execution
[x] [#674608](https://lwn.net/Vulnerabilities/674608/) (search, files) nodejs-is-my-json-valid: denial of service
[x] [#626653](https://lwn.net/Vulnerabilities/626653/) (search, files) mailx: command execution
[x] [#675700](https://lwn.net/Vulnerabilities/675700/) (search, files) cpio: out-of-bounds write
[x] [#700389](https://lwn.net/Vulnerabilities/700389/) (search, files) elog: unauthorized posts
[x] [#695954](https://lwn.net/Vulnerabilities/695954/) (search, files) collectd: code execution
[x] [#673463](https://lwn.net/Vulnerabilities/673463/) (search, files) chrony: packet modification
[x] [#696812](https://lwn.net/Vulnerabilities/696812/) (search, files) nodejs-tough-cookie: denial of service
[x] [#680794](https://lwn.net/Vulnerabilities/680794/) (search, files) mod_auth_mellon: denial of service
[x] [#698499](https://lwn.net/Vulnerabilities/698499/) (search, files) typo3-cms-4_5: two vulnerabilities
[x] [#695558](https://lwn.net/Vulnerabilities/695558/) (search, files) libupnp: unauthenticated access
[x] [#687592](https://lwn.net/Vulnerabilities/687592/) (search, files) wpa: two vulnerabilities
[x] [#678822](https://lwn.net/Vulnerabilities/678822/) (search, files) exiv2: denial of service
[x] [#695557](https://lwn.net/Vulnerabilities/695557/) (search, files) harfbuzz: multiple vulnerabilities
[x] [#686579](https://lwn.net/Vulnerabilities/686579/) (search, files) owncloud: undisclosed vulnerabilities
[x] [#681398](https://lwn.net/Vulnerabilities/681398/) (search, files) php-pecl-http: multiple vulnerabilities
[x] [#685005](https://lwn.net/Vulnerabilities/685005/) (search, files) parallel: file overwrites
[x] [#687596](https://lwn.net/Vulnerabilities/687596/) (search, files) jackson-dataformat-xml: XXE attack
[x] [#690791](https://lwn.net/Vulnerabilities/690791/) (search, files) haproxy: denial of service
[x] [#676097](https://lwn.net/Vulnerabilities/676097/) (search, files) springframework-social: cross-site request forgery
[x] [#692185](https://lwn.net/Vulnerabilities/692185/) (search, files) dnsmasq: denial of service
[x] [#696807](https://lwn.net/Vulnerabilities/696807/) (search, files) fontconfig: privilege escalation
[x] [#674834](https://lwn.net/Vulnerabilities/674834/) (search, files) polarssl: code execution
[x] [#694103](https://lwn.net/Vulnerabilities/694103/) (search, files) nodejs-ws: denial of service
[x] [#501450](https://lwn.net/Vulnerabilities/501450/) (search, files) FlightGear: multiple vulnerabilities
[x] [#682388](https://lwn.net/Vulnerabilities/682388/) (search, files) networkmanager: multiple vulnerabilities
[x] [#686454](https://lwn.net/Vulnerabilities/686454/) (search, files) obs-signd: improper user ID matching
[x] [#682570](https://lwn.net/Vulnerabilities/682570/) (search, files) vtun: denial of service
[x] [#700521](https://lwn.net/Vulnerabilities/700521/) (search, files) libphp-adodb: SQL injection
[x] [#687394](https://lwn.net/Vulnerabilities/687394/) (search, files) chromium: multiple vulnerabilities
[x] [#685007](https://lwn.net/Vulnerabilities/685007/) (search, files) python-tgcaptcha2: reusable captchas
[x] [#671445](https://lwn.net/Vulnerabilities/671445/) (search, files) gajim: man-in-the-middle
[x] [#682159](https://lwn.net/Vulnerabilities/682159/) (search, files) kubernetes: improper admission check control
[x] [#693176](https://lwn.net/Vulnerabilities/693176/) (search, files) libvirt: authentication bypass
[x] [#592272](https://lwn.net/Vulnerabilities/592272/) (search, files) libxalan2-java: information disclosure/code execution
[x] [#696418](https://lwn.net/Vulnerabilities/696418/) (search, files) pbuilder: file overwrite
[x] [#699803](https://lwn.net/Vulnerabilities/699803/) (search, files) charybdis: incorrect SASL authentication
[x] [#701141](https://lwn.net/Vulnerabilities/701141/) (search, files) zookeeper: buffer overflow
[x] [#682759](https://lwn.net/Vulnerabilities/682759/) (search, files) file: buffer over-write
[x] [#680601](https://lwn.net/Vulnerabilities/680601/) (search, files) openafs: multiple vulnerabilities
[x] [#697946](https://lwn.net/Vulnerabilities/697946/) (search, files) suckless-tools: screen locking bypass
[x] [#689391](https://lwn.net/Vulnerabilities/689391/) (search, files) lxd: two vulnerabilities
[x] [#700391](https://lwn.net/Vulnerabilities/700391/) (search, files) python-jwcrypto: information disclosure
[x] [#678628](https://lwn.net/Vulnerabilities/678628/) (search, files) pcs: two vulnerabilities
[x] [#695458](https://lwn.net/Vulnerabilities/695458/) (search, files) dietlibc: insecure default PATH
[x] [#680318](https://lwn.net/Vulnerabilities/680318/) (search, files) spip: two vulnerabilities
[x] [#628611](https://lwn.net/Vulnerabilities/628611/) (search, files) libevent: denial of service
[x] [#679616](https://lwn.net/Vulnerabilities/679616/) (search, files) libotr: code execution
[x] [#697137](https://lwn.net/Vulnerabilities/697137/) (search, files) node.js-negotiator: denial of service
[x] [#685009](https://lwn.net/Vulnerabilities/685009/) (search, files) w3m: denial of service
[x] [#665238](https://lwn.net/Vulnerabilities/665238/) (search, files) gcc: predictable random values
[x] [#615071](https://lwn.net/Vulnerabilities/615071/) (search, files) nodejs-qs: denial of service
[x] [#673018](https://lwn.net/Vulnerabilities/673018/) (search, files) cgit: three vulnerabilities
[x] [#669406](https://lwn.net/Vulnerabilities/669406/) (search, files) openstack-swift-plugin-swift3: replay attack
[x] [#660897](https://lwn.net/Vulnerabilities/660897/) (search, files) docker-engine: two vulnerabilities
[x] [#675372](https://lwn.net/Vulnerabilities/675372/) (search, files) postgresql: two vulnerabilities
[x] [#680793](https://lwn.net/Vulnerabilities/680793/) (search, files) drupal6-emfield: access bypass
[x] [#646558](https://lwn.net/Vulnerabilities/646558/) (search, files) tomcat6: Security Manager bypass
[x] [#697438](https://lwn.net/Vulnerabilities/697438/) (search, files) drupal7-theme-zen: cross-site scripting
[x] [#690142](https://lwn.net/Vulnerabilities/690142/) (search, files) dhcpcd5: code execution
[x] [#692030](https://lwn.net/Vulnerabilities/692030/) (search, files) iperf3: denial of service
[x] [#701626](https://lwn.net/Vulnerabilities/701626/) (search, files) irssi: heap corruption
[x] [#690142](https://lwn.net/Vulnerabilities/690142/) (search, files) dhcpcd5: code execution
[x] [#701631](https://lwn.net/Vulnerabilities/701631/) (search, files) drupal panels: multiple vulnerabilities
[x] [#701630](https://lwn.net/Vulnerabilities/701630/) (search, files) drupal7-google_analytics: cross-site scripting
[x] [#692518](https://lwn.net/Vulnerabilities/692518/) (search, files) squidguard: cross-site scripting
[x] [#672436](https://lwn.net/Vulnerabilities/672436/) (search, files) srtp: denial of service
[x] [#684595](https://lwn.net/Vulnerabilities/684595/) (search, files) springframework-amqp: code execution
[x] [#663516](https://lwn.net/Vulnerabilities/663516/) (search, files) libxslt: denial of service
[x] [#686289](https://lwn.net/Vulnerabilities/686289/) (search, files) minissdpd: denial of service
[x] [#694783](https://lwn.net/Vulnerabilities/694783/) (search, files) binutils: multiple vulnerabilities
[x] [#698653](https://lwn.net/Vulnerabilities/698653/) (search, files) freeipa: denial of service
[x] [#675368](https://lwn.net/Vulnerabilities/675368/) (search, files) libgcrypt20: key leak
[x] [#693577](https://lwn.net/Vulnerabilities/693577/) (search, files) cronic: predictable temporary files
[x] [#678159](https://lwn.net/Vulnerabilities/678159/) (search, files) okhttp: certificate pinning bypass
[x] [#692179](https://lwn.net/Vulnerabilities/692179/) (search, files) ctdb: privilege escalation
[x] [#692851](https://lwn.net/Vulnerabilities/692851/) (search, files) libpurple: multiple vulnerabilities
[x] [#688457](https://lwn.net/Vulnerabilities/688457/) (search, files) php-ZendFramework2: insecure ciphertexts
[x] [#687591](https://lwn.net/Vulnerabilities/687591/) (search, files) dosfstools: two vulnerabilities
[x] [#701142](https://lwn.net/Vulnerabilities/701142/) (search, files) distribution-gpg-keys: privilege escalation
[x] [#701633](https://lwn.net/Vulnerabilities/701633/) (search, files) Horde: cross-site scripting
[x] [#686446](https://lwn.net/Vulnerabilities/686446/) (search, files) libpam-sshauth: privilege escalation
[x] [#688597](https://lwn.net/Vulnerabilities/688597/) (search, files) php: two vulnerabilities
[x] [#684596](https://lwn.net/Vulnerabilities/684596/) (search, files) giflib: denial of service
[x] [#699685](https://lwn.net/Vulnerabilities/699685/) (search, files) ganglia: cross-site scripting
[x] [#657320](https://lwn.net/Vulnerabilities/657320/) (search, files) icedtea-web: applet execution
[x] [#657406](https://lwn.net/Vulnerabilities/657406/) (search, files) php-doctrine-annotations: privilege escalation
[x] [#674840](https://lwn.net/Vulnerabilities/674840/) (search, files) socat: man-in-the-middle
[x] [#686575](https://lwn.net/Vulnerabilities/686575/) (search, files) quassel-core: denial of service
[x] [#685012](https://lwn.net/Vulnerabilities/685012/) (search, files) yast2-users: empty passwords fields in /etc/shadow
[x] [#684746](https://lwn.net/Vulnerabilities/684746/) (search, files) drupal7-block_class: cross-site scripting
[x] [#674836](https://lwn.net/Vulnerabilities/674836/) (search, files) kernel: privilege escalation
[x] [#674704](https://lwn.net/Vulnerabilities/674704/) (search, files) libbsd: denial of service
[x] [#690416](https://lwn.net/Vulnerabilities/690416/) (search, files) openslp: denial of service
[x] [#683994](https://lwn.net/Vulnerabilities/683994/) (search, files) libtasn1: denial of service
[x] [#690141](https://lwn.net/Vulnerabilities/690141/) (search, files) spice: two vulnerabilities
[x] [#671465](https://lwn.net/Vulnerabilities/671465/) (search, files) rsync: unsafe destination path
[x] [#695968](https://lwn.net/Vulnerabilities/695968/) (search, files) kernel: two vulnerabilities
[x] [#685879](https://lwn.net/Vulnerabilities/685879/) (search, files) openvas: cross-site scripting
[x] [#690024](https://lwn.net/Vulnerabilities/690024/) (search, files) puppet-agent: multiple vulnerabilities
[x] [#684747](https://lwn.net/Vulnerabilities/684747/) (search, files) glpi: SQL injection
[x] [#500144](https://lwn.net/Vulnerabilities/500144/) (search, files) arpwatch: privilege escalation
[x] [#642646](https://lwn.net/Vulnerabilities/642646/) (search, files) fcgi: denial of service
[x] [#682576](https://lwn.net/Vulnerabilities/682576/) (search, files) xchat-gnome: man-in-the-middle attack
[x] [#682387](https://lwn.net/Vulnerabilities/682387/) (search, files) apache-commons-collections: code execution
[x] [#701151](https://lwn.net/Vulnerabilities/701151/) (search, files) php-adodb: cross-site scripting
[x] [#701634](https://lwn.net/Vulnerabilities/701634/) (search, files) Horde: cross-site scripting
[x] [#674843](https://lwn.net/Vulnerabilities/674843/) (search, files) rubygem-rails-html-sanitizer: multiple vulnerabilities
[x] [#694627](https://lwn.net/Vulnerabilities/694627/) (search, files) util-linux: denial of service
[x] [#689249](https://lwn.net/Vulnerabilities/689249/) (search, files) openafs: denial of service
[x] [#693576](https://lwn.net/Vulnerabilities/693576/) (search, files) libgd: denial of service
[x] [#696702](https://lwn.net/Vulnerabilities/696702/) (search, files) stunnel: two vulnerabilities
[x] [#677979](https://lwn.net/Vulnerabilities/677979/) (search, files) jabberd: cryptographically insecure
[x] [#692522](https://lwn.net/Vulnerabilities/692522/) (search, files) obs-service-source_validator: code execution
[x] [#699804](https://lwn.net/Vulnerabilities/699804/) (search, files) libtomcrypt: signature forgery
[x] [#674258](https://lwn.net/Vulnerabilities/674258/) (search, files) gosa: code injection
[x] [#697262](https://lwn.net/Vulnerabilities/697262/) (search, files) drupal7-entity_translation: cross-site scripting
[x] [#687711](https://lwn.net/Vulnerabilities/687711/) (search, files) libndp: man-in-the-middle attacks
[x] [#676929](https://lwn.net/Vulnerabilities/676929/) (search, files) libssh: insecure ssh sessions
[x] [#701632](https://lwn.net/Vulnerabilities/701632/) (search, files) mod_cluster: "remote exploits"
[x] [#669408](https://lwn.net/Vulnerabilities/669408/) (search, files) gummi: predictable filenames in /tmp
[x] [#695808](https://lwn.net/Vulnerabilities/695808/) (search, files) drupal7-views: access bypass
[x] [#650307](https://lwn.net/Vulnerabilities/650307/) (search, files) polkit: multiple vulnerabilities
[x] [#683995](https://lwn.net/Vulnerabilities/683995/) (search, files) poppler: code execution
[x] [#695964](https://lwn.net/Vulnerabilities/695964/) (search, files) php-pecl-zip: buffer overflow
[x] [#689247](https://lwn.net/Vulnerabilities/689247/) (search, files) symfony: two vulnerabilities
[x] [#692375](https://lwn.net/Vulnerabilities/692375/) (search, files) setroubleshoot: multiple vulnerabilities
[x] [#679629](https://lwn.net/Vulnerabilities/679629/) (search, files) libmodbus: buffer overflow
[x] [#669659](https://lwn.net/Vulnerabilities/669659/) (search, files) encfs: multiple vulnerabilities
[x] [#700836](https://lwn.net/Vulnerabilities/700836/) (search, files) autotrace: code execution
[x] [#694861](https://lwn.net/Vulnerabilities/694861/) (search, files) httpd: HTTP redirect
[x] [#696215](https://lwn.net/Vulnerabilities/696215/) (search, files) lighttpd: man-in-the-middle attacks
[x] [#696808](https://lwn.net/Vulnerabilities/696808/) (search, files) flex: buffer overflow
[x] [#594740](https://lwn.net/Vulnerabilities/594740/) (search, files) nagios: denial of service
[x] [#677960](https://lwn.net/Vulnerabilities/677960/) (search, files) xymon: multiple vulnerabilities
[x] [#688210](https://lwn.net/Vulnerabilities/688210/) (search, files) gdk-pixbuf2.0: code execution
[x] [#693865](https://lwn.net/Vulnerabilities/693865/) (search, files) tcpreplay: denial of service
[x] [#699163](https://lwn.net/Vulnerabilities/699163/) (search, files) mailman: password disclosure
[x] [#632256](https://lwn.net/Vulnerabilities/632256/) (search, files) hexchat: SSL spoofing
[x] [#676274](https://lwn.net/Vulnerabilities/676274/) (search, files) libxmp: multiple vulnerabilities
[x] [#696696](https://lwn.net/Vulnerabilities/696696/) (search, files) mongodb: two vulnerabilities
[x] [#681647](https://lwn.net/Vulnerabilities/681647/) (search, files) openvswitch: code execution
[x] [#684749](https://lwn.net/Vulnerabilities/684749/) (search, files) lha: buffer overflow
[x] [#654283](https://lwn.net/Vulnerabilities/654283/) (search, files) gnutls: denial of service
[x] [#681098](https://lwn.net/Vulnerabilities/681098/) (search, files) libmatroska: information leak
[x] [#686749](https://lwn.net/Vulnerabilities/686749/) (search, files) ikiwiki: cross-site scripting
[x] [#673455](https://lwn.net/Vulnerabilities/673455/) (search, files) privoxy: two denial of service flaws
[x] [#694102](https://lwn.net/Vulnerabilities/694102/) (search, files) davfs2: unspecified
[x] [#687590](https://lwn.net/Vulnerabilities/687590/) (search, files) jansson: denial of service
[x] [#697945](https://lwn.net/Vulnerabilities/697945/) (search, files) cracklib2: code execution
[x] [#697141](https://lwn.net/Vulnerabilities/697141/) (search, files) python: proxy injection
[x] [#672564](https://lwn.net/Vulnerabilities/672564/) (search, files) radicale: multiple vulnerabilities
[x] [#674706](https://lwn.net/Vulnerabilities/674706/) (search, files) salt: information leak
[x] [#676794](https://lwn.net/Vulnerabilities/676794/) (search, files) php-horde-horde: cross-site scripting
[x] [#686288](https://lwn.net/Vulnerabilities/686288/) (search, files) openssl: information leak
[x] [#688452](https://lwn.net/Vulnerabilities/688452/) (search, files) php-symfony: buffer overflow
[x] [#685875](https://lwn.net/Vulnerabilities/685875/) (search, files) tardiff: two vulnerabilities
[x] [#647621](https://lwn.net/Vulnerabilities/647621/) (search, files) rabbitmq-server: multiple vulnerabilities
[x] [#668547](https://lwn.net/Vulnerabilities/668547/) (search, files) sosreport: two vulnerabilities
[x] [#676787](https://lwn.net/Vulnerabilities/676787/) (search, files) didiwiki: unintended access
[x] [#674493](https://lwn.net/Vulnerabilities/674493/) (search, files) nettle: improper cryptographic calculations
[x] [#693574](https://lwn.net/Vulnerabilities/693574/) (search, files) sqlite3: information leak
[x] [#698658](https://lwn.net/Vulnerabilities/698658/) (search, files) rubygem-actionpack: unsafe query generation
[x] [#646898](https://lwn.net/Vulnerabilities/646898/) (search, files) mysql-connector-java: information disclosure
[x] [#696805](https://lwn.net/Vulnerabilities/696805/) (search, files) minimatch: denial of service
[x] [#692859](https://lwn.net/Vulnerabilities/692859/) (search, files) mirrormanager: code execution
[x] [#677959](https://lwn.net/Vulnerabilities/677959/) (search, files) pillow: code execution
[x] [#694861](https://lwn.net/Vulnerabilities/694861/) (search, files) httpd: HTTP redirect
[x] [#685137](https://lwn.net/Vulnerabilities/685137/) (search, files) ansible: code execution
[x] [#638544](https://lwn.net/Vulnerabilities/638544/) (search, files) freexl: code execution
[x] [#673582](https://lwn.net/Vulnerabilities/673582/) (search, files) mariadb: multiple vulnerabilities
[x] [#664752](https://lwn.net/Vulnerabilities/664752/) (search, files) lib32-libpng: denial of service
[x] [#695170](https://lwn.net/Vulnerabilities/695170/) (search, files) mysql: multiple unspecified vulnerabilities
[x] [#701352](https://lwn.net/Vulnerabilities/701352/) (search, files) unadf: two vulnerabilities
[x] [#681399](https://lwn.net/Vulnerabilities/681399/) (search, files) torbrowser-launcher: signature verification bypass
[x] [#686751](https://lwn.net/Vulnerabilities/686751/) (search, files) libecap: denial of service
[x] [#619213](https://lwn.net/Vulnerabilities/619213/) (search, files) php-Smarty: code execution
[x] [#685492](https://lwn.net/Vulnerabilities/685492/) (search, files) i7z: denial of service
[x] [#685290](https://lwn.net/Vulnerabilities/685290/) (search, files) xstream: enabled processing of external entities
[x] [#696207](https://lwn.net/Vulnerabilities/696207/) (search, files) libtiff: multiple vulnerabilities

