mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-09 14:06:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

portage-stable/metadata: Monthly GLSA metadata updates

Browse Source
This commit is contained in:
Flatcar Buildbot 2024-09-01 07:16:01 +00:00 committed by github-actions[bot]
parent 79bfdcba39
commit 14434dd48e
37 changed files with 1897 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
MANIFEST Manifest.files.gz 580125 BLAKE2B 982b6b57cb4d4733e1bbfeb28e0a6a9ff1b1b559ff5cd5932caade1ea3218e0035c9f42e574b5131fdf3387eabb87c7cd6aed2cba373d576048c0a5e79ccec35 SHA512 8cb2188002bd17e3e7ba091831fe199c9ad02d776881b9e2e7325790c2a717534701fddb8aaca82004fd810de6f8b5b2c8146c80435e1d75e4d5c49960506eaf
TIMESTAMP 2024-08-01T06:40:34Z
MANIFEST Manifest.files.gz 585357 BLAKE2B 90b484a7cfadba26e75b941b109643027b5530ea0e0da6565b28a1492ef9b8c6cfc7254e54f18ef93a17f476c8c87b2c8309fbac1afa85d144cc4d664931e811 SHA512 f5bbc1b0b0163958f91ecc02b4f0422622112ac5c642a105fef46e39550fd8622a03abd647b830a766a072ad993d41863d2d1d5ca05368f5af8d868f03aaeae4
TIMESTAMP 2024-09-01T06:40:36Z
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmarLeJfFIAAAAAALgAo
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmbUDGRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klA/+w//b9GufyRShrKBPRMRF3zwZabqhzFcsN9C70FsaXlrAgQ5l1HqY9CSBkdk
2F1YS3Y0EYR1EI3zAbGpfrVwvp8CE/Mxq5NbIeehhoByIehYyPTu0x1DgpNbnFFo
EokuM5mG+qfF1Tv8qeGBBMkUvzrBRGQLG79z2khcvoYpaYJTON19MqeeFQffo60p
9eebwqSdEaaadCWaO9ncsDVzD/xb/JE9chbqApNAI6Qu+3gAqjxXsc8wLwbx5+GD
IxoiNzkX8d2AaXR0IMcen2bFOyRhSEAa0BrWLYP8aEZdQJkMSGPCL09FxGSFZRmo
hcUGgN8awJ7YMemPhug14V10fMQ/krgYsqknY2GojMJR/lmzYgRwHjAPAZq1uUue
A3v91z/tE6DCQgJBYuay3pytDIsmg1GZMXOUsTYlkvkHSFD6iD8L/agYAlOU+Q+u
6uSYpjINJqe0B49fDvuHF5nvSGUv7yFK4dMvLKOftqKWLegBg+WQIUqjnu8Bi/jJ
aXU7+tffKbgY5AIlpv5STWdbBwJ3/b72JTzeT1FQpurzgHnZZ2mr0dyektsiW9KI
sXNfB/MuGwtz7Rf8a5pxB0yf4EtTO94NATW2Nka5bWSmj01ZPDB+WlDGU3RakEqz
V5FeH7TW7oOg1WN0ewrTUCh+75N5P+nHFpa1PW1iGBek7RGPcak=
=y/aO
klDgsBAAoUHUrodoZqVv+dQRYagMfOtKu+cZ/yb+l9WuJq5v6zJV1SU3HFJjb8jB
yvdsf1tED9myb4iYSBaUa3rGgXbpqT7MEBZDK8lCdxo/i9ATbjbD6eSmQNqMpWCE
XfeWtJ0pa9zLEPJfzUDQ+XfJlGUkhjtiB59+/cP11gOmwRFyANr4lRvhX5hFU1sj
X9HyFfr7RPSEnZNTRjIhtFRJQvWhkZzoZOzMnJPLzzMmJkU50hVsuutiRjsRZvlZ
r+Q6yy23fOJltACl7wu8HL1BYFsMZTzMmsPABXjF20rSYMS1zqaXP/0yEuwUcmRJ
EB9bE4ximGDUD55AI5t9v9M+N3wVCx7FWifhHdOLjr2fQ/aVURbAbXG+SGfSPcgq
LSPafIb5H2N26gk7/Op/FdKb/kZ9KsHt0e63znXhvUsCLScQhrrTbR3Y2zhaZxKd
EjghEbQcdMnVLzS5i/ZlhonjeOohRCeUqWFBTf2nrn/dwFPUEaG9aheroC3h6CNS
P/x1d+kuGTu1nCmo1qyYEswpFhshdWaDphc/DF7X5glI49zT98la3FcViXIJI1NR
+oWLc4T22ObxKiuZadtxFs+fxeDnWKE5K37e5/tAELKDlr/EsmK1lDHr04jThLKh
4jALrrOHx9ELnhV2VQUAR9ZdbEd9jLY0d2LWvE8ZdvlpIXBxkUQ=
=3RjN
-----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-01.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-01">
<title>containerd: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in containerd, the worst of which could lead to privilege escalation.</synopsis>
<product type="ebuild">containerd</product>
<announced>2024-08-06</announced>
<revised count="1">2024-08-06</revised>
<bug>897960</bug>
<access>local</access>
<affected>
<package name="app-containers/containerd" auto="yes" arch="*">
<unaffected range="ge">1.6.19</unaffected>
<vulnerable range="lt">1.6.19</vulnerable>
</package>
</affected>
<background>
<p>containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All containerd users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-containers/containerd-1.6.19"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25153">CVE-2023-25153</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25173">CVE-2023-25173</uri>
</references>
<metadata tag="requester" timestamp="2024-08-06T05:38:04.316179Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-06T05:38:04.318621Z">graaff</metadata>
</glsa>

110
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-02.xml vendored Normal file
View File

@ -0,0 +1,110 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-02">
<title>Mozilla Firefox: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">firefox,firefox-bin</product>
<announced>2024-08-06</announced>
<revised count="1">2024-08-06</revised>
<bug>930380</bug>
<bug>932374</bug>
<bug>935550</bug>
<access>remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge" slot="rapid">127.0</unaffected>
<unaffected range="ge" slot="esr">115.12.0</unaffected>
<vulnerable range="lt" slot="rapid">127.0</vulnerable>
<vulnerable range="lt" slot="esr">115.12.0</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge" slot="rapid">127.0</unaffected>
<unaffected range="ge" slot="esr">115.12.0</unaffected>
<vulnerable range="lt" slot="rapid">127.0</vulnerable>
<vulnerable range="lt" slot="esr">115.12.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-127.0:rapid"
</code>
<p>All Mozilla Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-127.0:rapid"
</code>
<p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-115.12.0:esr"
</code>
<p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.12.0:esr"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2609">CVE-2024-2609</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3302">CVE-2024-3302</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3853">CVE-2024-3853</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3854">CVE-2024-3854</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3855">CVE-2024-3855</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3856">CVE-2024-3856</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3857">CVE-2024-3857</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3858">CVE-2024-3858</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3859">CVE-2024-3859</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3860">CVE-2024-3860</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3861">CVE-2024-3861</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3862">CVE-2024-3862</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3864">CVE-2024-3864</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3865">CVE-2024-3865</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4764">CVE-2024-4764</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4765">CVE-2024-4765</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4766">CVE-2024-4766</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4771">CVE-2024-4771</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4772">CVE-2024-4772</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4773">CVE-2024-4773</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4774">CVE-2024-4774</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4775">CVE-2024-4775</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4776">CVE-2024-4776</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4778">CVE-2024-4778</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5689">CVE-2024-5689</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5693">CVE-2024-5693</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5694">CVE-2024-5694</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5695">CVE-2024-5695</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5696">CVE-2024-5696</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5697">CVE-2024-5697</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5698">CVE-2024-5698</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5699">CVE-2024-5699</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5700">CVE-2024-5700</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5701">CVE-2024-5701</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5702">CVE-2024-5702</uri>
<uri>MFSA-2024-25</uri>
<uri>MFSA-2024-26</uri>
<uri>MFSA-2024-28</uri>
</references>
<metadata tag="requester" timestamp="2024-08-06T05:40:35.041061Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-06T05:40:35.043479Z">graaff</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-03.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-03">
<title>libXpm: Multiple Vulnerabilities</title>
<synopsis>Multiple vulberabilities have been discovered in libXpm, the worst of which could lead to a denial of service.</synopsis>
<product type="ebuild">libXpm</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>891209</bug>
<bug>915130</bug>
<access>local</access>
<affected>
<package name="x11-libs/libXpm" auto="yes" arch="*">
<unaffected range="ge">3.5.17</unaffected>
<vulnerable range="lt">3.5.17</vulnerable>
</package>
</affected>
<background>
<p>The X PixMap image format is an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libXpm. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libXpm users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libXpm-3.5.17"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4883">CVE-2022-4883</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44617">CVE-2022-44617</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46285">CVE-2022-46285</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43788">CVE-2023-43788</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43789">CVE-2023-43789</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T05:22:06.419014Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T05:22:06.422663Z">graaff</metadata>
</glsa>

41
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-04.xml vendored Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-04">
<title>Levenshtein: Remote Code Execution</title>
