mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 18:06:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #700 from dm0-/glsa

Browse Source 
bump(metadata/glsa): sync with upstream
This commit is contained in:
David Michael 2018-11-27 14:06:59 -05:00 committed by GitHub
commit 52b145b64c
16 changed files with 806 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 Hash: SHA512
MANIFEST Manifest.files.gz 431078 BLAKE2B a37fcfee71256f9d40f60594c0e23daa5c659172c73db4acde25cfdd707e9c953c72c601225f03add857a3a4cd00dd0e4d133ce2a5780bc2e304faaa458a4319 SHA512 34e61d1ae19c99e2490f0ce5a8c731b8cbbf25f056f7432c3433599c2ba70347a4dc032b240a0b1d37227f95691c4c78e3d496bae3d66dff4167de8de8693f5d MANIFEST Manifest.files.gz 432816 BLAKE2B ffc51d9d6189a74448d697e9117b9d48ac11f78285f07bebf95748ef06b6de287ff57ccd0eacc079346214a7630326fe3cc9033eb49d954bdf89ab01636d563f SHA512 0f045c6288501be1d56081cf19122e140f88c85377d2e1cb644335ff5012aa0b17f2efb26628ac147bd855a3938417208e38699db1e2a93adfa25b48a039e20f
TIMESTAMP 2018-11-12T21:41:01Z TIMESTAMP 2018-11-27T13:38:37Z
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlvp821fFIAAAAAALgAo iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlv9SN1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klCqzA//c9fvRf/RTHzIgWQ7SuyQup6hBsjHpjvDHJX3AWss4iZsh0SE/Ka5m2Fs klAulQ//f9ND1KFVjkLzU4ytxBc3GTwtOeuXSNFm6Yvoa9lK7x9k62mdnIck/Wvr
279zcIezkq3wP3LE1EBO3+849DDMV0ochAQaqoD5bSdRz2/lFiVlUHX5XVh26c9d aZ7BVg9W3H4Btfj+XRxtGWGivYBSqgFXdm+IcZhkEPFJGh17lr/JZ+fVH+LS7aa9
Moo8u/5utKYPn3wLSaf4wNHsOWjXpzxrGnLl+jnHPPKf0or28e+ffxfw7buQwPf3 j2++/ytxExqZfqxHjKiNn+/H6ljVrKeVXHnIW4UxZ7mulgv6dFI/SKv67NmyaB25
z6ilfd4iR1PhCU67uaJyM7sYrJ+oB8qMW5/HDRVqlTufjUmRnlmQH2cFBl4aTXCy Kf627Sp74bqgHApDaMeGj7V94F7MieiRSfxlg+bDIf/clJzPXoDkWQ1pftpTfTNj
QHNYMS4xLObnTfGGmoAs+S59JE/9lCzVS2B503BbzagyNVpLUHQ717TunM892Ycl 3KPSpK0IGlt0j7H3VDHhH5RY6yytP9+uTWTcKW3E26VvBdIGTNkDz7czZiWaFQ7G
7jz0+U+Ay/XFBldEHBEqFyRQPWnjiBjpsZPYYvXquPiHAGeILPvqzXE6k9LxLE0j Qs2nEseBC1KKcj3fqJ658s4GmLXhBHSndzNmF1F98EJ6gLRXTsFIVCt3SsE6OdAv
j4iceMdaLPeAQ0BGVVcECKyHPhXFCKn/ZtB0B7JrpVtPBIkCl9KzGFehJuN62mvu oSBa1b5rYuSYRy0b/Ca2ZrW8JAjEtq1ziIKYtuAFBi6d/C/iV6ua0zvCFwXpAodq
KKaOisQvwS7k2mgFJaDde/2JNl21rOMdSJbGHZi607GW11pY5comT32Q7EGfpwFp fsWBcNCTwtG3Qsi0cl8D/W6XURq/LQhoY8NYqevJl4SSqXfLDA+xRs4wmII2hw/U
+An0unYAJM5fEv79ogzQS8u33sg5/SPugjjfyfAI0tX5htpnsER/nOBDWOorhALD J81DH9wxHYh2X2kEK/gXx1+5TA7a0GcREn/vf1swt4Gf8AbZs6Wfmb4cw4LY0Mx8
h++pDaGiDtz0OO4JrbhhZh6FepdzAFaepysepYtj3M9RVy/BDNHhuC2vbnZ6R7U+ etPm2Y1lYIcAVjpvoMycqk6F01k8sBlKf3/DkES/6tdb7irqt8vrk/D0qMVguuzg
A5hLUdAtMS+hmsJjI9/+28jKKzU7NzTOyA/ZygtbIk9/GB7mfhE= VGuXVEyInwy9JD9x7MCim438WxftFrLa0lJAxWV/Ubr/QoJe70g=
=3U/S =zIg0
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

