mirror of
https://github.com/flatcar/scripts.git
synced 2025-09-23 14:41:31 +02:00
portage-stable/metadata: Monthly GLSA metadata updates
This commit is contained in:
Flatcar Buildbot
github-actions[bot]
parent
fdb41e5824
commit
2ac1a5fd57
@ -1,23 +1,23 @@
|
|||||||
-----BEGIN PGP SIGNED MESSAGE-----
|
-----BEGIN PGP SIGNED MESSAGE-----
|
||||||
Hash: SHA512
|
Hash: SHA512
|
||||||
|
|
||||||
MANIFEST Manifest.files.gz 596819 BLAKE2B 63522f06337573996c66aa3c0b81ef535020898b18e1885eee805fd1835f056debd8871c1b871e9129a2cfd9138cdf6cb96404b2859059f0e8906b7e44fbcee9 SHA512 87fcb2c073963a66ce8ec1e356d102364b832e77939304f57faeeda9b592eab9192b225eb977ad168b619ca3b7f0da1061763084ff671cea0d6a094c478551f0
|
MANIFEST Manifest.files.gz 596980 BLAKE2B eddb25532154bba44bb35623eb68543626c56c08b4a9b70673d678e12e2e9d223dee9cf4d0203ab7966bfde59e62bbac75b407365fffaffd689f74499226bdef SHA512 63607f6c6d89e0de89c2ed0d49a183cf3ebf144547b6b6c3a675072d222d42a76895e60d6f7b099c2762d742420925f50f5f0705f64f212c92b5228a8c6aac91
|
||||||
TIMESTAMP 2025-04-01T06:10:43Z
|
TIMESTAMP 2025-05-01T06:40:34Z
|
||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmfrg2NfFIAAAAAALgAo
|
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmgTF2JfFIAAAAAALgAo
|
||||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
|
||||||
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
|
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
|
||||||
klA/uw/+IQmu9DSSDbsEjnWyooGUNr+aXX5NjlQX2+8c7AWpFugIUJCqiHFXyM1Q
|
klDRMQ/+PAi2qYoR0sip4LFgbYOupfpmsR8tU5KJ1/74lCyKWzBeJXLv6ZpzzUfQ
|
||||||
oXe76kt/DK8I8za/2ouhAzauiSib4J1fdTxk+vzQS99EH+ocerbDWS5Twxb/7p7V
|
/zdiT7LTQTI/S+rLzGZ9iuru+SDj+TmSaqqe3/V47EMXrIUMQmi2/wpv4Xdz6SZv
|
||||||
/6n4YdRN1wIQUOScvCDui/o6hqXOFk9LdGXBaDr388USilca08DSx0kK1aK/UFX6
|
vaIEnBvxy7AcER2kd3SjuP7oqh49lY3M8lSxGzDcyLuKLMtA0GruuXoOHK8Kc32p
|
||||||
ZVGltml3Qax5PgbFdYAD68tS2KKDYCwtCouUMQ0kG96P+EQfgWdH3FDZ9DZ3GbYs
|
e4MTmHiysNkwQ48mxpogteDz6UzMDz69H+RidhBJLcXj+VNi69jmLFUUWJ0WlINK
|
||||||
q7Q6Bj77vRKY5PFAQTlePRSsp1hpCsfeZESi3dTdgagiG5BRaOhGoMzkbnzSNXlu
|
BScxduFU4NdYew2iDUFohVSAvLshHnpWUg/S6WlJo1Kf7XSjROBnuNxbrHrRfBRh
|
||||||
xRu713wcSFXTNgpZvXP08tb2HudB4bpvo7FT7pDhmJq2CmVqdoNenaiU5ewb3yKp
|
m4mx1fdXE73jM7QOpyx+BflrOEBmvrsGC2WJpI+YU5HmhRldkq9I1+amcPJEx/WD
|
||||||
I2YH/BqDKuYpFOOd/KfjRt6X+YtMM33KwMa3erWxk+G9ObTEV/iugleawiVPXBrr
|
8lTul44UWczfeDxOjVSwQ4Ez0a3YzGxtvo/6aT/P/8u6lxZwXC73F4vPe9B/qQDn
|
||||||
kN2OJCgt+Gz0oXdx3ieWvql95X7UDxGyYNvrZsOcVPct2MGRtsyjLS5Dbz00Viea
|
tCVkS4kDfMQf3zUlypFo3ny6eF54AcWzaT6XDIYVYJD1aSMXXqHhoffznAFB9Tjd
|
||||||
huQ0t4CU6eJ093g88vKDfmMwTP7ViRX1z4447iAonb90tucRnGy+0WAWYmHq2uWQ
|
gmYAjCPk/6Oi7WPKEg+TryBnQLv9GEL7TRpQDAAMf0vc8OXwsJbEfS1HO8msMjA7
|
||||||
rzLSlxBFxtsxxzRYXvb11V/MD7lxE968IYx1pB/n12vl7CoIVL+wfrDWYWZB/Vv5
|
+q4SVTPh7y9uKR62hu9MLuEXBxm3w4fS+U8e+62SVPIqwFsa5Q92Sh98AOPjK9yY
