From a2adaf68b8681e165e01e9c419762eaa9172bbfd Mon Sep 17 00:00:00 2001 From: Nick Owens Date: Tue, 1 Nov 2016 12:49:45 -0700 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../metadata/glsa/glsa-201610-02.xml | 6 +- .../metadata/glsa/glsa-201610-05.xml | 89 +++++++++++++ .../metadata/glsa/glsa-201610-06.xml | 94 ++++++++++++++ .../metadata/glsa/glsa-201610-07.xml | 59 +++++++++ .../metadata/glsa/glsa-201610-08.xml | 88 +++++++++++++ .../metadata/glsa/glsa-201610-09.xml | 122 ++++++++++++++++++ .../metadata/glsa/glsa-201610-10.xml | 106 +++++++++++++++ .../metadata/glsa/glsa-201610-11.xml | 51 ++++++++ .../metadata/glsa/glsa-201611-01.xml | 56 ++++++++ .../metadata/glsa/glsa-201611-02.xml | 51 ++++++++ .../metadata/glsa/timestamp.chk | 2 +- 11 files changed, 720 insertions(+), 4 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-02.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-02.xml index 98bf17f1c5..f891844478 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-02.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-02.xml @@ -8,7 +8,7 @@ October 06, 2016 - October 06, 2016: 1 + October 13, 2016: 2 524680 536684 554948 @@ -18,7 +18,7 @@ remote - 2.2.31 + 2.2.31 2.4.23 2.4.23 @@ -58,5 +58,5 @@ BlueKnight - b-man + b-man diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-05.xml new file mode 100644 index 0000000000..ecd5b43e07 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-05.xml @@ -0,0 +1,89 @@ + + + + Subversion, Serf: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Subversion and Serf, + the worst of which could lead to execution of arbitrary code. + + subversion serf + October 11, 2016 + October 11, 2016: 2 + 500482 + 518716 + 519202 + 545348 + 556076 + 567810 + 581448 + 586046 + remote + + + 1.9.4 + 1.8.16 + 1.9.4 + + + 1.3.7 + 1.3.7 + + + +

Subversion is a version control system intended to eventually replace + CVS. Like CVS, it has an optional client-server architecture (where the + server can be an Apache server running mod_svn, or an ssh program as in + CVS’s :ext: method). In addition to supporting the features found in + CVS, Subversion also provides support for moving and copying files and + directories. +

+ +

The serf library is a high performance C-based HTTP client library built + upon the Apache Portable Runtime (APR) library. +

+ + +

Multiple vulnerabilities have been discovered in Subversion and Serf. + Please review the CVE identifiers referenced below for details +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, conduct a man-in-the-middle attack, obtain + sensitive information, or cause a Denial of Service Condition. +

+ + +

There is no known workaround at this time.

+ + +

All Subversion users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4" + + +

All Serf users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7" + + + + CVE-2014-0032 + CVE-2014-3504 + CVE-2014-3522 + CVE-2014-3528 + CVE-2015-0202 + CVE-2015-0248 + CVE-2015-0251 + CVE-2015-3184 + CVE-2015-3187 + CVE-2015-5259 + CVE-2016-2167 + CVE-2016-2168 + + K_F + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-06.xml new file mode 100644 index 0000000000..1054eaa871 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-06.xml @@ -0,0 +1,94 @@ + + + + MySQL and MariaDB: Multiple vulnerabilities + Multiple vulnerabilities have been found in MySQL and MariaDB, the + worst of which could allow remote attackers to cause a Denial of Service + condition or obtain sensitive information. + + + October 11, 2016 + October 11, 2016: 1 + 546724 + 555478 + 555480 + 564170 + 564442 + 572870 + 580832 + 580834 + 589238 + 589346 + 593608 + remote + + + 5.6.31 + 5.6.31 + + + 5.5.51 + 10.0.27 + + + 10.0.27 + + + +

MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an + enhanced, drop-in replacement for MySQL. +

+ + +

Multiple vulnerabilities have been discovered in MySQL and MariaDB. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could exploit vulnerabilities, through multiple + vectors, that affect the confidentiality, integrity, and availability of + MySQL and MariaDB. +

+ + +

There is no known workaround at this time.