<synopsis>A vulnerability has been discovered in Levenshtein, which could lead to a remote code execution.</synopsis>
<product type="ebuild">Levenshtein</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>766009</bug>
<access>remote</access>
<affected>
<package name="dev-python/Levenshtein" auto="yes" arch="*">
<unaffected range="ge">0.12.1</unaffected>
<vulnerable range="lt">0.12.1</vulnerable>
</package>
</affected>
<background>
<p>Levenshtein is a Python extension for computing string edit distances and similarities.</p>
</background>
<description>
<p>Fixed handling of numerous possible wraparounds in calculating the size of memory allocations; incorrect handling of which could cause denial of service or even possible remote code execution.</p>
</description>
<impact type="normal">
<p>Fixed handling of numerous possible wraparounds in calculating the size of memory allocations; incorrect handling of which could cause denial of service or even possible remote code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Levenshtein users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/Levenshtein-0.12.1"
</code>
</resolution>
<references>
</references>
<metadata tag="requester" timestamp="2024-08-07T06:14:52.905613Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T06:14:52.912037Z">graaff</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-05.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-05">
<title>Redis: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Redis, the worst of which may lead to a denial of service or possible remote code execution.</synopsis>
<product type="ebuild">redis</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>891169</bug>
<bug>898464</bug>
<bug>902501</bug>
<bug>904486</bug>
<bug>910191</bug>
<bug>913741</bug>
<bug>915989</bug>
<bug>921662</bug>
<access>local and remote</access>
<affected>
<package name="dev-db/redis" auto="yes" arch="*">
<unaffected range="ge">7.2.4</unaffected>
<vulnerable range="lt">7.2.4</vulnerable>
</package>
</affected>
<background>
<p>Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Redis users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/redis-7.2.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24834">CVE-2022-24834</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35977">CVE-2022-35977</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36021">CVE-2022-36021</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22458">CVE-2023-22458</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25155">CVE-2023-25155</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28425">CVE-2023-28425</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28856">CVE-2023-28856</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-36824">CVE-2023-36824</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-41053">CVE-2023-41053</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-41056">CVE-2023-41056</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45145">CVE-2023-45145</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T06:33:13.322960Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T06:33:13.327235Z">graaff</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-06.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-06">
<title>PostgreSQL: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in PostgreSQL, the worst of which could lead to privilege escalation or denial of service.</synopsis>
<product type="ebuild">postgresql</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>903193</bug>
<bug>912251</bug>
<bug>917153</bug>
<bug>924110</bug>
<bug>931849</bug>
<access>local</access>
<affected>
<package name="dev-db/postgresql" auto="yes" arch="*">
<unaffected range="ge" slot="12">12.19</unaffected>
<unaffected range="ge" slot="13">13.14</unaffected>
<unaffected range="ge" slot="14">14.12-r1</unaffected>
<unaffected range="ge" slot="15">15.7-r1</unaffected>
<unaffected range="ge" slot="16">16.3-r1</unaffected>
<vulnerable range="lt">12</vulnerable>
<vulnerable range="lt" slot="12">12.19</vulnerable>
<vulnerable range="lt" slot="13">13.14</vulnerable>
<vulnerable range="lt" slot="14">14.12-r1</vulnerable>
<vulnerable range="lt" slot="15">15.7-r1</vulnerable>
<vulnerable range="lt" slot="16">16.3-r1</vulnerable>
</package>
</affected>
<background>
<p>PostgreSQL is an open source object-relational database management system.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PostgreSQL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-16.3-r1:16"
</code>
<p>Or update an older slot if that is still in use.</p>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5868">CVE-2023-5868</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5869">CVE-2023-5869</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5870">CVE-2023-5870</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0985">CVE-2024-0985</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4317">CVE-2024-4317</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T08:28:46.588202Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T08:28:46.591128Z">graaff</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-07.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-07">
<title>Go: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service.</synopsis>
<product type="ebuild">go</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>906043</bug>
<bug>919310</bug>
<bug>926530</bug>
<bug>928539</bug>
<bug>931602</bug>
<access>remote</access>
<affected>
<package name="dev-lang/go" auto="yes" arch="*">
<unaffected range="ge">1.22.3</unaffected>
<vulnerable range="lt">1.22.3</vulnerable>
</package>
</affected>
<background>
<p>Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Go users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/go-1.22.3"
</code>
<p>Due to Go programs typically being statically compiled, Go users should also recompile the reverse dependencies of the Go language to ensure statically linked programs are remediated:</p>
<code>
# emerge --ask --oneshot --verbose @golang-rebuild
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24539">CVE-2023-24539</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24540">CVE-2023-24540</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29400">CVE-2023-29400</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39326">CVE-2023-39326</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45283">CVE-2023-45283</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45285">CVE-2023-45285</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45288">CVE-2023-45288</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45289">CVE-2023-45289</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45290">CVE-2023-45290</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24783">CVE-2024-24783</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24784">CVE-2024-24784</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24785">CVE-2024-24785</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24788">CVE-2024-24788</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T09:30:13.961626Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T09:30:13.964984Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-08.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-08">
<title>json-c: Buffer Overflow</title>
<synopsis>A vulnerability has been discovered in json-c, which can lead to a stack buffer overflow.</synopsis>
<product type="ebuild">json-c</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>918555</bug>
<access>remote</access>
<affected>
<package name="dev-libs/json-c" auto="yes" arch="*">
<unaffected range="ge">0.16</unaffected>
<vulnerable range="lt">0.16</vulnerable>
</package>
</affected>
<background>
<p>json-c is a JSON implementation in C.</p>
</background>
<description>
<p>Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="normal">
<p>A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All json-c users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/json-c-0.16"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32292">CVE-2021-32292</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T11:00:32.063764Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T11:00:32.067004Z">graaff</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-09.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-09">
<title>Cairo: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Cairo, the worst of which a denial of service.</synopsis>
<product type="ebuild">cairo</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>717778</bug>
<access>local</access>
<affected>
<package name="x11-libs/cairo" auto="yes" arch="*">
<unaffected range="ge">1.18.0</unaffected>
<vulnerable range="lt">1.18.0</vulnerable>
</package>
</affected>
<background>
<p>Cairo is a 2D vector graphics library with cross-device output support.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Cairo. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Cairo users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.18.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6461">CVE-2019-6461</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6462">CVE-2019-6462</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T11:19:32.821340Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T11:19:32.823921Z">graaff</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-10.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-10">
<title>nghttp2: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service.</synopsis>