1
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201805-14.xml vendored
View File

@ -44,7 +44,6 @@
</resolution> </resolution>
<references> <references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1120">CVE-2018-1120</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1120">CVE-2018-1120</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1121">CVE-2018-1121</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1122">CVE-2018-1122</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1122">CVE-2018-1122</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1123">CVE-2018-1123</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1123">CVE-2018-1123</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1124">CVE-2018-1124</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1124">CVE-2018-1124</uri>

96
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-10.xml vendored Normal file
View File

@ -0,0 +1,96 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-10">
<title>Chromium: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and Google
Chrome, the worst of which allows remote attackers to execute arbitrary
code.
</synopsis>
<product type="ebuild">chromium</product>
<announced>2018-11-23</announced>
<revised count="1">2018-11-23</revised>
<bug>665340</bug>
<bug>666502</bug>
<bug>668986</bug>
<access>remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">70.0.3538.67</unaffected>
<vulnerable range="lt">70.0.3538.67</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the referenced CVE identifiers and Google Chrome
Releases for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could execute arbitrary code, escalate privileges,
cause a heap buffer overflow, obtain sensitive information, or spoof a
URL.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/chromium-70.0.3538.67"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16065">CVE-2018-16065</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16066">CVE-2018-16066</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16067">CVE-2018-16067</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16068">CVE-2018-16068</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16069">CVE-2018-16069</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16070">CVE-2018-16070</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16071">CVE-2018-16071</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16072">CVE-2018-16072</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16073">CVE-2018-16073</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16074">CVE-2018-16074</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16075">CVE-2018-16075</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16076">CVE-2018-16076</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16077">CVE-2018-16077</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16078">CVE-2018-16078</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16079">CVE-2018-16079</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16080">CVE-2018-16080</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16081">CVE-2018-16081</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16082">CVE-2018-16082</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16083">CVE-2018-16083</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16084">CVE-2018-16084</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16085">CVE-2018-16085</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16086">CVE-2018-16086</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16087">CVE-2018-16087</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16088">CVE-2018-16088</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17462">CVE-2018-17462</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17463">CVE-2018-17463</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17464">CVE-2018-17464</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17465">CVE-2018-17465</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17466">CVE-2018-17466</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17467">CVE-2018-17467</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17468">CVE-2018-17468</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17469">CVE-2018-17469</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17470">CVE-2018-17470</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17471">CVE-2018-17471</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17472">CVE-2018-17472</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17473">CVE-2018-17473</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17474">CVE-2018-17474</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17475">CVE-2018-17475</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17476">CVE-2018-17476</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17477">CVE-2018-17477</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5179">CVE-2018-5179</uri>
</references>
<metadata tag="requester" timestamp="2018-11-09T23:47:46Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2018-11-23T17:59:02Z">b-man</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-11.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-11">
<title>Asterisk: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Asterisk, the worst of
which could result in a Denial of Service condition.
</synopsis>
<product type="ebuild">asterisk</product>
<announced>2018-11-24</announced>
<revised count="1">2018-11-24</revised>
<bug>636972</bug>
<bug>645710</bug>
<bug>668848</bug>
<access>remote</access>
<affected>
<package name="net-misc/asterisk" auto="yes" arch="*">
<unaffected range="ge">13.23.1</unaffected>
<vulnerable range="lt">13.23.1</vulnerable>
</package>
</affected>
<background>
<p>A Modular Open Source PBX System.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Asterisk. Please review
the referenced CVE identifiers for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could cause a Denial of Service condition or conduct
information gathering.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Asterisk users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-13.23.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16671">CVE-2017-16671</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16672">CVE-2017-16672</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17850">CVE-2017-17850</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12227">CVE-2018-12227</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17281">CVE-2018-17281</uri>
</references>
<metadata tag="requester" timestamp="2018-11-13T01:09:36Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2018-11-24T19:44:57Z">b-man</metadata>
</glsa>

