mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-12-22 17:52:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3522 from flatcar/buildbot/monthly-glsa-metadata-updates-2025-12-01

Browse Source 
Monthly GLSA metadata 2025-12-01
This commit is contained in:
Dongsu Park 2025-12-02 16:43:33 +01:00 committed by GitHub
commit 46ce1a54c9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 482 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
MANIFEST Manifest.files.gz 604600 BLAKE2B 67fa11a1e6485039ed07ecb341dd3eed3351c2e805dffb942c7b1d5a67de5ce334f9c7e8c5cb91c69c6b47f09ddfab8f9675421c6bbcbc7edbff873eafe92a4e SHA512 ca8da2d1e3d921194da4de308aa6824a3315fadb8fa8032bf4faea9a454874b09a269bfba3178304da1473e32d3744bc06c1991003b11e8e16b1624b75ee3551
TIMESTAMP 2025-11-01T06:40:07Z
MANIFEST Manifest.files.gz 605865 BLAKE2B bcadc158253762e9f24c9e6b055b713a9641d9bfc450941217534a559d82b06bbcb49cffa8d81ca2f49f67ef4ee9530b6f3fe207bd5cb748ba4d010bf5f05a43 SHA512 0a179d9b6436cf36bf8fe75f2d424c5e5a2787d4f2be30bec99d500009833c9172e6703303a8e695c1b53afa286a8aeaa479d0807e86f5b0a383be84bc9c6bbe
TIMESTAMP 2025-12-01T06:40:11Z
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmkFq0dfFIAAAAAALgAo
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmktOEtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klAlqw//Rh+QFG/HU8p/afZwOkCuKiH3EYyTI6xrchUx//UMbrQlEawqkxbcF9S+
q8cx1x2S0FsrDI7nT0qh7yndM+rBNl0zRuRMzczq8gQo7rCGdePJkklevXUD5B6/
RmRE0ojr+TZSfNsFtGGAs1Smh7QjViKB7L4OV+lGo+i7q+yFPK5yd2gUFvvDJuYz
Orji4sAhdH8n4eDJ63DgJXn0oqLiDAHN55MizeQ1JmvAnuW6KCcflyzJ8wW4b3bB
3tmpUDq0LcNQ5unffo6YhUhIYaALUivdp0sPLbQ3Z3MYWWoIhL6M9E/RyNU6e1Rw
mX/VwyqNJGv+lTDYIEio4GFh0CiD0xyfW2EDD89ONqym3WwTNFWT0Y891FlaZm9q
czYbX0nN8z91rLOj7olRRjbt9Jh8m4ixb8s/F1afK+eDNMvevNQJcY6+rOInDuog
eCOo6hgBhAdKrBePXpnADD2PUG7HXrjijWZAzoOfThs3IvRfSmRhtd9wAU5a+W4U
YpY8ogO9mwP5HQwCs6hARnZB8cIJJZXBgXC1AK139O88KaRlhLT4dTo9DI5as2Lk
2VEUNAGMAoGRuQIHUvLJ83AtV0A1w/wt8O54lcusXxvcYCaxiLRQ5Lb46IrcmEmD
zihw7ItaE4/sYgbqEgpw5W29XDAFrzKv/Cy4wT9HUznGFu0813A=
=hxuR
klDI2A//f1DEIxwY5RAteoK8kAD1VUen5rTkm8/Ed7BQleONRh4qnYK6ic9G05Ei
nleWa6HgOpMPUPv4AR+xx6vxwBH06sKb2Nwc+dLX0KgMolBryTLz50N1ZDJ6FvLf
CagByOIXykQt0q6ktR3Px+F6nHupywQxquJnMAUMH8sf1UPD2qAMG6peBXc0BIeJ
sJ9+lm8ZCU0SAS1jQeLdwoLTfqlOuIMHjdtRYNbqqXc/KVebVl+rzDWadOUCD938
P2idhdguAtBYc2KtV+XHKdQfSPsujLoWRsS3/nxBj7qAwIobT8o48hDOdQ8vlldE
ktXxWIdtT2IZL0RbHfwNa9oh7etO/63nGWfZ9/WVoXj5m2MnqM4ZqNINfCpyk4R8
jtfnQ8YEPk06yfwn/gk4iTgsjU8BTKtQJ8HvIwxQqbCQUXBxeebAPY6wEcO3sN9L
j4dxu1d9gRBtOdzIngnqhLDVc12gDQQYZsmI0WcF8gYRLD3INyyzUBkOQHYCP39q
kGy3x7er7vEPbHWgvmY5FI6twYyGBJRC01Bl7023JAk3s+AKKShiUi1nFyLb26ix
Gwh/vijlztJ5eoqz+MvBosojhKJLaQ5XRMha8z3Hnm26o0dA2h/gW3RDMdzwFFRj
I3YXZvYvS8Fr/vzzlrdQ3mf2nhjS0j8y2kf/qeG3H3eFpW3zWvo=
=4q7u
-----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202509-01.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202509-01">
<title>Poppler: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Poppler, the worst of which could lead to execution of arbitrary code.</synopsis>
<product type="ebuild">poppler</product>
<announced>2025-09-17</announced>
<revised count="1">2025-09-17</revised>
<bug>843149</bug>
<bug>959944</bug>
<access>local</access>
<affected>
<package name="app-text/poppler" auto="yes" arch="*">
<unaffected range="ge">25.06.0</unaffected>
<vulnerable range="lt">25.06.0</vulnerable>
</package>
</affected>
<background>
<p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Poppler users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-25.06.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27337">CVE-2022-27337</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-52886">CVE-2025-52886</uri>
</references>
<metadata tag="requester" timestamp="2025-09-17T21:40:01.591882Z">graaff</metadata>
<metadata tag="submitter" timestamp="2025-09-17T21:40:01.594167Z">sam</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-01.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202511-01">
<title>UDisks: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in UDisks, the worst of which can lead to execution of arbitrary code.</synopsis>
<product type="ebuild">udisks</product>
<announced>2025-11-24</announced>
<revised count="1">2025-11-24</revised>
<bug>827863</bug>
<bug>962126</bug>
<access>remote</access>
<affected>
<package name="sys-fs/udisks" auto="yes" arch="*">
<unaffected range="ge">2.10.2</unaffected>
<vulnerable range="lt">2.10.2</vulnerable>
</package>
</affected>
<background>
