mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-02 11:01:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2018-07-30 16:26:44 +00:00
parent 25ff67b017
commit 1a764e4b9c
8 changed files with 215 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 Hash: SHA512
MANIFEST Manifest.files.gz 426775 BLAKE2B 0a924e893bc7d02fb872d05ff4b63ad4d237b75711b0c6a09d632bbc7eeb1a14506448cef5b376ba25b504b6e4c16d40d6662762ee100207b8ee92abf972340d SHA512 811f8949726f5f714f93c3522b7ae6b1eb5aad37a0229ee9d5f5ee0ddb8c5273a4f3b0d4055d44a1dbeed5fc458aeb2e5620e47889961d9b7a4e961c24e5877b MANIFEST Manifest.files.gz 427414 BLAKE2B 03f31e82901c67c54c9e2a393ac3d0d1d25bb342aa53f12ef4cda3b8ecae5db556d030b733bc4f3fdba54171e0a9a96a6e0e3c4ab9239061ea537618ba745ce1 SHA512 01f241123b41771420b69c122806bf7c9c1b4f6f77886ed4e9a9737364198dc0d9cc296f967c056f28a2af511a8d2680a7991527b5ca7723fbd12dcffe525a32
TIMESTAMP 2018-06-26T03:08:38Z TIMESTAMP 2018-07-30T15:38:34Z
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlsxrjZfFIAAAAAALgAo iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltfMPpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klCMpBAAnXInYoDgylCxujtbrePIEkh+9fLMXgdIZCCN0UoEddA8me1T4Dz/ZwWu klBgNw//T4p4YyrqTdUXKjPqYDKbPIAY6BLQMU6U2py9pMfpRJy6Mb7Otpfr2KCJ
x+qJuVSyq0vokydf7pMS5iKrTxac6MuVxyHL/CuqFEYSilNlGfnzbtITmTckxOKH kM7Fc6KssxErmqes0ivw8FIU6/6NgnTMLETlPC6LPPApd49FmkRrI0JV4qt5CAgR
dzk1s3tyjL07dpAB/idAh9l6cgM3inKpOc4u1+/ryijJKpz8xWYrwillBSW/IqWb whUVWRNU7+LGxzL3w9Sj3Z47b6XPRHZwVzsX0F8eXAC4C2prRojGOd+Zs+wilFgE
9xMdxuPzYHC/HI1A0qrFNPIP7dBKRgOTzlacedvmxB0n0UcBSznw6ahR4vTsVJiV DiWg3PAiGQQjIOgNq3Jl86d09vD0QkCYNlTJrCil54VW9ct6vXLiyv7Gij5EMmay
ISjPNwkDRsd4Izypppfj0rOdZ7kN8xO1YFP061pssVgKbEoNVU36FX9zK+O6binl gFnhFTNahYgrJkt8EP7R+lRILynopntLOnE1dpsWqWdyqvXaILxNiMWSxQO6c2E+
9NkuJ5NBW320vdbUO3EwLl+qKUylTa71xYyK2lf8HrySSrmGf9ECq6up8ep7NwHv lhxvIaD2jZIdldbiy2va3jENhVr7RpqMx9N7mB/CRf0VNhPJc9onqfXWT0h3QCBt
anhkjpsBWTSOnaN0ty8cSif7WO6zEmLUofoUpYP8NdUh86TaEXxirSZbUSl5LoLU CtosieBoPc8rW3OJYIbvCQmMLzNQ2u4gKVcYwbNGMOwkOiO1oHgevpwHdQ2O5jyK
iEw29QQiaemrI3+nV7/FoDt61Bs3gl7FOkBiT8iC3W6FDQcaqBT7odjq4WonDsdQ EDsxINAOG27DHbdHVqWhTfRI5SmxWq47uE6zjM0zKWimbjRY8RFpExVDjM8SCyh0
jCadsZdzOJhybRgUOsOA7UCa2Vmk9zRu4MNdqn8euuZwh2/KC1vcJ+QnFKzQEK82 J59CYZXLi3h1MpX1Ydi20kGkJKO6O6WzzZzLOn1OK4uBPnD/WYiO36IDH2PjwRSM
N/+NqPr/PTuylsOVeohYi/QYZYN34B6BvVclVWnV3mZvmla+I4euSpGep7/JL5Sx XK2pK+UR6bV7Jb9vyK6kdwi+fKMz7BSsJcfXLr67MOAuorx/qq+2vdwghEVmpWj8
nXw5zOsCSDBLXyEJYDTt8T3EXLs8+JtrAhEugXjMCTe8rmnWmiA= jc6bhGf5mde/MetlAtL2rHWJC1UPNiTBATnZYBIMe1po0zuIjCY=
=Ut/r =OVLH
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201807-01.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201807-01">
<title>tqdm: Arbitrary code execution</title>
<synopsis>A vulnerability in tqdm could allow remote attackers to execute
arbitrary code.