+ + +

All MySQL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.31" + + +

All MariaDB users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.0.27" + + + + CVE-2015-2582 + CVE-2015-2611 + CVE-2015-2617 + CVE-2015-2620 + CVE-2015-2639 + CVE-2015-2641 + CVE-2015-2643 + CVE-2015-2648 + CVE-2015-2661 + CVE-2015-4737 + CVE-2015-4752 + CVE-2015-4756 + CVE-2015-4757 + CVE-2015-4767 + CVE-2015-4769 + CVE-2015-4771 + CVE-2015-4772 + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-07.xml new file mode 100644 index 0000000000..0af9c589fa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-07.xml @@ -0,0 +1,59 @@ + + + + BIND: Multiple vulnerabilities + Multiple vulnerabilities have been found in BIND, the worst of + which could cause a Denial of Service condition. + + + October 11, 2016 + October 11, 2016: 1 + 572414 + 576902 + 588652 + 589132 + 595340 + remote + + + 9.10.4_p3 + 9.10.4_p3 + + + +

BIND (Berkeley Internet Name Domain) is a Name Server.

+ + +

Multiple vulnerabilities have been discovered in BIND. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a Denial of Service condition through + multiple attack vectors. +

+ + +

There is no known workaround at this time.

+ + +

All BIND users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.4_p3" + + + + CVE-2015-8704 + CVE-2015-8705 + CVE-2016-1285 + CVE-2016-1286 + CVE-2016-2088 + CVE-2016-2775 + CVE-2016-2776 + CVE-2016-6170 + + b-man + Zlogene + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-08.xml new file mode 100644 index 0000000000..6bc3904e79 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-08.xml @@ -0,0 +1,88 @@ + + + + Oracle JRE/JDK: Multiple vulnerabilities + Multiple vulnerabilities have been found in Oracle's JRE and JDK + software suites allowing remote attackers to remotely execute arbitrary + code, obtain information, and cause Denial of Service. + + java + October 15, 2016 + October 15, 2016: 1 + 578160 + 580608 + 589208 + remote + + + 1.8.0.101 + 1.8.0.101 + + + 1.8.0.101 + 1.8.0.101 + + + +

Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +

+ + +

Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please + review the referenced CVE’s for additional information. +

+ + +

Remote attackers could gain access to information, remotely execute + arbitrary code, or cause Denial of Service. +

+ + +

There is no known workaround at this time.

+ + +

All Oracle JRE Users users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/oracle-jre-bin-1.8.0.101" + + +

All Oracle JDK Users users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/oracle-jdk-bin-1.8.0.101" + + + + CVE-2016-0402 + CVE-2016-0448 + CVE-2016-0466 + CVE-2016-0475 + CVE-2016-0483 + CVE-2016-0494 + CVE-2016-0603 + CVE-2016-0636 + CVE-2016-3426 + CVE-2016-3458 + CVE-2016-3485 + CVE-2016-3498 + CVE-2016-3500 + CVE-2016-3503 + CVE-2016-3508 + CVE-2016-3511 + CVE-2016-3550 + CVE-2016-3552 + CVE-2016-3587 + CVE-2016-3598 + CVE-2016-3606 + CVE-2016-3610 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-09.xml new file mode 100644 index 0000000000..1aba37c275 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-09.xml @@ -0,0 +1,122 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in the Chromium web + browser, the worst of which allows remote attackers to execute arbitrary + code. + + + October 29, 2016 + October 29, 2016: 1 + 589278 + 590420 + 592630 + 593708 + 595614 + 597016 + remote + + + 54.0.2840.59 + 54.0.2840.59 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ + +

Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-54.0.2840.59" + + + + CVE-2016-5127 + CVE-2016-5128 + CVE-2016-5129 + CVE-2016-5130 + CVE-2016-5131 + CVE-2016-5132 + CVE-2016-5133 + CVE-2016-5134 + CVE-2016-5135 + CVE-2016-5136 + CVE-2016-5137 + CVE-2016-5138 + CVE-2016-5139 + CVE-2016-5140 + CVE-2016-5141 + CVE-2016-5142 + CVE-2016-5143 + CVE-2016-5144 + CVE-2016-5145 + CVE-2016-5146 + CVE-2016-5147 + CVE-2016-5148 + CVE-2016-5149 + CVE-2016-5150 + CVE-2016-5151 + CVE-2016-5152 + CVE-2016-5153 + CVE-2016-5154 + CVE-2016-5155 + CVE-2016-5156 + CVE-2016-5157 + CVE-2016-5158 + CVE-2016-5159 + CVE-2016-5160 + CVE-2016-5161 + CVE-2016-5162 + CVE-2016-5163 + CVE-2016-5164 + CVE-2016-5165 + CVE-2016-5166 + CVE-2016-5167 + CVE-2016-5170 + CVE-2016-5171 + CVE-2016-5172 + CVE-2016-5173 + CVE-2016-5174 + CVE-2016-5175 + CVE-2016-5177 + CVE-2016-5178 + CVE-2016-5181 + CVE-2016-5182 + CVE-2016-5183 + CVE-2016-5184 + CVE-2016-5185 + CVE-2016-5186 + CVE-2016-5187 + CVE-2016-5188 + CVE-2016-5189 + CVE-2016-5190 + CVE-2016-5191 + CVE-2016-5192 + CVE-2016-5193 + CVE-2016-5194 + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-10.xml new file mode 100644 index 0000000000..989947f5b7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-10.xml @@ -0,0 +1,106 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + + October 29, 2016 + November 01, 2016: 2 + 593684 + 596896 + 598152 + remote + + + 23.0.0.205 + 11.2.202.635 + 11.2.202.643 + 23.0.0.205 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player 23.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-23.0.0.205" + + +

