mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-05-04 19:56:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

portage-stable/metadata: Monthly GLSA metadata updates

Browse Source
This commit is contained in:
Flatcar Buildbot 2023-12-01 07:15:03 +00:00 committed by GitHub
parent c8dfd3c5d2
commit 1a3b2b8adb
22 changed files with 981 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
MANIFEST Manifest.files.gz 552633 BLAKE2B f04d03cfce30402b87d7525767633e29394130432fcdd26de705b95ca93788a70abca8abbeee435b946253f2ad9b75f01bf24da1998a529bb89a6bbf1fcfc16e SHA512 6b0fd8a9a899a613a7dbab3dc51f5953cd3a0d18a12e17a4fceca64f11be5c7f83763d742dfada845bf1aec1c1467db31c6df823b9bc683d59fbec9a516d285a
TIMESTAMP 2023-11-01T06:40:04Z
MANIFEST Manifest.files.gz 555493 BLAKE2B 9b9c68f6fcd5aa241244f03965d32d2bee2397eebacb0b4742f3b5eff9058f33cdb8d4c1f96505cd2a1acaed4347077a204862e5674effe944e54b05e7466726 SHA512 bf81aa35acfc8893b8a8ffc0d57915c1a8e6b54e9400f0d03f26dd199de30e2601f7a7c1060d2185e26c3276979665ae687fb8e8a1e2b4d537df4a3270e38d43
TIMESTAMP 2023-12-01T06:40:02Z
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVB8sRfFIAAAAAALgAo
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVpf8JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klDycxAArpKet3g/jSJskcceOF38byx5QitCsuFUiXggVy/3UtTs2F9QY0awzRyN
daT6+MHgL/oMPDQKOF+Gdnxeks9iWhEENMsUGyi/C4gKb9BHe9KzMCKpz/5YuKLj
mOZUsJjChrTMf97N9zuYFLPt+YhHlidKG2Nfa7oqEzUZed3nJK96QCWfHOKDBS8q
Pa/JAQ1Gca5Lt4vrlVGYreMCWzb0/9QEFex3WpN8K1TVQi4ttwysOI0zNWaUPilr
o4x1yu2z+Iel3khyazx6FpRFlHrqNBOklmz3vkFleok5r+21qfxy05pwUw5a9rJN
FxwyFtflborCepZCEN4k9YrYILk3yxhfrTvCl9GPD2mhqLA8KW3Lek4RZPXur1HK
laMy/d8Ziw/Z9/ksGim+LfVOJ7F0fgUFJxIJJ+eBLGZzz0RzLl64IKEugVxBnoCU
h2S0XiUUQpGGHlMTkQ5LgcWfbtorgZyQbUX4m/iCo0DGg66+7MADow8yRKRXGNQl
SN24MstUnhU7O/6plg35TRel9fhozl2vau5dWIpm/A3znHmyC3IT53Ffjo3dSwYW
tHURmCy7Sz5K1gxB20PsQnt63L+WCya1vhTpF2kCzLivrYjypUXlIbuQXA7AGE7k
ycBJqVGSz36DuCiEX0ckQbiIHreYqUQLjteVE85Y4XQyX4CSjZs=
=bBmm
klAidhAApvskqQHXNDKb23KYww5txqWvEIG7F3zNXzL2khrVh1PxoPhey6mf/bO5
75lyy0i5D6MZuEUMJW2MEIrcqALpz7mmfPD8v2D/OT053XqP7UuLPBKeeTlQ2w+m
KpCvgMohqFVQjMVlKbYtCAq1Fx3tvafo03JCTseKlZ2sF8xdxIo0sMJGBs2tSc5J
vaxjkT2Wo4CSn0XT8G1g1d6iLIs4eIhKsDWy759WyCU/43g1TzGXqDGhIQSXEX0C
oeJsKK/V1fLPLcP9CnoqRGQ46/L8LdjTDYfb9caKgQ8lCh/hqZce3Lqfyh4KRd2k
uw51if5KABbRAQ4Qc12l1S8JQH4T0yR/BB70ywb50dIfxmQJQrzpr5ybhv5P66jz
EJkpNShtvrZvuYxF71KpTYsuJWNnNuJLRUIrywtyj4f1rmxgqdBRDec+ycrjNGOl
MzCrk3PgEb6lV6qvMicyVYakq6Yl861hVE9kquoh0djsm9velGXnV1l1+jcTLubH
0pPS4luIVhkGuGzoej7UOwhdpUdeZjqPcPPF63+VeIJVZscAizlGnYP/IE7DNyYQ
PBSphTSR5s50IRItmnuDdnzitwmGQM5ngWDFO7Y8T4icxN34GlxpV/LmODnweutd
KNt68X7UTuhNoKV7+ifeunQ3fu7q/VdI5an9REaGKVg/eFoFvtk=
=S+ig
-----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-01.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-01">
<title>GitPython: Code Execution via Crafted Input</title>
<synopsis>A vulnerability has been discovered in GitPython where crafted input to Repo.clone_from can lead to code execution</synopsis>
<product type="ebuild">GitPython</product>
<announced>2023-11-01</announced>
<revised count="1">2023-11-01</revised>
<bug>884623</bug>
<access>local</access>
<affected>
<package name="dev-python/GitPython" auto="yes" arch="*">
<unaffected range="ge">3.1.30</unaffected>
<vulnerable range="lt">3.1.30</vulnerable>
</package>
</affected>
<background>
<p>GitPython is a Python library used to interact with Git repositories.</p>
</background>
<description>
<p>Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="high">
<p>An attacker may be able to trigger Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GitPython users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/GitPython-3.1.30"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24439">CVE-2022-24439</uri>
