mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 18:06:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2018-06-02 02:10:27 +00:00
parent c0c560b10a
commit 1a84ac4c93
14 changed files with 577 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 Hash: SHA512
MANIFEST Manifest.files.gz 423767 BLAKE2B b4b02eedb610a1c6d9e2d0e9f57f61c0c0ddafb48679b275cd19d127faac6f1d44d72cf4d204e2e99bbdadfb9d1e296ea33c63e12cff5af0207e2e6247914ff9 SHA512 ba2fcf04666f32bf8235a27f099dd883ab13109b872e9d00eac03e3e02b976470b0d5a6f1b3ce76acd9005d909e8b6e04ffdfefb9cce629ec213bbe88eb4d8b4 MANIFEST Manifest.files.gz 425353 BLAKE2B ec410f73e8160a04f1e8d9ba24f8a9a7403de8d80de422b45237ee3d29412684c7b01eb6c65076d2a0e39e2a5a031fa3a30e25eaf8291e44c92b9e9e62cb3412 SHA512 f41e2315afb547d2663e7d73d1c71ddccb41cbcb981f32843e47a742285e23731f0c982f66fc7df7697259b315666ee38e690923c6014e4574c7d7496b96947a
TIMESTAMP 2018-05-16T20:08:33Z TIMESTAMP 2018-06-02T01:38:31Z
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlr8j8JfFIAAAAAALgAo iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlsR9RdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klBLhA//RVNgrZDx/5ZGvC+E2NFZhybIh6MHFsCzYZjlm4GH1owjNTBz9Pb4qBmx klDiVQ/9Hynr5LjtFvhMkIAi1jYrkkehZsySmuf6AHTf9nzsQAzijTJMzYMpS+Mi
I+Nmb9OW6GV+ZBIHG3xaVFeswQD+q4rFObbyF1Yxw/pDaAi3Bmlm6B4vMENcXYTK Cd7Vl91YaL6+pd42/X7G+0QPoJpWsNlo+uzRnbfBHpGURF4BIVQq3v6fDV6tm3ue
9d1QtaE5ronANqnq1tcA/+cHxJSTTqNoTzWPiyfv/mtajuhdI0z+7zTin8+CEELH osQh9goeu40hQUj0XT3YI4filYi1WCm0jrUFcXl+Y2Pk97v6/qo4jtS/jzu+au9m
SRXJDXjpStwVZbKNP6OrNk7zluuerY86mgAqVMrV2ZIQ0FnEYC3M69Y7U5lccFrc QKAWpIU43CUYEoiYb4Ll31UN2qwrCmSGGM66iHXenVr6u8uf4Ztco3kO/7iUTJT6
KxLpqZWNLhBYzrvP+aNdfpPSVrMJhPBnPOYvOm3Q+kP4iiwMuYKWEfgjn0GfepMi waB+dJQc4tqgDLPpW/GUgrPyArxTXk7jv4ecMhbARByDc/mHwjq8VaGdsWns4fRt
nHY5HUCZAxyB+kl5oHLAe8QL1yU8YfBjcfC9j3ZL25+M2/+WoZwaUNyOpwa5xx0t 42w8DzGjoKxUO2dFKH7s0VVfI4FGSKF9g6hEDjpbmiYA1kD0zKz0sTmsikl20UuT
8grQY7Sz3/pHE5XIttn7yvRUt2R2kMIukkhY99GNEI0TzDVjZfIoxR9vquV6i7vM DAalneB6x5c+mH/LEfTw8gM1XfEjj1LbKzMVK9OJuyf1Tv0ONmSbhhHPiLvBJ1oa
XGL9pGAEW91FSG9ZOeZ8Kb56DePEj7GY/d7lHPnAa10KBWN8YH4j0L+aBCbNiBLM qpGgPQ7wC6zX4A939k/mCOFmbJiuQAMMduHNOwDBh9KKfPTE+3myhlRRVTpCrKMh
ugnK9r0C4X5n0/kbPY+5OLP5bdP3RWxjl5aO0BHpx1jFAd0LJgyyAPYMlBC21cva Ipq+FH7TB9RnQv+xS8d/fP8LBU7wiPfpZWbvP/31HZa+nKBesqWo0wEXcQmctF9B
3eaQjvLmdYab6zpIjJ3eg4Iwk96rgCddwRwWio5nZn50kKF2dnavndMzQIzNp+un CsJTVCgyNN8prp5B2u7kix7/hOM/ToCSsaXYakEoMGeXFrJhtGE6mz0CE6m66xgq
iK7AonyV5Z+E8dgVF1dZd/QX6WecMObMZ50fAa/3zXDuYK+Ce54= v5LGX3XyY7vZhto6aKzbnzPrlswgDViv+5cH+7n341f62FKe8mw=
=rOnb =lhbu
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

