From 1a92e6aafd2dee47fd415e4e1c6f5c9b3be2df30 Mon Sep 17 00:00:00 2001 From: David Michael Date: Tue, 2 Apr 2019 15:20:48 +0000 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../portage-stable/metadata/glsa/Manifest | 30 ++--- .../metadata/glsa/Manifest.files.gz | Bin 438854 -> 440123 bytes .../metadata/glsa/glsa-201904-01.xml | 49 ++++++++ .../metadata/glsa/glsa-201904-02.xml | 50 ++++++++ .../metadata/glsa/glsa-201904-03.xml | 46 ++++++++ .../metadata/glsa/glsa-201904-04.xml | 47 ++++++++ .../metadata/glsa/glsa-201904-05.xml | 51 ++++++++ .../metadata/glsa/glsa-201904-06.xml | 69 +++++++++++ .../metadata/glsa/glsa-201904-07.xml | 109 ++++++++++++++++++ .../metadata/glsa/glsa-201904-08.xml | 52 +++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 12 files changed, 490 insertions(+), 17 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-08.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 88817494ae..fe1b572b30 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 438854 BLAKE2B ca65213463786d39d41485af7ea84eff3024cf674a90349e25e12c216efcd63b50848be0dd7fb7c54db79b6279385d7b09488386ffd96909db99671090ea4f08 SHA512 6572d8ad2e9aad4fbe11ff52d8aa91113cb87e207974cdb6aa98101ae4a50b77b173f68eba733267e1a109e70f86139ed901b5a4ee05472f22a8d3024aa9acb5 -TIMESTAMP 2019-03-28T13:38:46Z +MANIFEST Manifest.files.gz 440123 BLAKE2B 47652947d6c26c7bbac6a5c0bd24fb3c439032faa43da521eacb80cffe306ba49152b4848845d3bd677e90481d8a7f19855a790d203085d2cb6d866eca1771b5 SHA512 51daf36dd12ed79db6c4817f04ce4f65259ca3bdd0a5bba3ce51df64b42b9630e4a8a51c1c35db67c1d1be1b6a33e8ba1a2a4597de4a7ffe2b7186f3fd88503a +TIMESTAMP 2019-04-02T14:38:49Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyczmZfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyjc/lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDYWhAAo1sblmnGYIlx9TtDfDwZAhcScB0WxacZHB1VfQlHTv99u5+rtGZHRbrS -OgsjKvrvHGyAdL11mOncCxusWKLMICEbukgv9bAwPDSe4ZJssgCA6dWBlKqs08rD -9T+xcGop/7L9hOOOjRCkjp5oiT11XT1QO3CmxCAudvBGWL3warElsl0NqXlR3pQU -2wFHj1VjlN5TZ3aAKx327N+TO4PzV7OI4IXz1F1I40H3o7df4k1QA01QMKwqngov -fcVUpuCaS6j+szZg/34On/eGqL6P3Zlgi2nA1Bj/L39DoCRzzdsWo50qhD8ckApa -VLVqL7mur7j8h0Q4cStu/7F0H66cEpqEvRfiEv6eMEQ2QWPoGWTI3lo+Rmoz3QC/ -fIrCsAWMxWIZCNbtSdDLKklhPFsDcTFyBpUF1ZBS0oFWkQioK8BWvs0A5w/sLVL1 -sat5Apk1ygCTeeeX8KBQizu3I6uKco17SqihcAwRHooCJuNPAPRxM9lbpWiQ+PPE -C+w0MSbDD77Vq89+BKo8eA/LGvaIn4pfV+39ijhhsEIWmv/RjXMr9noKkID8wTAK -Dfe2HY9P/o6zhziXpiskTN8hk5ootmODbC3jAPOAfLqQeDIHyTXN+bYKpVtZCFh7 -lWdqHx9+3V3xlcBrW8MDxMq0Gpghcc0eCLPx3kSHYzgoXvi3ZPg= -=0j+W +klCw7g/9HNNxIMGlCPXL3nWsUvd5f2mbf97RrRtVB8c45y2+92Him54LDRe7Q85d +yWQiYAxjwHyjkAMRAC5iaR6bF9+IG79Su+ncR+AzRNPJu++Y9AHGiMXynqQis5uy +b6FJuiOhc+VsfMIyNvJZT44NVF9dIKnGtL/SpPIbHDzrvqP9qsDtzpNfHTa5IsNC +7Br8ho0ReC8cM9kEATsqg7kCkLx5WokuIlYwsuoQA6xEnkHTcDMZxpNZazgskhlk +SLhr8XpOoau/SvJQz7Xcx4KN1DGg9tEN0CSJ0olpHbsclo/ej3tZMXNtiLnXJf6y +Hti7G3pGDl0xylA8agE0QzDhB++G32DRpZwk7TB2JYBeElPsM7mzAN0L/DI+KYKi +Nz35MYvNjZbchs84VZGaWM+3UoebdX1ZQcVhIsK6HTQ77AVuOs4B9zJtOiCGeh8j +iyNFD9CVooFfg3IzwRz7DHzu/n/mWbpNKPOTT00j/jMEgew5Kq9TsKXZNB3lqFYe +mdSiL6s3eZI24RwZgDXwvUeqOkzb4r/GptdGnpXDwNaPASV8YhpRqtX+L08LJW4Q +AfVvtxELrzXqqvoH/cr8soDDGHLaq8I4ZaDli4/Xqfr4ikHdgHHFkrn5SZhLMham +vrwFYgk5tiGDJ6JBdgL9TPbGgQrL69Iyw2AYwM4ThhcZiwD1nZE= +=ydvg -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index a3e404e2fdf5ad94011c5eff55470fef70b0ea41..91c7580233b54231bf0a2f2edffe0e9a8e7fe74a 100644 GIT binary patch delta 3253 zcmV;m3`+CHy;Qr#+|t<*5RE_X_=Q{h9!k8eF% ze})nRTIzHKfDirpHo)knf(uU&z>W^Gqz|k0xW(Y;ybweM9c_+f2g&)#rf>)2k?s_U zu#_iSA6?cYh@$Q_lDL5Q$%epOW=JdnkW1~%LG5BpSg>1Z{GI)Iae$_2ta=T7+IsHG z@DqskauF%gK=^~4b@noKZkYtFqc33=f2sK6&~@|JbpKLbNa={_u!;`Sx=!qFageO@ zozxtC0`^Ylw1_SM5i2!T#tCRGllH7PrY`kl7^}4`G(yDoM+Eg&&X#oiAt*)fGTBMWO(kat30JU9oe~p5h zQe1tUUEWd9@&4K0D!{XtPQ49S+cPQ^s>6$>#rI%Icn`$Ae&^W60{4Hg=+d|0gqf0J^1>jp|- z246iIXhAoUWmnpW-i!RH2SK13PKR<6hct#{e?EY6+(^gC56^qaT2#^yuX$7P{wnip z!`lek&4B6=-%d}cE=FOHmEw4!Q=oj+ERe8xA$VL$tl`}LpY66*>v4-w z-)_iKzwMp}jS??ScoU_+`l7{OqK{o)S0mK9^3T98!-3CbYiCPJO->aflteLfY?@m5 zTnaKIeNgO3`OKt8ausMyLfB;)tPjqs2cdwmW5%q{p}QbQE<3Ldf8h6$BzT*@_b5SD zbELQ^*Ck}bh%%u@R!`_~?5>HIXgHmmt;MoU*Kj zzyl-}a>X!iZhEc8;C0(EvsW%_YUJDn*SZLRHmaj-K_&c6=U0wUU;JFT6nu;A=1+0! z>16s^t!?>EYgET^Iil9}Wliz|OUbzk0;-16mRf04T-QdHedgvU=*O4 zU$O$(yPEyDl^wiP8{3sr)*#72k>q}jc6Y){H<0XZDX1iD02p&Fqay{><%TFnLoH~5 z9k*o@tH3EGH#IWnU8sp1_wYV^XD#Q~+`ft$0PA^37fiB*fqt7K9z%!Jp&+RRE3fL$ ztMy<~a^zoFe_r3mcB#k4(KuzDC-U1~h0#2UIFdLb#q&#xjvPf~k$Yo%K@S-{1<$s3 zmW~5JO+pG)nE}95(&?B8hx=l~fK&MniX|~mv75<9dpR%x-*ZCvE1b$x6K3S!eMr z@K$%dSJh|uP$xc^l=}R=>O_*eAY#$=2nb$IZ{51q(Wa;?A_a*|Mgfei=;l1Gqr#N& z7u%Gw{3dNRhb+cCWiIJwo>JgwC}glp^COcGf0HzNP|kYeSF5&GpXwR>?Y;%7EWV+W z-T~Z-n@UxAI)f?+BIx=s`XG_tmu6UHlFa}N=QGL^K8Boz zg^zdday5&)wuQ0SY{{PrE{TI}mqemgEHt#7B&}0Yf)j$Kte~*WtK_-Jc0r|UsviA` zDHQ=4%~>>EC#zB*L`Xv9^{3uxdilP-e<6qq>>O0f9g_COlFqmV+d~%Vp4s>+$((Gk zt|Xz}msLc(nnbrg2wl+?LOD^I{Y5|kIf7|`4rvCm(@j0*l{X6xTnfu@OtWs@a(eUT zl&!VjGxbwP0Jh~&LDWE)rA&BhRF*+6K|+20%ch1ltXX^7Q8`myV&7_IQ+rU*e}Sa* zsEND8qzRy{HaWb(;wZ&T9Yn5e-qw%tVYR+}U*A-J(rGDv8vnG3CjA}JZLljSAa`ry=oy!2{KE{GU+!y z;PJfksVW63`Qn@%XVL+9wrQ=0e^NsP$XhbFMwcq9$`JuRl{Lai5Lk>2t+KC6?KJ+H zrYgEHL>plWH9FnKdIGMC98vXZm#0!