<product type="ebuild">nghttp2</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>915554</bug>
<bug>928541</bug>
<access>remote</access>
<affected>
<package name="net-libs/nghttp2" auto="yes" arch="*">
<unaffected range="ge">1.61.0</unaffected>
<vulnerable range="lt">1.61.0</vulnerable>
</package>
</affected>
<background>
<p>Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in nghttp2. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All nghttp2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nghttp2-1.61.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44487">CVE-2023-44487</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-28182">CVE-2024-28182</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T11:37:22.663338Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T11:37:22.666444Z">graaff</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-11.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-11">
<title>aiohttp: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in aiohttp, the worst of which could lead to service compromise.</synopsis>
<product type="ebuild">aiohttp</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>918541</bug>
<bug>918968</bug>
<bug>931097</bug>
<access>remote</access>
<affected>
<package name="dev-python/aiohttp" auto="yes" arch="*">
<unaffected range="ge">3.9.4</unaffected>
<vulnerable range="lt">3.9.4</vulnerable>
</package>
</affected>
<background>
<p>aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All aiohttp users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/aiohttp-3.9.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-47641">CVE-2023-47641</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49082">CVE-2023-49082</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-30251">CVE-2024-30251</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T11:59:46.382696Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T11:59:46.386364Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-12.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-12">
<title>Bitcoin: Denial of Service</title>
<synopsis>A vulnerability has been discovered in Bitcoin, which can lead to a denial of service.</synopsis>
<product type="ebuild">bitcoind</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>908084</bug>
<access>remote</access>
<affected>
<package name="net-p2p/bitcoind" auto="yes" arch="*">
<unaffected range="ge">25.0</unaffected>
<vulnerable range="lt">25.0</vulnerable>
</package>
</affected>
<background>
<p>Bitcoin Core consists of both &#34;full-node&#34; software for fully validating the blockchain as well as a bitcoin wallet.</p>
</background>
<description>
<p>Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="normal">
<p>Bitcoin Core, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Bitcoin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/bitcoind-25.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-33297">CVE-2023-33297</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T12:34:53.892565Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T12:34:53.895329Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-13.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-13">
<title>Nokogiri: Denial of Service</title>
<synopsis>A vulnerability has been discovered in Nokogiri, which can lead to a denial of service.</synopsis>
<product type="ebuild">nokogiri</product>
<announced>2024-08-07</announced>
<revised count="1">2024-08-07</revised>
<bug>884863</bug>
<access>local</access>
<affected>
<package name="dev-ruby/nokogiri" auto="yes" arch="*">
<unaffected range="ge">1.13.10</unaffected>
<vulnerable range="lt">1.13.10</vulnerable>
</package>
</affected>
<background>
<p>Nokogiri is an HTML, XML, SAX, and Reader parser.</p>
</background>
<description>
<p>A denial of service vulnerability has been discovered in Nokogiri. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="normal">
<p>Nokogiri fails to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack.</p>
</impact>
<workaround>
<p>Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.</p>
</workaround>
<resolution>
<p>All Nokogiri users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ruby/nokogiri-1.13.10"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23476">CVE-2022-23476</uri>
</references>
<metadata tag="requester" timestamp="2024-08-07T13:11:11.971415Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-07T13:11:11.974740Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-14.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-14">
<title>Librsvg: Arbitrary File Read</title>
<synopsis>A vulnerability has been discovered in Librsvg, which can lead to arbitrary file reads.</synopsis>
<product type="ebuild">librsvg</product>
<announced>2024-08-09</announced>
<revised count="1">2024-08-09</revised>
<bug>918100</bug>
<access>local and remote</access>
<affected>
<package name="gnome-base/librsvg" auto="yes" arch="*">
<unaffected range="ge">2.56.3</unaffected>
<vulnerable range="lt">2.56.3</vulnerable>
</package>
</affected>
<background>
<p>Librsvg is a library to render SVG files using cairo as a rendering engine.</p>
</background>
<description>
<p>A directory traversal problem in the URL decoder of librsvg could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=&#34;.?../../../../../../../../../../etc/passwd&#34; in an xi:include element.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifier for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Librsvg users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-base/librsvg-2.56.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38633">CVE-2023-38633</uri>
</references>
<metadata tag="requester" timestamp="2024-08-09T06:49:19.778412Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-09T06:49:19.781284Z">graaff</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-15.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-15">
<title>Percona XtraBackup: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Percona XtraBackup, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">percona-xtrabackup,percona-xtrabackup-bin</product>
<announced>2024-08-09</announced>
<revised count="1">2024-08-09</revised>
<bug>849389</bug>
<bug>908033</bug>
<access>remote</access>
<affected>
<package name="dev-db/percona-xtrabackup" auto="yes" arch="*">
<unaffected range="ge">8.0.29.22</unaffected>
<vulnerable range="lt">8.0.29.22</vulnerable>
</package>
<package name="dev-db/percona-xtrabackup-bin" auto="yes" arch="*">
<vulnerable range="lt">8.0.29.22</vulnerable>
</package>
</affected>
<background>
<p>Percona XtraBackup is a complete and open source online backup solution for all versions of MySQL.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Percona XtraBackup. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Percona XtraBackup users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/percona-xtrabackup-8.0.29.22"
</code>
<p>Gentoo has discontinued support for the binary package. Users should remove this from their system:</p>
<code>
# emerge --sync
# emerge --ask --verbose --depclean "dev-db/percona-xtrabackup-bin"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-25834">CVE-2022-25834</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26944">CVE-2022-26944</uri>
</references>
<metadata tag="requester" timestamp="2024-08-09T06:59:52.845544Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-09T06:59:52.849111Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-16.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-16">
<title>re2c: Denial of Service</title>
<synopsis>A vulnerability has been discovered in re2c, which can lead to a denial of service.</synopsis>
<product type="ebuild">re2c</product>
<announced>2024-08-09</announced>
<revised count="1">2024-08-09</revised>
<bug>719872</bug>
<access>local</access>
<affected>
<package name="dev-util/re2c" auto="yes" arch="*">
<unaffected range="ge">2.0</unaffected>
<vulnerable range="lt">2.0</vulnerable>
</package>
</affected>
<background>
<p>re2c is a tool for generating C-based recognizers from regular expressions.</p>
</background>
<description>
<p>Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the CVE identifier referenced below for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All re2c users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/re2c-2.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-21232">CVE-2018-21232</uri>
</references>
<metadata tag="requester" timestamp="2024-08-09T07:09:13.470150Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-09T07:09:13.473932Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-17.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-17">
<title>Nautilus: Denial of Service</title>
<synopsis>A vulnerability has been discovered in Nautilus, which can lead to a denial of service.</synopsis>
<product type="ebuild">nautilus</product>
<announced>2024-08-09</announced>
<revised count="1">2024-08-09</revised>
<bug>881509</bug>
<access>local</access>
<affected>
<package name="gnome-base/nautilus" auto="yes" arch="*">
<unaffected range="ge">44.0</unaffected>
<vulnerable range="lt">44.0</vulnerable>
</package>
</affected>
<background>
<p>Default file manager for the GNOME desktop</p>
</background>
<description>
<p>Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="normal">