85
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-12.xml vendored Normal file
View File

@ -0,0 +1,85 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-12">
<title>GPL Ghostscript: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the
worst of which could result in the execution of arbitrary code.
</synopsis>
<product type="ebuild">ghostscript</product>
<announced>2018-11-24</announced>
<revised count="1">2018-11-24</revised>
<bug>618820</bug>
<bug>626418</bug>
<bug>635426</bug>
<bug>655404</bug>
<bug>668846</bug>
<bug>671732</bug>
<access>remote</access>
<affected>
<package name="app-text/ghostscript-gpl" auto="yes" arch="*">
<unaffected range="ge">9.26</unaffected>
<vulnerable range="lt">9.26</vulnerable>
</package>
</affected>
<background>
<p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
review the CVE identifiers referenced below for additional information.
</p>
</description>
<impact type="normal">
<p>A context-dependent attacker could entice a user to open a specially
crafted PostScript file or PDF document using GPL Ghostscript possibly
resulting in the execution of arbitrary code with the privileges of the
process, a Denial of Service condition, or other unspecified impacts,
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GPL Ghostscript users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gpl-9.26"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11714">CVE-2017-11714</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7948">CVE-2017-7948</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9610">CVE-2017-9610</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9611">CVE-2017-9611</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9612">CVE-2017-9612</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9618">CVE-2017-9618</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9619">CVE-2017-9619</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9620">CVE-2017-9620</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9726">CVE-2017-9726</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9727">CVE-2017-9727</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9739">CVE-2017-9739</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9740">CVE-2017-9740</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9835">CVE-2017-9835</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10194">CVE-2018-10194</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15908">CVE-2018-15908</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15909">CVE-2018-15909</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15910">CVE-2018-15910</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15911">CVE-2018-15911</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16509">CVE-2018-16509</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16510">CVE-2018-16510</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16511">CVE-2018-16511</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16513">CVE-2018-16513</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16539">CVE-2018-16539</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16540">CVE-2018-16540</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16541">CVE-2018-16541</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16542">CVE-2018-16542</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16543">CVE-2018-16543</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16585">CVE-2018-16585</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16802">CVE-2018-16802</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18284">CVE-2018-18284</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19409">CVE-2018-19409</uri>
</references>
<metadata tag="requester" timestamp="2018-11-23T18:50:20Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-11-24T19:47:44Z">b-man</metadata>
</glsa>

113
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-13.xml vendored Normal file
View File

