mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 10:27:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #486 from mischief/glsa-2016-11-01

Browse Source 
bump(metadata/glsa): sync with upstream
This commit is contained in:
Nick Owens 2016-11-21 10:21:47 -08:00 committed by GitHub
commit 2ddfc8cb9f
11 changed files with 720 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-02.xml vendored
View File

@ -8,7 +8,7 @@
</synopsis>
<product type="ebuild"></product>
<announced>October 06, 2016</announced>
<revised>October 06, 2016: 1</revised>
<revised>October 13, 2016: 2</revised>
<bug>524680</bug>
<bug>536684</bug>
<bug>554948</bug>
@ -18,7 +18,7 @@
<access>remote</access>
<affected>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="rgt">2.2.31</unaffected>
<unaffected range="rge">2.2.31</unaffected>
<unaffected range="ge">2.4.23</unaffected>
<vulnerable range="lt">2.4.23</vulnerable>
</package>
@ -58,5 +58,5 @@
<metadata tag="requester" timestamp="Sun, 13 Sep 2015 13:17:03 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Thu, 06 Oct 2016 17:20:25 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Thu, 13 Oct 2016 07:21:58 +0000">b-man</metadata>
</glsa>

89
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-05.xml vendored Normal file
View File

@ -0,0 +1,89 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201610-05">
<title>Subversion, Serf: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Subversion and Serf,
the worst of which could lead to execution of arbitrary code.
</synopsis>
<product type="ebuild">subversion serf</product>
<announced>October 11, 2016</announced>
<revised>October 11, 2016: 2</revised>
<bug>500482</bug>
<bug>518716</bug>
<bug>519202</bug>
<bug>545348</bug>
<bug>556076</bug>
<bug>567810</bug>
<bug>581448</bug>
<bug>586046</bug>
<access>remote</access>
<affected>
<package name="dev-vcs/subversion" auto="yes" arch="*">
<unaffected range="ge">1.9.4</unaffected>
<unaffected range="rgt">1.8.16</unaffected>
<vulnerable range="lt">1.9.4</vulnerable>
</package>
<package name="net-libs/serf" auto="yes" arch="*">
<unaffected range="ge">1.3.7</unaffected>
<vulnerable range="lt">1.3.7</vulnerable>
</package>
</affected>
<background>
<p>Subversion is a version control system intended to eventually replace
CVS. Like CVS, it has an optional client-server architecture (where the
server can be an Apache server running mod_svn, or an ssh program as in
CVSs :ext: method). In addition to supporting the features found in
CVS, Subversion also provides support for moving and copying files and
directories.
</p>
<p>The serf library is a high performance C-based HTTP client library built
upon the Apache Portable Runtime (APR) library.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Subversion and Serf.
Please review the CVE identifiers referenced below for details
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, conduct a man-in-the-middle attack, obtain
sensitive information, or cause a Denial of Service Condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Subversion users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-vcs/subversion-1.9.4"
</code>
<p>All Serf users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/serf-1.3.7"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032">CVE-2014-0032</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504">CVE-2014-3504</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522">CVE-2014-3522</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528">CVE-2014-3528</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202">CVE-2015-0202</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248">CVE-2015-0248</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251">CVE-2015-0251</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184">CVE-2015-3184</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187">CVE-2015-3187</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259">CVE-2015-5259</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167">CVE-2016-2167</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168">CVE-2016-2168</uri>
</references>
<metadata tag="requester" timestamp="Mon, 11 May 2015 16:09:05 +0000">K_F</metadata>
<metadata tag="submitter" timestamp="Tue, 11 Oct 2016 12:44:03 +0000">b-man</metadata>
</glsa>

94
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-06.xml vendored Normal file
View File