<p>GNOME Nautilus allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Nautilus users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-base/nautilus-44.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37290">CVE-2022-37290</uri>
</references>
<metadata tag="requester" timestamp="2024-08-09T09:22:03.162678Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-09T09:22:03.165420Z">graaff</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-18.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-18">
<title>QEMU: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in QEMU, the worst of which could lead to a denial of service.</synopsis>
<product type="ebuild">qemu</product>
<announced>2024-08-09</announced>
<revised count="1">2024-08-09</revised>
<bug>857657</bug>
<bug>865121</bug>
<bug>883693</bug>
<bug>909542</bug>
<access>local</access>
<affected>
<package name="app-emulation/qemu" auto="yes" arch="*">
<unaffected range="ge">8.0.0</unaffected>
<vulnerable range="lt">8.0.0</vulnerable>
</package>
</affected>
<background>
<p>QEMU is a generic and open source machine emulator and virtualizer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All QEMU users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/qemu-8.0.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14394">CVE-2020-14394</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0216">CVE-2022-0216</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1050">CVE-2022-1050</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2962">CVE-2022-2962</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4144">CVE-2022-4144</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4172">CVE-2022-4172</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35414">CVE-2022-35414</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1544">CVE-2023-1544</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2861">CVE-2023-2861</uri>
</references>
<metadata tag="requester" timestamp="2024-08-09T09:49:28.328653Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-09T09:49:28.332697Z">graaff</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-19.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-19">
<title>ncurses: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in ncurses, the worst of which could lead to a denial of service.</synopsis>
<product type="ebuild">ncurses,ncurses-compat</product>
<announced>2024-08-09</announced>
<revised count="1">2024-08-09</revised>
<bug>839351</bug>
<bug>904247</bug>
<access>remote</access>
<affected>
<package name="sys-libs/ncurses" auto="yes" arch="*">
<unaffected range="ge">6.4_p20230408</unaffected>
<vulnerable range="lt">6.4_p20230408</vulnerable>
</package>
<package name="sys-libs/ncurses-compat" auto="yes" arch="*">
<unaffected range="ge">6.4_p20240330</unaffected>
<vulnerable range="lt">6.4_p20240330</vulnerable>
</package>
</affected>
<background>
<p>Free software emulation of curses in System V.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All ncurses users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/ncurses-6.4_p20230408"
# emerge --ask --oneshot --verbose ">=sys-libs/ncurses-compat-6.4_p20240330"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29458">CVE-2022-29458</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29491">CVE-2023-29491</uri>
</references>
<metadata tag="requester" timestamp="2024-08-09T11:05:25.778609Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-09T11:05:25.782155Z">graaff</metadata>
</glsa>

88
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-20.xml vendored Normal file
View File

@ -0,0 +1,88 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-20">
<title>libde265: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">libde265</product>
<announced>2024-08-10</announced>
<revised count="1">2024-08-10</revised>
<bug>813486</bug>
<bug>889876</bug>
<access>local</access>
<affected>
<package name="media-libs/libde265" auto="yes" arch="*">
<unaffected range="ge">1.0.11</unaffected>
<vulnerable range="lt">1.0.11</vulnerable>
</package>
</affected>
<background>
<p>Open h.265 video codec implementation.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libde265. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libde265 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libde265-1.0.11"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21594">CVE-2020-21594</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21595">CVE-2020-21595</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21596">CVE-2020-21596</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21597">CVE-2020-21597</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21598">CVE-2020-21598</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21599">CVE-2020-21599</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21600">CVE-2020-21600</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21601">CVE-2020-21601</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21602">CVE-2020-21602</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21603">CVE-2020-21603</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21604">CVE-2020-21604</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21605">CVE-2020-21605</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21606">CVE-2020-21606</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35452">CVE-2021-35452</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36408">CVE-2021-36408</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36409">CVE-2021-36409</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36410">CVE-2021-36410</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36411">CVE-2021-36411</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1253">CVE-2022-1253</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43235">CVE-2022-43235</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43236">CVE-2022-43236</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43237">CVE-2022-43237</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43238">CVE-2022-43238</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43239">CVE-2022-43239</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43240">CVE-2022-43240</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43241">CVE-2022-43241</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43242">CVE-2022-43242</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43243">CVE-2022-43243</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43244">CVE-2022-43244</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43245">CVE-2022-43245</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43248">CVE-2022-43248</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43249">CVE-2022-43249</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43250">CVE-2022-43250</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43252">CVE-2022-43252</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43253">CVE-2022-43253</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47655">CVE-2022-47655</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47664">CVE-2022-47664</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47665">CVE-2022-47665</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24751">CVE-2023-24751</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24752">CVE-2023-24752</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24754">CVE-2023-24754</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24755">CVE-2023-24755</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24756">CVE-2023-24756</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24757">CVE-2023-24757</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24758">CVE-2023-24758</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25221">CVE-2023-25221</uri>
</references>
<metadata tag="requester" timestamp="2024-08-10T05:53:21.175447Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-10T05:53:21.178987Z">graaff</metadata>
</glsa>

258
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-21.xml vendored Normal file
View File

@ -0,0 +1,258 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-21">
<title>GPAC: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">gpac</product>
<announced>2024-08-10</announced>
<revised count="1">2024-08-10</revised>
<bug>785649</bug>
<bug>835341</bug>
<access>remote</access>
<affected>
<package name="media-video/gpac" auto="yes" arch="*">
<unaffected range="ge">2.2.0</unaffected>
<vulnerable range="lt">2.2.0</vulnerable>
</package>
</affected>
<background>