Chromium (2 issues)
[x] [#696700](https://lwn.net/Vulnerabilities/696700/) (search, files) chromium: multiple vulnerabilities
[x] [#682155](https://lwn.net/Vulnerabilities/682155/) (search, files) Chromium: denial of service

GraphicsMagick (4 issues)
[x] [#700838](https://lwn.net/Vulnerabilities/700838/) (search, files) graphicsmagick: multiple vulnerabilities
[x] [#693480](https://lwn.net/Vulnerabilities/693480/) (search, files) graphicsmagick: multiple vulnerabilities
[x] [#692029](https://lwn.net/Vulnerabilities/692029/) (search, files) GraphicsMagick: denial of service
[x] [#677107](https://lwn.net/Vulnerabilities/677107/) (search, files) GraphicsMagick: out-of-bounds read flaw

ImageMagick (2 issues)
[x] [#697263](https://lwn.net/Vulnerabilities/697263/) (search, files) imagemagick: two vulnerabilities
[x] [#693727](https://lwn.net/Vulnerabilities/693727/) (search, files) imagemagick: many vulnerabilities

bind (3 issues)
[x] [#695097](https://lwn.net/Vulnerabilities/695097/) (search, files) bind: denial of service
[x] [#679612](https://lwn.net/Vulnerabilities/679612/) (search, files) bind: multiple vulnerabilities
[x] [#679760](https://lwn.net/Vulnerabilities/679760/) (search, files) bind: denial of service

botan (3 issues)
[x] [#681390](https://lwn.net/Vulnerabilities/681390/) (search, files) botan: multiple vulnerabilities
[x] [#679255](https://lwn.net/Vulnerabilities/679255/) (search, files) botan: two vulnerabilities
[x] [#675225](https://lwn.net/Vulnerabilities/675225/) (search, files) botan: three vulnerabilities

botan1.10 (2 issues)
[x] [#685877](https://lwn.net/Vulnerabilities/685877/) (search, files) botan: insufficient randomness
[x] [#685873](https://lwn.net/Vulnerabilities/685873/) (search, files) botan: side channel attack

cacti (3 issues)
[x] [#687042](https://lwn.net/Vulnerabilities/687042/) (search, files) cacti: SQL injection
[x] [#687864](https://lwn.net/Vulnerabilities/687864/) (search, files) cacti: SQL injection
[x] [#675369](https://lwn.net/Vulnerabilities/675369/) (search, files) cacti: authentication bypass

chromium (11 issues)
[x] [#687394](https://lwn.net/Vulnerabilities/687394/) (search, files) chromium: multiple vulnerabilities
[x] [#699161](https://lwn.net/Vulnerabilities/699161/) (search, files) chromium: multiple vulnerabilities
[x] [#695320](https://lwn.net/Vulnerabilities/695320/) (search, files) chromium: multiple vulnerabilities
[x] [#689242](https://lwn.net/Vulnerabilities/689242/) (search, files) chromium: multiple vulnerabilities
[x] [#692035](https://lwn.net/Vulnerabilities/692035/) (search, files) chromium: multiple vulnerabilities
[x] [#687715](https://lwn.net/Vulnerabilities/687715/) (search, files) chromium: directory traversal
[x] [#681568](https://lwn.net/Vulnerabilities/681568/) (search, files) chromium: multiple vulnerabilities
[x] [#679613](https://lwn.net/Vulnerabilities/679613/) (search, files) chromium: multiple vulnerabilities
[x] [#680036](https://lwn.net/Vulnerabilities/680036/) (search, files) chromium: two vulnerabilities
[x] [#678807](https://lwn.net/Vulnerabilities/678807/) (search, files) chromium: multiple vulnerabilities
[x] [#676784](https://lwn.net/Vulnerabilities/676784/) (search, files) chromium: code execution

chromium-browser (7 issues)
[x] [#700835](https://lwn.net/Vulnerabilities/700835/) (search, files) chromium-browser: multiple vulnerabilities
[x] [#689718](https://lwn.net/Vulnerabilities/689718/) (search, files) chromium-browser: multiple vulnerabilities
[x] [#685867](https://lwn.net/Vulnerabilities/685867/) (search, files) chromium-browser: multiple vulnerabilities
[x] [#683985](https://lwn.net/Vulnerabilities/683985/) (search, files) chromium: multiple vulnerabilities
[x] [#601056](https://lwn.net/Vulnerabilities/601056/) (search, files) chromium-browser: multiple vulnerabilities
[x] [#676786](https://lwn.net/Vulnerabilities/676786/) (search, files) chromium: code execution
[x] [#676077](https://lwn.net/Vulnerabilities/676077/) (search, files) chromium: multiple vulnerabilities

claws-mail (2 issues)
[x] [#669041](https://lwn.net/Vulnerabilities/669041/) (search, files) claws-mail: code execution
[x] [#674837](https://lwn.net/Vulnerabilities/674837/) (search, files) claws-mail: stack-based buffer overflow

community-mysql (2 issues)
[x] [#694101](https://lwn.net/Vulnerabilities/694101/) (search, files) community-mysql: unspecified
[x] [#679627](https://lwn.net/Vulnerabilities/679627/) (search, files) community-mysql: multiple vulnerabilities

curl (5 issues)
[x] [#700965](https://lwn.net/Vulnerabilities/700965/) (search, files) curl: code execution
[x] [#700112](https://lwn.net/Vulnerabilities/700112/) (search, files) curl: certificate reuse
[x] [#696214](https://lwn.net/Vulnerabilities/696214/) (search, files) curl: three vulnerabilities
[x] [#688458](https://lwn.net/Vulnerabilities/688458/) (search, files) curl: server spoofing
[x] [#673777](https://lwn.net/Vulnerabilities/673777/) (search, files) curl: authentication bypass

dhcpcd (3 issues)
[x] [#671444](https://lwn.net/Vulnerabilities/671444/) (search, files) dhcpcd: denial of service
[x] [#688209](https://lwn.net/Vulnerabilities/688209/) (search, files) dhcpcd: code execution
[x] [#667314](https://lwn.net/Vulnerabilities/667314/) (search, files) dhcpcd: multiple vulnerabilities