|
||||||
oS1SxZa7EBMHE0i35PhMeE1SMKMQFDKvwShtLW4cK4rz7D/G1NM=
|
ViFNSQ0SCOaoWbmk9YFaC7JywXnlIXpD7si1W5a4hQ9aIF+qLqs=
|
||||||
=m/Wp
|
=4GyX
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|||||||
Binary file not shown.
44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202504-01.xml
vendored
Normal file
44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202504-01.xml
vendored
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||||
|
<glsa id="202504-01">
|
||||||
|
<title>XZ Utils: Use after free</title>
|
||||||
|
<synopsis>A vulnerability has been discovered in XZ Utils, which could lead to denial of service.</synopsis>
|
||||||
|
<product type="ebuild">xz-utils</product>
|
||||||
|
<announced>2025-04-05</announced>
|
||||||
|
<revised count="1">2025-04-05</revised>
|
||||||
|
<bug>953086</bug>
|
||||||
|
<access>remote</access>
|
||||||
|
<affected>
|
||||||
|
<package name="app-arch/xz-utils" auto="yes" arch="*">
|
||||||
|
<unaffected range="ge">5.6.4-r1</unaffected>
|
||||||
|
<vulnerable range="lt">5.6.4-r1</vulnerable>
|
||||||
|
</package>
|
||||||
|
</affected>
|
||||||
|
<background>
|
||||||
|
<p>XZ Utils is free general-purpose data compression software with a high compression ratio.</p>
|
||||||
|
</background>
|
||||||
|
<description>
|
||||||
|
<p>A use-after-free has been discovered in XZ utils. Please review the CVE identifier referenced below for details.</p>
|
||||||
|
</description>
|
||||||
|
<impact type="normal">
|
||||||
|
<p>The multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected.
|
||||||
|
|
||||||
|
It's unlikely one can achieve more than a crash if xz is built with PIE on a 64-bit system especially, as is done in Gentoo by default.</p>
|
||||||
|
</impact>
|
||||||
|
<workaround>
|
||||||
|
<p>There is no known workaround at this time.</p>
|
||||||
|
</workaround>
|
||||||
|
<resolution>
|
||||||
|
<p>All XZ utils users should upgrade to the latest version:</p>
|
||||||
|
|
||||||
|
<code>
|
||||||
|
# emerge --sync
|
||||||
|
# emerge --ask --oneshot --verbose ">=app-arch/xz-utils-5.6.4-r1"
|
||||||
|
</code>
|
||||||
|
</resolution>
|
||||||
|
<references>
|
||||||
|
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-31115">CVE-2025-31115</uri>
|
||||||
|
</references>
|
||||||
|
<metadata tag="requester" timestamp="2025-04-05T00:42:34.287919Z">sam</metadata>
|
||||||
|
<metadata tag="submitter" timestamp="2025-04-05T00:42:34.291736Z">sam</metadata>
|
||||||
|
</glsa>
|
||||||
@ -1 +1 @@
|
|||||||
Tue, 01 Apr 2025 06:10:40 +0000
|
Thu, 01 May 2025 06:40:32 +0000
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
8c44a0fc9958fea4290f5cca3cda73137cf7786a 1743192053 2025-03-28T20:00:53Z
|
da2df533a0a1b5799029686bc64ece18ac31947e 1743813771 2025-04-05T00:42:51Z
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user