=52V;Wtk$Ed&iT#hA@r~Dfx;)VJh86UI-byD zIeQW?g7ee75vzGnz+Jks4!7Z>=St>tDxRHSKTdBHuMHipR}G}->>YG|f8^KYusph0 zXQg`-DQd6VSGGWwo*gZ#0NayfMoh_|V&2rT+icUASnUoCB0+JES8*KcY88Tl05hBb zXU;b&UW#zBVLgyrz z<)b}fssm|CRJMfm!FdRWe@&)M4f-xIoveAWV>%xaeA&oc=TJ(BNEUOwD+V(J%g%iouE|-kKT@U3gmIxXyN}fPQO+lQm9dYgvbptB&N#sCzb4+_~d$ zUQ<&%#}aLd@=?fqmlCm+6GfmWk~#0DoxpOiJ#Fvu+#go!yQif5=%A_R5r4Q%k>NA8L~pv)sI(g$Je5r<3@&AxrU1OLv#~v3z^H zpy527B<*q6JIQmI6cA%LV~hB&ZLYOMN)kF`QK@=E zpsp<6ndODs$!N|F%=BC>PBB&ckz~@`g?ejuYIW$r>?G)1e<0rJfVP88(%h&hSe5Jzg@f? z3TuU6r^cz?&k3^RTXu(N_nV502(wAob+V|4!&Fw8&PSVkG_`l`{?p#7-@Vhf$(86t zF97FMY;sZjv;D1^NzsJjL&7NWw5p92*#S0@?CQoDe-_0{ahWdvPY#WG8&n}|MlzyJD=fBx&2 nzyAE~AIJFb&;H|&zg_?S&xil~{l|~re*WcuR?wk3AHEC#&0$x5 delta 1974 zcmV;n2TAz5?i$AA8i0fWgaU*Egam{Iv<9`Re`l8?Neu+y_dNwCKz9AO>;oXg3rO6+ zuCm1njX+}WFTT&++ckoo$5GErjmyrANM}aaRxWW{>Sm9uYKtA}G#vpoOwqTElXq8| z2`Hj#;#b`YFp6ZR)SG$UiyqxkvlNq}YfTW>L6;@kn=yL`da{ z)!?$h#a8@&f9Se-1l_-s7g9Q6IINPK)RQ5Rs{|GEP8inY8SBW9m{*Hoo4i*7r`z{mzNbN*@{{bNq&KsW338!l8eG z0EMKcft#%?T`y^iw_X=GNt!i}-hv87JS_l$y;YSoSBrGOEuAuL5vc8=YZP3Rf8wgW zRr`*jj`y$nRsx=_ThrTswQZ|Xp*p;1T6}eug!e$)tJj{1%JA7ToCvk01rA!L$<<+} zF<7&7XJo8D4l)&tQ@)Z39%&2N(G_PZU{<+k1ZgYuyOa1`?=*f=I8aoLR@_~CI)S&K{>;xz{q@6R+I8{R_L zVg^)?_;Pwebuoy+t`x@$odV^vW`TsoW1l*wNsrsCYL2Rsny7?qM|>hS>L1VUCm<$? zqT=ktlnM{xT@RI%vqv@ZjKi!aR z^|E>%HA*}+;oYGA>We0Si9U99UX8$W?LPy*bO%1Ct(_$)H91v`P!h$^5j3^%xfEpB z^g*#A(6LvfK&Dpx~YLMXUiA@Bf+ zg|ppEQkTT}@@=={nNs9x%pk(dO4Zi zs}-j2v_^Ftmt)nsKFvv9U@19QK|s||%2X>|71yrsvYN@ib~`Y4Ub(8W&Uz@E&Q{GuKaOrU^alG; z_5&ibI%f@KEjw>w_3&8)SKqAL7cV>s_ADJh9(hMC)Xwye^?@H+de4ryn5j zcD~_>uTIMC&WWRIio&CIG6ipR@kGJwp=sI4NH6Il?`c&Mec7w3(S{#*S=dfu+_h?p zl#4=1_NqH!!AV;R0Pu11TI@b0-|N_^3et4y@v78e=+|mhtJeUuNV=Cib8^UXq-w8g zG@a(8f32`7Ke0NTJ7pq*U_*i0c-Y*1O`|AK&@n-uGX%DyRMO@?G+9|scUDWj1>WkS z_p15~Z+POflTx3*n|D~%eA^;NLm`93Ha{{6F-fBbf90$Lzgo4m{8G>0Z`TlES$v?9-T~Z- zA6?oa7vW=BY8Hv#GGk<_xM$5K-5MUOS2WIyJ*egKP$1Xs;+w_~`aDOnkg} zm#bOa879VJvu*xVbV(d+J8dK?Nur_UBxxN=2~LQbvVy{PUM0^(wu>rV!+P{5hAILy zinD0CPG+S*h>(QHbA0*b=U;#O{ih$kAbtJl|9q<-fB$&?@#mXw{`K+k_1l+!0cFB5 IA+NLy00n5pV*mgE diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-01.xml new file mode 100644 index 0000000000..413cf96f36 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-01.xml @@ -0,0 +1,49 @@ + + + + Cairo: Denial of Service + Multiple vulnerabilities were found in Cairo, the worst of which + could cause a Denial of Service condition. + + cairo + 2019-04-02 + 2019-04-02 + 596756 + 625636 + 672908 + remote + + + 1.16.0-r3 + 1.16.0-r3 + + + +