<p>UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in UDisks. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All UDisks users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/udisks-2.10.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3802">CVE-2021-3802</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8067">CVE-2025-8067</uri>
</references>
<metadata tag="requester" timestamp="2025-11-24T23:57:06.298179Z">graaff</metadata>
<metadata tag="submitter" timestamp="2025-11-24T23:57:06.301913Z">sam</metadata>
</glsa>

73
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-02.xml vendored Normal file
View File

@ -0,0 +1,73 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202511-02">
<title>WebKitGTK+: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which can lead to execution of arbitary code.</synopsis>
<product type="ebuild">webkit-gtk</product>
<announced>2025-11-24</announced>
<revised count="1">2025-11-24</revised>
<bug>938026</bug>
<bug>941276</bug>
<bug>951739</bug>
<bug>961021</bug>
<access>remote</access>
<affected>
<package name="net-libs/webkit-gtk" auto="yes" arch="*">
<unaffected range="ge" slot="4.1">2.48.5</unaffected>
<unaffected range="ge" slot="6">2.48.5</unaffected>
<vulnerable range="lt" slot="4.1">2.48.5</vulnerable>
<vulnerable range="lt" slot="6">2.48.5</vulnerable>
</package>
</affected>
<background>
<p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All WebKitGTK+ users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.48.5:4.1" ">=net-libs/webkit-gtk-2.48.5:6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-40857">CVE-2024-40857</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-40866">CVE-2024-40866</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44185">CVE-2024-44185</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44187">CVE-2024-44187</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44192">CVE-2024-44192</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44244">CVE-2024-44244</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-44296">CVE-2024-44296</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-54467">CVE-2024-54467</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-54551">CVE-2024-54551</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24201">CVE-2025-24201</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24208">CVE-2025-24208</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24209">CVE-2025-24209</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24213">CVE-2025-24213</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24216">CVE-2025-24216</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-24264">CVE-2025-24264</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-30427">CVE-2025-30427</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-31273">CVE-2025-31273</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-31278">CVE-2025-31278</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43211">CVE-2025-43211</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43212">CVE-2025-43212</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43216">CVE-2025-43216</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43227">CVE-2025-43227</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43228">CVE-2025-43228</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43240">CVE-2025-43240</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-43265">CVE-2025-43265</uri>
<uri link="https://webkitgtk.org/security/WSA-2025-0002.html">WSA-2025-0002</uri>
<uri link="https://webkitgtk.org/security/WSA-2025-0003.html">WSA-2025-0003</uri>
</references>
<metadata tag="requester" timestamp="2025-11-24T23:57:31.542544Z">graaff</metadata>
<metadata tag="submitter" timestamp="2025-11-24T23:57:31.545141Z">sam</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-03.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202511-03">
<title>qtsvg: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to execution of arbitrary code.</synopsis>
<product type="ebuild">qtsvg</product>
<announced>2025-11-24</announced>
<revised count="1">2025-11-24</revised>
<bug>915998</bug>
<bug>963710</bug>
<access>local and remote</access>
<affected>
<package name="dev-qt/qtsvg" auto="yes" arch="*">
<unaffected range="ge">6.9.3:6</unaffected>
<vulnerable range="lt">6.9.3:6</vulnerable>
</package>
</affected>
<background>
<p>qtsvg is a SVG rendering library for the Qt framework.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All qtsvg users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtsvg-6.9.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45872">CVE-2023-45872</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10728">CVE-2025-10728</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10729">CVE-2025-10729</uri>