</references>
<metadata tag="requester" timestamp="2023-11-01T12:20:26.255981Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-01T12:20:26.259121Z">graaff</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-02.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-02">
<title>Netatalk: Multiple Vulnerabilities including root remote code execution</title>
<synopsis>Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution</synopsis>
<product type="ebuild">netatalk</product>
<announced>2023-11-01</announced>
<revised count="1">2023-11-01</revised>
<bug>837623</bug>
<bug>881259</bug>
<bug>915354</bug>
<access>remote</access>
<affected>
<package name="net-fs/netatalk" auto="yes" arch="*">
<unaffected range="ge">3.1.18</unaffected>
<vulnerable range="lt">3.1.18</vulnerable>
</package>
</affected>
<background>
<p>Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Netatalk. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Netatalk users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/netatalk-3.1.18"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31439">CVE-2021-31439</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0194">CVE-2022-0194</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22995">CVE-2022-22995</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23121">CVE-2022-23121</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23122">CVE-2022-23122</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23123">CVE-2022-23123</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23124">CVE-2022-23124</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23125">CVE-2022-23125</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45188">CVE-2022-45188</uri>
</references>
<metadata tag="requester" timestamp="2023-11-01T14:46:24.671379Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-01T14:46:24.673441Z">graaff</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-03.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-03">
<title>SQLite: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in SQLite, the worst of which may lead to code execution.</synopsis>
<product type="ebuild">sqlite</product>
<announced>2023-11-24</announced>
<revised count="1">2023-11-24</revised>
<bug>886029</bug>
<bug>906114</bug>
<access>local and remote</access>
<affected>
<package name="dev-db/sqlite" auto="yes" arch="*">
<unaffected range="ge">3.42.0</unaffected>
<vulnerable range="lt">3.42.0</vulnerable>
</package>
</affected>
<background>
<p>SQLite is a C library that implements an SQL database engine.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All SQLite users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.42.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31239">CVE-2021-31239</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46908">CVE-2022-46908</uri>
</references>
<metadata tag="requester" timestamp="2023-11-24T12:29:15.707023Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-24T12:29:15.709025Z">graaff</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-04.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-04">
<title>Zeppelin: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Zeppelin, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">zeppelin-bin</product>
<announced>2023-11-24</announced>
<revised count="1">2023-11-24</revised>
<bug>811447</bug>
<access>remote</access>
<affected>
<package name="www-apps/zeppelin-bin" auto="yes" arch="*">
<unaffected range="ge">0.10.1</unaffected>
<vulnerable range="lt">0.10.1</vulnerable>
</package>
</affected>
<background>