@ -0,0 +1,94 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201610-06">
<title>MySQL and MariaDB: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in MySQL and MariaDB, the
worst of which could allow remote attackers to cause a Denial of Service
condition or obtain sensitive information.
</synopsis>
<product type="ebuild"></product>
<announced>October 11, 2016</announced>
<revised>October 11, 2016: 1</revised>
<bug>546724</bug>
<bug>555478</bug>
<bug>555480</bug>
<bug>564170</bug>
<bug>564442</bug>
<bug>572870</bug>
<bug>580832</bug>
<bug>580834</bug>
<bug>589238</bug>
<bug>589346</bug>
<bug>593608</bug>
<access>remote</access>
<affected>
<package name="dev-db/mysql" auto="yes" arch="*">
<unaffected range="ge">5.6.31</unaffected>
<vulnerable range="lt">5.6.31</vulnerable>
</package>
<package name="dev-db/mariadb" auto="yes" arch="*">
<unaffected range="rgt">5.5.51</unaffected>
<vulnerable range="lt">10.0.27</vulnerable>
</package>
<package name="dev-db/mariab" auto="yes" arch="*">
<unaffected range="ge">10.0.27</unaffected>
</package>
</affected>
<background>
<p>MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an
enhanced, drop-in replacement for MySQL.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in MySQL and MariaDB.
Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could exploit vulnerabilities, through multiple
vectors, that affect the confidentiality, integrity, and availability of
MySQL and MariaDB.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All MySQL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.31"
</code>
<p>All MariaDB users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.0.27"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2582">CVE-2015-2582</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2611">CVE-2015-2611</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2617">CVE-2015-2617</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2620">CVE-2015-2620</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2639">CVE-2015-2639</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2641">CVE-2015-2641</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2643">CVE-2015-2643</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2648">CVE-2015-2648</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2661">CVE-2015-2661</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4737">CVE-2015-4737</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4752">CVE-2015-4752</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4756">CVE-2015-4756</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4757">CVE-2015-4757</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4767">CVE-2015-4767</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4769">CVE-2015-4769</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4771">CVE-2015-4771</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4772">CVE-2015-4772</uri>
</references>
<metadata tag="requester" timestamp="Thu, 31 Dec 2015 05:19:51 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Tue, 11 Oct 2016 13:42:31 +0000">b-man</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-07.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201610-07">
<title>BIND: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in BIND, the worst of
which could cause a Denial of Service condition.
</synopsis>
<product type="ebuild"></product>
<announced>October 11, 2016</announced>
<revised>October 11, 2016: 1</revised>
<bug>572414</bug>
<bug>576902</bug>
<bug>588652</bug>
<bug>589132</bug>
<bug>595340</bug>
<access>remote</access>
<affected>
<package name="net-dns/bind" auto="yes" arch="*">
<unaffected range="ge">9.10.4_p3</unaffected>
<vulnerable range="lt">9.10.4_p3</vulnerable>
</package>
</affected>
<background>
<p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in BIND. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could cause a Denial of Service condition through
multiple attack vectors.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All BIND users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.10.4_p3"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8704">CVE-2015-8704</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8705">CVE-2015-8705</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1285">CVE-2016-1285</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1286">CVE-2016-1286</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2088">CVE-2016-2088</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2775">CVE-2016-2775</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2776">CVE-2016-2776</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6170">CVE-2016-6170</uri>
</references>
<metadata tag="requester" timestamp="Mon, 11 Jul 2016 10:56:46 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Tue, 11 Oct 2016 18:53:41 +0000">Zlogene</metadata>
</glsa>

88
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-08.xml vendored Normal file
View File

@ -0,0 +1,88 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201610-08">
<title>Oracle JRE/JDK: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Oracle's JRE and JDK
software suites allowing remote attackers to remotely execute arbitrary
code, obtain information, and cause Denial of Service.
</synopsis>
<product type="ebuild">java</product>
<announced>October 15, 2016</announced>
<revised>October 15, 2016: 1</revised>
<bug>578160</bug>
<bug>580608</bug>
<bug>589208</bug>
<access>remote</access>
<affected>
<package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
<vulnerable range="lt">1.8.0.101</vulnerable>
<unaffected range="ge">1.8.0.101</unaffected>
</package>
<package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
<vulnerable range="lt">1.8.0.101</vulnerable>
<unaffected range="ge">1.8.0.101</unaffected>
</package>
</affected>
<background>
<p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in todays
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that todays
applications require.
</p>
</background>
<description>
<p>Multiple vulnerabilities exist in both Oracles JRE and JDK. Please
review the referenced CVEs for additional information.
</p>
</description>
<impact type="normal">
<p>Remote attackers could gain access to information, remotely execute
arbitrary code, or cause Denial of Service.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Oracle JRE Users users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-java/oracle-jre-bin-1.8.0.101"
</code>
<p>All Oracle JDK Users users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-java/oracle-jdk-bin-1.8.0.101"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0402">CVE-2016-0402</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0448">CVE-2016-0448</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0466">CVE-2016-0466</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0475">CVE-2016-0475</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0483">CVE-2016-0483</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0494">CVE-2016-0494</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0603">CVE-2016-0603</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0636">CVE-2016-0636</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3426">CVE-2016-3426</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3458">CVE-2016-3458</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3485">CVE-2016-3485</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3498">CVE-2016-3498</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3500">CVE-2016-3500</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3503">CVE-2016-3503</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3508">CVE-2016-3508</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3511">CVE-2016-3511</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3550">CVE-2016-3550</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3552">CVE-2016-3552</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3587">CVE-2016-3587</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3598">CVE-2016-3598</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3606">CVE-2016-3606</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3610">CVE-2016-3610</uri>
</references>
<metadata tag="requester" timestamp="Sat, 16 Jul 2016 10:37:06 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Sat, 15 Oct 2016 12:16:10 +0000">b-man</metadata>
</glsa>