docker (2 issues)
[x] [#687396](https://lwn.net/Vulnerabilities/687396/) (search, files) docker: privilege escalation
[x] [#672312](https://lwn.net/Vulnerabilities/672312/) (search, files) docker: information disclosure

dropbear (2 issues)
[x] [#695690](https://lwn.net/Vulnerabilities/695690/) (search, files) dropbear: multiple vulnerabilities
[x] [#680178](https://lwn.net/Vulnerabilities/680178/) (search, files) dropbear: information disclosure

drupal (2 issues)
[x] [#695167](https://lwn.net/Vulnerabilities/695167/) (search, files) drupal: proxy injection
[x] [#662052](https://lwn.net/Vulnerabilities/662052/) (search, files) drupal: open redirect vulnerability

drupal7 (2 issues)
[x] [#691830](https://lwn.net/Vulnerabilities/691830/) (search, files) drupal7: privilege escalation
[x] [#677958](https://lwn.net/Vulnerabilities/677958/) (search, files) drupal7: multiple vulnerabilities

ecryptfs-utils (2 issues)
[x] [#694959](https://lwn.net/Vulnerabilities/694959/) (search, files) ecryptfs-utils: two vulnerabilities
[x] [#672561](https://lwn.net/Vulnerabilities/672561/) (search, files) ecryptfs-utils: privilege escalation

eglibc (3 issues)
[x] [#688730](https://lwn.net/Vulnerabilities/688730/) (search, files) glibc: privilege escalation
[x] [#674835](https://lwn.net/Vulnerabilities/674835/) (search, files) eglibc: multiple vulnerabilities
[x] [#675830](https://lwn.net/Vulnerabilities/675830/) (search, files) eglibc: code execution

eog (2 issues)
[x] [#698137](https://lwn.net/Vulnerabilities/698137/) (search, files) eog: out-of-bounds write
[x] [#675834](https://lwn.net/Vulnerabilities/675834/) (search, files) eog: code execution

exim (2 issues)
[x] [#607575](https://lwn.net/Vulnerabilities/607575/) (search, files) exim: code execution
[x] [#679614](https://lwn.net/Vulnerabilities/679614/) (search, files) exim: privilege escalation

expat (5 issues)
[x] [#692028](https://lwn.net/Vulnerabilities/692028/) (search, files) expat: pointer overflows
[x] [#690403](https://lwn.net/Vulnerabilities/690403/) (search, files) expat: two vulnerabilities
[x] [#687860](https://lwn.net/Vulnerabilities/687860/) (search, files) expat: code execution
[x] [#681391](https://lwn.net/Vulnerabilities/681391/) (search, files) expat: code execution
[x] [#489072](https://lwn.net/Vulnerabilities/489072/) (search, files) expat: denial of service

extplorer (3 issues)
[x] [#697338](https://lwn.net/Vulnerabilities/697338/) (search, files) extplorer: file overwrite
[x] [#688447](https://lwn.net/Vulnerabilities/688447/) (search, files) extplorer: cross-site request forgery
[x] [#655402](https://lwn.net/Vulnerabilities/655402/) (search, files) extplorer: cross-site scripting

ffmpeg (6 issues)
[x] [#692033](https://lwn.net/Vulnerabilities/692033/) (search, files) ffmpeg: multiple vulnerabilities
[x] [#680038](https://lwn.net/Vulnerabilities/680038/) (search, files) ffmpeg: multiple vulnerabilities
[x] [#679124](https://lwn.net/Vulnerabilities/679124/) (search, files) ffmpeg: denial of service
[x] [#672314](https://lwn.net/Vulnerabilities/672314/) (search, files) ffmpeg: cross-origin attacks
[x] [#676796](https://lwn.net/Vulnerabilities/676796/) (search, files) ffmpeg: denial of service
[x] [#675050](https://lwn.net/Vulnerabilities/675050/) (search, files) ffmpeg: denial of service

firefox (26 issues)
[x] [#696206](https://lwn.net/Vulnerabilities/696206/) (search, files) mozilla: multiple vulnerabilities
[x] [#701625](https://lwn.net/Vulnerabilities/701625/) (search, files) firefox: multiple vulnerabilities
[x] [#701347](https://lwn.net/Vulnerabilities/701347/) (search, files) mozilla: multiple vulnerabilities
[x] [#696550](https://lwn.net/Vulnerabilities/696550/) (search, files) firefox: multiple vulnerabilities
[x] [#696551](https://lwn.net/Vulnerabilities/696551/) (search, files) Firefox: denial of service
[x] [#690400](https://lwn.net/Vulnerabilities/690400/) (search, files) mozilla: multiple vulnerabilities
[x] [#685285](https://lwn.net/Vulnerabilities/685285/) (search, files) mozilla: multiple vulnerabilities
[x] [#689268](https://lwn.net/Vulnerabilities/689268/) (search, files) mozilla: multiple vulnerabilities
[x] [#679618](https://lwn.net/Vulnerabilities/679618/) (search, files) firefox: use-after-free
[x] [#686577](https://lwn.net/Vulnerabilities/686577/) (search, files) firefox: denial of service
[x] [#685294](https://lwn.net/Vulnerabilities/685294/) (search, files) mozilla: multiple vulnerabilities
[x] [#679413](https://lwn.net/Vulnerabilities/679413/) (search, files) mozilla: multiple vulnerabilities
[x] [#668127](https://lwn.net/Vulnerabilities/668127/) (search, files) mozilla: multiple vulnerabilities
[x] [#679400](https://lwn.net/Vulnerabilities/679400/) (search, files) mozilla: multiple vulnerabilities
[x] [#654279](https://lwn.net/Vulnerabilities/654279/) (search, files) firefox: multiple vulnerabilities
[x] [#679615](https://lwn.net/Vulnerabilities/679615/) (search, files) firefox: multiple vulnerabilities
[x] [#680044](https://lwn.net/Vulnerabilities/680044/) (search, files) nss: denial of service
[x] [#514067](https://lwn.net/Vulnerabilities/514067/) (search, files) mozilla: multiple vulnerabilities
[x] [#675698](https://lwn.net/Vulnerabilities/675698/) (search, files) mozilla: denial of service
[x] [#654275](https://lwn.net/Vulnerabilities/654275/) (search, files) firefox: multiple vulnerabilities
[x] [#675371](https://lwn.net/Vulnerabilities/675371/) (search, files) firefox: same-origin restriction bypass
[x] [#673782](https://lwn.net/Vulnerabilities/673782/) (search, files) mozilla: multiple vulnerabilities
[x] [#673772](https://lwn.net/Vulnerabilities/673772/) (search, files) mozilla: code execution
[x] [#675823](https://lwn.net/Vulnerabilities/675823/) (search, files) mozilla: two vulnerabilities
[x] [#675228](https://lwn.net/Vulnerabilities/675228/) (search, files) firefox: denial of service
[x] [#675701](https://lwn.net/Vulnerabilities/675701/) (search, files) mozilla: denial of service

gd (2 issues)
[x] [#698984](https://lwn.net/Vulnerabilities/698984/) (search, files) gd: out-of-bounds read
[x] [#689578](https://lwn.net/Vulnerabilities/689578/) (search, files) gd: information leak

gdk-pixbuf (3 issues)
[x] [#700113](https://lwn.net/Vulnerabilities/700113/) (search, files) gdk-pixbuf: denial of service
[x] [#681648](https://lwn.net/Vulnerabilities/681648/) (search, files) gdk-pixbuf: buffer overflows
[x] [#659284](https://lwn.net/Vulnerabilities/659284/) (search, files) gdk-pixbuf: two vulnerabilities

gimp (3 issues)
[x] [#692855](https://lwn.net/Vulnerabilities/692855/) (search, files) gimp: use-after-free
[x] [#679128](https://lwn.net/Vulnerabilities/679128/) (search, files) gimp: command execution
[x] [#575639](https://lwn.net/Vulnerabilities/575639/) (search, files) gimp: code execution

git (2 issues)
[x] [#660668](https://lwn.net/Vulnerabilities/660668/) (search, files) git: multiple vulnerabilities
[x] [#680320](https://lwn.net/Vulnerabilities/680320/) (search, files) git: code execution

glibc (9 issues)
[x] [#697948](https://lwn.net/Vulnerabilities/697948/) (search, files) glibc: denial of service
[x] [#696694](https://lwn.net/Vulnerabilities/696694/) (search, files) glibc: denial of service
[x] [#687047](https://lwn.net/Vulnerabilities/687047/) (search, files) glibc: two vulnerabilities
[x] [#690146](https://lwn.net/Vulnerabilities/690146/) (search, files) glibc: denial of service
[x] [#634468](https://lwn.net/Vulnerabilities/634468/) (search, files) glibc: sends DNS queries to random file descriptors
[x] [#688730](https://lwn.net/Vulnerabilities/688730/) (search, files) glibc: privilege escalation
[x] [#687400](https://lwn.net/Vulnerabilities/687400/) (search, files) glibc: denial of service
[x] [#675830](https://lwn.net/Vulnerabilities/675830/) (search, files) eglibc: code execution
[x] [#676082](https://lwn.net/Vulnerabilities/676082/) (search, files) glibc: denial of service

gnupg (2 issues)
[x] [#697568](https://lwn.net/Vulnerabilities/697568/) (search, files) gnupg: flawed random number generation
[x] [#635765](https://lwn.net/Vulnerabilities/635765/) (search, files) gnupg: multiple vulnerabilities

gnutls (3 issues)
[x] [#700652](https://lwn.net/Vulnerabilities/700652/) (search, files) gnutls: certificate verification vulnerability
[x] [#694238](https://lwn.net/Vulnerabilities/694238/) (search, files) gnutls: certificate verification vulnerability
[x] [#690656](https://lwn.net/Vulnerabilities/690656/) (search, files) gnutls: arbitrary file overwrite

golang (3 issues)
[x] [#695809](https://lwn.net/Vulnerabilities/695809/) (search, files) golang: denial of service
[x] [#654887](https://lwn.net/Vulnerabilities/654887/) (search, files) golang: HTTP request smuggling
[x] [#685138](https://lwn.net/Vulnerabilities/685138/) (search, files) golang: denial of service

graphicsmagick (3 issues)
[x] [#688448](https://lwn.net/Vulnerabilities/688448/) (search, files) graphicsmagick: denial of service
[x] [#694626](https://lwn.net/Vulnerabilities/694626/) (search, files) graphicsmagick: out-of-bounds read
[x] [#689277](https://lwn.net/Vulnerabilities/689277/) (search, files) imagemagick: command execution

graphite2 (2 issues)
[x] [#678388](https://lwn.net/Vulnerabilities/678388/) (search, files) graphite2: multiple vulnerabilities
[x] [#676106](https://lwn.net/Vulnerabilities/676106/) (search, files) graphite2: information disclosure

gsi-openssh (2 issues)
[x] [#694239](https://lwn.net/Vulnerabilities/694239/) (search, files) gsi-openssh: support GSI authentication
[x] [#675229](https://lwn.net/Vulnerabilities/675229/) (search, files) gsi-openssh: privilege escalation

httpd (2 issues)
[x] [#694861](https://lwn.net/Vulnerabilities/694861/) (search, files) httpd: HTTP redirect
[x] [#694240](https://lwn.net/Vulnerabilities/694240/) (search, files) httpd: authentication bypass

imagemagick (8 issues)
[x] [#695953](https://lwn.net/Vulnerabilities/695953/) (search, files) imagemagick: information leak
[x] [#692862](https://lwn.net/Vulnerabilities/692862/) (search, files) imagemagick: multiple vulnerabilities
[x] [#691831](https://lwn.net/Vulnerabilities/691831/) (search, files) imagemagick: buffer overflow
[x] [#691829](https://lwn.net/Vulnerabilities/691829/) (search, files) ImageMagick: multiple vulnerabilities
[x] [#689277](https://lwn.net/Vulnerabilities/689277/) (search, files) imagemagick: command execution
[x] [#686574](https://lwn.net/Vulnerabilities/686574/) (search, files) imagemagick: code execution
[x] [#686761](https://lwn.net/Vulnerabilities/686761/) (search, files) imagemagick: multiple vulnerabilities
[x] [#683451](https://lwn.net/Vulnerabilities/683451/) (search, files) ImageMagick: multiple vulnerabilities

imlib2 (5 issues)
[x] [#685003](https://lwn.net/Vulnerabilities/685003/) (search, files) imlib2: denial of service
[x] [#684748](https://lwn.net/Vulnerabilities/684748/) (search, files) imlib2: code execution
[x] [#683843](https://lwn.net/Vulnerabilities/683843/) (search, files) imlib2: denial of service
[x] [#683727](https://lwn.net/Vulnerabilities/683727/) (search, files) imlib2: two vulnerabilities
[x] [#673458](https://lwn.net/Vulnerabilities/673458/) (search, files) imlib2: denial of service

inspircd (2 issues)
[x] [#700109](https://lwn.net/Vulnerabilities/700109/) (search, files) inspircd: user impersonation
[x] [#669754](https://lwn.net/Vulnerabilities/669754/) (search, files) inspircd: three largely unspecified vulnerabilities

jasper (5 issues)
[x] [#655645](https://lwn.net/Vulnerabilities/655645/) (search, files) jasper: denial of service
[x] [#697339](https://lwn.net/Vulnerabilities/697339/) (search, files) jasper: use-after-free
[x] [#678818](https://lwn.net/Vulnerabilities/678818/) (search, files) jasper: multiple vulnerabilities
[x] [#675051](https://lwn.net/Vulnerabilities/675051/) (search, files) jasper: denial of service
[x] [#673469](https://lwn.net/Vulnerabilities/673469/) (search, files) jasper: denial of service