Cairo is a 2D vector graphics library with cross-device output support.

+ + +

Multiple vulnerabilities have been discovered in Cairo. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Cairo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.16.0-r2" + + + + CVE-2016-9082 + CVE-2017-9814 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-02.xml new file mode 100644 index 0000000000..dbf891e06d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-02.xml @@ -0,0 +1,50 @@ + + + + Libical: Multiple vulnerabilities + Multiple vulnerabilities have been found in Libical, the worst of + which could result in a Denial of Service condition. + + libical + 2019-04-02 + 2019-04-02 + 587572 + 587574 + remote + + + 3.0.0 + 3.0.0 + + + +

An Open Source implementation of the iCalendar protocols and protocol + data units. +

+ + +

Multiple vulnerabilities have been discovered in Libical. Please review + the referenced CVE identifiers for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Libical users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libical-3.0.0" + + + + CVE-2016-5823 + CVE-2016-5824 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-03.xml new file mode 100644 index 0000000000..8a5ae4cdfa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-03.xml @@ -0,0 +1,46 @@ + + + + Unbound: Multiple vulnerabilities + Multiple vulnerabilities have been found in Unbound, the worst of + which could lead to privilege escalation. + + unbound + 2019-04-02 + 2019-04-02 + 641042 + 677054 + remote + + + 1.8.3 + 1.8.3 + + + +

Unbound is a validating, recursive, and caching DNS resolver.

+ + +

Multiple vulnerabilities have been discovered in Unbound. Please review + the referenced bugs for details. +

+ + +

Please review the referenced bugs for details.

+ + +

There is no known workaround at this time.

+ + +

All Unbound users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/unbound-1.8.3" + + + + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-04.xml new file mode 100644 index 0000000000..4dbd20dd48 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-04.xml @@ -0,0 +1,47 @@ + + + + Poppler: Multiple vulnerabilities + Multiple vulnerabilities have been found in Poppler, the worst of + which could allow a Denial of Service. + + poppler + 2019-04-02 + 2019-04-02 + 659828 + 670880 + remote + + + 0.70.0 + 0.70.0 + + + +

Poppler is a PDF rendering library based on the xpdf-3.0 code base.

+ + +

Multiple vulnerabilities have been discovered in Poppler. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Poppler users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/poppler-0.70.0" + + + + CVE-2018-19149 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-05.xml new file mode 100644 index 0000000000..32f4490fde --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-05.xml @@ -0,0 +1,51 @@ + + + + BURP: Root privilege escalation + A vulnerability was discovered in Gentoo's ebuild for BURP which + could lead to root privilege escalation. + + burp + 2019-04-02 + 2019-04-02 + 641842 + local + + + 2.1.32-r1 + 2.1.32-r1 + + + +

A network backup and restore program.