<p>GPAC is an implementation of the MPEG-4 Systems standard developed from scratch in ANSI C.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GPAC. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GPAC users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/gpac-2.2.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22673">CVE-2020-22673</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22674">CVE-2020-22674</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22675">CVE-2020-22675</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22677">CVE-2020-22677</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22678">CVE-2020-22678</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22679">CVE-2020-22679</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25427">CVE-2020-25427</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35979">CVE-2020-35979</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35980">CVE-2020-35980</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35981">CVE-2020-35981</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35982">CVE-2020-35982</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4043">CVE-2021-4043</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21834">CVE-2021-21834</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21835">CVE-2021-21835</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21836">CVE-2021-21836</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21837">CVE-2021-21837</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21838">CVE-2021-21838</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21839">CVE-2021-21839</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21840">CVE-2021-21840</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21841">CVE-2021-21841</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21842">CVE-2021-21842</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21843">CVE-2021-21843</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21844">CVE-2021-21844</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21845">CVE-2021-21845</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21846">CVE-2021-21846</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21847">CVE-2021-21847</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21848">CVE-2021-21848</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21849">CVE-2021-21849</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21850">CVE-2021-21850</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21851">CVE-2021-21851</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21852">CVE-2021-21852</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21853">CVE-2021-21853</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21854">CVE-2021-21854</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21855">CVE-2021-21855</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21856">CVE-2021-21856</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21857">CVE-2021-21857</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21858">CVE-2021-21858</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21859">CVE-2021-21859</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21860">CVE-2021-21860</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21861">CVE-2021-21861</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21862">CVE-2021-21862</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30014">CVE-2021-30014</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30015">CVE-2021-30015</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30019">CVE-2021-30019</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30020">CVE-2021-30020</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30022">CVE-2021-30022</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30199">CVE-2021-30199</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31254">CVE-2021-31254</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31255">CVE-2021-31255</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31256">CVE-2021-31256</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31257">CVE-2021-31257</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31258">CVE-2021-31258</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31259">CVE-2021-31259</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31260">CVE-2021-31260</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31261">CVE-2021-31261</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31262">CVE-2021-31262</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32132">CVE-2021-32132</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32134">CVE-2021-32134</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32135">CVE-2021-32135</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32136">CVE-2021-32136</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32137">CVE-2021-32137</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32138">CVE-2021-32138</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32139">CVE-2021-32139</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32437">CVE-2021-32437</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32438">CVE-2021-32438</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32439">CVE-2021-32439</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32440">CVE-2021-32440</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33361">CVE-2021-33361</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33362">CVE-2021-33362</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33363">CVE-2021-33363</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33364">CVE-2021-33364</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33365">CVE-2021-33365</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33366">CVE-2021-33366</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36412">CVE-2021-36412</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36414">CVE-2021-36414</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36417">CVE-2021-36417</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36584">CVE-2021-36584</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40559">CVE-2021-40559</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40562">CVE-2021-40562</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40563">CVE-2021-40563</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40564">CVE-2021-40564</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40565">CVE-2021-40565</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40566">CVE-2021-40566</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40567">CVE-2021-40567</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40568">CVE-2021-40568</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40569">CVE-2021-40569</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40570">CVE-2021-40570</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40571">CVE-2021-40571</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40572">CVE-2021-40572</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40573">CVE-2021-40573</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40574">CVE-2021-40574</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40575">CVE-2021-40575</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40576">CVE-2021-40576</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40592">CVE-2021-40592</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40606">CVE-2021-40606</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40607">CVE-2021-40607</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40608">CVE-2021-40608</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40609">CVE-2021-40609</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40942">CVE-2021-40942</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40944">CVE-2021-40944</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41456">CVE-2021-41456</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41457">CVE-2021-41457</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41458">CVE-2021-41458</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41459">CVE-2021-41459</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44918">CVE-2021-44918</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44919">CVE-2021-44919</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44920">CVE-2021-44920</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44921">CVE-2021-44921</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44922">CVE-2021-44922</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44923">CVE-2021-44923</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44924">CVE-2021-44924</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44925">CVE-2021-44925</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44926">CVE-2021-44926</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44927">CVE-2021-44927</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45258">CVE-2021-45258</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45259">CVE-2021-45259</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45260">CVE-2021-45260</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45262">CVE-2021-45262</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45263">CVE-2021-45263</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45266">CVE-2021-45266</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45267">CVE-2021-45267</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45288">CVE-2021-45288</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45289">CVE-2021-45289</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45291">CVE-2021-45291</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45292">CVE-2021-45292</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45297">CVE-2021-45297</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45760">CVE-2021-45760</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45762">CVE-2021-45762</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45763">CVE-2021-45763</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45764">CVE-2021-45764</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45767">CVE-2021-45767</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45831">CVE-2021-45831</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46038">CVE-2021-46038</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46039">CVE-2021-46039</