@ -0,0 +1,113 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-13">
<title>Mozilla Thunderbird: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
the worst of which could lead to the execution of arbitrary code.
</synopsis>
<product type="ebuild">mozilla,thunderbird</product>
<announced>2018-11-24</announced>
<revised count="1">2018-11-24</revised>
<bug>651862</bug>
<bug>656092</bug>
<bug>660342</bug>
<bug>669960</bug>
<bug>670102</bug>
<access>remote</access>
<affected>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">60.3.0</unaffected>
<vulnerable range="lt">60.3.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">60.3.0</unaffected>
<vulnerable range="lt">60.3.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the referenced Mozilla Foundation Security Advisories and
CVE identifiers below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker may be able to execute arbitrary code, cause a Denial
of Service condition, obtain sensitive information, or conduct Cross-Site
Request Forgery (CSRF).
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-60.3.0"
</code>
<p>All Thunderbird binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=mail-client/thunderbird-bin-60.3.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16541">CVE-2017-16541</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12359">CVE-2018-12359</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12360">CVE-2018-12360</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12361">CVE-2018-12361</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12362">CVE-2018-12362</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12363">CVE-2018-12363</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12364">CVE-2018-12364</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12365">CVE-2018-12365</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12366">CVE-2018-12366</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12367">CVE-2018-12367</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12371">CVE-2018-12371</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12372">CVE-2018-12372</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12373">CVE-2018-12373</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12374">CVE-2018-12374</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12376">CVE-2018-12376</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12377">CVE-2018-12377</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12378">CVE-2018-12378</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12379">CVE-2018-12379</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12383">CVE-2018-12383</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12385">CVE-2018-12385</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12389">CVE-2018-12389</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12390">CVE-2018-12390</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12391">CVE-2018-12391</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12392">CVE-2018-12392</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12393">CVE-2018-12393</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5125">CVE-2018-5125</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5127">CVE-2018-5127</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5129">CVE-2018-5129</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5144">CVE-2018-5144</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5145">CVE-2018-5145</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5146">CVE-2018-5146</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5150">CVE-2018-5150</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5154">CVE-2018-5154</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5155">CVE-2018-5155</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5156">CVE-2018-5156</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5159">CVE-2018-5159</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5161">CVE-2018-5161</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5162">CVE-2018-5162</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5168">CVE-2018-5168</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5170">CVE-2018-5170</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5178">CVE-2018-5178</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5183">CVE-2018-5183</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5184">CVE-2018-5184</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5185">CVE-2018-5185</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5187">CVE-2018-5187</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5188">CVE-2018-5188</uri>
</references>
<metadata tag="requester" timestamp="2018-11-16T10:50:04Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-11-24T19:51:04Z">b-man</metadata>
</glsa>

76
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-14.xml vendored Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-14">
<title>Exiv2: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Exiv2, the worst of
which could result in a Denial of Service condition.
</synopsis>
<product type="ebuild">exiv2</product>
<announced>2018-11-24</announced>
<revised count="1">2018-11-24</revised>
<bug>647810</bug>
<bug>647812</bug>
<bug>647816</bug>
<bug>652822</bug>
<bug>655842</bug>
<bug>655958</bug>
<bug>658236</bug>
<access>remote</access>
<affected>
<package name="media-gfx/exiv2" auto="yes" arch="*">
<unaffected range="ge">0.26_p20180811-r3</unaffected>
<vulnerable range="lt">0.26_p20180811-r3</vulnerable>
</package>
</affected>
<background>
<p>Exiv2 is a C++ library and a command line utility to manage image
metadata.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Exiv2. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could cause a Denial of Service condition or obtain
sensitive information via a specially crafted file.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Exiv2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=media-gfx/exiv2-0.26_p20180811-r3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17723">CVE-2017-17723</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17724">CVE-2017-17724</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10780">CVE-2018-10780</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10958">CVE-2018-10958</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10998">CVE-2018-10998</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10999">CVE-2018-10999</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11037">CVE-2018-11037</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-11531">CVE-2018-11531</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12264">CVE-2018-12264</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12265">CVE-2018-12265</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5772">CVE-2018-5772</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8976">CVE-2018-8976</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8977">CVE-2018-8977</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9144">CVE-2018-9144</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9145">CVE-2018-9145</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9146">CVE-2018-9146</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9303">CVE-2018-9303</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9304">CVE-2018-9304</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9305">CVE-2018-9305</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9306">CVE-2018-9306</uri>
</references>
<metadata tag="requester" timestamp="2018-11-13T06:49:12Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2018-11-24T21:44:28Z">b-man</metadata>
</glsa>

75
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-15.xml vendored Normal file
View File