122
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-09.xml vendored Normal file
View File

@ -0,0 +1,122 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201610-09">
<title>Chromium: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in the Chromium web
browser, the worst of which allows remote attackers to execute arbitrary
code.
</synopsis>
<product type="ebuild"></product>
<announced>October 29, 2016</announced>
<revised>October 29, 2016: 1</revised>
<bug>589278</bug>
<bug>590420</bug>
<bug>592630</bug>
<bug>593708</bug>
<bug>595614</bug>
<bug>597016</bug>
<access>remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">54.0.2840.59</unaffected>
<vulnerable range="lt">54.0.2840.59</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in the Chromium web
browser. Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/chromium-54.0.2840.59"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5127">CVE-2016-5127</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5128">CVE-2016-5128</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5129">CVE-2016-5129</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5130">CVE-2016-5130</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131">CVE-2016-5131</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5132">CVE-2016-5132</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5133">CVE-2016-5133</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5134">CVE-2016-5134</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5135">CVE-2016-5135</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5136">CVE-2016-5136</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5137">CVE-2016-5137</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5138">CVE-2016-5138</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5139">CVE-2016-5139</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5140">CVE-2016-5140</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5141">CVE-2016-5141</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5142">CVE-2016-5142</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5143">CVE-2016-5143</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5144">CVE-2016-5144</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5145">CVE-2016-5145</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5146">CVE-2016-5146</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5147">CVE-2016-5147</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5148">CVE-2016-5148</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5149">CVE-2016-5149</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5150">CVE-2016-5150</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5151">CVE-2016-5151</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5152">CVE-2016-5152</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5153">CVE-2016-5153</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5154">CVE-2016-5154</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5155">CVE-2016-5155</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5156">CVE-2016-5156</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5157">CVE-2016-5157</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5158">CVE-2016-5158</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5159">CVE-2016-5159</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5160">CVE-2016-5160</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5161">CVE-2016-5161</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5162">CVE-2016-5162</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5163">CVE-2016-5163</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5164">CVE-2016-5164</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5165">CVE-2016-5165</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5166">CVE-2016-5166</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5167">CVE-2016-5167</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5170">CVE-2016-5170</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5171">CVE-2016-5171</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5172">CVE-2016-5172</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5173">CVE-2016-5173</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5174">CVE-2016-5174</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5175">CVE-2016-5175</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5177">CVE-2016-5177</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5178">CVE-2016-5178</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5181">CVE-2016-5181</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5182">CVE-2016-5182</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5183">CVE-2016-5183</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5184">CVE-2016-5184</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5185">CVE-2016-5185</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5186">CVE-2016-5186</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5187">CVE-2016-5187</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5188">CVE-2016-5188</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5189">CVE-2016-5189</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5190">CVE-2016-5190</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5191">CVE-2016-5191</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5192">CVE-2016-5192</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5193">CVE-2016-5193</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5194">CVE-2016-5194</uri>
</references>
<metadata tag="requester" timestamp="Thu, 08 Sep 2016 13:43:22 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Sat, 29 Oct 2016 13:09:39 +0000">b-man</metadata>
</glsa>

106
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-10.xml vendored Normal file
View File