java-1.6.0-ibm (2 issues)
[x] [#674380](https://lwn.net/Vulnerabilities/674380/) (search, files) java: information leak
[x] [#685870](https://lwn.net/Vulnerabilities/685870/) (search, files) java: three vulnerabilities

java-1.6.0-sun (2 issues)
[x] [#695089](https://lwn.net/Vulnerabilities/695089/) (search, files) java: unspecified vulnerability
[x] [#684745](https://lwn.net/Vulnerabilities/684745/) (search, files) java-1.6.0-sun: multiple vulnerabilities

java-1.7.0-openjdk (2 issues)
[x] [#661762](https://lwn.net/Vulnerabilities/661762/) (search, files) java-1.7.0-openjdk: many vulnerabilities
[x] [#681387](https://lwn.net/Vulnerabilities/681387/) (search, files) java: sandbox bypass

java-1.7.0-oracle (2 issues) See: https://github.com/NixOS/nixpkgs/issues/18856#issuecomment-249179789
[x] [#695091](https://lwn.net/Vulnerabilities/695091/) (search, files) java: two unspecified vulnerabilties
[x] [#570812](https://lwn.net/Vulnerabilities/570812/) (search, files) java-1.7.0-oracle: multiple vulnerabilities

java-1.8.0-openjdk (3 issues)
[x] [#694957](https://lwn.net/Vulnerabilities/694957/) (search, files) java-1.8.0-openjdk: multiple vulnerabilities
[x] [#684597](https://lwn.net/Vulnerabilities/684597/) (search, files) java-1.8.0-openjdk: multiple vulnerabilities
[x] [#681387](https://lwn.net/Vulnerabilities/681387/) (search, files) java: sandbox bypass

jenkins (2 issues)
[x] [#688829](https://lwn.net/Vulnerabilities/688829/) (search, files) jenkins: multiple vulnerabilities
[x] [#680602](https://lwn.net/Vulnerabilities/680602/) (search, files) jenkins: multiple vulnerabilities

kernel (50 issues)
[x] [#701254](https://lwn.net/Vulnerabilities/701254/) (search, files) kernel: denial of service
[x] [#699683](https://lwn.net/Vulnerabilities/699683/) (search, files) kernel: three vulnerabilities
[x] [#694960](https://lwn.net/Vulnerabilities/694960/) (search, files) kernel: two vulnerabilities
[x] [#698136](https://lwn.net/Vulnerabilities/698136/) (search, files) kernel: multiple vulnerabilities
[x] [#698054](https://lwn.net/Vulnerabilities/698054/) (search, files) kernel: use-after-free
[x] [#697341](https://lwn.net/Vulnerabilities/697341/) (search, files) kernel: denial of service
[x] [#690793](https://lwn.net/Vulnerabilities/690793/) (search, files) kernel: two vulnerabilities
[x] [#696810](https://lwn.net/Vulnerabilities/696810/) (search, files) kernel: two vulnerabilities
[x] [#696549](https://lwn.net/Vulnerabilities/696549/) (search, files) kernel: denial of service
[x] [#689390](https://lwn.net/Vulnerabilities/689390/) (search, files) kernel: information disclosure
[x] [#694514](https://lwn.net/Vulnerabilities/694514/) (search, files) kernel: code execution
[x] [#665248](https://lwn.net/Vulnerabilities/665248/) (search, files) kernel: multiple vulnerabilities
[x] [#693177](https://lwn.net/Vulnerabilities/693177/) (search, files) kernel: denial of service
[x] [#693473](https://lwn.net/Vulnerabilities/693473/) (search, files) kernel: multiple vulnerabilities
[x] [#692931](https://lwn.net/Vulnerabilities/692931/) (search, files) kernel: denial of service
[x] [#692930](https://lwn.net/Vulnerabilities/692930/) (search, files) kernel: restriction bypass
[x] [#692923](https://lwn.net/Vulnerabilities/692923/) (search, files) kernel: multiple vulnerabilities
[x] [#692183](https://lwn.net/Vulnerabilities/692183/) (search, files) kernel: two vulnerabilities
[x] [#691832](https://lwn.net/Vulnerabilities/691832/) (search, files) kernel: multiple vulnerabilities
[x] [#691097](https://lwn.net/Vulnerabilities/691097/) (search, files) kernel: denial of service
[x] [#650896](https://lwn.net/Vulnerabilities/650896/) (search, files) kernel: two remote denial of service vulnerabilities
[x] [#689580](https://lwn.net/Vulnerabilities/689580/) (search, files) kernel: denial of service
[x] [#689579](https://lwn.net/Vulnerabilities/689579/) (search, files) kernel: two vulnerabilities
[x] [#688596](https://lwn.net/Vulnerabilities/688596/) (search, files) kernel: two vulnerabilities
[x] [#687597](https://lwn.net/Vulnerabilities/687597/) (search, files) kernel: multiple vulnerabilities
[x] [#687718](https://lwn.net/Vulnerabilities/687718/) (search, files) kernel: privilege escalation
[x] [#687224](https://lwn.net/Vulnerabilities/687224/) (search, files) kernel: privilege escalation
[x] [#687231](https://lwn.net/Vulnerabilities/687231/) (search, files) kernel: information disclosure
[x] [#686867](https://lwn.net/Vulnerabilities/686867/) (search, files) kernel: poison-pointer protection bypass
[x] [#686769](https://lwn.net/Vulnerabilities/686769/) (search, files) kernel: two vulnerabilities
[x] [#685409](https://lwn.net/Vulnerabilities/685409/) (search, files) kernel: two vulnerabilities
[x] [#684455](https://lwn.net/Vulnerabilities/684455/) (search, files) kernel: three vulnerabilities
[x] [#683732](https://lwn.net/Vulnerabilities/683732/) (search, files) kernel: two vulnerabilities
[x] [#683456](https://lwn.net/Vulnerabilities/683456/) (search, files) kernel: denial of service
[x] [#683314](https://lwn.net/Vulnerabilities/683314/) (search, files) kernel: multiple vulnerabilities
[x] [#674491](https://lwn.net/Vulnerabilities/674491/) (search, files) kernel: memory leak
[x] [#681754](https://lwn.net/Vulnerabilities/681754/) (search, files) kernel: privilege escalation
[x] [#682763](https://lwn.net/Vulnerabilities/682763/) (search, files) kernel: timing side channel vulnerability
[x] [#681272](https://lwn.net/Vulnerabilities/681272/) (search, files) kernel: denial of service
[x] [#680184](https://lwn.net/Vulnerabilities/680184/) (search, files) kernel: multiple vulnerabilities
[x] [#616163](https://lwn.net/Vulnerabilities/616163/) (search, files) kernel: privilege escalation
[x] [#679765](https://lwn.net/Vulnerabilities/679765/) (search, files) kernel: denial of service
[x] [#677981](https://lwn.net/Vulnerabilities/677981/) (search, files) kernel: multiple vulnerabilities
[x] [#678626](https://lwn.net/Vulnerabilities/678626/) (search, files) kernel: denial of service
[x] [#678809](https://lwn.net/Vulnerabilities/678809/) (search, files) kernel: multiple vulnerabilities
[x] [#676932](https://lwn.net/Vulnerabilities/676932/) (search, files) kernel: privilege escalation
[x] [#668949](https://lwn.net/Vulnerabilities/668949/) (search, files) kernel: denial of service
[x] [#652174](https://lwn.net/Vulnerabilities/652174/) (search, files) kernel: multiple vulnerabilities
[x] [#674836](https://lwn.net/Vulnerabilities/674836/) (search, files) kernel: privilege escalation
[x] [#674390](https://lwn.net/Vulnerabilities/674390/) (search, files) kernel: denial of service

krb5 (4 issues)
[x] [#696074](https://lwn.net/Vulnerabilities/696074/) (search, files) krb5: denial of service
[x] [#692925](https://lwn.net/Vulnerabilities/692925/) (search, files) krb5: buffer overflow
[x] [#681100](https://lwn.net/Vulnerabilities/681100/) (search, files) krb5: null pointer dereference
[x] [#674262](https://lwn.net/Vulnerabilities/674262/) (search, files) krb5: three vulnerabilities

libarchive (9 issues)
[x] [#700519](https://lwn.net/Vulnerabilities/700519/) (search, files) libarchive: file overwrite
[x] [#700387](https://lwn.net/Vulnerabilities/700387/) (search, files) libarchive: two vulnerabilities
[x] [#695689](https://lwn.net/Vulnerabilities/695689/) (search, files) libarchive: code execution
[x] [#695807](https://lwn.net/Vulnerabilities/695807/) (search, files) libarchive: multiple vulnerabilities
[x] [#694629](https://lwn.net/Vulnerabilities/694629/) (search, files) libarchive: multiple vulnerabilities
[x] [#693575](https://lwn.net/Vulnerabilities/693575/) (search, files) libarchive: multiple vulnerabilities
[x] [#687044](https://lwn.net/Vulnerabilities/687044/) (search, files) libarchive: code execution
[x] [#692863](https://lwn.net/Vulnerabilities/692863/) (search, files) libarchive: denial of service
[x] [#644037](https://lwn.net/Vulnerabilities/644037/) (search, files) libarchive: denial of service

libav (4 issues)
[x] [#692864](https://lwn.net/Vulnerabilities/692864/) (search, files) libav: denial of service
[x] [#691269](https://lwn.net/Vulnerabilities/691269/) (search, files) libav: code execution
[x] [#686864](https://lwn.net/Vulnerabilities/686864/) (search, files) libav: code execution
[x] [#679124](https://lwn.net/Vulnerabilities/679124/) (search, files) ffmpeg: denial of service

libebml (2 issues)
[x] [#681990](https://lwn.net/Vulnerabilities/681990/) (search, files) libebml: use-after-free vulnerability
[x] [#677964](https://lwn.net/Vulnerabilities/677964/) (search, files) libebml: two vulnerabilities

libgd2 (5 issues)
[x] [#694243](https://lwn.net/Vulnerabilities/694243/) (search, files) libgd2: denial of service
[x] [#694782](https://lwn.net/Vulnerabilities/694782/) (search, files) libgd2: two vulnerabilities
[x] [#688208](https://lwn.net/Vulnerabilities/688208/) (search, files) libgd2: denial of service
[x] [#688827](https://lwn.net/Vulnerabilities/688827/) (search, files) libgd2: denial of service
[x] [#685004](https://lwn.net/Vulnerabilities/685004/) (search, files) libgd2: code execution

libidn (2 issues)
[x] [#695325](https://lwn.net/Vulnerabilities/695325/) (search, files) libidn: multiple vulnerabilities
[x] [#651768](https://lwn.net/Vulnerabilities/651768/) (search, files) libidn: information disclosure

libksba (5 issues)
[x] [#699177](https://lwn.net/Vulnerabilities/699177/) (search, files) libksba: denial of service
[x] [#687867](https://lwn.net/Vulnerabilities/687867/) (search, files) libksba: multiple vulnerabilities
[x] [#687714](https://lwn.net/Vulnerabilities/687714/) (search, files) libksba: denial of service
[x] [#687395](https://lwn.net/Vulnerabilities/687395/) (search, files) libksba: denial of service
[x] [#685291](https://lwn.net/Vulnerabilities/685291/) (search, files) libksba: three vulnerabilities

libreoffice (4 issues)
[x] [#696552](https://lwn.net/Vulnerabilities/696552/) (search, files) libreoffice: code execution
[x] [#693101](https://lwn.net/Vulnerabilities/693101/) (search, files) libreoffice: code execution
[x] [#676108](https://lwn.net/Vulnerabilities/676108/) (search, files) libreoffice: code execution
[x] [#686578](https://lwn.net/Vulnerabilities/686578/) (search, files) libreoffice: information leak

libreswan (2 issues)
[x] [#696217](https://lwn.net/Vulnerabilities/696217/) (search, files) libreswan: unspecified
[x] [#683728](https://lwn.net/Vulnerabilities/683728/) (search, files) libreswan: denial of service

librsvg (2 issues)
[x] [#687861](https://lwn.net/Vulnerabilities/687861/) (search, files) librsvg: denial of service
[x] [#672076](https://lwn.net/Vulnerabilities/672076/) (search, files) librsvg: multiple vulnerabilities

libtorrent-rasterbar (2 issues)
[x] [#700649](https://lwn.net/Vulnerabilities/700649/) (search, files) libtorrent-rasterbar: denial of service
[x] [#691093](https://lwn.net/Vulnerabilities/691093/) (search, files) libtorrent-rasterbar: denial of service

libxml2 (5 issues)
[x] [#689714](https://lwn.net/Vulnerabilities/689714/) (search, files) libxml2: multiple vulnerabilities
[x] [#689279](https://lwn.net/Vulnerabilities/689279/) (search, files) libxml2: three vulnerabilities
[x] [#688826](https://lwn.net/Vulnerabilities/688826/) (search, files) libxml2: multiple vulnerabilities
[x] [#688211](https://lwn.net/Vulnerabilities/688211/) (search, files) libxml2: denial of service
[x] [#687398](https://lwn.net/Vulnerabilities/687398/) (search, files) libxml2: denial of service