<p>Apache Zeppelin is a web-based notebook that enables data-driven, interactive data analytics and collaborative documents with SQL, Scala, Python, R and more.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Zeppelin. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Zeppelin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/zeppelin-bin-0.10.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10095">CVE-2019-10095</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13929">CVE-2020-13929</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27578">CVE-2021-27578</uri>
</references>
<metadata tag="requester" timestamp="2023-11-24T13:19:41.936818Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-24T13:19:41.939030Z">graaff</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-05.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-05">
<title>LinuxCIFS utils: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in LinuxCIFS utils, the worst of which can lead to local root privilege escalation.</synopsis>
<product type="ebuild">cifs-utils</product>
<announced>2023-11-24</announced>
<revised count="1">2023-11-24</revised>
<bug>842234</bug>
<access>local</access>
<affected>
<package name="net-fs/cifs-utils" auto="yes" arch="*">
<unaffected range="ge">6.15</unaffected>
<vulnerable range="lt">6.15</vulnerable>
</package>
</affected>
<background>
<p>The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in LinuxCIFS utils. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>A stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains &#39;=&#39; signs.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All LinuxCIFS utils users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.15"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27239">CVE-2022-27239</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29869">CVE-2022-29869</uri>
</references>
<metadata tag="requester" timestamp="2023-11-24T14:19:44.552258Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-24T14:19:44.554584Z">graaff</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-06.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-06">
<title>multipath-tools: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation.</synopsis>
<product type="ebuild">multipath-tools</product>
<announced>2023-11-25</announced>
<revised count="1">2023-11-25</revised>
<bug>878763</bug>
<access>local</access>
<affected>
<package name="sys-fs/multipath-tools" auto="yes" arch="*">
<unaffected range="ge">0.9.3</unaffected>
<vulnerable range="lt">0.9.3</vulnerable>
</package>
</affected>
<background>
<p>multipath-tools are used to drive the Device Mapper multipathing driver.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in multipath-tools. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All multipath-tools users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/multipath-tools-0.9.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41973">CVE-2022-41973</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41974">CVE-2022-41974</uri>
</references>
<metadata tag="requester" timestamp="2023-11-25T08:13:29.146678Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-25T08:13:29.148791Z">graaff</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-07.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-07">
<title>AIDE: Root Privilege Escalation</title>
<synopsis>A vulnerability has been found in AIDE which can lead to root privilege escalation.</synopsis>
<product type="ebuild">aide</product>
<announced>2023-11-25</announced>
<revised count="1">2023-11-25</revised>
<bug>831658</bug>
<access>remote</access>
<affected>
<package name="app-forensics/aide" auto="yes" arch="*">
<unaffected range="ge">0.17.4</unaffected>
<vulnerable range="lt">0.17.4</vulnerable>
</package>
</affected>
<background>
<p>AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker.
