mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 21:11:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #701 from dm0-/glsa

Browse Source 
bump(metadata/glsa): sync with upstream
This commit is contained in:
David Michael 2018-11-28 22:51:29 -05:00 committed by GitHub
commit 46648e15b8
6 changed files with 125 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 Hash: SHA512
MANIFEST Manifest.files.gz 432816 BLAKE2B ffc51d9d6189a74448d697e9117b9d48ac11f78285f07bebf95748ef06b6de287ff57ccd0eacc079346214a7630326fe3cc9033eb49d954bdf89ab01636d563f SHA512 0f045c6288501be1d56081cf19122e140f88c85377d2e1cb644335ff5012aa0b17f2efb26628ac147bd855a3938417208e38699db1e2a93adfa25b48a039e20f MANIFEST Manifest.files.gz 433135 BLAKE2B 08bfc4178f110d18daf9e50c33952a85a482c64d23c2c125c97f8cec66852a409145a06cdb11a9133f11f551652f71ca3c6cff6f9ad86e0e250b41b9cd1b5224 SHA512 68d673cc2f0e4949c03c21be733250173baa6252b489b636a97186f2e5bd182f13f09c79c29136d620f6ec56097de0dd794676970976fc7c502ce23ac7fe7e66
TIMESTAMP 2018-11-27T13:38:37Z TIMESTAMP 2018-11-29T02:38:38Z
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlv9SN1fFIAAAAAALgAo iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlv/US5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klAulQ//f9ND1KFVjkLzU4ytxBc3GTwtOeuXSNFm6Yvoa9lK7x9k62mdnIck/Wvr klBVPxAAtqZBAZOfA5rfftfNz/J8MfutHu4vqupcbntkksfNWVH+TqgKpG1cEnpt
aZ7BVg9W3H4Btfj+XRxtGWGivYBSqgFXdm+IcZhkEPFJGh17lr/JZ+fVH+LS7aa9 Ej5fl0F4dAYBS/O3jO3eS/K6aNqKGpbYtOu2N3U4Hi9hb427AobakMjuSnIWWalr
j2++/ytxExqZfqxHjKiNn+/H6ljVrKeVXHnIW4UxZ7mulgv6dFI/SKv67NmyaB25 L546Wto4+JvFZZeuEdlHVwZk1RE2g/9itzrlW+yKayCnSnXAUxz+jGE9Tv2FjlUG
Kf627Sp74bqgHApDaMeGj7V94F7MieiRSfxlg+bDIf/clJzPXoDkWQ1pftpTfTNj OBu6aqh1W3tNj49gCVfvgGZICm9w7d0AdNyN5sVDaU7eOPTHxCxOLHoIsa8mnbA4
3KPSpK0IGlt0j7H3VDHhH5RY6yytP9+uTWTcKW3E26VvBdIGTNkDz7czZiWaFQ7G N/s9JuCccLXpKwE9w774+/kidFcHvc88v9Bd8BcIJTtFkGILkD+qdZy1o/50iufh
Qs2nEseBC1KKcj3fqJ658s4GmLXhBHSndzNmF1F98EJ6gLRXTsFIVCt3SsE6OdAv H/GATcmP+VgLdbydrQ7Dp5y37jZfXeFUVbZrKb3wjP3jR9qsAFmaJm8H4SBVsdnX
oSBa1b5rYuSYRy0b/Ca2ZrW8JAjEtq1ziIKYtuAFBi6d/C/iV6ua0zvCFwXpAodq owiEoZQRuCMvE+885UGP3vszAQ5lyS/Z4Tcp/KQim8rxPSrXu/98g1fFnwzynCzd
fsWBcNCTwtG3Qsi0cl8D/W6XURq/LQhoY8NYqevJl4SSqXfLDA+xRs4wmII2hw/U 3CEHXc0U2M0zSO8vPdpcLqxGpxikXjSSEGlR3m7WaHjHkSqZIeD28q88qCWGPsQC
J81DH9wxHYh2X2kEK/gXx1+5TA7a0GcREn/vf1swt4Gf8AbZs6Wfmb4cw4LY0Mx8 8kkzs5uObEOIj6k9EXJmo6nnKmYNh97InQV5ryurzuhYfHY2UTDU1J6qAIALu4/9
etPm2Y1lYIcAVjpvoMycqk6F01k8sBlKf3/DkES/6tdb7irqt8vrk/D0qMVguuzg yNqlx8ljo42MVva9V6RmevmdL9Jh0+JQgRLgYeWCtsHYKxKqVBUB+BCgd5f44e+E
VGuXVEyInwy9JD9x7MCim438WxftFrLa0lJAxWV/Ubr/QoJe70g= LdJAP1sNWAbODF4Ju1bmyf2FBrJA+3eFmLnSeWjVQt9TqsJE9E8=
=zIg0 =RYxc
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-21.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-21">
<title>OpenSSL: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
which may lead to a Denial of Service condition.
</synopsis>
<product type="ebuild">openssl</product>
<announced>2018-11-28</announced>
<revised count="1">2018-11-28</revised>
<bug>651730</bug>
<bug>653434</bug>
<access>remote</access>
<affected>
<package name="dev-libs/openssl" auto="yes" arch="*">
<unaffected range="ge">1.0.2o</unaffected>
<vulnerable range="lt">1.0.2o</vulnerable>
</package>
</affected>
<background>
<p>OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
the referenced CVE identifiers for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could cause a Denial of Service condition, obtain
private keying material, or gain access to sensitive information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenSSL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2o"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0733">CVE-2018-0733</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0737">CVE-2018-0737</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0739">CVE-2018-0739</uri>
</references>
<metadata tag="requester" timestamp="2018-11-25T03:10:27Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-11-28T22:43:29Z">b-man</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-22.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-22">
<title>RPM: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in RPM, the worst of which
could allow a remote attacker to escalate privileges.
</synopsis>
<product type="ebuild">rpm</product>
<announced>2018-11-28</announced>
<revised count="1">2018-11-28</revised>
<bug>533740</bug>
<bug>638636</bug>
<access>remote</access>
<affected>
<package name="app-arch/rpm" auto="yes" arch="*">
<unaffected range="ge">4.14.1</unaffected>
<vulnerable range="lt">4.14.1</vulnerable>
</package>
</affected>
<background>
<p>The Red Hat Package Manager (RPM) is a command line driven package
management system capable of installing, uninstalling, verifying,
querying, and updating computer software packages.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in RPM. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing the user to process a specially crafted
RPM file, could escalate privileges, execute arbitrary code, or cause a
Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All RPM users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-arch/rpm-4.14.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2013-6435">CVE-2013-6435</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-8118">CVE-2014-8118</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7501">CVE-2017-7501</uri>
</references>
<metadata tag="requester" timestamp="2018-11-25T01:24:35Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-11-28T22:52:35Z">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Tue, 27 Nov 2018 13:38:33 +0000 Thu, 29 Nov 2018 02:38:34 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
374d0d9fa63a3f974ca84f27375c342d75caaf3c 1543284372 2018-11-27T02:06:12+00:00 948748bd6e80dceb3f96d8040bee52380c2f2fe8 1543445572 2018-11-28T22:52:52+00:00