mariadb (6 issues)
[x] [#700833](https://lwn.net/Vulnerabilities/700833/) (search, files) mariadb: access restriction bypass
[x] [#700651](https://lwn.net/Vulnerabilities/700651/) (search, files) mysql: SQL injection/privilege escalation
[x] [#692523](https://lwn.net/Vulnerabilities/692523/) (search, files) mariadb: unspecified vulnerability
[x] [#695319](https://lwn.net/Vulnerabilities/695319/) (search, files) mariadb: three unspecified vulnerabilities
[x] [#676791](https://lwn.net/Vulnerabilities/676791/) (search, files) mariadb: multiple vulnerabilities
[x] [#674841](https://lwn.net/Vulnerabilities/674841/) (search, files) mariadb: information leak

mbedtls (2 issues)
[x] [#693476](https://lwn.net/Vulnerabilities/693476/) (search, files) mbedtls: three vulnerabilities
[x] [#660894](https://lwn.net/Vulnerabilities/660894/) (search, files) mbedtls: code execution

mediawiki (2 issues)
[x] [#698335](https://lwn.net/Vulnerabilities/698335/) (search, files) mediawiki: multiple vulnerabilities
[x] [#689273](https://lwn.net/Vulnerabilities/689273/) (search, files) mediawiki: multiple vulnerabilities

mercurial (2 issues)
[x] [#686084](https://lwn.net/Vulnerabilities/686084/) (search, files) mercurial: code execution
[x] [#682389](https://lwn.net/Vulnerabilities/682389/) (search, files) mercurial: three vulnerabilities

moodle (2 issues)
[x] [#688054](https://lwn.net/Vulnerabilities/688054/) (search, files) moodle: multiple vulnerabilities
[x] [#681393](https://lwn.net/Vulnerabilities/681393/) (search, files) moodle: multiple vulnerabilities

mozilla (2 issues)
[x] [#576777](https://lwn.net/Vulnerabilities/576777/) (search, files) mozilla: information leak
[x] [#514067](https://lwn.net/Vulnerabilities/514067/) (search, files) mozilla: multiple vulnerabilities

mozilla-nss (2 issues)
[x] [#694515](https://lwn.net/Vulnerabilities/694515/) (search, files) firefox: code execution
[x] [#669862](https://lwn.net/Vulnerabilities/669862/) (search, files) mozilla-nss: signature forgery

mupdf (2 issues)
[x] [#696697](https://lwn.net/Vulnerabilities/696697/) (search, files) mupdf: denial of service
[x] [#695560](https://lwn.net/Vulnerabilities/695560/) (search, files) mupdf: denial of service

mysql (5 issues)
[x] [#700651](https://lwn.net/Vulnerabilities/700651/) (search, files) mysql: SQL injection/privilege escalation
[x] [#695319](https://lwn.net/Vulnerabilities/695319/) (search, files) mariadb: three unspecified vulnerabilities
[x] [#685013](https://lwn.net/Vulnerabilities/685013/) (search, files) mysql: multiple vulnerabilities
[x] [#676791](https://lwn.net/Vulnerabilities/676791/) (search, files) mariadb: multiple vulnerabilities
[x] [#674842](https://lwn.net/Vulnerabilities/674842/) (search, files) mysql: multiple vulnerabilities

mysql-5.5 (4 issues)
[x] [#695168](https://lwn.net/Vulnerabilities/695168/) (search, files) mysql: multiple unspecified vulnerabilities
[x] [#695170](https://lwn.net/Vulnerabilities/695170/) (search, files) mysql: multiple unspecified vulnerabilities
[x] [#684754](https://lwn.net/Vulnerabilities/684754/) (search, files) mysql: multiple vulnerabilities
[x] [#662057](https://lwn.net/Vulnerabilities/662057/) (search, files) mysql: multiple vulnerabilities

mysql-5.6 (2 issues)
[x] [#695170](https://lwn.net/Vulnerabilities/695170/) (search, files) mysql: multiple unspecified vulnerabilities
[x] [#684754](https://lwn.net/Vulnerabilities/684754/) (search, files) mysql: multiple vulnerabilities

nettle (2 issues)
[x] [#697140](https://lwn.net/Vulnerabilities/697140/) (search, files) nettle: information leak
[x] [#674493](https://lwn.net/Vulnerabilities/674493/) (search, files) nettle: improper cryptographic calculations

nginx (2 issues)
[x] [#691833](https://lwn.net/Vulnerabilities/691833/) (search, files) nginx: BREACH attack against HTTP compression
[x] [#689576](https://lwn.net/Vulnerabilities/689576/) (search, files) nginx: denial of service

nodejs (3 issues)
[x] [#687394](https://lwn.net/Vulnerabilities/687394/) (search, files) chromium: multiple vulnerabilities
[x] [#692926](https://lwn.net/Vulnerabilities/692926/) (search, files) nodejs: unspecified
[x] [#675702](https://lwn.net/Vulnerabilities/675702/) (search, files) nodejs: two vulnerabilities

nss (6 issues)
[x] [#696551](https://lwn.net/Vulnerabilities/696551/) (search, files) Firefox: denial of service
[x] [#689268](https://lwn.net/Vulnerabilities/689268/) (search, files) mozilla: multiple vulnerabilities
[x] [#646994](https://lwn.net/Vulnerabilities/646994/) (search, files) nss: cipher-downgrade attacks
[x] [#692857](https://lwn.net/Vulnerabilities/692857/) (search, files) nss: denial of service
[x] [#679401](https://lwn.net/Vulnerabilities/679401/) (search, files) nss: code execution
[x] [#680044](https://lwn.net/Vulnerabilities/680044/) (search, files) nss: denial of service

ntp (5 issues)
[x] [#580994](https://lwn.net/Vulnerabilities/580994/) (search, files) ntp: denial of service
[x] [#690012](https://lwn.net/Vulnerabilities/690012/) (search, files) ntp: multiple vulnerabilities
[x] [#685887](https://lwn.net/Vulnerabilities/685887/) (search, files) ntp: multiple vulnerabilities
[x] [#685493](https://lwn.net/Vulnerabilities/685493/) (search, files) ntp: multiple vulnerabilities
[x] [#677115](https://lwn.net/Vulnerabilities/677115/) (search, files) ntp: three vulnerabilities

openjpeg2 (3 issues)
[x] [#700384](https://lwn.net/Vulnerabilities/700384/) (search, files) openjpeg2: two vulnerabilities
[x] [#694625](https://lwn.net/Vulnerabilities/694625/) (search, files) openjpeg2: multiple vulnerabilities
[x] [#659043](https://lwn.net/Vulnerabilities/659043/) (search, files) openjpeg2: use-after-free vulnerability

openshift (2 issues)
[x] [#687397](https://lwn.net/Vulnerabilities/687397/) (search, files) openshift: multiple vulnerabilities
[x] [#687039](https://lwn.net/Vulnerabilities/687039/) (search, files) openshift: information disclosure

openssh (5 issues)
[x] [#696931](https://lwn.net/Vulnerabilities/696931/) (search, files) openssh: denial of service
[x] [#695098](https://lwn.net/Vulnerabilities/695098/) (search, files) openssh: user enumeration via timing side-channel
[x] [#684235](https://lwn.net/Vulnerabilities/684235/) (search, files) openssh: privilege escalation
[x] [#679761](https://lwn.net/Vulnerabilities/679761/) (search, files) openssh: command injection
[x] [#537753](https://lwn.net/Vulnerabilities/537753/) (search, files) openssh: denial of service

openssl (9 issues)
[x] [#701627](https://lwn.net/Vulnerabilities/701627/) (search, files) openssl: multiple vulnerabilities
[x] [#686085](https://lwn.net/Vulnerabilities/686085/) (search, files) openssl: multiple vulnerabilities
[x] [#686288](https://lwn.net/Vulnerabilities/686288/) (search, files) openssl: information leak
[x] [#686747](https://lwn.net/Vulnerabilities/686747/) (search, files) openssl: denial of service
[x] [#678143](https://lwn.net/Vulnerabilities/678143/) (search, files) openssl: multiple vulnerabilities
[x] [#678387](https://lwn.net/Vulnerabilities/678387/) (search, files) openssl: two vulnerabilities
[x] [#678156](https://lwn.net/Vulnerabilities/678156/) (search, files) openssl: cross-protocol attack
[x] [#674068](https://lwn.net/Vulnerabilities/674068/) (search, files) openssl: multiple vulnerabilities
[x] [#616446](https://lwn.net/Vulnerabilities/616446/) (search, files) openssl: multiple vulnerabilities

openstack-swift (2 issues)
[x] [#674833](https://lwn.net/Vulnerabilities/674833/) (search, files) openstack-swift: denial of service
[x] [#674495](https://lwn.net/Vulnerabilities/674495/) (search, files) openstack-swift: denial of service

openvpn (3 issues)
[x] [#698339](https://lwn.net/Vulnerabilities/698339/) (search, files) openvpn: information disclosure
[x] [#687599](https://lwn.net/Vulnerabilities/687599/) (search, files) openvpn: multiple vulnerabilities
[x] [#669524](https://lwn.net/Vulnerabilities/669524/) (search, files) openvpn: information disclosure

optipng (3 issues)
[x] [#682567](https://lwn.net/Vulnerabilities/682567/) (search, files) optipng: code execution
[x] [#684236](https://lwn.net/Vulnerabilities/684236/) (search, files) optipng: code execution
[x] [#683844](https://lwn.net/Vulnerabilities/683844/) (search, files) optipng: denial of service

pagure (2 issues)
[x] [#698055](https://lwn.net/Vulnerabilities/698055/) (search, files) pagure: cross-site scripting
[x] [#694871](https://lwn.net/Vulnerabilities/694871/) (search, files) pagure: unspecified

pcre (3 issues)
[x] [#678389](https://lwn.net/Vulnerabilities/678389/) (search, files) pcre: denial of service
[x] [#687040](https://lwn.net/Vulnerabilities/687040/) (search, files) pcre: stack overflow
[x] [#676094](https://lwn.net/Vulnerabilities/676094/) (search, files) pcre: multiple vulnerabilities

pcre3 (2 issues)
[x] [#681755](https://lwn.net/Vulnerabilities/681755/) (search, files) pcre: multiple vulnerabilities
[x] [#677970](https://lwn.net/Vulnerabilities/677970/) (search, files) pcre3: code execution

pdns (3 issues)
[x] [#700386](https://lwn.net/Vulnerabilities/700386/) (search, files) pdns: denial of service
[x] [#696813](https://lwn.net/Vulnerabilities/696813/) (search, files) pdns: denial of service
[x] [#689251](https://lwn.net/Vulnerabilities/689251/) (search, files) pdns: insecure database permissions

perl (4 issues)
[x] [#694785](https://lwn.net/Vulnerabilities/694785/) (search, files) perl: code execution
[x] [#695321](https://lwn.net/Vulnerabilities/695321/) (search, files) perl: privilege escalation
[x] [#686754](https://lwn.net/Vulnerabilities/686754/) (search, files) perl: denial of service
[x] [#678148](https://lwn.net/Vulnerabilities/678148/) (search, files) perl: ambiguous environment

pgpdump (2 issues)
[x] [#689717](https://lwn.net/Vulnerabilities/689717/) (search, files) pgpdump: buffer overrun
[x] [#685000](https://lwn.net/Vulnerabilities/685000/) (search, files) pgpdump: denial of service

php (13 issues)
[x] [#701138](https://lwn.net/Vulnerabilities/701138/) (search, files) php: multiple vulnerabilities
[x] [#700115](https://lwn.net/Vulnerabilities/700115/) (search, files) php: multiple vulnerabilities
[x] [#698797](https://lwn.net/Vulnerabilities/698797/) (search, files) php: multiple vulnerabilities
[x] [#695167](https://lwn.net/Vulnerabilities/695167/) (search, files) drupal: proxy injection
[x] [#695169](https://lwn.net/Vulnerabilities/695169/) (search, files) php: denial of service
[x] [#692867](https://lwn.net/Vulnerabilities/692867/) (search, files) php: multiple vulnerabilities
[x] [#690015](https://lwn.net/Vulnerabilities/690015/) (search, files) php: integer overflow
[x] [#689260](https://lwn.net/Vulnerabilities/689260/) (search, files) php: two vulnerabilities
[x] [#689280](https://lwn.net/Vulnerabilities/689280/) (search, files) php: integer overflow
[x] [#685885](https://lwn.net/Vulnerabilities/685885/) (search, files) php: multiple vulnerabilities
[x] [#682390](https://lwn.net/Vulnerabilities/682390/) (search, files) php: multiple vulnerabilities
[x] [#679764](https://lwn.net/Vulnerabilities/679764/) (search, files) php: multiple vulnerabilities
[x] [#674929](https://lwn.net/Vulnerabilities/674929/) (search, files) php: multiple vulnerabilities

php-ZendFramework (2 issues)
[x] [#696219](https://lwn.net/Vulnerabilities/696219/) (search, files) php-ZendFramework: SQL injection
[x] [#685886](https://lwn.net/Vulnerabilities/685886/) (search, files) php-ZendFramework: multiple vulnerabilities