@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-15">
<title>MuPDF: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in MuPDF, the worst of
which could allow the remote execution of arbitrary code.
</synopsis>
<product type="ebuild">mupdf</product>
<announced>2018-11-26</announced>
<revised count="1">2018-11-26</revised>
<bug>634678</bug>
<bug>646010</bug>
<bug>651828</bug>
<bug>658618</bug>
<access>remote</access>
<affected>
<package name="app-text/mupdf" auto="yes" arch="*">
<unaffected range="ge">1.13.0</unaffected>
<vulnerable range="lt">1.13.0</vulnerable>
</package>
</affected>
<background>
<p>A lightweight PDF, XPS, and E-book viewer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in MuPDF. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing a user to process a specially crafted
file, could possibly execute arbitrary code, cause a Denial of Service
condition, or have other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All MuPDF users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-text/mupdf-1.13.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15587">CVE-2017-15587</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17858">CVE-2017-17858</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000036">
CVE-2018-1000036
</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000037">
CVE-2018-1000037
</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000038">
CVE-2018-1000038
</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000039">
CVE-2018-1000039
</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000040">
CVE-2018-1000040
</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000051">
CVE-2018-1000051
</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5686">CVE-2018-5686</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6187">CVE-2018-6187</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6192">CVE-2018-6192</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6544">CVE-2018-6544</uri>
</references>
<metadata tag="requester" timestamp="2018-11-24T21:59:01Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-11-26T18:08:44Z">b-man</metadata>
</glsa>

56
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-16.xml vendored Normal file
View File

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-16">
<title>strongSwan: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in strongSwan, the worst
of which could lead to a Denial of Service condition.
</synopsis>
<product type="ebuild">strongswan</product>
<announced>2018-11-26</announced>
<revised count="1">2018-11-26</revised>
<bug>648610</bug>
<bug>656338</bug>
<bug>658230</bug>
<bug>668862</bug>
<access>remote</access>
<affected>
<package name="net-vpn/strongswan" auto="yes" arch="*">
<unaffected range="ge">5.7.1</unaffected>
<vulnerable range="lt">5.7.1</vulnerable>
</package>
</affected>
<background>
<p>strongSwan is an IPSec implementation for Linux.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in strongSwan. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could cause a Denial of Service condition or
impersonate a user.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All strongSwan users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-vpn/strongswan-5.7.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10811">CVE-2018-10811</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16151">CVE-2018-16151</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16152">CVE-2018-16152</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-17540">CVE-2018-17540</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5388">CVE-2018-5388</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6459">CVE-2018-6459</uri>
</references>
<metadata tag="requester" timestamp="2018-11-15T12:36:55Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-11-26T18:35:58Z">b-man</metadata>
</glsa>

81
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-17.xml vendored Normal file
View File