It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used to check the integrity of the file. All of the usual file attributes can also be checked for inconsistencies.</p>
</background>
<description>
<p>A vulnerability has been discovered in AIDE. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="high">
<p>AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All AIDE users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-forensics/aide-0.17.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45417">CVE-2021-45417</uri>
</references>
<metadata tag="requester" timestamp="2023-11-25T08:24:47.076936Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-25T08:24:47.079410Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-08.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-08">
<title>GNU Libmicrohttpd: Buffer Overflow Vulnerability</title>
<synopsis>A buffer overflow vulnerability has been discovered in GNU Libmicrohttpd.</synopsis>
<product type="ebuild">libmicrohttpd</product>
<announced>2023-11-25</announced>
<revised count="1">2023-11-25</revised>
<bug>778296</bug>
<access>remote</access>
<affected>
<package name="net-libs/libmicrohttpd" auto="yes" arch="*">
<unaffected range="gt">0.9.70</unaffected>
<vulnerable range="eq">0.9.70</vulnerable>
</package>
</affected>
<background>
<p>GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. GNU Libmicrohttpd is free software and part of the GNU project.</p>
</background>
<description>
<p>A buffer overflow vulnerability has been discovered in GNU Libmicrohttpd. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="high">
<p>A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GNU Libmicrohttpd users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">net-libs/libmicrohttpd-0.9.70"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3466">CVE-2021-3466</uri>
</references>
<metadata tag="requester" timestamp="2023-11-25T08:29:39.007233Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-25T08:29:39.010725Z">graaff</metadata>
</glsa>

73
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-09.xml vendored Normal file
View File

@ -0,0 +1,73 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-09">
<title>Go: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">go</product>
<announced>2023-11-25</announced>
<revised count="1">2023-11-25</revised>
<bug>873637</bug>
<bug>883783</bug>
<bug>894478</bug>
<bug>903979</bug>
<bug>908255</bug>
<bug>915555</bug>
<bug>916494</bug>
<access>local and remote</access>
<affected>
<package name="dev-lang/go" auto="yes" arch="*">
<unaffected range="ge">1.20.10</unaffected>
<vulnerable range="lt">1.20.10</vulnerable>
</package>
</affected>
<background>
<p>Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Go users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/go-1.20.10"
# emerge --ask --oneshot --verbose @golang-rebuild
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2879">CVE-2022-2879</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2880">CVE-2022-2880</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41715">CVE-2022-41715</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41717">CVE-2022-41717</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41723">CVE-2022-41723</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41724">CVE-2022-41724</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41725">CVE-2022-41725</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24534">CVE-2023-24534</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24536">CVE-2023-24536</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24537">CVE-2023-24537</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24538">CVE-2023-24538</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29402">CVE-2023-29402</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29403">CVE-2023-29403</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29404">CVE-2023-29404</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29405">CVE-2023-29405</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29406">CVE-2023-29406</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29409">CVE-2023-29409</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39318">CVE-2023-39318</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39319">CVE-2023-39319</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39320">CVE-2023-39320</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39321">CVE-2023-39321</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39322">CVE-2023-39322</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39323">CVE-2023-39323</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39325">CVE-2023-39325</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44487">CVE-2023-44487</uri>
</references>
<metadata tag="requester" timestamp="2023-11-25T08:56:49.846635Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-25T08:56:49.848867Z">graaff</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-10.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-10">
<title>RenderDoc: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in RenderDoc, the worst of which leads to remote code execution.</synopsis>
<product type="ebuild">renderdoc</product>
<announced>2023-11-25</announced>
<revised count="1">2023-11-25</revised>
<bug>908031</bug>
<access>remote</access>
<affected>
<package name="media-gfx/renderdoc" auto="yes" arch="*">
<unaffected range="ge">1.27</unaffected>
<vulnerable range="lt">1.27</vulnerable>
</package>
</affected>
<background>
<p>RenderDoc is a free MIT licensed stand-alone graphics debugger that allows quick and easy single-frame capture and detailed introspection of any application using Vulkan, D3D11, OpenGL &amp; OpenGL ES or D3D12 across Windows, Linux, Android, or Nintendo Switch™.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All RenderDoc users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/renderdoc-1.27"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-33863">CVE-2023-33863</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-33864">CVE-2023-33864</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-33865">CVE-2023-33865</uri>
</references>
<metadata tag="requester" timestamp="2023-11-25T09:36:29.923016Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-25T09:36:29.925676Z">graaff</metadata>