php5 (12 issues)
[x] [#701140](https://lwn.net/Vulnerabilities/701140/) (search, files) php5: invalid free
[x] [#697264](https://lwn.net/Vulnerabilities/697264/) (search, files) php: denial of service
[x] [#695556](https://lwn.net/Vulnerabilities/695556/) (search, files) php: multiple vulnerabilities
[x] [#693866](https://lwn.net/Vulnerabilities/693866/) (search, files) php5: cross-site scripting
[x] [#691103](https://lwn.net/Vulnerabilities/691103/) (search, files) php5: three vulnerabilities
[x] [#690420](https://lwn.net/Vulnerabilities/690420/) (search, files) php: two vulnerabilities
[x] [#689381](https://lwn.net/Vulnerabilities/689381/) (search, files) php: two vulnerabilities
[x] [#688597](https://lwn.net/Vulnerabilities/688597/) (search, files) php: two vulnerabilities
[x] [#688055](https://lwn.net/Vulnerabilities/688055/) (search, files) php5: three vulnerabilities
[x] [#687049](https://lwn.net/Vulnerabilities/687049/) (search, files) php: two vulnerabilities
[x] [#684755](https://lwn.net/Vulnerabilities/684755/) (search, files) php5: multiple vulnerabilities
[x] [#679620](https://lwn.net/Vulnerabilities/679620/) (search, files) php5: stack overflow

phpMyAdmin (3 issues)
[x] [#698492](https://lwn.net/Vulnerabilities/698492/) (search, files) phpMyAdmin: multiple vulnerabilities
[x] [#693478](https://lwn.net/Vulnerabilities/693478/) (search, files) phpMyAdmin: code execution
[x] [#689583](https://lwn.net/Vulnerabilities/689583/) (search, files) phpmyadmin: two vulnerabilities

phpmyadmin (3 issues)
[x] [#692853](https://lwn.net/Vulnerabilities/692853/) (search, files) phpmyadmin: multiple vulnerabilities
[x] [#689274](https://lwn.net/Vulnerabilities/689274/) (search, files) phpmyadmin: cross-site scripting
[x] [#678631](https://lwn.net/Vulnerabilities/678631/) (search, files) phpmyadmin: cross-site scripting

postgresql-9.1 (3 issues)
[x] [#697020](https://lwn.net/Vulnerabilities/697020/) (search, files) postgresql: two vulnerabilities
[x] [#689252](https://lwn.net/Vulnerabilities/689252/) (search, files) postgresql: multiple vulnerabilities
[x] [#675372](https://lwn.net/Vulnerabilities/675372/) (search, files) postgresql: two vulnerabilities

python-django (3 issues)
[x] [#694868](https://lwn.net/Vulnerabilities/694868/) (search, files) python-django: cross-site scripting
[x] [#678395](https://lwn.net/Vulnerabilities/678395/) (search, files) python-django: two vulnerabilities
[x] [#665808](https://lwn.net/Vulnerabilities/665808/) (search, files) python-django: information disclosure

python-pillow (2 issues)
[x] [#683316](https://lwn.net/Vulnerabilities/683316/) (search, files) python-pillow: buffer overflow
[x] [#675049](https://lwn.net/Vulnerabilities/675049/) (search, files) python-pillow: denial of service

qemu (12 issues)
[x] [#700388](https://lwn.net/Vulnerabilities/700388/) (search, files) qemu: directory/path traversal
[x] [#692861](https://lwn.net/Vulnerabilities/692861/) (search, files) qemu: multiple vulnerabilities
[x] [#695959](https://lwn.net/Vulnerabilities/695959/) (search, files) qemu: two vulnerabilities
[x] [#691104](https://lwn.net/Vulnerabilities/691104/) (search, files) qemu: denial of service
[x] [#690402](https://lwn.net/Vulnerabilities/690402/) (search, files) qemu: denial of service
[x] [#689261](https://lwn.net/Vulnerabilities/689261/) (search, files) qemu: two vulnerabilities
[x] [#687235](https://lwn.net/Vulnerabilities/687235/) (search, files) qemu: information leak
[x] [#686861](https://lwn.net/Vulnerabilities/686861/) (search, files) qemu: denial of service
[x] [#680800](https://lwn.net/Vulnerabilities/680800/) (search, files) xen: multiple denial of service vulnerabilities
[x] [#666755](https://lwn.net/Vulnerabilities/666755/) (search, files) qemu: three vulnerabilities
[x] [#674609](https://lwn.net/Vulnerabilities/674609/) (search, files) qemu: privilege escalation
[x] [#674496](https://lwn.net/Vulnerabilities/674496/) (search, files) qemu: multiple vulnerabilities

qemu-kvm (4 issues)
[x] [#686857](https://lwn.net/Vulnerabilities/686857/) (search, files) qemu-kvm: code execution
[x] [#687235](https://lwn.net/Vulnerabilities/687235/) (search, files) qemu: information leak
[x] [#666755](https://lwn.net/Vulnerabilities/666755/) (search, files) qemu: three vulnerabilities
[x] [#674496](https://lwn.net/Vulnerabilities/674496/) (search, files) qemu: multiple vulnerabilities

quagga (4 issues)
[x] [#698337](https://lwn.net/Vulnerabilities/698337/) (search, files) quagga: information disclosure
[x] [#686580](https://lwn.net/Vulnerabilities/686580/) (search, files) quagga: denial of service
[x] [#683859](https://lwn.net/Vulnerabilities/683859/) (search, files) quagga: password disclosure
[x] [#681279](https://lwn.net/Vulnerabilities/681279/) (search, files) quagga: code execution

rails (3 issues)
[x] [#698338](https://lwn.net/Vulnerabilities/698338/) (search, files) rails: cross-site scripting
[x] [#674257](https://lwn.net/Vulnerabilities/674257/) (search, files) rails: multiple vulnerabilities
[x] [#679617](https://lwn.net/Vulnerabilities/679617/) (search, files) rails: multiple vulnerabilities

redis (2 issues)
[x] [#695958](https://lwn.net/Vulnerabilities/695958/) (search, files) redis: information leak
[x] [#666890](https://lwn.net/Vulnerabilities/666890/) (search, files) redis: denial of service

roundcubemail (5 issues)
[x] [#690017](https://lwn.net/Vulnerabilities/690017/) (search, files) roundcubemail: cross-site scripting
[x] [#685881](https://lwn.net/Vulnerabilities/685881/) (search, files) roundcubemail: three vulnerabilities
[x] [#649716](https://lwn.net/Vulnerabilities/649716/) (search, files) roundcubemail: two vulnerabilities
[x] [#672317](https://lwn.net/Vulnerabilities/672317/) (search, files) roundcubemail: code execution
[x] [#663069](https://lwn.net/Vulnerabilities/663069/) (search, files) roundcubemail: two vulnerabilities

samba (4 issues)
[x] [#693867](https://lwn.net/Vulnerabilities/693867/) (search, files) samba: crypto downgrade
[x] [#683716](https://lwn.net/Vulnerabilities/683716/) (search, files) samba: multiple vulnerabilities
[x] [#679264](https://lwn.net/Vulnerabilities/679264/) (search, files) samba: two vulnerabilities
[x] [#536068](https://lwn.net/Vulnerabilities/536068/) (search, files) samba: multiple vulnerabilities in SWAT

seamonkey (9 issues)
[x] [#696206](https://lwn.net/Vulnerabilities/696206/) (search, files) mozilla: multiple vulnerabilities
[x] [#690400](https://lwn.net/Vulnerabilities/690400/) (search, files) mozilla: multiple vulnerabilities
[x] [#685285](https://lwn.net/Vulnerabilities/685285/) (search, files) mozilla: multiple vulnerabilities
[x] [#685294](https://lwn.net/Vulnerabilities/685294/) (search, files) mozilla: multiple vulnerabilities
[x] [#668127](https://lwn.net/Vulnerabilities/668127/) (search, files) mozilla: multiple vulnerabilities
[x] [#679400](https://lwn.net/Vulnerabilities/679400/) (search, files) mozilla: multiple vulnerabilities
[x] [#514067](https://lwn.net/Vulnerabilities/514067/) (search, files) mozilla: multiple vulnerabilities
[x] [#673782](https://lwn.net/Vulnerabilities/673782/) (search, files) mozilla: multiple vulnerabilities
[x] [#673772](https://lwn.net/Vulnerabilities/673772/) (search, files) mozilla: code execution

squid (8 issues)
[x] [#696413](https://lwn.net/Vulnerabilities/696413/) (search, files) squid: code execution
[x] [#685002](https://lwn.net/Vulnerabilities/685002/) (search, files) squid: multiple vulnerabilities
[x] [#687043](https://lwn.net/Vulnerabilities/687043/) (search, files) squid: multiple vulnerabilities
[x] [#687234](https://lwn.net/Vulnerabilities/687234/) (search, files) squid: cache poisoning
[x] [#686751](https://lwn.net/Vulnerabilities/686751/) (search, files) libecap: denial of service
[x] [#682760](https://lwn.net/Vulnerabilities/682760/) (search, files) squid: denial of service
[x] [#682384](https://lwn.net/Vulnerabilities/682384/) (search, files) squid: denial of service
[x] [#679130](https://lwn.net/Vulnerabilities/679130/) (search, files) squid: denial of service

squid3 (2 issues)
[x] [#697441](https://lwn.net/Vulnerabilities/697441/) (search, files) squid: denial of service
[x] [#678151](https://lwn.net/Vulnerabilities/678151/) (search, files) squid: denial of service

struts (2 issues)
[x] [#597671](https://lwn.net/Vulnerabilities/597671/) (search, files) struts: code execution
[x] [#693179](https://lwn.net/Vulnerabilities/693179/) (search, files) struts: multiple vulnerabilities

subversion (2 issues)
[x] [#685491](https://lwn.net/Vulnerabilities/685491/) (search, files) subversion: multiple vulnerabilities
[x] [#668331](https://lwn.net/Vulnerabilities/668331/) (search, files) subversion: code execution

sudo (3 issues)
[x] [#694789](https://lwn.net/Vulnerabilities/694789/) (search, files) sudo: race condition
[x] [#663793](https://lwn.net/Vulnerabilities/663793/) (search, files) sudo: privilege escalation
[x] [#690019](https://lwn.net/Vulnerabilities/690019/) (search, files) sudo: information leak

thunderbird (10 issues)
[x] [#696206](https://lwn.net/Vulnerabilities/696206/) (search, files) mozilla: multiple vulnerabilities
[x] [#696551](https://lwn.net/Vulnerabilities/696551/) (search, files) Firefox: denial of service
[x] [#690400](https://lwn.net/Vulnerabilities/690400/) (search, files) mozilla: multiple vulnerabilities
[x] [#685285](https://lwn.net/Vulnerabilities/685285/) (search, files) mozilla: multiple vulnerabilities
[x] [#685008](https://lwn.net/Vulnerabilities/685008/) (search, files) mozilla: multiple vulnerabilities
[x] [#668127](https://lwn.net/Vulnerabilities/668127/) (search, files) mozilla: multiple vulnerabilities
[x] [#514067](https://lwn.net/Vulnerabilities/514067/) (search, files) mozilla: multiple vulnerabilities
[x] [#675698](https://lwn.net/Vulnerabilities/675698/) (search, files) mozilla: denial of service
[x] [#673782](https://lwn.net/Vulnerabilities/673782/) (search, files) mozilla: multiple vulnerabilities
[x] [#673772](https://lwn.net/Vulnerabilities/673772/) (search, files) mozilla: code execution

tiff (4 issues)
[x] [#698795](https://lwn.net/Vulnerabilities/698795/) (search, files) tiff: multiple vulnerabilities
[x] [#695692](https://lwn.net/Vulnerabilities/695692/) (search, files) tiff: multiple vulnerabilities
[x] [#684237](https://lwn.net/Vulnerabilities/684237/) (search, files) tiff: denial of service
[x] [#674260](https://lwn.net/Vulnerabilities/674260/) (search, files) tiff: multiple vulnerabilities

tomcat (4 issues)
[x] [#699807](https://lwn.net/Vulnerabilities/699807/) (search, files) tomcat: redirect HTTP traffic
[x] [#700837](https://lwn.net/Vulnerabilities/700837/) (search, files) tomcat: privilege escalation
[x] [#677975](https://lwn.net/Vulnerabilities/677975/) (search, files) tomcat: multiple vulnerabilities
[x] [#678633](https://lwn.net/Vulnerabilities/678633/) (search, files) tomcat: session hijacking

virtualbox (3 issues)
[x] [#700840](https://lwn.net/Vulnerabilities/700840/) (search, files) virtualbox: unspecified vulnerability
[x] [#695561](https://lwn.net/Vulnerabilities/695561/) (search, files) virtualbox: unspecified vulnerability
[x] [#689384](https://lwn.net/Vulnerabilities/689384/) (search, files) virtualbox: unspecified

vlc (7 issues)
[x] [#690409](https://lwn.net/Vulnerabilities/690409/) (search, files) vlc: code execution
[x] [#692381](https://lwn.net/Vulnerabilities/692381/) (search, files) vlc: denial of service
[x] [#692380](https://lwn.net/Vulnerabilities/692380/) (search, files) vlc: two vulnerabilities
[x] [#686756](https://lwn.net/Vulnerabilities/686756/) (search, files) vlc: multiple vulnerabilities
[x] [#680041](https://lwn.net/Vulnerabilities/680041/) (search, files) vlc: multiple vulnerabilities
[x] [#677984](https://lwn.net/Vulnerabilities/677984/) (search, files) vlc: multiple vulnerabilities
[x] [#655117](https://lwn.net/Vulnerabilities/655117/) (search, files) vlc: code execution