74
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-06.xml vendored Normal file
View File

@ -0,0 +1,74 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-06">
<title>Chromium, Google Chrome: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and Google
Chrome, the worst of which could result in privilege escalation.
</synopsis>
<product type="ebuild">chromium, chrome</product>
<announced>2018-05-20</announced>
<revised count="1">2018-05-20</revised>
<bug>655720</bug>
<access>local, remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">66.0.3359.170</unaffected>
<vulnerable range="lt">66.0.3359.170</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">66.0.3359.170</unaffected>
<vulnerable range="lt">66.0.3359.170</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
</p>
<p>Google Chrome is one fast, simple, and secure browser for all your
devices.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the referenced CVE identifiers and Google Chrome
Releases for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing a user to install malicious extensions,
could possibly escalate privileges, cause a Denial of Service condition,
or have other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/chromium-66.0.3359.170"
</code>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/google-chrome-66.0.3359.170"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6120">CVE-2018-6120</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6121">CVE-2018-6121</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6122">CVE-2018-6122</uri>
<uri link="https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html">
Google Chrome Release 20180510
</uri>
</references>
<metadata tag="requester" timestamp="2018-05-17T12:07:01Z">chrisadr</metadata>
<metadata tag="submitter" timestamp="2018-05-20T14:40:13Z">chrisadr</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-07.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-07">
<title>Samba: Multiple vulnerabilities </title>
<synopsis>Multiple vulnerabilities have been found in Samba, the worst of
which may allow remote execution of arbitrary code.
</synopsis>
<product type="ebuild">samba</product>
<announced>2018-05-22</announced>
<revised count="1">2018-05-22</revised>
<bug>588262</bug>
<bug>619516</bug>
<bug>639024</bug>
<bug>650382</bug>
<access>remote</access>
<affected>
<package name="net-fs/samba" auto="yes" arch="*">
<unaffected range="ge">4.5.16</unaffected>
<vulnerable range="lt">4.5.16</vulnerable>
</package>
</affected>
<background>
<p>Samba is a suite of SMB and CIFS client/server programs.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Samba. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code, cause a Denial
of Service condition, conduct a man-in-the-middle attack, or obtain
sensitive information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Samba users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.5.16"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-2119">CVE-2016-2119</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14746">CVE-2017-14746</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15275">CVE-2017-15275</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7494">CVE-2017-7494</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1050">CVE-2018-1050</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1057">CVE-2018-1057</uri>
</references>
<metadata tag="requester" timestamp="2018-05-15T00:36:47Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-05-22T22:29:53Z">b-man</metadata>
</glsa>

70
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-08.xml vendored Normal file
View File

@ -0,0 +1,70 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-08">
<title>VirtualBox: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in VirtualBox, the worst
of which could allow an attacker to take control of VirtualBox.
</synopsis>
<product type="ebuild">virtualbox</product>
<announced>2018-05-22</announced>
<revised count="1">2018-05-22</revised>
<bug>655186</bug>
<access>remote</access>
<affected>
<package name="app-emulation/virtualbox" auto="yes" arch="*">
<unaffected range="ge">5.1.36</unaffected>
<vulnerable range="lt">5.1.36</vulnerable>
</package>
<package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
<unaffected range="ge">5.1.36.122089</unaffected>
<vulnerable range="lt">5.1.36.122089</vulnerable>
</package>
</affected>
<background>
<p>VirtualBox is a powerful virtualization product from Oracle.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in VirtualBox. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker could take control of VirtualBox resulting in the execution
of arbitrary code with the privileges of the process, a Denial of Service
condition, or other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All VirtualBox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-emulation/virtualbox-5.1.36"
</code>
<p>All VirtualBox binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=app-emulation/virtualbox-bin-5.1.36.122089"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2830">CVE-2018-2830</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2831">CVE-2018-2831</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2835">CVE-2018-2835</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2836">CVE-2018-2836</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2837">CVE-2018-2837</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2842">CVE-2018-2842</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2843">CVE-2018-2843</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2844">CVE-2018-2844</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2845">CVE-2018-2845</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2860">CVE-2018-2860</uri>
</references>
<metadata tag="requester" timestamp="2018-05-14T23:15:39Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-05-22T22:32:13Z">b-man</metadata>
</glsa>