</synopsis>
<product type="ebuild">tqdm</product>
<announced>2018-07-18</announced>
<revised count="1">2018-07-18</revised>
<bug>636384</bug>
<access>remote</access>
<affected>
<package name="dev-python/tqdm" auto="yes" arch="*">
<unaffected range="ge">4.23.3</unaffected>
<vulnerable range="lt">4.23.3</vulnerable>
</package>
</affected>
<background>
<p>tqdm is a smart progress meter.</p>
</background>
<description>
<p>A vulnerablility was discovered in tqdm._version that could allow a
malicious git log within the current working directory.
</p>
</description>
<impact type="normal">
<p>A remote attacker could execute arbitrary commands by enticing a user to
clone a crafted repo.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All tqdm users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-python/tqdm-4.23.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10075">CVE-2016-10075</uri>
</references>
<metadata tag="requester" timestamp="2018-07-02T03:06:02Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-07-18T03:57:26Z">irishluck83</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201807-02.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201807-02">
<title>Passenger: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Passenger, the worst of
which could result in the execution of arbitrary code.
</synopsis>
<product type="ebuild">passenger</product>
<announced>2018-07-22</announced>
<revised count="1">2018-07-22</revised>
<bug>658346</bug>
<access>remote</access>
<affected>
<package name="www-apache/passenger" auto="yes" arch="*">
<unaffected range="ge">5.3.2</unaffected>
<vulnerable range="lt">5.3.2</vulnerable>
</package>
</affected>
<background>
<p>Passenger runs and manages your Ruby, Node.js, and Python apps.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Passenger. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could escalate privileges, execute arbitrary code,
cause a Denial of Service condition, or obtain sensitive information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Passenger users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-apache/passenger-5.3.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12026">CVE-2018-12026</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12027">CVE-2018-12027</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12028">CVE-2018-12028</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12029">CVE-2018-12029</uri>
</references>
<metadata tag="requester" timestamp="2018-07-03T02:38:28Z">irishluck83</metadata>
<metadata tag="submitter" timestamp="2018-07-22T20:50:15Z">irishluck83</metadata>
</glsa>

48
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201807-03.xml vendored Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201807-03">
<title>ZNC:Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in ZNC, the worst of which
could result in privilege escalation.
</synopsis>
<product type="ebuild">ZNC</product>
<announced>2018-07-29</announced>
<revised count="2">2018-07-29</revised>
<bug>661228</bug>
<access>remote</access>
<affected>
<package name="net-irc/znc" auto="yes" arch="*">
<unaffected range="ge">1.7.1</unaffected>
<vulnerable range="lt">1.7.1</vulnerable>
</package>
</affected>
<background>
<p>ZNC is an advanced IRC bouncer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in ZNC. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could read arbitary files and esclate privileges.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All ZNC users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-irc/znc-1.7.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14055">CVE-2018-14055</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14056">CVE-2018-14056</uri>
</references>
<metadata tag="requester" timestamp="2018-07-16T11:02:53Z">Zlogene</metadata>
<metadata tag="submitter" timestamp="2018-07-29T21:57:06Z">irishluck83</metadata>
</glsa>

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201807-04.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201807-04">
<title>cURL:Heap-based Buffer Overflow </title>
<synopsis>A heap-based buffer overflow in cURL might allow remote attackers
to execute arbitrary code.
</synopsis>
<product type="ebuild">curl</product>
<announced>2018-07-29</announced>
<revised count="1">2018-07-29</revised>
<bug>660894</bug>
<access>remote</access>
<affected>
<package name="net-misc/curl" auto="yes" arch="*">
<unaffected range="ge">7.61.0</unaffected>
<vulnerable range="lt">7.61.0</vulnerable>
</package>
</affected>
<background>
<p>A command line tool and library for transferring data with URLs.</p>
</background>
<description>
<p>A heap-based buffer overflow was discovered in cURLs
Curl_smtp_escape_eob() function.
</p>
</description>
<impact type="normal">
<p>An attacker could cause a Denial of Service condition or execute
arbitrary code via SMTP connections.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All cURL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.61.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0500">CVE-2018-0500</uri>
</references>
<metadata tag="requester" timestamp="2018-07-21T22:56:00Z">irishluck83</metadata>
<metadata tag="submitter" timestamp="2018-07-29T22:11:16Z">irishluck83</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Tue, 26 Jun 2018 03:08:35 +0000 Mon, 30 Jul 2018 15:38:31 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
676a0a13a2c9c89e7a04d5a85550b5b48c25f9b4 1529809898 2018-06-24T03:11:38+00:00 bc003b9516bfd3c1d933c8cd919b86b13f8c5548 1532902339 2018-07-29T22:12:19+00:00