</references>
<metadata tag="requester" timestamp="2025-11-24T23:58:02.219156Z">graaff</metadata>
<metadata tag="submitter" timestamp="2025-11-24T23:58:02.221875Z">sam</metadata>
</glsa>

106
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-04.xml vendored Normal file
View File

@ -0,0 +1,106 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202511-04">
<title>Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.</synopsis>
<product type="ebuild">chromium,google-chrome,microsoft-edge,opera</product>
<announced>2025-11-24</announced>
<revised count="1">2025-11-24</revised>
<bug>961477</bug>
<bug>961834</bug>
<bug>962051</bug>
<bug>963024</bug>
<bug>963638</bug>
<bug>963959</bug>
<bug>964335</bug>
<access>local and remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">141.0.7390.107</unaffected>
<vulnerable range="lt">141.0.7390.107</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">141.0.7390.107</unaffected>
<vulnerable range="lt">141.0.7390.107</vulnerable>
</package>
<package name="www-client/microsoft-edge" auto="yes" arch="*">
<unaffected range="ge">141.0.3537.71</unaffected>
<vulnerable range="lt">141.0.3537.71</vulnerable>
</package>
<package name="www-client/opera" auto="yes" arch="*">
<unaffected range="ge">122.0.5643.142</unaffected>
<vulnerable range="lt">122.0.5643.142</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Opera is a fast and secure web browser.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>ll Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-141.0.7390.107"
</code>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-141.0.7390.107"
</code>
<p>All Microsoft Edge users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-141.0.3537.71 "
</code>
<p>All Oprea users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-122.0.5643.142"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8879">CVE-2025-8879</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8880">CVE-2025-8880</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8881">CVE-2025-8881</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8882">CVE-2025-8882</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-8901">CVE-2025-8901</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-9132">CVE-2025-9132</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-9478">CVE-2025-9478</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10500">CVE-2025-10500</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10501">CVE-2025-10501</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10502">CVE-2025-10502</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-10585">CVE-2025-10585</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11205">CVE-2025-11205</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11206">CVE-2025-11206</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11207">CVE-2025-11207</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11208">CVE-2025-11208</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11209">CVE-2025-11209</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11210">CVE-2025-11210</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11211">CVE-2025-11211</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11212">CVE-2025-11212</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11213">CVE-2025-11213</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11215">CVE-2025-11215</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11216">CVE-2025-11216</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11219">CVE-2025-11219</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11458">CVE-2025-11458</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11460">CVE-2025-11460</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-11756">CVE-2025-11756</uri>
</references>
<metadata tag="requester" timestamp="2025-11-24T23:59:25.704414Z">graaff</metadata>
<metadata tag="submitter" timestamp="2025-11-24T23:59:25.706551Z">sam</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-05.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202511-05">
<title>redict, redis: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in redis and redict, the worst of which could lead to execution of arbitrary code.</synopsis>
<product type="ebuild">redict,redis</product>
<announced>2025-11-24</announced>
<revised count="1">2025-11-24</revised>
<bug>940609</bug>
<bug>947749</bug>
<bug>954265</bug>
<bug>959657</bug>
