Merge pull request #1036 from flatcar/buildbot/monthly-glsa-metadata-updates-2023-08-01

Monthly GLSA metadata 2023-08-01

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 546124 BLAKE2B b8c960a7f19f0cac8ea254b9330e3a1add1f4be28ff0a9b4020f5e68f250a6b511280b7dd1dec4e472c73320abae493b0ab8441075c681803abfb19ea280332e SHA512 0dccc4f920463740ab2803f55b50f1cf0df2af9d58750c12c98fe5963dc8738d5a3e8d6a895c2e0d3ba8230bb61557b6e88b4fa56b2f05f5697577b68a9413df
-TIMESTAMP 2023-07-01T06:39:56Z
+MANIFEST Manifest.files.gz 546284 BLAKE2B ffce95d14dec8e0ecb1658575f411350a797650e5376e656bbe5d1c11b4e05372611ac4ca5de41270e2e69dfa9461b99f212aa044d6509bb082c7f94d92006b8 SHA512 c90fc6416d62b1b09cbafd89df9a8523e7e9eec12dd28fd39f81776bc9076c1e64fdb0203c709c330d323ea0c05daf6d59e5c469948b4d49cc6d59443f29557a
+TIMESTAMP 2023-08-01T06:40:03Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmSfyjxfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmTIqMNfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCNlxAAg+LXqNKPA6Om+jvnU7PqJvbnCGZtGLkW+pj21SRkZz/bZPNKctViyPUr
-44favLaBAakcBt8I4F3sve5Xm1QofeJARyZQZ0u17FqD4eWZnprDkCC+mkGjjXjA
-yb1zNK+u2kEUCzZt/zXkbQYKzUHnpskQ5V+n7NHZAv72BdZt00dAz0BY+sTnyuWp
-cEUnhhmhJJQ8NG8l6T5cawChZ427ob7hBzA2bKz6z20B6+T5qZXf51jRo2ykBSr8
-K43d7zdEtXLdrTpsOxQBAgRJ9wVCyiFpfFCCR+yk0oyv+57H0gRn4uVAxodawAQd
-U6FbGmjRmOlYUcL3l4Nb6X9D7l60WR+uLjCz6GxxXPCedXoZj45Ko27tN2Fw6VB/
-N/7ey4uCwBZajRbJjOvcQXLb+2/7SP9AgYNWwgCCj3NbHIdgyfw7DgiA7ZkjnVR2
-4v6Aot6VPs6UKplw+8TXQlotrIwN3WLHj0JRw6l79MccJzSUzPKlgjRuxXURLxR0
-Z5+r95iyTz/4udUvAicEbIdtgwxmdQXQSXe6cZnxuLMlVvLSRl7ro65lhfsM5mZ8
-ynyH9JXeqZMiMd1toX1WbsbGfsPwheNYa9hwfAgkQ8PhHfq8Hu+2/EKGNcX/aMBQ
-7RFGpjGXcYlTaUoH5SYcdXpmvcFMhE2a8Hn+W9D+icrtS8atqDI=
-=7mgn
+klANARAAo6KXYP/HCX5kiEsBf5JWOje0quGzsCs5xplVYsD2JgbKn81fUau7PkWJ
+UM7w/cPxGXbeVH2GiZLozD379jaVIjvjEuRy4yc1cOVnZ3ZuEdgBJjnrK3081RuO
+j2PteSl9M9d3vHTZt6AdQEE9cKXYLB0qStTG0vyS95cioZlPllM36uEkDtHhHjv/
+hYajgE6PHv3E/WiMdOu1XZmjOaFTnOU4phG+oSL09YOGqdvu9nNCbQxwFkBjTb0L
+VzRMfRFi99gRx/al2gaP3WvDRSSuYM9GuQID4ascPgbnjC4KHBafZYcsVB63MRar
++CHEKEyNLZ7TTgjfODeF/c6o0LIeVOurfsF0GrxZucnxKkBeduxEAR78LhBvPq/v
+3m1XK+ektF0SJqEK7yNn4+lO55Hi/ZYLuJmpMOG9uMOxTy2Ehg4/k8coy7ECyfN5
++NfbeMe3ifpfriUgMNLQkmg4n6rfaRPer1SQe7lyw0HBwFflDt9B5KuoiFkBoVhO
+FqxsFuiZozfCbLnvBCdIqTvZwMKwMp7+G470nCPVrCChJc2QToX+xn/QCScaUAIL
+DKwZ+eYK6OWGCrOm/nRNvtEj4I+mYgCCiLmbaEs+c3MSQl/HxhShrBQSN+rad8k5
+fz2G1Xa5uhlEGr4xu/fxRR5mYBqWycsv2xdN0HOga/XboKR+Ooc=
+=/Mm9
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202307-01.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202307-01">
+    <title>OpenSSH: Remote Code Execution</title>
+    <synopsis>Multiple vulnerbilities have been discovered in OpenSSH, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">openssh</product>
+    <announced>2023-07-20</announced>
+    <revised count="1">2023-07-20</revised>
+    <bug>892936</bug>
+    <bug>905299</bug>
+    <bug>910553</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/openssh" auto="yes" arch="*">
+            <unaffected range="ge">9.3_p2</unaffected>
+            <vulnerable range="lt">9.3_p2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the CVE identifiers referenced below for details.</p>
+    </impact>
+    <workaround>
+        <p>CVE-2023-38408 can be worked around by avoiding connecting to untrusted servers with an SSH agent.</p>
+    </workaround>
+    <resolution>
+        <p>All OpenSSH users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.3_p2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25136">CVE-2023-25136</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28531">CVE-2023-28531</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38408">CVE-2023-38408</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-07-20T02:17:18.328897Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2023-07-20T02:17:18.348364Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk

@@ -1 +1 @@
-Sat, 01 Jul 2023 06:39:53 +0000
+Tue, 01 Aug 2023 06:40:00 +0000

sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit

@@ -1 +1 @@
-023c3018165ffad6f1f6a874561e1c3c555cb505 1685499625 2023-05-31T02:20:25+00:00
+6394ef8ae23b1cf183b45b603eceea6389a3c371 1689819508 2023-07-20T02:18:28+00:00