+ + +

It was discovered that Gentoo’s BURP ebuild does not properly set + permissions or place the pid file in a safe directory. Additionally, the + first set of patches did not completely address this. As such, a + revision has been made available that addresses all concerns of the + initial report. +

+ + +

A local attacker could escalate privileges.

+ + +

Users should ensure the proper permissions are set as discussed in the + referenced bugs. +

+ + +

All BURP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-backup/burp-2.1.32-r1" + + + + CVE-2017-18285 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-06.xml new file mode 100644 index 0000000000..e5338d314d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-06.xml @@ -0,0 +1,69 @@ + + + + GlusterFS: Multiple Vulnerabilities + Multiple vulnerabilities have been found in GlusterFS, the worst of + which could result in the execution of arbitrary code. + + glusterfs + 2019-04-02 + 2019-04-02 + 653070 + 658606 + 664336 + 670088 + remote + + + 4.1.8 + 4.1.8 + + + +

A free and open source software scalable network filesystem.

+ + +

Multiple vulnerabilities have been discovered in GlusterFS. Please + review the referenced CVE identifiers for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All GlusterFS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/glusterfs-4.1.8" + + + + CVE-2018-10841 + CVE-2018-1088 + CVE-2018-10904 + CVE-2018-10907 + CVE-2018-10911 + CVE-2018-10913 + CVE-2018-10914 + CVE-2018-10923 + CVE-2018-10924 + CVE-2018-10926 + CVE-2018-10927 + CVE-2018-10928 + CVE-2018-10929 + CVE-2018-10930 + CVE-2018-14651 + CVE-2018-14652 + CVE-2018-14653 + CVE-2018-14654 + CVE-2018-14659 + CVE-2018-14660 + CVE-2018-14661 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-07.xml new file mode 100644 index 0000000000..0cddfaf2c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-07.xml @@ -0,0 +1,109 @@ + + + + Mozilla Thunderbird and Firefox: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Thunderbird and + Firefox, the worst of which could lead to the execution of arbitrary code. + + thunderbird,firefox,mozilla + 2019-04-02 + 2019-04-02 + 676954 + 678072 + 681834 + 681836 + remote + + + 60.6.1 + 60.6.1 + + + 60.6.1 + 60.6.1 + + + 60.6.1 + 60.6.1 + + + 60.6.1 + 60.6.1 + + + +

Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. + Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Thunderbird and + Firefox. Please review the referenced Mozilla Foundation Security + Advisories and CVE identifiers below for details. +

+ + +

Please review the referenced Mozilla Foundation Security Advisories and + CVE identifiers below for details. +

+ + +

There is no known workaround at this time.

+ + +

All Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-60.6.1" + + +

All Thunderbird bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-60.6.1" + + +

All Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-60.6.1" + + +

All Firefox bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.6.1" + + + + CVE-2016-5824 + CVE-2018-18335 + CVE-2018-18356 + CVE-2018-18500 + CVE-2018-18501 + CVE-2018-18505 + CVE-2018-18506 + CVE-2018-18509 + CVE-2018-18512 + CVE-2018-18513 + CVE-2019-5785 + CVE-2019-9788 + CVE-2019-9790 + CVE-2019-9791 + CVE-2019-9792 + CVE-2019-9793 + CVE-2019-9795 + CVE-2019-9796 + CVE-2019-9810 + CVE-2019-9813 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-08.xml new file mode 100644 index 0000000000..9a634deb75 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-08.xml @@ -0,0 +1,52 @@ + + + + Subversion: Denial of Service + A vulnerability in Subversion could lead to a Denial of Service + condition. + + subversion + 2019-04-02 + 2019-04-02 + 676094 + remote + + + 1.10.4 + 1.10.4 + + + +

Subversion is a version control system intended to eventually replace + CVS. Like CVS, it has an optional client-server architecture (where the + server can be an Apache server running mod_svn, or an ssh program as in + CVS’s :ext: method). In addition to supporting the features found in + CVS, Subversion also provides support for moving and copying files and + directories. +

+ + +

A vulnerability was discovered in Subversion’s mod_dav_svn, that could + lead to a Denial of Service Condition. +

+ + +

An attacker could cause a possible enial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All Subversion users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.10.4" + + + + CVE-2018-11803 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 6a887f3f03..26ed3b258b 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Thu, 28 Mar 2019 13:38:42 +0000 +Tue, 02 Apr 2019 14:38:45 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index f476da4fbe..c5e0ca87f2 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -821df578dd1e4239ed7205c587587491907ef45c 1553739754 2019-03-28T02:22:34+00:00 +30de0bf9ee6986a07eef489491b435e55fc9cafe 1554179778 2019-04-02T04:36:18+00:00