48
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-09.xml vendored Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-09">
<title>Shadow: security bypass</title>
<synopsis>A vulnerability found in Shadow may allow local attackers to bypass
security restrictions.
</synopsis>
<product type="ebuild">shadow</product>
<announced>2018-05-22</announced>
<revised count="1">2018-05-22</revised>
<bug>647790</bug>
<access>remote</access>
<affected>
<package name="sys-apps/shadow" auto="yes" arch="*">
<unaffected range="ge">4.6</unaffected>
<vulnerable range="lt">4.6</vulnerable>
</package>
</affected>
<background>
<p>Shadow is a set of tools to deal with user accounts.</p>
</background>
<description>
<p>A local attacker could possibly bypass security restrictions if an
administrator used “group blacklisting” to restrict access to file
system paths.
</p>
</description>
<impact type="normal">
<p>A local attacker could possibly bypass security restrictions.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All shadow users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7169">CVE-2018-7169</uri>
</references>
<metadata tag="requester" timestamp="2018-05-22T22:21:35Z">Zlogene</metadata>
<metadata tag="submitter" timestamp="2018-05-22T22:36:37Z">Zlogene</metadata>
</glsa>

58
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-10.xml vendored Normal file
View File

@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-10">
<title>Zsh: Multiple vulnerabilities </title>
<synopsis>Multiple vulnerabilities have been found in Zsh, the worst of which
could allow local attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">zsh</product>
<announced>2018-05-26</announced>
<revised count="1">2018-05-26</revised>
<bug>649614</bug>
<bug>651860</bug>
<bug>655708</bug>
<access>local</access>
<affected>
<package name="app-shells/zsh" auto="yes" arch="*">
<unaffected range="ge">5.5</unaffected>
<vulnerable range="lt">5.5</vulnerable>
</package>
</affected>
<background>
<p>A shell designed for interactive use, although it is also a powerful
scripting language.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Zsh. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A local attacker could execute arbitrary code, escalate privileges, or
cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Zsh users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-shells/zsh-5.5"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18205">CVE-2017-18205</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18206">CVE-2017-18206</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1071">CVE-2018-1071</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1083">CVE-2018-1083</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1100">CVE-2018-1100</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7548">CVE-2018-7548</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7549">CVE-2018-7549</uri>
</references>
<metadata tag="requester" timestamp="2018-05-26T14:04:43Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-05-26T15:33:08Z">b-man</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-11.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-11">
<title>Rootkit Hunter: User-assisted execution of arbitrary code</title>
<synopsis>A vulnerability has been found in Rootkit Hunter that allows a
remote attacker to execute arbitrary code.
</synopsis>
<product type="ebuild">rkhunter</product>
<announced>2018-05-26</announced>
<revised count="1">2018-05-26</revised>
<bug>623150</bug>
<access>remote</access>
<affected>
<package name="app-forensics/rkhunter" auto="yes" arch="*">
<unaffected range="ge">1.4.6</unaffected>
<vulnerable range="lt">1.4.6</vulnerable>
</package>
</affected>
<background>
<p>Scans for known and unknown rootkits, backdoors, and sniffers.</p>
</background>
<description>
<p>A vulnerability was discovered in Rootkit Hunter that allows the
downloading of mirror updates over insecure channels (HTTP).
Furthermore, the mirror update is then executed in Bash.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by performing a man-in-the-middle attack, could
execute arbitrary code, conduct a Denial of Service, or have other
unspecified impacts.
</p>
</impact>
<workaround>
<p>Users are advised to not trust insecure protocols such as HTTP and to
turn off any mirror updates utilizing such channels.
</p>
</workaround>
<resolution>
<p>All Rootkit Hunter users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-forensics/rkhunter-1.4.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7480">CVE-2017-7480</uri>
</references>
<metadata tag="requester" timestamp="2018-05-26T14:19:37Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-05-26T15:45:59Z">b-man</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-12.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-12">
<title>NTP: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in NTP, the worst of which
could lead to remote code execution.
</synopsis>
<product type="ebuild">ntp</product>
<announced>2018-05-26</announced>
<revised count="1">2018-05-26</revised>
<bug>649612</bug>
<access>remote</access>
<affected>
<package name="net-misc/ntp" auto="yes" arch="*">
<unaffected range="ge">4.2.8_p11</unaffected>
