diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index bd9f2ab2dc..b4cdfe2b9d 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 431078 BLAKE2B a37fcfee71256f9d40f60594c0e23daa5c659172c73db4acde25cfdd707e9c953c72c601225f03add857a3a4cd00dd0e4d133ce2a5780bc2e304faaa458a4319 SHA512 34e61d1ae19c99e2490f0ce5a8c731b8cbbf25f056f7432c3433599c2ba70347a4dc032b240a0b1d37227f95691c4c78e3d496bae3d66dff4167de8de8693f5d -TIMESTAMP 2018-11-12T21:41:01Z +MANIFEST Manifest.files.gz 432816 BLAKE2B ffc51d9d6189a74448d697e9117b9d48ac11f78285f07bebf95748ef06b6de287ff57ccd0eacc079346214a7630326fe3cc9033eb49d954bdf89ab01636d563f SHA512 0f045c6288501be1d56081cf19122e140f88c85377d2e1cb644335ff5012aa0b17f2efb26628ac147bd855a3938417208e38699db1e2a93adfa25b48a039e20f +TIMESTAMP 2018-11-27T13:38:37Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlvp821fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlv9SN1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCqzA//c9fvRf/RTHzIgWQ7SuyQup6hBsjHpjvDHJX3AWss4iZsh0SE/Ka5m2Fs -279zcIezkq3wP3LE1EBO3+849DDMV0ochAQaqoD5bSdRz2/lFiVlUHX5XVh26c9d -Moo8u/5utKYPn3wLSaf4wNHsOWjXpzxrGnLl+jnHPPKf0or28e+ffxfw7buQwPf3 -z6ilfd4iR1PhCU67uaJyM7sYrJ+oB8qMW5/HDRVqlTufjUmRnlmQH2cFBl4aTXCy -QHNYMS4xLObnTfGGmoAs+S59JE/9lCzVS2B503BbzagyNVpLUHQ717TunM892Ycl -7jz0+U+Ay/XFBldEHBEqFyRQPWnjiBjpsZPYYvXquPiHAGeILPvqzXE6k9LxLE0j -j4iceMdaLPeAQ0BGVVcECKyHPhXFCKn/ZtB0B7JrpVtPBIkCl9KzGFehJuN62mvu -KKaOisQvwS7k2mgFJaDde/2JNl21rOMdSJbGHZi607GW11pY5comT32Q7EGfpwFp -+An0unYAJM5fEv79ogzQS8u33sg5/SPugjjfyfAI0tX5htpnsER/nOBDWOorhALD -h++pDaGiDtz0OO4JrbhhZh6FepdzAFaepysepYtj3M9RVy/BDNHhuC2vbnZ6R7U+ -A5hLUdAtMS+hmsJjI9/+28jKKzU7NzTOyA/ZygtbIk9/GB7mfhE= -=3U/S +klAulQ//f9ND1KFVjkLzU4ytxBc3GTwtOeuXSNFm6Yvoa9lK7x9k62mdnIck/Wvr +aZ7BVg9W3H4Btfj+XRxtGWGivYBSqgFXdm+IcZhkEPFJGh17lr/JZ+fVH+LS7aa9 +j2++/ytxExqZfqxHjKiNn+/H6ljVrKeVXHnIW4UxZ7mulgv6dFI/SKv67NmyaB25 +Kf627Sp74bqgHApDaMeGj7V94F7MieiRSfxlg+bDIf/clJzPXoDkWQ1pftpTfTNj +3KPSpK0IGlt0j7H3VDHhH5RY6yytP9+uTWTcKW3E26VvBdIGTNkDz7czZiWaFQ7G +Qs2nEseBC1KKcj3fqJ658s4GmLXhBHSndzNmF1F98EJ6gLRXTsFIVCt3SsE6OdAv +oSBa1b5rYuSYRy0b/Ca2ZrW8JAjEtq1ziIKYtuAFBi6d/C/iV6ua0zvCFwXpAodq +fsWBcNCTwtG3Qsi0cl8D/W6XURq/LQhoY8NYqevJl4SSqXfLDA+xRs4wmII2hw/U +J81DH9wxHYh2X2kEK/gXx1+5TA7a0GcREn/vf1swt4Gf8AbZs6Wfmb4cw4LY0Mx8 +etPm2Y1lYIcAVjpvoMycqk6F01k8sBlKf3/DkES/6tdb7irqt8vrk/D0qMVguuzg +VGuXVEyInwy9JD9x7MCim438WxftFrLa0lJAxWV/Ubr/QoJe70g= +=zIg0 -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index f7610bd560..a6f802f00c 100644 Binary files a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz and b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz differ diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-14.xml index 3199c6204d..31c73fc728 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-14.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-14.xml @@ -44,7 +44,6 @@ CVE-2018-1120 - CVE-2018-1121 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-10.xml new file mode 100644 index 0000000000..6a170b56f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-10.xml @@ -0,0 +1,96 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which allows remote attackers to execute arbitrary + code. + + chromium + 2018-11-23 + 2018-11-23 + 665340 + 666502 + 668986 + remote + + + 70.0.3538.67 + 70.0.3538.67 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +

+ + +

A remote attacker could execute arbitrary code, escalate privileges, + cause a heap buffer overflow, obtain sensitive information, or spoof a + URL. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-70.0.3538.67" + + + + CVE-2018-16065 + CVE-2018-16066 + CVE-2018-16067 + CVE-2018-16068 + CVE-2018-16069 + CVE-2018-16070 + CVE-2018-16071 + CVE-2018-16072 + CVE-2018-16073 + CVE-2018-16074 + CVE-2018-16075 + CVE-2018-16076 + CVE-2018-16077 + CVE-2018-16078 + CVE-2018-16079 + CVE-2018-16080 + CVE-2018-16081 + CVE-2018-16082 + CVE-2018-16083 + CVE-2018-16084 + CVE-2018-16085 + CVE-2018-16086 + CVE-2018-16087 + CVE-2018-16088 + CVE-2018-17462 + CVE-2018-17463 + CVE-2018-17464 + CVE-2018-17465 + CVE-2018-17466 + CVE-2018-17467 + CVE-2018-17468 + CVE-2018-17469 + CVE-2018-17470 + CVE-2018-17471 + CVE-2018-17472 + CVE-2018-17473 + CVE-2018-17474 + CVE-2018-17475 + CVE-2018-17476 + CVE-2018-17477 + CVE-2018-5179 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-11.xml new file mode 100644 index 0000000000..8412907a02 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-11.xml @@ -0,0 +1,54 @@ + + + + Asterisk: Multiple vulnerabilities + Multiple vulnerabilities have been found in Asterisk, the worst of + which could result in a Denial of Service condition. + + asterisk + 2018-11-24 + 2018-11-24 + 636972 + 645710 + 668848 + remote + + + 13.23.1 + 13.23.1 + + + +

A Modular Open Source PBX System.

+ + +

Multiple vulnerabilities have been discovered in Asterisk. Please review + the referenced CVE identifiers for details. +

+ + +

A remote attacker could cause a Denial of Service condition or conduct + information gathering. +

+ + +

There is no known workaround at this time.

+ + +

All Asterisk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/asterisk-13.23.1" + + + + CVE-2017-16671 + CVE-2017-16672 + CVE-2017-17850 + CVE-2018-12227 + CVE-2018-17281 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-12.xml new file mode 100644 index 0000000000..884021ffa3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-12.xml @@ -0,0 +1,85 @@ + + + + GPL Ghostscript: Multiple vulnerabilities + Multiple vulnerabilities have been found in GPL Ghostscript, the + worst of which could result in the execution of arbitrary code. + + ghostscript + 2018-11-24 + 2018-11-24 + 618820 + 626418 + 635426 + 655404 + 668846 + 671732 + remote + + + 9.26 + 9.26 + + + +

Ghostscript is an interpreter for the PostScript language and for PDF.