</glsa>

163
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-11.xml vendored Normal file
View File

@ -0,0 +1,163 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-11">
<title>QtWebEngine: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">qtwebengine</product>
<announced>2023-11-25</announced>
<revised count="1">2023-11-25</revised>
<bug>866332</bug>
<bug>888181</bug>
<bug>903544</bug>
<bug>904290</bug>
<bug>906857</bug>
<bug>909778</bug>
<access>remote</access>
<affected>
<package name="dev-qt/qtwebengine" auto="yes" arch="*">
<unaffected range="ge">5.15.10_p20230623</unaffected>
<vulnerable range="lt">5.15.10_p20230623</vulnerable>
</package>
</affected>
<background>
<p>QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All QtWebEngine users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.10_p20230623"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2294">CVE-2022-2294</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3201">CVE-2022-3201</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4174">CVE-2022-4174</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4175">CVE-2022-4175</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4176">CVE-2022-4176</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4177">CVE-2022-4177</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4178">CVE-2022-4178</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4179">CVE-2022-4179</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4180">CVE-2022-4180</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4181">CVE-2022-4181</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4182">CVE-2022-4182</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4183">CVE-2022-4183</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4184">CVE-2022-4184</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4185">CVE-2022-4185</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4186">CVE-2022-4186</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4187">CVE-2022-4187</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4188">CVE-2022-4188</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4189">CVE-2022-4189</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4190">CVE-2022-4190</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4191">CVE-2022-4191</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4192">CVE-2022-4192</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4193">CVE-2022-4193</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4194">CVE-2022-4194</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4195">CVE-2022-4195</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4436">CVE-2022-4436</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4437">CVE-2022-4437</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4438">CVE-2022-4438</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4439">CVE-2022-4439</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4440">CVE-2022-4440</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41115">CVE-2022-41115</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44688">CVE-2022-44688</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44708">CVE-2022-44708</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0128">CVE-2023-0128</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0129">CVE-2023-0129</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0130">CVE-2023-0130</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0131">CVE-2023-0131</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0132">CVE-2023-0132</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0133">CVE-2023-0133</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0134">CVE-2023-0134</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0135">CVE-2023-0135</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0136">CVE-2023-0136</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0137">CVE-2023-0137</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0138">CVE-2023-0138</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0139">CVE-2023-0139</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0140">CVE-2023-0140</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0141">CVE-2023-0141</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2721">CVE-2023-2721</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2722">CVE-2023-2722</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2723">CVE-2023-2723</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2724">CVE-2023-2724</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2725">CVE-2023-2725</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2726">CVE-2023-2726</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2929">CVE-2023-2929</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2930">CVE-2023-2930</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2931">CVE-2023-2931</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2932">CVE-2023-2932</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2933">CVE-2023-2933</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2934">CVE-2023-2934</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2935">CVE-2023-2935</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2936">CVE-2023-2936</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2937">CVE-2023-2937</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2938">CVE-2023-2938</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2939">CVE-2023-2939</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2940">CVE-2023-2940</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2941">CVE-2023-2941</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3079">CVE-2023-3079</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3214">CVE-2023-3214</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3215">CVE-2023-3215</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3216">CVE-2023-3216</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3217">CVE-2023-3217</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4068">CVE-2023-4068</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4069">CVE-2023-4069</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4070">CVE-2023-4