webkitgtk4 (6 issues)
[x] [#698490](https://lwn.net/Vulnerabilities/698490/) (search, files) webkitgtk4: multiple vulnerabilities
[x] [#689263](https://lwn.net/Vulnerabilities/689263/) (search, files) webkitgtk4: two vulnerabilities
[x] [#685010](https://lwn.net/Vulnerabilities/685010/) (search, files) webkitgtk4: multiple vulnerabilities
[x] [#674266](https://lwn.net/Vulnerabilities/674266/) (search, files) webkitgtk4: multiple vulnerabilities
[x] [#681103](https://lwn.net/Vulnerabilities/681103/) (search, files) webkitgtk4: denial of service
[x] [#674707](https://lwn.net/Vulnerabilities/674707/) (search, files) webkitgtk4: multiple vulnerabilities

websvn (2 issues)
[x] [#686863](https://lwn.net/Vulnerabilities/686863/) (search, files) websvn: cross-site scripting
[x] [#677103](https://lwn.net/Vulnerabilities/677103/) (search, files) websvn: cross-site scripting

wget (2 issues)
[x] [#700395](https://lwn.net/Vulnerabilities/700395/) (search, files) wget: race condition
[x] [#692024](https://lwn.net/Vulnerabilities/692024/) (search, files) wget: code execution

wireshark (10 issues)
[x] [#701348](https://lwn.net/Vulnerabilities/701348/) (search, files) wireshark: multiple vulnerabilities
[x] [#696829](https://lwn.net/Vulnerabilities/696829/) (search, files) wireshark: denial of service
[x] [#696701](https://lwn.net/Vulnerabilities/696701/) (search, files) wireshark: denial of service
[x] [#696077](https://lwn.net/Vulnerabilities/696077/) (search, files) wireshark: multiple vulnerabilities
[x] [#691100](https://lwn.net/Vulnerabilities/691100/) (search, files) wireshark: multiple vulnerabilities
[x] [#689254](https://lwn.net/Vulnerabilities/689254/) (search, files) wireshark: multiple vulnerabilities
[x] [#688446](https://lwn.net/Vulnerabilities/688446/) (search, files) wireshark: denial of service
[x] [#685293](https://lwn.net/Vulnerabilities/685293/) (search, files) wireshark: multiple vulnerabilities
[x] [#678634](https://lwn.net/Vulnerabilities/678634/) (search, files) wireshark: multiple dissector crashes
[x] [#671100](https://lwn.net/Vulnerabilities/671100/) (search, files) wireshark: multiple vulnerabilities

wordpress (4 issues)
[x] [#700105](https://lwn.net/Vulnerabilities/700105/) (search, files) wordpress: multiple vulnerabilities
[x] [#693180](https://lwn.net/Vulnerabilities/693180/) (search, files) wordpress: multiple vulnerabilities
[x] [#688454](https://lwn.net/Vulnerabilities/688454/) (search, files) wordpress: two cross-site scripting vulnerabilities
[x] [#674928](https://lwn.net/Vulnerabilities/674928/) (search, files) wordpress: two vulnerabilities

xen (16 issues)
[x] [#700653](https://lwn.net/Vulnerabilities/700653/) (search, files) xen: privilege escalation
[x] [#700110](https://lwn.net/Vulnerabilities/700110/) (search, files) xen: multiple vulnerabilities
[x] [#697571](https://lwn.net/Vulnerabilities/697571/) (search, files) xen: denial of service
[x] [#696698](https://lwn.net/Vulnerabilities/696698/) (search, files) xen: denial of service
[x] [#695684](https://lwn.net/Vulnerabilities/695684/) (search, files) xen: three vulnerabilities
[x] [#692379](https://lwn.net/Vulnerabilities/692379/) (search, files) xen: two vulnerabilities
[x] [#690023](https://lwn.net/Vulnerabilities/690023/) (search, files) xen: three vulnerabilities
[x] [#689265](https://lwn.net/Vulnerabilities/689265/) (search, files) xen: privilege escalation
[x] [#687862](https://lwn.net/Vulnerabilities/687862/) (search, files) xen: denial of service
[x] [#685883](https://lwn.net/Vulnerabilities/685883/) (search, files) xen: three vulnerabilities
[x] [#684752](https://lwn.net/Vulnerabilities/684752/) (search, files) xen: privilege escalation
[x] [#683317](https://lwn.net/Vulnerabilities/683317/) (search, files) xen: information disclosure
[x] [#680800](https://lwn.net/Vulnerabilities/680800/) (search, files) xen: multiple denial of service vulnerabilities
[x] [#682571](https://lwn.net/Vulnerabilities/682571/) (search, files) xen: multiple vulnerabilities
[x] [#679131](https://lwn.net/Vulnerabilities/679131/) (search, files) xen: denial of service
[x] [#677982](https://lwn.net/Vulnerabilities/677982/) (search, files) xen: denial of service

xerces-c (3 issues)
[x] [#693102](https://lwn.net/Vulnerabilities/693102/) (search, files) xerces-c: denial of service
[x] [#687229](https://lwn.net/Vulnerabilities/687229/) (search, files) xerces-c: code execution
[x] [#677608](https://lwn.net/Vulnerabilities/677608/) (search, files) xerces-c: code execution

Total done: 849

security

Source

grahamc

❤7 👍3 🎉1

Most helpful comment

:tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada: Finished. :tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada:

(except for 2 PRs which are to be merged shortly)

As we come to a close here, I'd like to send deep gratitude on behalf of both myself and @fpletz to those that helped -- it has been way more fun (and faster) this release than before.

My plan is to make issues similar to this much more regularly. A more regular issue means a few things:

The issue is much much smaller. On the order of tens of issues, instead of the hundreds on this one.
Keeps NixOS more secure. Many of the bugs we fixed over the last five days have existed for several months. Regularly reviewing this list will help NixOS and its users remain secure.
Creates a foundation for security announcements which is definitely a wanted feature of the NixOS community (https://github.com/NixOS/nixpkgs/issues/13515), but also gets us closer to joining the distro mailing list on OSS-Security (https://github.com/NixOS/nixpkgs/issues/14819).

If I missed you, _please please please_ let me know either here or on IRC (gchristensen).

Thank you everyone who contributed patches:

@aneeshusa
@jagajaga
@joachifm
@Mic92
@NeQuissimus
@RamKromberg
@schneefux
@vrtha

Thank you everyone who merged PRs:

@bjornfor
@DamienCassou
@edolstra
@svanderburg
@vcunat
@zimbatm

Thank you everyone who reviewed changes:

@7c6f434c
@happyente
@kevincox

and of course, thank you @domenkozar for shepherding NixOS along and @edolstra for starting the whole thing.

As a token of appreciate, I'm getting NixOS stickers made and would love to mail some to each one of you. They're pretty nice, and I think you'll really like them. I hope so, anyway 😉 . If you would like some stickers (minimum order is at least the size of everyone who contributed, don't be shy) and contributed in some way, please fill out your shipping info here: https://docs.google.com/forms/d/e/1FAIpQLSfjFnUsxrecrCOYshBQFB20YsuMWwhSYf_sDwwy59HbV37ppQ/viewform

:tada: THANK YOU SO MUCH. ❤️ 😻 😍 💟 💓 👍 💯 😲 👏 🏆 :tada:

grahamc on 28 Sep 2016

🎉13 👍1

All 77 comments

Our wordpress is vulnerable. It is difficult to update and test the hash is correct, since it is burried in there. Also looks like @qknight needs to get in on this to update translations? Not 100% sure.

grahamc on 23 Sep 2016

VLC looks good, except the vlc/plugin.nix is for 2.2.2. Not sure if that is problematic.

grahamc on 23 Sep 2016

The two struts issues are saying we need to upgrade to 1.3.10. Seems the only use we have is in https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/cluster/mesos/fetch-mesos-deps.sh which is at 1.3.8. @cstrahan Could you check in to this?

grahamc on 23 Sep 2016

We're not vulnerable on the squid entries, but it could use an upgrade: http://www.squid-cache.org/Versions/v3/3.5/

grahamc on 23 Sep 2016

Samba 3 should probably be removed
I think Samba 4 should be upgraded to 4.5.0, but has patch issues, and maybe shouldn't be applied to 16.03. Any opinions @wkennington / @edolstra (who have worked on samba in the past)

grahamc on 23 Sep 2016

~~Almost all the PHP CVEs will be fixed by https://github.com/NixOS/nixpkgs/pull/18860~~~~

grahamc on 23 Sep 2016

~~nginx and nginxMainline are both on versions no longer vulnerable to the CVEs~~ (Ticked by @grahamc, thank you! Will merge PR shortly)

NeQuissimus on 23 Sep 2016

~~Our openjdk8 is fine~~ (Ticked by @grahamc, thank you!)

I am updating openjdk7

NeQuissimus on 23 Sep 2016

The Oracle JDK 7 is interesting because I believe those updates are only available to paid customers at this points since JDK 7 is EOL.

NeQuissimus on 23 Sep 2016

~~We are not vulnerable to the CVEs against Jenkins~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

~~All the OpenSSL issues are covered by the update @edolstra did in ac03df96ba2c32533ec67ee899b7bd903ac6205f (f155746efdbea659e4916a6fbecaa02b6eba8e56 for 16.09)~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

~~Our git is the latest version, so it is covered.~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

~~OpenVPN needs an update, see PR~~ (Ticked and backported by @grahamc)

NeQuissimus on 23 Sep 2016

~~Docker and dhcpcd are up-to-date and not vulnerable~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

The JDK 6 packages have the same issue as JDK 7, updates only for paid customers

NeQuissimus on 23 Sep 2016

~~ecryptfs is not vulnerable~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

~~The PR for curl fixes all the vulns~~ (Ticked, merged, and backported -- @grahamc)

NeQuissimus on 23 Sep 2016

~~All bind vulnerabilities are covered by the PR~~ (Ticked by @grahamc)

NeQuissimus on 23 Sep 2016

^ I think we have our 16.09 Release Security MVP right here.

grahamc on 23 Sep 2016

rofl, the funny thing is that I was already putting together a report for my company's products and their packages, so I am killing two birds with one stone by going through these packages here :D

NeQuissimus on 23 Sep 2016

~~Our GIMP is up-to-date and covers all the vulnerabilities mentioned.~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

~~All the glibc vulnerabilities are covered by the version we have (2.24)~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

~~gnupg 2.0 and 2.1 are both good, too.~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

#675368 (search, files) libgcrypt20: key leak This one is fine with our default libgcrypt but we keep a 1.5.x version around that is vulnerable to this. (StarUML seems to need it)

NeQuissimus on 23 Sep 2016

~~Libreoffice is good~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

~~We are new enough to not be hit by the mercurial vulnerabilities.~~ (Ticked by @grahamc, thank you!) ~~I may still send a PR since it is a few versions behind.~~

NeQuissimus on 23 Sep 2016

~~Sending a PR for MariaDB, we need to update that.~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

~~postgres-9.1 is good~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

~~Default MySQL (5.7) is good, we do not have 5.6, sending a PR for 5.5~~ (Ticked/merged/backported by @grahamc),

NeQuissimus on 23 Sep 2016

~~NTP is good~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 23 Sep 2016

And with that, I have to be done for today...

NeQuissimus on 23 Sep 2016

Thank you _so much_ @NeQuissimus, I can't even keep up with you. Great work.

grahamc on 23 Sep 2016

Can you elaborate on the torbrowser issue? I fail to see how it relates to us. fwiw, I do check release tarballs in a way that would not be susceptible to the attack described in the link.

Also, I believe the gd/libgd issues are irrelevant to our version of gd.

joachifm on 23 Sep 2016

Torbrowser seems to be fine. Ticked it off.

grahamc on 23 Sep 2016

For libircclient there is a patch here: https://sourceforge.net/p/libircclient/bugs/26/ but I wasn't able to get it to work.