@ -0,0 +1,106 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201610-10">
<title>Adobe Flash Player: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which allows remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild"></product>
<announced>October 29, 2016</announced>
<revised>November 01, 2016: 2</revised>
<bug>593684</bug>
<bug>596896</bug>
<bug>598152</bug>
<access>remote</access>
<affected>
<package name="www-plugins/adobe-flash" auto="yes" arch="*">
<unaffected range="ge">23.0.0.205</unaffected>
<unaffected range="rge">11.2.202.635</unaffected>
<unaffected range="rge">11.2.202.643</unaffected>
<vulnerable range="lt">23.0.0.205</vulnerable>
</package>
</affected>
<background>
<p>The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Adobe Flash Player 23.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-plugins/adobe-flash-23.0.0.205"
</code>
<p>All Adobe Flash Player 11.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-plugins/adobe-flash-11.2.202.635"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182">CVE-2016-4182</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271">CVE-2016-4271</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272">CVE-2016-4272</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273">CVE-2016-4273</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274">CVE-2016-4274</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275">CVE-2016-4275</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276">CVE-2016-4276</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277">CVE-2016-4277</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278">CVE-2016-4278</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279">CVE-2016-4279</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280">CVE-2016-4280</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281">CVE-2016-4281</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282">CVE-2016-4282</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283">CVE-2016-4283</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284">CVE-2016-4284</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285">CVE-2016-4285</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286">CVE-2016-4286</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287">CVE-2016-4287</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921">CVE-2016-6921</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922">CVE-2016-6922</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923">CVE-2016-6923</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924">CVE-2016-6924</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925">CVE-2016-6925</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926">CVE-2016-6926</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927">CVE-2016-6927</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929">CVE-2016-6929</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930">CVE-2016-6930</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931">CVE-2016-6931</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932">CVE-2016-6932</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981">CVE-2016-6981</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982">CVE-2016-6982</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983">CVE-2016-6983</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984">CVE-2016-6984</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985">CVE-2016-6985</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986">CVE-2016-6986</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987">CVE-2016-6987</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989">CVE-2016-6989</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990">CVE-2016-6990</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992">CVE-2016-6992</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855">CVE-2016-7855</uri>
</references>
<metadata tag="requester" timestamp="Thu, 15 Sep 2016 22:34:48 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Tue, 01 Nov 2016 18:13:05 +0000">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201610-11.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201610-11">
<title>GNU Wget: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Wget, the worst of
which could lead to the remote execution of arbitrary code.
</synopsis>
<product type="ebuild"></product>
<announced>October 29, 2016</announced>
<revised>October 29, 2016: 1</revised>
<bug>560418</bug>
<bug>585926</bug>
<access>remote</access>
<affected>
<package name="net-misc/wget" auto="yes" arch="*">
<unaffected range="ge">1.18</unaffected>
<vulnerable range="lt">1.18</vulnerable>
</package>
</affected>
<background>
<p>GNU Wget is a free software package for retrieving files using HTTP,
HTTPS and FTP, the most widely-used Internet protocols.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Wget. Please review the
CVE identifier and bug reports referenced for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process or obtain sensitive information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GNU Wget users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.18"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4971">CVE-2016-4971</uri>
</references>
<metadata tag="requester" timestamp="Sat, 02 Jul 2016 11:56:24 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Sat, 29 Oct 2016 13:29:55 +0000">b-man</metadata>
</glsa>

56
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-01.xml vendored Normal file
View File

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201611-01">
<title>UnZip: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in UnZip allowing remote
attackers to execute arbitrary code and cause Denial of Service.
</synopsis>
<product type="ebuild"></product>
<announced>November 01, 2016</announced>
<revised>November 01, 2016: 1</revised>
<bug>528082</bug>
<bug>533748</bug>
<bug>537424</bug>
<bug>560416</bug>
<access>remote</access>
<affected>
<package name="app-arch/unzip" auto="yes" arch="*">
<unaffected range="ge">6.0_p20</unaffected>
<vulnerable range="lt">6.0_p20</vulnerable>
</package>
</affected>
<background>
<p>Info-ZIPs UnZip is a tool to list and extract files inside PKZIP
compressed files.
</p>
</background>
<description>
<p>Multiple vulnerabilities were found in UnZip. Please review the
referenced CVEs for additional information.
</p>
</description>
<impact type="normal">
<p>Remote attackers could execute arbitrary code or cause Denial of
Service.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All UnZip users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-arch/unzip-6.0_p20"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8139">CVE-2014-8139</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8140">CVE-2014-8140</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8141">CVE-2014-8141</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9636">CVE-2014-9636</uri>
</references>
<metadata tag="requester" timestamp="Sat, 09 Jul 2016 02:22:34 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Tue, 01 Nov 2016 13:18:35 +0000">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-02.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201611-02">
<title>OpenVPN: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in OpenVPN, the worst of
which allows remote attackers to read encrypted traffic.
</synopsis>
<product type="ebuild"></product>
<announced>November 01, 2016</announced>
<revised>November 01, 2016: 1</revised>
<bug>582902</bug>
<bug>592070</bug>
<access>remote</access>
<affected>
<package name="net-misc/openvpn" auto="yes" arch="*">
<unaffected range="ge">2.3.12</unaffected>
<vulnerable range="lt">2.3.12</vulnerable>
</package>
</affected>
<background>
<p>OpenVPN is a multi-platform, full-featured SSL VPN solution.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenVPN. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker may be able to recover plaintext from encrypted
communications.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenVPN users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/openvpn-2.3.12"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6329">CVE-2016-6329</uri>
</references>
<metadata tag="requester" timestamp="Sat, 10 Sep 2016 00:38:08 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Tue, 01 Nov 2016 13:24:59 +0000">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Mon, 10 Oct 2016 14:40:40 +0000
Tue, 01 Nov 2016 19:13:17 +0000