070</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4071">CVE-2023-4071</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4072">CVE-2023-4072</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4073">CVE-2023-4073</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4074">CVE-2023-4074</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4075">CVE-2023-4075</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4076">CVE-2023-4076</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4077">CVE-2023-4077</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4078">CVE-2023-4078</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4761">CVE-2023-4761</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4762">CVE-2023-4762</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4763">CVE-2023-4763</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4764">CVE-2023-4764</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5218">CVE-2023-5218</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5473">CVE-2023-5473</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5474">CVE-2023-5474</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5475">CVE-2023-5475</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5476">CVE-2023-5476</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5477">CVE-2023-5477</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5478">CVE-2023-5478</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5479">CVE-2023-5479</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5480">CVE-2023-5480</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5481">CVE-2023-5481</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5482">CVE-2023-5482</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5483">CVE-2023-5483</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5484">CVE-2023-5484</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5485">CVE-2023-5485</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5486">CVE-2023-5486</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5487">CVE-2023-5487</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5849">CVE-2023-5849</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5850">CVE-2023-5850</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5851">CVE-2023-5851</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5852">CVE-2023-5852</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5853">CVE-2023-5853</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5854">CVE-2023-5854</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5855">CVE-2023-5855</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5856">CVE-2023-5856</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5857">CVE-2023-5857</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5858">CVE-2023-5858</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5859">CVE-2023-5859</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5996">CVE-2023-5996</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5997">CVE-2023-5997</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6112">CVE-2023-6112</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21775">CVE-2023-21775</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21796">CVE-2023-21796</uri>
</references>
<metadata tag="requester" timestamp="2023-11-25T09:50:35.910767Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-25T09:50:35.912934Z">graaff</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-12.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-12">
<title>MiniDLNA: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in MiniDLNA, the worst of which could lead to remove code execution.</synopsis>
<product type="ebuild">minidlna</product>
<announced>2023-11-25</announced>
<revised count="1">2023-11-25</revised>
<bug>834642</bug>
<bug>907926</bug>
<access>remote</access>
<affected>
<package name="net-misc/minidlna" auto="yes" arch="*">
<unaffected range="ge">1.3.3</unaffected>
<vulnerable range="lt">1.3.3</vulnerable>
</package>
</affected>
<background>
<p>MiniDLNA is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in MiniDLNA. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All MiniDLNA users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/minidlna-1.3.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26505">CVE-2022-26505</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-33476">CVE-2023-33476</uri>
</references>
<metadata tag="requester" timestamp="2023-11-25T10:21:19.244361Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-25T10:21:19.246643Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-13.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-13">
<title>Apptainer: Privilege Escalation</title>
<synopsis>A privilege escalation vulnerability has been discoverd in Apptainer.</synopsis>
<product type="ebuild">apptainer</product>
<announced>2023-11-25</announced>
<revised count="1">2023-11-25</revised>
<bug>905091</bug>
<access>local</access>
<affected>
<package name="app-containers/apptainer" auto="yes" arch="*">
<unaffected range="ge">1.1.8</unaffected>
<vulnerable range="lt">1.1.8</vulnerable>
</package>
</affected>
<background>
<p>Apptainer is the container system for secure high-performance computing.</p>
</background>
<description>
<p>A vulnerability has been discovered in Apptainer. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="high">
<p>There is an ext4 use-after-free flaw that is exploitable in vulnerable versions.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Apptainer users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-containers/apptainer-1.1.8"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30549">CVE-2023-30549</uri>
</references>
<metadata tag="requester" timestamp="2023-11-25T10:47:30.694976Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-25T10:47:30.697686Z">graaff</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-14.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-14">
<title>GRUB: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution.</synopsis>
<product type="ebuild">grub</product>
<announced>2023-11-25</announced>
<revised count="2">2023-11-26</revised>
<bug>881413</bug>
<access>remote</access>
<affected>
<package name="sys-boot/grub" auto="yes" arch="*">