<vulnerable range="lt">4.2.8_p11</vulnerable>
</package>
</affected>
<background>
<p>NTP contains software for the Network Time Protocol.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in NTP. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code or cause a
Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All NTP users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/ntp-4.2.8_p11"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7170">CVE-2018-7170</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7182">CVE-2018-7182</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7183">CVE-2018-7183</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7184">CVE-2018-7184</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7185">CVE-2018-7185</uri>
</references>
<metadata tag="requester" timestamp="2018-05-26T14:29:05Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-05-26T15:54:33Z">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-13.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-13">
<title>Git: Multiple vulnerabilities</title>
<synopsis>Git contains multiple vulnerabilities that allow for the remote
execution of arbitrary code.
</synopsis>
<product type="ebuild">git</product>
<announced>2018-05-30</announced>
<revised count="1">2018-05-30</revised>
<bug>656868</bug>
<access>remote</access>
<affected>
<package name="dev-vcs/git" auto="yes" arch="*">
<unaffected range="ge">2.16.4</unaffected>
<vulnerable range="lt">2.16.4</vulnerable>
</package>
</affected>
<background>
<p>Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Git. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>Remote attackers could execute arbitrary code on both client and server.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Git users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.16.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11233">CVE-2018-11233</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11235">CVE-2018-11235</uri>
</references>
<metadata tag="requester" timestamp="2018-05-30T00:57:53Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-05-30T01:20:47Z">whissi</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-14.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-14">
<title>procps: Multiple vulnerabilities </title>
<synopsis>Multiple vulnerabilities have been found in procps, the worst of
which could result in the execution of arbitrary code.
</synopsis>
<product type="ebuild">procps</product>
<announced>2018-05-30</announced>
<revised count="1">2018-05-30</revised>
<bug>656022</bug>
<access>local</access>
<affected>
<package name="sys-process/procps" auto="yes" arch="*">
<unaffected range="ge">3.3.15-r1</unaffected>
<vulnerable range="lt">3.3.15-r1</vulnerable>
</package>
</affected>
<background>
<p>A bunch of small useful utilities that give information about processes
using the /proc filesystem.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in procps. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A local attacker could execute arbitrary code, escalate privileges, or
cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All procps users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-process/procps-3.3.15-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1120">CVE-2018-1120</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1121">CVE-2018-1121</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1122">CVE-2018-1122</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1123">CVE-2018-1123</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1124">CVE-2018-1124</uri>
</references>
<metadata tag="requester" timestamp="2018-05-29T13:26:11Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-05-30T14:04:23Z">b-man</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-15.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201805-15">
<title>beep: Local privilege escalation </title>
<synopsis>A vulnerability in beep could allow local attackers to escalate
privileges.
</synopsis>
<product type="ebuild">beep</product>
<announced>2018-05-30</announced>
<revised count="1">2018-05-30</revised>
<bug>652330</bug>
<access>remote</access>
<affected>
<package name="app-misc/beep" auto="yes" arch="*">
<unaffected range="ge">1.3-r3</unaffected>
<vulnerable range="lt">1.3-r3</vulnerable>
</package>
</affected>
<background>
<p>The advanced PC speaker beeper.</p>
</background>
<description>
<p>A race condition, if setuid, was discovered in beep.</p>
</description>
<impact type="normal">
<p>A local attacker could escalate privileges.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All beep users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-misc/beep-1.3-r3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0492">CVE-2018-0492</uri>
</references>
<metadata tag="requester" timestamp="2018-05-28T02:25:00Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-05-30T14:05:31Z">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Wed, 16 May 2018 20:08:29 +0000 Sat, 02 Jun 2018 01:38:28 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
40f254b177f3628d865f1e77c8fd7c94584de14e 1526340152 2018-05-14T23:22:32+00:00 e1eed7ae3b27f8139b508d9d14861c4437216138 1527689205 2018-05-30T14:06:45+00:00