+ + +

Multiple vulnerabilities have been discovered in GPL Ghostscript. Please + review the CVE identifiers referenced below for additional information. +

+ + +

A context-dependent attacker could entice a user to open a specially + crafted PostScript file or PDF document using GPL Ghostscript possibly + resulting in the execution of arbitrary code with the privileges of the + process, a Denial of Service condition, or other unspecified impacts, +

+ + +

There is no known workaround at this time.

+ + +

All GPL Ghostscript users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-9.26" + + + + CVE-2017-11714 + CVE-2017-7948 + CVE-2017-9610 + CVE-2017-9611 + CVE-2017-9612 + CVE-2017-9618 + CVE-2017-9619 + CVE-2017-9620 + CVE-2017-9726 + CVE-2017-9727 + CVE-2017-9739 + CVE-2017-9740 + CVE-2017-9835 + CVE-2018-10194 + CVE-2018-15908 + CVE-2018-15909 + CVE-2018-15910 + CVE-2018-15911 + CVE-2018-16509 + CVE-2018-16510 + CVE-2018-16511 + CVE-2018-16513 + CVE-2018-16539 + CVE-2018-16540 + CVE-2018-16541 + CVE-2018-16542 + CVE-2018-16543 + CVE-2018-16585 + CVE-2018-16802 + CVE-2018-18284 + CVE-2018-19409 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-13.xml new file mode 100644 index 0000000000..8878b70ffa --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-13.xml @@ -0,0 +1,113 @@ + + + + Mozilla Thunderbird: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Thunderbird, + the worst of which could lead to the execution of arbitrary code. + + mozilla,thunderbird + 2018-11-24 + 2018-11-24 + 651862 + 656092 + 660342 + 669960 + 670102 + remote + + + 60.3.0 + 60.3.0 + + + 60.3.0 + 60.3.0 + + + +

Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the referenced Mozilla Foundation Security Advisories and + CVE identifiers below for details. +

+ + +

A remote attacker may be able to execute arbitrary code, cause a Denial + of Service condition, obtain sensitive information, or conduct Cross-Site + Request Forgery (CSRF). +

+ + +

There is no known workaround at this time.

+ + +

All Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-60.3.0" + + +

All Thunderbird binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-60.3.0" + + + + CVE-2017-16541 + CVE-2018-12359 + CVE-2018-12360 + CVE-2018-12361 + CVE-2018-12362 + CVE-2018-12363 + CVE-2018-12364 + CVE-2018-12365 + CVE-2018-12366 + CVE-2018-12367 + CVE-2018-12371 + CVE-2018-12372 + CVE-2018-12373 + CVE-2018-12374 + CVE-2018-12376 + CVE-2018-12377 + CVE-2018-12378 + CVE-2018-12379 + CVE-2018-12383 + CVE-2018-12385 + CVE-2018-12389 + CVE-2018-12390 + CVE-2018-12391 + CVE-2018-12392 + CVE-2018-12393 + CVE-2018-5125 + CVE-2018-5127 + CVE-2018-5129 + CVE-2018-5144 + CVE-2018-5145 + CVE-2018-5146 + CVE-2018-5150 + CVE-2018-5154 + CVE-2018-5155 + CVE-2018-5156 + CVE-2018-5159 + CVE-2018-5161 + CVE-2018-5162 + CVE-2018-5168 + CVE-2018-5170 + CVE-2018-5178 + CVE-2018-5183 + CVE-2018-5184 + CVE-2018-5185 + CVE-2018-5187 + CVE-2018-5188 + + whissi + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-14.xml new file mode 100644 index 0000000000..ed1a2af2cf --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-14.xml @@ -0,0 +1,76 @@ + + + + Exiv2: Multiple vulnerabilities + Multiple vulnerabilities have been found in Exiv2, the worst of + which could result in a Denial of Service condition. + + exiv2 + 2018-11-24 + 2018-11-24 + 647810 + 647812 + 647816 + 652822 + 655842 + 655958 + 658236 + remote + + + 0.26_p20180811-r3 + 0.26_p20180811-r3 + + + +

Exiv2 is a C++ library and a command line utility to manage image + metadata. +

+ + +

Multiple vulnerabilities have been discovered in Exiv2. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a Denial of Service condition or obtain + sensitive information via a specially crafted file. +

+ + +

There is no known workaround at this time.