<unaffected range="ge">2.06-r4</unaffected>
<vulnerable range="lt">2.06-r4</vulnerable>
</package>
</affected>
<background>
<p>GNU GRUB is a multiboot boot loader used by most Linux systems.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GRUB users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-boot/grub-2.06-r4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2601">CVE-2022-2601</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3775">CVE-2022-3775</uri>
</references>
<metadata tag="requester" timestamp="2023-11-25T11:18:39.731078Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-25T11:18:39.734177Z">graaff</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-15.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-15">
<title>LibreOffice: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution.</synopsis>
<product type="ebuild">libreoffice,libreoffice-bin</product>
<announced>2023-11-26</announced>
<revised count="1">2023-11-26</revised>
<bug>908083</bug>
<access>local</access>
<affected>
<package name="app-office/libreoffice" auto="yes" arch="*">
<unaffected range="ge">7.5.3.2</unaffected>
<vulnerable range="lt">7.5.3.2</vulnerable>
</package>
<package name="app-office/libreoffice-bin" auto="yes" arch="*">
<unaffected range="ge">7.5.3.2</unaffected>
<vulnerable range="lt">7.5.3.2</vulnerable>
</package>
</affected>
<background>
<p>LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All LibreOffice binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-bin-7.5.3.2"
</code>
<p>All LibreOffice users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-7.5.3.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0950">CVE-2023-0950</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2255">CVE-2023-2255</uri>
</references>
<metadata tag="requester" timestamp="2023-11-26T07:56:03.775275Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-26T07:56:03.777708Z">graaff</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-16.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-16">
<title>Open vSwitch: Multiple Vulnerabilities</title>
<synopsis>Multiple denial of service vulnerabilites have been found in Open vSwitch.</synopsis>
<product type="ebuild">openvswitch</product>
<announced>2023-11-26</announced>
<revised count="1">2023-11-26</revised>
<bug>765346</bug>
<bug>769995</bug>
<bug>803107</bug>
<bug>887561</bug>
<access>remote</access>
<affected>
<package name="net-misc/openvswitch" auto="yes" arch="*">
<unaffected range="ge">2.17.6</unaffected>
<vulnerable range="lt">2.17.6</vulnerable>
</package>
</affected>
<background>
<p>Open vSwitch is a production quality multilayer virtual switch.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Open vSwitch. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Open vSwitch users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.17.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27827">CVE-2020-27827</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35498">CVE-2020-35498</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3905">CVE-2021-3905</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36980">CVE-2021-36980</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4337">CVE-2022-4337</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4338">CVE-2022-4338</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1668">CVE-2023-1668</uri>
</references>
<metadata tag="requester" timestamp="2023-11-26T10:06:58.054779Z">ajak</metadata>
<metadata tag="submitter" timestamp="2023-11-26T10:06:58.056946Z">graaff</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-17.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-17">
<title>phpMyAdmin: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service.</synopsis>
<product type="ebuild">phpmyadmin</product>
<announced>2023-11-26</announced>
<revised count="1">2023-11-26</revised>
<bug>831841</bug>
<bug>835071</bug>
<access>remote</access>
<affected>
<package name="dev-db/phpmyadmin" auto="yes" arch="*">
<unaffected range="ge">5.2.0</unaffected>
<vulnerable range="lt">5.2.0</vulnerable>
</package>
</affected>
<background>
<p>phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All phpMyAdmin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-5.2.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0813">CVE-2022-0813</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23807">CVE-2022-23807</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23808">CVE-2022-23808</uri>
</references>
<metadata tag="requester" timestamp="2023-11-26T10:46:10.724470Z">ajak</metadata>
<metadata tag="submitter" timestamp="2023-11-26T10:46:10.727242Z">graaff</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202311-18.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202311-18">
<title>GLib: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in GLib.</synopsis>
<product type="ebuild">glib</product>
<announced>2023-11-27</announced>
<revised count="1">2023-11-27</revised>
<bug>886197</bug>
<bug>887807</bug>
<access>remote</access>
<affected>
<package name="dev-libs/glib" auto="yes" arch="*">
<unaffected range="ge">2.74.4</unaffected>
<vulnerable range="lt">2.74.4</vulnerable>
</package>
</affected>
<background>
<p>GLib is a library providing a number of GNOME&#39;s core objects and functions.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GLib. Please review the referenced CVEs for details.</p>
</description>
<impact type="high">
<p>GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GLib users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/glib-2.74.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29499">CVE-2023-29499</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32611">CVE-2023-32611</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32665">CVE-2023-32665</uri>
</references>
<metadata tag="requester" timestamp="2023-11-27T12:24:33.325998Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-11-27T12:24:33.328076Z">graaff</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Wed, 01 Nov 2023 06:40:00 +0000
Fri, 01 Dec 2023 06:39:59 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
49515c936bcad95017ac696eb33dd49f6f28e9b5 1698756865 2023-10-31T12:54:25+00:00
e8cae5eafb887bc451b4344e6de2d99b8d6e75de 1701088111 2023-11-27T12:28:31+00:00