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46040">CVE-2021-46040</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46041">CVE-2021-46041</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46042">CVE-2021-46042</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46043">CVE-2021-46043</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46044">CVE-2021-46044</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46045">CVE-2021-46045</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46046">CVE-2021-46046</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46047">CVE-2021-46047</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46049">CVE-2021-46049</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46051">CVE-2021-46051</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46234">CVE-2021-46234</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46236">CVE-2021-46236</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46237">CVE-2021-46237</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46238">CVE-2021-46238</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46239">CVE-2021-46239</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46240">CVE-2021-46240</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46311">CVE-2021-46311</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46313">CVE-2021-46313</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1035">CVE-2022-1035</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1172">CVE-2022-1172</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1222">CVE-2022-1222</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1441">CVE-2022-1441</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1795">CVE-2022-1795</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2453">CVE-2022-2453</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2454">CVE-2022-2454</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2549">CVE-2022-2549</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3178">CVE-2022-3178</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3222">CVE-2022-3222</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3957">CVE-2022-3957</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4202">CVE-2022-4202</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24249">CVE-2022-24249</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24574">CVE-2022-24574</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24575">CVE-2022-24575</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24576">CVE-2022-24576</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24577">CVE-2022-24577</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24578">CVE-2022-24578</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26967">CVE-2022-26967</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27145">CVE-2022-27145</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27146">CVE-2022-27146</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27147">CVE-2022-27147</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27148">CVE-2022-27148</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29339">CVE-2022-29339</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29340">CVE-2022-29340</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29537">CVE-2022-29537</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30976">CVE-2022-30976</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36186">CVE-2022-36186</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36190">CVE-2022-36190</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36191">CVE-2022-36191</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38530">CVE-2022-38530</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43039">CVE-2022-43039</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43040">CVE-2022-43040</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43042">CVE-2022-43042</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43043">CVE-2022-43043</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43044">CVE-2022-43044</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43045">CVE-2022-43045</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43254">CVE-2022-43254</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43255">CVE-2022-43255</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45202">CVE-2022-45202</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45204">CVE-2022-45204</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45283">CVE-2022-45283</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45343">CVE-2022-45343</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46489">CVE-2022-46489</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46490">CVE-2022-46490</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47086">CVE-2022-47086</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47087">CVE-2022-47087</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47088">CVE-2022-47088</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47089">CVE-2022-47089</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47091">CVE-2022-47091</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47092">CVE-2022-47092</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47093">CVE-2022-47093</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47094">CVE-2022-47094</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47095">CVE-2022-47095</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47653">CVE-2022-47653</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47654">CVE-2022-47654</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47656">CVE-2022-47656</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47657">CVE-2022-47657</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47658">CVE-2022-47658</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47659">CVE-2022-47659</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47660">CVE-2022-47660</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47661">CVE-2022-47661</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47662">CVE-2022-47662</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47663">CVE-2022-47663</uri>
</references>
<metadata tag="requester" timestamp="2024-08-10T05:56:40.883624Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-10T05:56:40.887094Z">graaff</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-22.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-22">
<title>Bundler: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Bundler, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">bundler</product>
<announced>2024-08-10</announced>
<revised count="1">2024-08-10</revised>
<bug>743214</bug>
<bug>798135</bug>
<bug>828884</bug>
<access>local and remote</access>
<affected>
<package name="dev-ruby/bundler" auto="yes" arch="*">
<unaffected range="ge">2.2.33</unaffected>
<vulnerable range="lt">2.2.33</vulnerable>
</package>
</affected>
<background>
<p>Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Bundler users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ruby/bundler-2.2.33"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3881">CVE-2019-3881</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36327">CVE-2020-36327</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43809">CVE-2021-43809</uri>
</references>
<metadata tag="requester" timestamp="2024-08-10T08:23:41.517666Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-10T08:23:41.520457Z">graaff</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-23.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-23">
<title>GnuPG: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in GnuPG, the worst of which could lead to signature spoofing.</synopsis>
<product type="ebuild">gnupg</product>
<announced>2024-08-10</announced>
<revised count="1">2024-08-10</revised>
<bug>855395</bug>
<bug>923248</bug>
<access>remote</access>
<affected>
<package name="app-crypt/gnupg" auto="yes" arch="*">
<unaffected range="ge">2.4.4</unaffected>
<vulnerable range="lt">2.4.4</vulnerable>
</package>
</affected>
<background>
<p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GnuPG users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.4.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34903">CVE-2022-34903</uri>
</references>
<metadata tag="requester" timestamp="2024-08-10T08:41:19.748264Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-10T08:41:19.752993Z">graaff</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-24.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-24">
<title>Ruby on Rails: Remote Code Execution</title>
<synopsis>A vulnerability has been discovered in Ruby on Rails, which can lead to remote code execution via serialization of data.</synopsis>
<product type="ebuild">rails</product>
<announced>2024-08-11</announced>
<revised count="1">2024-08-11</revised>
<bug>857840</bug>
<access>remote</access>
<affected>
<package name="dev-ruby/rails" auto="yes" arch="*">
<unaffected range="ge" slot="7.0">7.0.3.1</unaffected>
<unaffected range="ge" slot="6.1">6.1.6.1</unaffected>
<vulnerable range="lt" slot="7.0">7.0.3.1</vulnerable>
<vulnerable range="lt" slot="6.1">6.1.6.1</vulnerable>
</package>
</affected>
<background>
<p>Ruby on Rails is a free web framework used to develop database-driven web applications.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Ruby on Rails. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE.