@ -0,0 +1,81 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-17">
<title>Binutils: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Binutils, the worst of
which may allow remote attackers to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">binutils</product>
<announced>2018-11-27</announced>
<revised count="1">2018-11-27</revised>
<bug>634196</bug>
<bug>637642</bug>
<bug>639692</bug>
<bug>639768</bug>
<bug>647798</bug>
<bug>649690</bug>
<access>remote</access>
<affected>
<package name="sys-devel/binutils" auto="yes" arch="*">
<unaffected range="ge">2.30-r2</unaffected>
<vulnerable range="lt">2.30-r2</vulnerable>
</package>
</affected>
<background>
<p>The GNU Binutils are a collection of tools to create, modify and analyse
binary files. Many of the files use BFD, the Binary File Descriptor
library, to do low-level manipulation.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Binutils. Please review
the referenced CVE identifiers for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing a user to compile/execute a specially
crafted ELF, object, PE, or binary file, could possibly cause a Denial of
Service condition or have other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Binutils users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.30-r2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14933">CVE-2017-14933</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16826">CVE-2017-16826</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16827">CVE-2017-16827</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16828">CVE-2017-16828</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16829">CVE-2017-16829</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16830">CVE-2017-16830</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16831">CVE-2017-16831</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16832">CVE-2017-16832</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17080">CVE-2017-17080</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17121">CVE-2017-17121</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17122">CVE-2017-17122</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17123">CVE-2017-17123</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17124">CVE-2017-17124</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17125">CVE-2017-17125</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17126">CVE-2017-17126</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6543">CVE-2018-6543</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6759">CVE-2018-6759</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6872">CVE-2018-6872</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7208">CVE-2018-7208</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7568">CVE-2018-7568</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7569">CVE-2018-7569</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7570">CVE-2018-7570</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7642">CVE-2018-7642</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7643">CVE-2018-7643</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8945">CVE-2018-8945</uri>
</references>
<metadata tag="requester" timestamp="2018-11-24T22:06:12Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-11-27T02:00:21Z">b-man</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-18.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-18">
<title>Tablib: Arbitrary command execution</title>
<synopsis>A vulnerability in Tablib might allow remote attackers to execute
arbitrary python commands.
</synopsis>
<product type="ebuild">tablib</product>
<announced>2018-11-27</announced>
<revised count="1">2018-11-27</revised>
<bug>621884</bug>
<access>remote</access>
<affected>
<package name="dev-python/tablib" auto="yes" arch="*">
<unaffected range="ge">0.12.1</unaffected>
<vulnerable range="lt">0.12.1</vulnerable>
</package>
</affected>
<background>
<p>Tablib is an MIT Licensed format-agnostic tabular dataset library,
written in Python. It allows you to import, export, and manipulate
tabular data sets.
</p>
</background>
<description>
<p>A vulnerability was discovered in Tablibs Databook loading
functionality, due to improper input validation.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing the user to process a specially crafted
Databook via YAML, could possibly execute arbitrary python commands with
the privilege of the process.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Tablib users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-python/tablib-0.12.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2810">CVE-2017-2810</uri>
</references>
<metadata tag="requester" timestamp="2018-11-24T22:46:04Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-11-27T02:02:33Z">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-19.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-19">
<title>Libav: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Libav, the worst of
which may allow a Denial of Service condition.
</synopsis>
<product type="ebuild">libav</product>
<announced>2018-11-27</announced>
<revised count="1">2018-11-27</revised>
<bug>637458</bug>
<access>remote</access>
<affected>
<package name="media-video/libav" auto="yes" arch="*">
<unaffected range="ge">12.3</unaffected>
<vulnerable range="lt">12.3</vulnerable>
</package>
</affected>
<background>
<p>Libav is a complete solution to record, convert and stream audio and
video.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Libav. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, via a crafted Smacker stream, could cause a Denial of
Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Libav users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-video/libav-12.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16803">CVE-2017-16803</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7862">CVE-2017-7862</uri>
</references>
<metadata tag="requester" timestamp="2018-11-24T23:08:51Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-11-27T02:04:05Z">b-man</metadata>
</glsa>

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201811-20.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201811-20">
<title>spice-gtk: Remote code execution</title>
<synopsis>A vulnerability in spice-gtk could allow an attacker to remotely
execute arbitrary code.
</synopsis>
<product type="ebuild">spice-gtk</product>
<announced>2018-11-27</announced>
<revised count="1">2018-11-27</revised>
<bug>650878</bug>
<access>local, remote</access>
<affected>
<package name="net-misc/spice-gtk" auto="yes" arch="*">
<unaffected range="ge">0.34</unaffected>
<vulnerable range="lt">0.34</vulnerable>
</package>
</affected>
<background>
<p>spice-gtk is a set of GObject and Gtk objects for connecting to Spice
servers and a client GUI.
</p>
</background>
<description>
<p>A vulnerability was found in spice-gtk client due to the incorrect use
of integer types and missing overflow checks.
</p>
</description>
<impact type="normal">
<p>An attacker, by enticing the user to join a malicious server, could
remotely execute arbitrary code or cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All spice-gtk users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/spice-gtk-0.34"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12194">CVE-2017-12194</uri>
</references>
<metadata tag="requester" timestamp="2018-11-24T22:29:36Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-11-27T02:05:55Z">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Mon, 12 Nov 2018 21:40:58 +0000 Tue, 27 Nov 2018 13:38:33 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
d0ed5c4d9d5a03355ab534b5784906e0956ea022 1541809004 2018-11-10T00:16:44+00:00 374d0d9fa63a3f974ca84f27375c342d75caaf3c 1543284372 2018-11-27T02:06:12+00:00