+ + +

All Exiv2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=media-gfx/exiv2-0.26_p20180811-r3" + + + + CVE-2017-17723 + CVE-2017-17724 + CVE-2018-10780 + CVE-2018-10958 + CVE-2018-10998 + CVE-2018-10999 + CVE-2018-11037 + CVE-2018-11531 + CVE-2018-12264 + CVE-2018-12265 + CVE-2018-5772 + CVE-2018-8976 + CVE-2018-8977 + CVE-2018-9144 + CVE-2018-9145 + CVE-2018-9146 + CVE-2018-9303 + CVE-2018-9304 + CVE-2018-9305 + CVE-2018-9306 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-15.xml new file mode 100644 index 0000000000..9bc3a33123 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-15.xml @@ -0,0 +1,75 @@ + + + + MuPDF: Multiple vulnerabilities + Multiple vulnerabilities have been found in MuPDF, the worst of + which could allow the remote execution of arbitrary code. + + mupdf + 2018-11-26 + 2018-11-26 + 634678 + 646010 + 651828 + 658618 + remote + + + 1.13.0 + 1.13.0 + + + +

A lightweight PDF, XPS, and E-book viewer.

+ + +

Multiple vulnerabilities have been discovered in MuPDF. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker, by enticing a user to process a specially crafted + file, could possibly execute arbitrary code, cause a Denial of Service + condition, or have other unspecified impacts. +

+ + +

There is no known workaround at this time.

+ + +

All MuPDF users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.13.0" + + + + CVE-2017-15587 + CVE-2017-17858 + + CVE-2018-1000036 + + + CVE-2018-1000037 + + + CVE-2018-1000038 + + + CVE-2018-1000039 + + + CVE-2018-1000040 + + + CVE-2018-1000051 + + CVE-2018-5686 + CVE-2018-6187 + CVE-2018-6192 + CVE-2018-6544 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-16.xml new file mode 100644 index 0000000000..84dd194857 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-16.xml @@ -0,0 +1,56 @@ + + + + strongSwan: Multiple vulnerabilities + Multiple vulnerabilities have been found in strongSwan, the worst + of which could lead to a Denial of Service condition. + + strongswan + 2018-11-26 + 2018-11-26 + 648610 + 656338 + 658230 + 668862 + remote + + + 5.7.1 + 5.7.1 + + + +

strongSwan is an IPSec implementation for Linux.

+ + +

Multiple vulnerabilities have been discovered in strongSwan. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could cause a Denial of Service condition or + impersonate a user. +

+ + +

There is no known workaround at this time.

+ + +

All strongSwan users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.7.1" + + + + CVE-2018-10811 + CVE-2018-16151 + CVE-2018-16152 + CVE-2018-17540 + CVE-2018-5388 + CVE-2018-6459 + + whissi + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-17.xml new file mode 100644 index 0000000000..252a12c83d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-17.xml @@ -0,0 +1,81 @@ + + + + Binutils: Multiple vulnerabilities + Multiple vulnerabilities have been found in Binutils, the worst of + which may allow remote attackers to cause a Denial of Service condition. + + binutils + 2018-11-27 + 2018-11-27 + 634196 + 637642 + 639692 + 639768 + 647798 + 649690 + remote + + + 2.30-r2 + 2.30-r2 + + + +

The GNU Binutils are a collection of tools to create, modify and analyse + binary files. Many of the files use BFD, the Binary File Descriptor + library, to do low-level manipulation. +

+ + +

Multiple vulnerabilities have been discovered in Binutils. Please review + the referenced CVE identifiers for details. +

+ + +

A remote attacker, by enticing a user to compile/execute a specially + crafted ELF, object, PE, or binary file, could possibly cause a Denial of + Service condition or have other unspecified impacts. +

+ + +

There is no known workaround at this time.