Impacted Active Record models will look something like this:
class User &lt; ApplicationRecord
serialize :options # Vulnerable: Uses YAML for serialization
serialize :values, Array # Vulnerable: Uses YAML for serialization
serialize :values, JSON # Not vulnerable
end
The released versions change the default YAML deserializer to use YAML.safe_load, which prevents deserialization of possibly dangerous objects. This may introduce backwards compatibility issues with existing data.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Ruby on Rails users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ruby/rails-6.1.6.1:6.1"
# emerge --ask --oneshot --verbose ">=dev-ruby/rails-7.0.3.1:7.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32224">CVE-2022-32224</uri>
</references>
<metadata tag="requester" timestamp="2024-08-11T05:35:49.928407Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-11T05:35:49.931387Z">graaff</metadata>
</glsa>

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-25.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-25">
<title>runc: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in runc, the worst of which could lead to privilege escalation.</synopsis>
<product type="ebuild">runc</product>
<announced>2024-08-11</announced>
<revised count="1">2024-08-11</revised>
<bug>828471</bug>
<bug>844085</bug>
<bug>903079</bug>
<bug>923434</bug>
<access>local</access>
<affected>
<package name="app-containers/runc" auto="yes" arch="*">
<unaffected range="ge">1.1.12</unaffected>
<vulnerable range="lt">1.1.12</vulnerable>
</package>
</affected>
<background>
<p>runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in runc. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All runc users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-containers/runc-1.1.12"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43784">CVE-2021-43784</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29162">CVE-2022-29162</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25809">CVE-2023-25809</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-27561">CVE-2023-27561</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28642">CVE-2023-28642</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21626">CVE-2024-21626</uri>
</references>
<metadata tag="requester" timestamp="2024-08-11T05:45:57.598514Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-11T05:45:57.602231Z">graaff</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-26.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-26">
<title>matio: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in matio, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">matio</product>
<announced>2024-08-11</announced>
<revised count="1">2024-08-11</revised>
<bug>803131</bug>
<access>local</access>
<affected>
<package name="sci-libs/matio" auto="yes" arch="*">
<unaffected range="ge">1.5.22</unaffected>
<vulnerable range="lt">1.5.22</vulnerable>
</package>
</affected>
<background>
<p>matio is a library for reading and writing matlab files.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in matio. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All matio users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sci-libs/matio-1.5.22"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36428">CVE-2020-36428</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36977">CVE-2021-36977</uri>
</references>
<metadata tag="requester" timestamp="2024-08-11T14:39:15.111907Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-11T14:39:15.117732Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-27.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-27">
<title>AFLplusplus: Arbitrary Code Execution</title>
<synopsis>A vulnerability has been discovered in AFLplusplus, which can lead to arbitrary code execution via an untrusted CWD.</synopsis>
<product type="ebuild">aflplusplus</product>
<announced>2024-08-11</announced>
<revised count="1">2024-08-11</revised>
<bug>897924</bug>
<access>local</access>
<affected>
<package name="app-forensics/aflplusplus" auto="yes" arch="*">
<unaffected range="ge">4.06c</unaffected>
<vulnerable range="lt">4.06c</vulnerable>
</package>
</affected>
<background>
<p>The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel &amp; redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!</p>
</background>
<description>
<p>In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.</p>
</description>
<impact type="normal">
<p>In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All AFLplusplus users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-forensics/aflplusplus-4.06c"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-26266">CVE-2023-26266</uri>
</references>
<metadata tag="requester" timestamp="2024-08-11T14:41:12.220665Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-11T14:41:12.227036Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-28.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-28">
<title>rsyslog: Heap Buffer Overflow</title>
<synopsis>A vulnerability has been discovered in rsyslog, which could possibly lead to remote code execution.</synopsis>
<product type="ebuild">rsyslog</product>
<announced>2024-08-11</announced>
<revised count="1">2024-08-11</revised>
<bug>842846</bug>
<access>local and remote</access>
<affected>
<package name="app-admin/rsyslog" auto="yes" arch="*">
<unaffected range="ge">8.2206.0</unaffected>
<vulnerable range="lt">8.2206.0</vulnerable>
</package>
</affected>
<background>
<p>rsyslog is an enhanced multi-threaded syslogd with database support and more.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in rsyslog. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values, leading to data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All rsyslog users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/rsyslog-8.2206.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24903">CVE-2022-24903</uri>
</references>
<metadata tag="requester" timestamp="2024-08-11T14:42:54.282784Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-11T14:42:54.286434Z">graaff</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-29.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-29">
<title>MuPDF: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in MuPDF, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">mupdf</product>
<announced>2024-08-12</announced>
<revised count="1">2024-08-12</revised>
<bug>803305</bug>
<access>local</access>
<affected>
<package name="app-text/mupdf" auto="yes" arch="*">
<unaffected range="ge">1.20.0</unaffected>
<vulnerable range="lt">1.20.0</vulnerable>
</package>
</affected>
<background>
<p>A lightweight PDF, XPS, and E-book viewer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All MuPDF users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/mupdf-1.20.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4216">CVE-2021-4216</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37220">CVE-2021-37220</uri>