<access>local and remote</access>
<affected>
<package name="dev-db/redict" auto="yes" arch="*">
<unaffected range="ge">7.3.5</unaffected>
<vulnerable range="lt">7.3.5</vulnerable>
</package>
<package name="dev-db/redis" auto="yes" arch="*">
<unaffected range="ge">8.0.3</unaffected>
<vulnerable range="lt">8.0.3</vulnerable>
</package>
</affected>
<background>
<p>Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Redis users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/redis-8.0.3"
</code>
<p>All Redict users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/redict-7.3.5"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-31227">CVE-2024-31227</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-31228">CVE-2024-31228</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-31449">CVE-2024-31449</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-46981">CVE-2024-46981</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-51741">CVE-2024-51741</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-21605">CVE-2025-21605</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-32023">CVE-2025-32023</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-48367">CVE-2025-48367</uri>
</references>
<metadata tag="requester" timestamp="2025-11-24T23:59:45.672835Z">graaff</metadata>
<metadata tag="submitter" timestamp="2025-11-24T23:59:45.676181Z">sam</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-06.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202511-06">
<title>libpng: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.</synopsis>
<product type="ebuild">libpng</product>
<announced>2025-11-26</announced>
<revised count="1">2025-11-26</revised>
<bug>966340</bug>
<access>remote</access>
<affected>
<package name="media-libs/libpng" auto="yes" arch="*">
<unaffected range="ge">1.6.51</unaffected>
<vulnerable range="lt">1.6.51</vulnerable>
</package>
</affected>
<background>
<p>libpng is the official PNG reference library used to read, write and manipulate PNG images.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libpng. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libpng users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.51"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-64505">CVE-2025-64505</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-64506">CVE-2025-64506</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-64720">CVE-2025-64720</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-65018">CVE-2025-65018</uri>
</references>
<metadata tag="requester" timestamp="2025-11-26T00:25:13.849254Z">sam</metadata>
<metadata tag="submitter" timestamp="2025-11-26T00:25:13.851563Z">sam</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202511-07.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202511-07">
<title>librnp: Weak random number generation</title>
<synopsis>librnp uses weak random number generation such that generated keys can be easily cracked.</synopsis>
<product type="ebuild">librnp</product>
<announced>2025-11-26</announced>
<revised count="1">2025-11-26</revised>
<bug>966299</bug>
<access>local and remote</access>
<affected>
<package name="dev-util/librnp" auto="yes" arch="*">
<unaffected range="ge">0.18.1</unaffected>
<unaffected range="lt">0.18</unaffected>
<vulnerable range="eq">0.18.0</vulnerable>
</package>
</affected>
<background>
<p>librnp is a high performance C++ OpenPGP library.</p>
</background>
<description>
<p>The affected librnp version generated weak session keys for its public key encryption (PKESK) mode.</p>
</description>
<impact type="high">
<p>Messages encrypted using the affected librnp version might be readable by an attacker with just the public key.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All librnp users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/librnp-0.18.1"
</code>
<p>If sensitive information was sent using e.g. Thunderbird (with USE=system-librnp, the default), it should be considered potentially viewable by an attacker.</p>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-13470">CVE-2025-13470</uri>
</references>
<metadata tag="requester" timestamp="2025-11-26T00:25:30.302648Z">sam</metadata>
<metadata tag="submitter" timestamp="2025-11-26T00:25:30.304945Z">sam</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Sat, 01 Nov 2025 06:40:04 +0000
Mon, 01 Dec 2025 06:40:07 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
586b6d2f9bc7faf3319e097e41c3f6998d5d8844 1758145365 2025-09-17T21:42:45Z
ec936f5c1002deb9283d4febda05f013db58790c 1764120273 2025-11-26T01:24:33Z