+ + +

All Binutils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.30-r2" + + + + CVE-2017-14933 + CVE-2017-16826 + CVE-2017-16827 + CVE-2017-16828 + CVE-2017-16829 + CVE-2017-16830 + CVE-2017-16831 + CVE-2017-16832 + CVE-2017-17080 + CVE-2017-17121 + CVE-2017-17122 + CVE-2017-17123 + CVE-2017-17124 + CVE-2017-17125 + CVE-2017-17126 + CVE-2018-6543 + CVE-2018-6759 + CVE-2018-6872 + CVE-2018-7208 + CVE-2018-7568 + CVE-2018-7569 + CVE-2018-7570 + CVE-2018-7642 + CVE-2018-7643 + CVE-2018-8945 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-18.xml new file mode 100644 index 0000000000..b69d0f0ebc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-18.xml @@ -0,0 +1,52 @@ + + + + Tablib: Arbitrary command execution + A vulnerability in Tablib might allow remote attackers to execute + arbitrary python commands. + + tablib + 2018-11-27 + 2018-11-27 + 621884 + remote + + + 0.12.1 + 0.12.1 + + + +

Tablib is an MIT Licensed format-agnostic tabular dataset library, + written in Python. It allows you to import, export, and manipulate + tabular data sets. +

+ + +

A vulnerability was discovered in Tablib’s Databook loading + functionality, due to improper input validation. +

+ + +

A remote attacker, by enticing the user to process a specially crafted + Databook via YAML, could possibly execute arbitrary python commands with + the privilege of the process. +

+ + +

There is no known workaround at this time.

+ + +

All Tablib users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/tablib-0.12.1" + + + + CVE-2017-2810 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-19.xml new file mode 100644 index 0000000000..d4a6a1ca3e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-19.xml @@ -0,0 +1,51 @@ + + + + Libav: Multiple vulnerabilities + Multiple vulnerabilities have been found in Libav, the worst of + which may allow a Denial of Service condition. + + libav + 2018-11-27 + 2018-11-27 + 637458 + remote + + + 12.3 + 12.3 + + + +

Libav is a complete solution to record, convert and stream audio and + video. +

+ + +

Multiple vulnerabilities have been discovered in Libav. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker, via a crafted Smacker stream, could cause a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Libav users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/libav-12.3" + + + + CVE-2017-16803 + CVE-2017-7862 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-20.xml new file mode 100644 index 0000000000..ac3e7b0d28 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-20.xml @@ -0,0 +1,50 @@ + + + + spice-gtk: Remote code execution + A vulnerability in spice-gtk could allow an attacker to remotely + execute arbitrary code. + + spice-gtk + 2018-11-27 + 2018-11-27 + 650878 + local, remote + + + 0.34 + 0.34 + + + +

spice-gtk is a set of GObject and Gtk objects for connecting to Spice + servers and a client GUI. +

+ + +

A vulnerability was found in spice-gtk client due to the incorrect use + of integer types and missing overflow checks. +

+ + +

An attacker, by enticing the user to join a malicious server, could + remotely execute arbitrary code or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All spice-gtk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/spice-gtk-0.34" + + + + CVE-2017-12194 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 29b6624777..1ed620129b 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Mon, 12 Nov 2018 21:40:58 +0000 +Tue, 27 Nov 2018 13:38:33 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index 222bb03a9e..c36248c193 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -d0ed5c4d9d5a03355ab534b5784906e0956ea022 1541809004 2018-11-10T00:16:44+00:00 +374d0d9fa63a3f974ca84f27375c342d75caaf3c 1543284372 2018-11-27T02:06:12+00:00