</references>
<metadata tag="requester" timestamp="2024-08-12T07:17:27.916325Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-12T07:17:27.921110Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-30.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-30">
<title>dpkg: Directory Traversal</title>
<synopsis>A vulnerability has been discovered in dpkg, which allows for directory traversal.</synopsis>
<product type="ebuild">dpkg</product>
<announced>2024-08-12</announced>
<revised count="1">2024-08-12</revised>
<bug>847976</bug>
<access>local</access>
<affected>
<package name="app-arch/dpkg" auto="yes" arch="*">
<unaffected range="ge">1.20.9-r1</unaffected>
<vulnerable range="lt">1.20.9-r1</vulnerable>
</package>
</affected>
<background>
<p>Debian package management system.</p>
</background>
<description>
<p>Please review the CVE indentifier referenced below for details.</p>
</description>
<impact type="normal">
<p>Dpkg::Source::Archive in dpkg, the Debian package management system, is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All dpkg users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/dpkg-1.20.9-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1664">CVE-2022-1664</uri>
</references>
<metadata tag="requester" timestamp="2024-08-12T07:19:16.088421Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-12T07:19:16.091312Z">graaff</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-31.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-31">
<title>protobuf, protobuf-python: Denial of Service</title>
<synopsis>A vulnerability has been discovered in protobuf and protobuf-python, which can lead to a denial of service.</synopsis>
<product type="ebuild">protobuf,protobuf-python</product>
<announced>2024-08-12</announced>
<revised count="1">2024-08-12</revised>
<bug>872434</bug>
<access>local</access>
<affected>
<package name="dev-libs/protobuf" auto="yes" arch="*">
<unaffected range="ge">3.20.3</unaffected>
<vulnerable range="lt">3.20.3</vulnerable>
</package>
<package name="dev-python/protobuf-python" auto="yes" arch="*">
<unaffected range="ge">3.19.6</unaffected>
<vulnerable range="lt">3.19.6</vulnerable>
</package>
</affected>
<background>
<p>Google&#39;s Protocol Buffers are an extensible mechanism for serializing structured data.</p>
</background>
<description>
<p>A vulnerability has been discovered in protobuf and protobuf-python. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>A parsing vulnerability for the MessageSet type can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All protobuf and protobuf-python users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/protobuf-3.20.3"
# emerge --ask --oneshot --verbose ">=dev-python/protobuf-python-3.19.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1941">CVE-2022-1941</uri>
</references>
<metadata tag="requester" timestamp="2024-08-12T07:20:36.807024Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-12T07:20:36.811154Z">graaff</metadata>
</glsa>

71
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-32.xml vendored Normal file
View File

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-32">
<title>PHP: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.</synopsis>
<product type="ebuild">php</product>
<announced>2024-08-12</announced>
<revised count="2">2024-08-13</revised>
<bug>889882</bug>
<bug>895416</bug>
<bug>908259</bug>
<bug>912331</bug>
<bug>929929</bug>
<bug>933752</bug>
<access>local and remote</access>
<affected>
<package name="dev-lang/php" auto="yes" arch="*">
<unaffected range="ge" slot="8.1">8.1.29</unaffected>
<unaffected range="ge" slot="8.2">8.2.20</unaffected>
<unaffected range="ge" slot="8.3">8.3.8</unaffected>
<vulnerable range="lt">8.1</vulnerable>
<vulnerable range="lt" slot="8.1">8.1.29</vulnerable>
<vulnerable range="lt" slot="8.2">8.2.20</vulnerable>
<vulnerable range="lt" slot="8.3">8.3.8</vulnerable>
</package>
</affected>
<background>
<p>PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PHP users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-8.1.29:8.1"
# emerge --ask --oneshot --verbose ">=dev-lang/php-8.2.20:8.2"
# emerge --ask --oneshot --verbose ">=dev-lang/php-8.3.8:8.3"
</code>
<p>Support for older version has been discontinued:</p>
<code>
# emerge --ask --verbose --depclean "&lt;dev-lang/php-8.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31631">CVE-2022-31631</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0567">CVE-2023-0567</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0568">CVE-2023-0568</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0662">CVE-2023-0662</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3823">CVE-2023-3823</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3824">CVE-2023-3824</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2756">CVE-2024-2756</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2757">CVE-2024-2757</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3096">CVE-2024-3096</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4577">CVE-2024-4577</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5458">CVE-2024-5458</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5585">CVE-2024-5585</uri>
</references>
<metadata tag="requester" timestamp="2024-08-12T07:39:21.009398Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-08-12T07:39:21.012299Z">graaff</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202408-33.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202408-33">
<title>protobuf-c: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in protobuf-c, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">protobuf-c</product>
<announced>2024-08-12</announced>
<revised count="1">2024-08-12</revised>
<bug>856043</bug>
<bug>904423</bug>
<access>remote</access>
<affected>
<package name="dev-libs/protobuf-c" auto="yes" arch="*">
<unaffected range="ge">1.4.1</unaffected>
<vulnerable range="lt">1.4.1</vulnerable>
</package>
</affected>
<background>
<p>protobuf-c is a protocol buffers implementation in C.</p>
</background>
<description>
<p>Multiple denial of service vulnerabilities have been discovered in protobuf-c.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All protobuf-c users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/protobuf-c-1.4.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33070">CVE-2022-33070</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48468">CVE-2022-48468</uri>
</references>
<metadata tag="requester" timestamp="2024-08-12T09:21:36.523749Z">ajak</metadata>
<metadata tag="submitter" timestamp="2024-08-12T09:21:36.527843Z">graaff</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Thu, 01 Aug 2024 06:40:30 +0000
Sun, 01 Sep 2024 06:40:32 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
13a66c5def0d04b908b4e9faf4975aebf3c111a0 1721801457 2024-07-24T06:10:57Z
7bcc5ebd7295c3c12ac47de41519dc019b4ba538 1723530188 2024-08-13T06:23:08Z