6 matches found
CVE-2026-29049
melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...
parisc: Try to fix random segmentation faults in package builds
...
SUSE CVE-2024-40918
In the Linux kernel, the following vulnerability has been resolved: parisc: Try to fix random segmentation faults in package builds PA-RISC systems with PA8800 and PA8900 processors have had problems with random segmentation faults for many years. Systems with earlier processors are much more...
CVE-2024-40918 parisc: Try to fix random segmentation faults in package builds
In the Linux kernel, the following vulnerability has been resolved: parisc: Try to fix random segmentation faults in package builds PA-RISC systems with PA8800 and PA8900 processors have had problems with random segmentation faults for many years. Systems with earlier processors are much more...
openSUSE Security Update : lilypond (openSUSE-2018-487)
This update for lilypond fixes the following issues : - CVE-2018-10992: lilypond: Does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks bsc1093056 - packages do not build reproducib...
CVE-2017-14804 package builds could use directory traversal to write outside of target area
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...