All Adobe Flash Player 11.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-11.2.202.635" + + + + + CVE-2016-4182 + CVE-2016-4271 + CVE-2016-4272 + CVE-2016-4273 + CVE-2016-4274 + CVE-2016-4275 + CVE-2016-4276 + CVE-2016-4277 + CVE-2016-4278 + CVE-2016-4279 + CVE-2016-4280 + CVE-2016-4281 + CVE-2016-4282 + CVE-2016-4283 + CVE-2016-4284 + CVE-2016-4285 + CVE-2016-4286 + CVE-2016-4287 + CVE-2016-6921 + CVE-2016-6922 + CVE-2016-6923 + CVE-2016-6924 + CVE-2016-6925 + CVE-2016-6926 + CVE-2016-6927 + CVE-2016-6929 + CVE-2016-6930 + CVE-2016-6931 + CVE-2016-6932 + CVE-2016-6981 + CVE-2016-6982 + CVE-2016-6983 + CVE-2016-6984 + CVE-2016-6985 + CVE-2016-6986 + CVE-2016-6987 + CVE-2016-6989 + CVE-2016-6990 + CVE-2016-6992 + CVE-2016-7855 + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-11.xml new file mode 100644 index 0000000000..2339916fde --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-11.xml @@ -0,0 +1,51 @@ + + + + GNU Wget: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wget, the worst of + which could lead to the remote execution of arbitrary code. + + + October 29, 2016 + October 29, 2016: 1 + 560418 + 585926 + remote + + + 1.18 + 1.18 + + + +

GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +

+ + +

Multiple vulnerabilities have been discovered in Wget. Please review the + CVE identifier and bug reports referenced for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Wget users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/wget-1.18" + + + + CVE-2016-4971 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-01.xml new file mode 100644 index 0000000000..348fe8da15 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-01.xml @@ -0,0 +1,56 @@ + + + + UnZip: Multiple vulnerabilities + Multiple vulnerabilities have been found in UnZip allowing remote + attackers to execute arbitrary code and cause Denial of Service. + + + November 01, 2016 + November 01, 2016: 1 + 528082 + 533748 + 537424 + 560416 + remote + + + 6.0_p20 + 6.0_p20 + + + +

Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP + compressed files. +

+ + +

Multiple vulnerabilities were found in UnZip. Please review the + referenced CVE’s for additional information. +

+ + +

Remote attackers could execute arbitrary code or cause Denial of + Service. +

+ + +

There is no known workaround at this time.

+ + +

All UnZip users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/unzip-6.0_p20" + + + + CVE-2014-8139 + CVE-2014-8140 + CVE-2014-8141 + CVE-2014-9636 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-02.xml new file mode 100644 index 0000000000..4cbaa7a494 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-02.xml @@ -0,0 +1,51 @@ + + + + OpenVPN: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenVPN, the worst of + which allows remote attackers to read encrypted traffic. + + + November 01, 2016 + November 01, 2016: 1 + 582902 + 592070 + remote + + + 2.3.12 + 2.3.12 + + + +

OpenVPN is a multi-platform, full-featured SSL VPN solution.

+ + +

Multiple vulnerabilities have been discovered in OpenVPN. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker may be able to recover plaintext from encrypted + communications. +

+ + +

There is no known workaround at this time.

+ + +

All OpenVPN users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openvpn-2.3.12" + + + + CVE-2016-6329 + + + BlueKnight + + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 261f502200..d96a5874a5 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Mon, 10 Oct 2016 14:40:40 +0000 +Tue, 01 Nov 2016 19:13:17 +0000