(fetchpatch { url = https://sourceforge.net/p/libircclient/bugs/_discuss/thread/53e55aec/2684/attachment/libircclient-cipher-suite.diff; sha256 = "0cm5pwhc39lpdzg8vhi5rcwpljg3yckq33dxwvfq591cmznnlnw5"; })

grahamc on 24 Sep 2016

Nagios is about 2 years old: https://github.com/NagiosEnterprises/nagioscore/blob/master/Changelog

grahamc on 24 Sep 2016

The tomcat backport is a bit tricky since we deleted a bunch of Tomcats after the branch-off. Maybe we should backport those too?

grahamc on 24 Sep 2016

👍1

~~I just checked openssh and all 5 of those CVEs have been patched as of 7.3p1 (the latest version) which we are currently shipping on the master and release-16.09 branches.~~ (Ticked by @grahamc, thank you!)

aneeshusa on 24 Sep 2016

~~Our Salt version is already new enough that the CVE was already mitigated in a previous release (674706 in the list), although I put in a PR (#18906) to update it for good measure.~~ (Ticked by @grahamc, thank you!)

aneeshusa on 24 Sep 2016

encfs is a bit out of date, but not vulnerable.

grahamc on 24 Sep 2016

That's enough from me tonight. Good work everyone! Looks like we got 35% done! (309 / 862)

grahamc on 24 Sep 2016

Our dhcp needs updating for CVE-2015-8605 but I'm getting a build error:

diff --git a/pkgs/tools/networking/dhcp/default.nix b/pkgs/tools/networking/dhcp/default.nix index c3cdaff..208eacc 100644 --- a/pkgs/tools/networking/dhcp/default.nix +++ b/pkgs/tools/networking/dhcp/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { name = "dhcp-${version}"; - version = "4.3.3"; - + version = "4.3.4"; + src = fetchurl { url = "http://ftp.isc.org/isc/dhcp/${version}/${name}.tar.gz"; - sha256 = "1pjy4lylx7dww1fp2mk5ikya5vxaf97z70279j81n74vn12ljg2m"; + sha256 = "0zk0imll6bfyp9p4ndn8h6s4ifijnw5bhixswifr5rnk7pp5l4gm"; };

rm -f libomapi.a /nix/store/v77miigq2dx55ga1hxfv3k7v9a873472-binutils-2.27/bin/ar cru libomapi.a protocol.o buffer.o alloc.o result.o connection.o errwarn.o listener.o dispatch.o generic.o support.o handle.o message.o convert.o hash.o auth.o inet_addr.o array.o trace.o toisc.o iscprint.o isclib.o /nix/store/v77miigq2dx55ga1hxfv3k7v9a873472-binutils-2.27/bin/ar: `u' modifier ignored since `D' is the default (see `U') ranlib libomapi.a gcc -DHAVE_CONFIG_H -I. -I../includes -g -O2 -Wall -I../includes -I/nix/store/afysbgj2dkdkcrmr4lwlp6i2nxs30jyg-bind-9.10.4-P2-dev/include -c -o test.o test.c make[1]: *** No rule to make target '/nix/store/afysbgj2dkdkcrmr4lwlp6i2nxs30jyg-bind-9.10.4-P2-dev/lib/libirs.a', needed by 'svtest'. Stop.

grahamc on 24 Sep 2016

I've ticked off lots of issues I've fixed in the last few months.

fpletz on 24 Sep 2016

🎉1

@vcunat cryptopp is out of date and vulnerable. I'm having a hard time getting it to build. Would you take a look?

grahamc on 24 Sep 2016

@grahamc: probably not very soon. It seems "rarely used" in nixpkgs. (I'm a bit curious how you related it to me.)

vcunat on 24 Sep 2016

git blame tells all! :)

grahamc on 24 Sep 2016

~~Monit was fixed in https://github.com/NixOS/nixpkgs/pull/18916~~ (Ticked by @grahamc, thank you!)~~

Mic92 on 25 Sep 2016

I remember nothing :-) My involvement was apparently just fixing whatever failures I encountered on Hydra.

vcunat on 25 Sep 2016

~~Jq will be fixed when this is applied: https://github.com/NixOS/nixpkgs/issues/18856~~ (Ticked by @grahamc, thank you for the patch despite https://github.com/NixOS/nixpkgs/pull/18908 :) )~~

Mic92 on 25 Sep 2016

~~eog should be safe as http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7447.html applies to older versions of GTK+, which are not part of nixos.~~ (Ticked by @grahamc, thank you!)

Mic92 on 25 Sep 2016

The cairo vulnerability reported in https://lwn.net/Vulnerabilities/683452/
was fixed with cairo version 1.14.2.
Nixos stable already ships: 1.14.4 in stable. (Ticked by @grahamc, thank you!)

Mic92 on 25 Sep 2016

~~pigz 2.3.1 was vulnerable. 2.3.3, which is in stable, is not affected anymore, because this patch was applied.~~ (Ticked by @grahamc, thank you!)

Mic92 on 25 Sep 2016

Our jasper is vulnerable I think, but I'm having a hard time applying the patch. See also: https://github.com/mdadams/jasper/issues/19 and https://github.com/mdadams/jasper/pull/20

grahamc on 25 Sep 2016

lcms2 was only vulnerable until 2.5: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4160

Mic92 on 25 Sep 2016

how about the lcms2 / ming one?

grahamc on 25 Sep 2016

@grahamc https://github.com/NixOS/nixpkgs/pull/18951 (regarding lcms 1.19)

Mic92 on 25 Sep 2016

~~varnish < 3.0.7 was affected, nixos has 4.0.3: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8852~~ (Ticked by @grahamc, thank you!)

Mic92 on 25 Sep 2016

The moodle httpd module is vulnerable. Judging by the version we have, it is pretty safe to say nobody is using it. Should we just remove it, maybe? @ecraven added it and the only update we have ever seen to it was the security work for 16.03 by @grahamc.
2.8.x is entirely unsupported by now, so a larger update would be necessary... (I have no idea whether updating to latest could be done by changing name and sha256

NeQuissimus on 25 Sep 2016

Same goes for mediawiki, it's not been touched since the 16.03 security round and our version is far behind latest (and vulnerable).

NeQuissimus on 25 Sep 2016

Finally, wordpress has the same issue.
These httpd modules seem a pain to verify (I cannot just nix-build them), so I will not be sending in PRs for them :)

NeQuissimus on 25 Sep 2016

~~xen is a kernel module, so it should be fine, considering we have the latest kernels.~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 25 Sep 2016

~~For qemu, see #18954, we are vulnerable.~~ (Ticked by @grahamc, thank you!)

NeQuissimus on 25 Sep 2016

@NeQuissimus -

http modules: TOTALLY agree! So frustrating. Thank you for the checking on those. :+1: . I think we need to pull those derivations out to a pkg and then refer to them from http modules... or something.

xen: ticked. Thanks!

qemu: :+1: ticked.

grahamc on 25 Sep 2016

@NeQuissimus what about the qemu-kvm ones? will your issue fix those?

grahamc on 25 Sep 2016

In just three days we're all the way to 90% done!

Many of the remaining un-ticked issues do in fact need upgrades. Some of them are tricky, but many are probably pretty quick and easy to do.

We only have 83 left.

I'm really impressed and proud of everyone!

grahamc on 25 Sep 2016

🎉3

~~gsi-openssh:

one of the items seems to just be supporting GSI authentication. I don't know what that is; I found this but that's based on 7.1p2, which is old/has vulnerabilities, so I don't think packaging it is useful/necessary.

the other item was fixed in 7.2/7.2p2.~~ (Ticked, thank you! -- @grahamc)

aneeshusa on 25 Sep 2016

Currently looking at upgrading pidgin but it's unnecessarily complicated due to gstreamer fails. Thinking about building without Audio/Video support… :cry:

fpletz on 25 Sep 2016

I had tried that as well, months ago, and gave up.

vcunat on 25 Sep 2016

End of day report:

95% done

37 issues remain

several PRs in the process of being merged and backported :)

some of the remaining ones are very difficult to fix ... speaking of which:

Testing the HTTP based ones are very difficult to set up :(

Pidgin is hard to upgrade :(

Waiting on a release from Jasper :)

Java 1.6 and 1.7 aren't receiving public bug reports. What should we do?

The issues with struts are because it is used in mesos... I'm a bit spooked of upgrading that one :) @cstrahan?

These last few aren't going to be a ton of fun to upgrade I think, but we're so close. Let's finish up!

grahamc on 26 Sep 2016

There are some fresh OpenSSL vulns (https://www.openssl.org/news/secadv/20160926.txt); we need to bump OpenSSL 1.1.0 -> 1.1.0b and 1.0.2i -> 1.0.2j.
I'm using libressl and I'd rather not build everything with openssl to check, so I won't be opening a PR for this, but please add this to the list of TODOs. @fpletz is too fast for me!

aneeshusa on 26 Sep 2016

@aneeshusa Already took care of openssl: 4d75c71f3805b60d594aeba876363a16d4db3c8c

fpletz on 26 Sep 2016

👍1

If you're scrolling up (hi, @grahamc!) to review PRs: everything above and including the jasper has been backported as appropriately.

grahamc on 27 Sep 2016

Home Stretch Update

@fpletz will try (but if anyone would like to chip in, that would be very helpful):

[x] pidgin

[x] dhcp

[ ] samba

I will upgrade:

[x] rpm to unstable: http://www.rpm.org/releases/testing/rpm-4.13.0-rc1.tar.bz2 (fedora did the same)

[x] moin

[x] tomcat and remove old tomcats from 16.09

We are worried about (and may need to mark as broken -- ping maintainers?):

[x] openstack-neutron

[x] mesos

[x] opera (our packaged version is very old!)

mark as broken:

[ ] java7 in 16.09 (remove in master)

[x] redmine

[x] asterisk

[x] cryptopp

[x] moodle

grahamc on 27 Sep 2016

:balloon: dhcp!!

grahamc on 28 Sep 2016

Those that we can't upgrade until end of the month we can just mark as broken and comment due to what CVEs

domenkozar on 28 Sep 2016

👍2

:tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada: Finished. :tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada: :tada:

(except for 2 PRs which are to be merged shortly)

As we come to a close here, I'd like to send deep gratitude on behalf of both myself and @fpletz to those that helped -- it has been way more fun (and faster) this release than before.

My plan is to make issues similar to this much more regularly. A more regular issue means a few things:

The issue is much much smaller. On the order of tens of issues, instead of the hundreds on this one.

Keeps NixOS more secure. Many of the bugs we fixed over the last five days have existed for several months. Regularly reviewing this list will help NixOS and its users remain secure.

Creates a foundation for security announcements which is definitely a wanted feature of the NixOS community (https://github.com/NixOS/nixpkgs/issues/13515), but also gets us closer to joining the distro mailing list on OSS-Security (https://github.com/NixOS/nixpkgs/issues/14819).

If I missed you, _please please please_ let me know either here or on IRC (gchristensen).

Thank you everyone who contributed patches:

@aneeshusa

@jagajaga

@joachifm

@Mic92

@NeQuissimus

@RamKromberg

@schneefux

@vrtha

Thank you everyone who merged PRs:

@bjornfor

@DamienCassou

@edolstra

@svanderburg

@vcunat

@zimbatm

Thank you everyone who reviewed changes:

@7c6f434c

@happyente

@kevincox

and of course, thank you @domenkozar for shepherding NixOS along and @edolstra for starting the whole thing.

As a token of appreciate, I'm getting NixOS stickers made and would love to mail some to each one of you. They're pretty nice, and I think you'll really like them. I hope so, anyway 😉 . If you would like some stickers (minimum order is at least the size of everyone who contributed, don't be shy) and contributed in some way, please fill out your shipping info here: https://docs.google.com/forms/d/e/1FAIpQLSfjFnUsxrecrCOYshBQFB20YsuMWwhSYf_sDwwy59HbV37ppQ/viewform

:tada: THANK YOU SO MUCH. ❤️ 😻 😍 💟 💓 👍 💯 😲 👏 🏆 :tada:

grahamc on 28 Sep 2016

🎉13 👍1

Reminder! If you'd like stickers, submit your info to the google form: https://docs.google.com/forms/d/e/1FAIpQLSfjFnUsxrecrCOYshBQFB20YsuMWwhSYf_sDwwy59HbV37ppQ/viewform

They just came in the mail. The look like this:

grahamc on 1 Oct 2016

🎉2 ❤1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

adding python package in overlay via callPackage

teto · 3Comments

libproxy and network-manager-applet depend on webkitgtk

edolstra · 3Comments

Can we make it easier to make a derivation with no source?

chris-martin · 3Comments

tcpcryptd should be enabled by default for security.

spacekitteh · 3Comments

Manual networking on NixOS install

ob7 · 3Comments

Nixpkgs: Bug Fix Bonanza: Triage Vulnerabilities Since 16.03 (Vulnerability Roundup 1)

Goal

History

Notes on the list

What about Vulnix / monitor.nixos.org?

Instructions:

Total remaining: 0

389-ds-base (2 issues)

Assorted (312 issues)

Chromium (2 issues)

GraphicsMagick (4 issues)

ImageMagick (2 issues)

bind (3 issues)

botan (3 issues)

botan1.10 (2 issues)

cacti (3 issues)

chromium (11 issues)

chromium-browser (7 issues)

claws-mail (2 issues)

community-mysql (2 issues)

curl (5 issues)

dhcpcd (3 issues)

docker (2 issues)

dropbear (2 issues)

drupal (2 issues)

drupal7 (2 issues)

ecryptfs-utils (2 issues)

eglibc (3 issues)

eog (2 issues)

exim (2 issues)

expat (5 issues)

extplorer (3 issues)

ffmpeg (6 issues)

firefox (26 issues)

gd (2 issues)

gdk-pixbuf (3 issues)

gimp (3 issues)

git (2 issues)

glibc (9 issues)

gnupg (2 issues)

gnutls (3 issues)

golang (3 issues)

graphicsmagick (3 issues)

graphite2 (2 issues)

gsi-openssh (2 issues)

httpd (2 issues)

imagemagick (8 issues)

imlib2 (5 issues)

inspircd (2 issues)

jasper (5 issues)

java-1.6.0-ibm (2 issues)

java-1.6.0-sun (2 issues)

java-1.7.0-openjdk (2 issues)

java-1.7.0-oracle (2 issues) See: https://github.com/NixOS/nixpkgs/issues/18856#issuecomment-249179789

java-1.8.0-openjdk (3 issues)

jenkins (2 issues)

kernel (50 issues)

krb5 (4 issues)

libarchive (9 issues)

libav (4 issues)

libebml (2 issues)

libgd2 (5 issues)

libidn (2 issues)

libksba (5 issues)

libreoffice (4 issues)

libreswan (2 issues)

librsvg (2 issues)

libtorrent-rasterbar (2 issues)

libxml2 (5 issues)

mariadb (6 issues)

mbedtls (2 issues)

mediawiki (2 issues)

mercurial (2 issues)

moodle (2 issues)

mozilla (2 issues)

mozilla-nss (2 issues)

mupdf (2 issues)

mysql (5 issues)

mysql-5.5 (4 issues)

mysql-5.6 (2 issues)