mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 21:11:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #387 from flatcar/buildbot/monthly-glsa-metadata-updates-2022-11-18

Browse Source 
Monthly GLSA metadata 2022-11-18
This commit is contained in:
Dongsu Park 2022-11-25 09:48:06 +01:00 committed by GitHub
commit 59874b3c1f
118 changed files with 6916 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 Hash: SHA512
MANIFEST Manifest.files.gz 518284 BLAKE2B cb5fac863af3ef8aeec2b30770dcc46b92cbbaa35f883be3558623dd9e5b3307de19f033786959c2acefd089b402b92ae2601f1a2c9fbecd7bfee07eeebbf7b1 SHA512 052cb56c55e024e97ce62af25a94a63d53c61d2136da88877dd492ef68703ac7e8da03f6d57bdbf30b2c7ff7dccedfad2ae627469dda5745354b99d6f6e960d8 MANIFEST Manifest.files.gz 536244 BLAKE2B 47908e9e54099299278f14e5112b789aac78178d7406b6880e3986163e8e2aeec411757dbe131202da7291c508ea72a7d158f7fe08facf6e36a23a28a992a7d8 SHA512 ef16d73b0d889ec01efae4d55e398ba1b384a7b46066c129d82b336f46e8804d0dd1765c65c49d93842dc829696efc67759ac790655f316a70359fb8847d9e4e
TIMESTAMP 2022-02-14T12:39:14Z TIMESTAMP 2022-11-18T11:39:56Z
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmIKTXJfFIAAAAAALgAo iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmN3bwxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klCAjA/9HwFYsxuRkPGRrV6K8wLfVbDVy/k1z37D9snjOnQ5b7wG3qlFapO+aD5d klBofg//VsVRzTk9MRvuKpQh5uKwkc4MXC+hY/TOxmUKNMuG6ZjaNiXdjz0Z5HXr
qRiqgJGNRmhF6j7YJ9jfTw3jeCxeIn2lR4S6KCSizAofr5Nzl/DNobfSqjNoDWew R5OlMOiOdRsBp2y9UHAcyjopo8OdIf3g6jzdpbBcEBw/nx+iHsP8ebrsHqiXSLXI
k8MZ/zu5WS7iHeSgXfX03fB/dXiwpxQBT14REa8pCfxnnplPKeu+FxyLRY1CCj8S 77XS2/pob3vYuSndXbfvLs0ZemqBXOcflneIQ9rkOD/LnpOyH1o3RYPnahoAVqQZ
xS/boQOaJUYwo7X9ODKjM9D2zQbhuQIn9TkCAZMCVDxaz93ITLZUEM+lNAKKRngo mytgfss+b7cZjogvbiOCBqjPtTTHn6F8rDq9Jmn7KsbIi6hIzHDcKa4CI/C4f74n
tHIDi3PQorvgCbrbCog5dLXi90Lziv7kpUJpF/rI70RisP4vbKFGXWA5ySs2lKXD MKi992d5ZLKck+zkOEU+fYXy9xuoALPxxM8tD4LvyfW+2DoVmgtERDw2HPxWTBim
CJTXEV03p0CZx+FN8l8KsaHG9FM3V1f7jVJdbs+x8cAxM9ycVNZYMU3BHJClW7CE 7yB2pmcrkv5sOeNar2ftZdFRS7ZX26OS9wvIE6qZbh6cnjTKJB71mY/DwV3V0sPX
MSUB9bdH+GB94qtj580+d4xq1A/MsWSvsARlWo2YgWoIetvCLlCp6qNSooKUFHiu 1nQLG0V5Ors9wtM93GbbQY9Qxh8l9WQ6/jpNiwqoZLfPRUcsgo69Q0VxOd/qKXOQ
UmlyYPVLWaGBtrBYIEkJCWrsBG6TgYweMXVOpXNv0SLuUiv2PfynzThHeF7KqCtY sKR5opWTozn6qL55+CuqH3msq+agDkWAYSjdmNTiEbEv6inlSx+zJlGuChA6Ve7c
G/Rd2hO+awkXUS3DnjSw1Ldduvd/gOrwa6TV5KYdfBI5pfvn1CmbrUJFjcscigX2 0e7UnJYyQQiyir8bxXtJPZesrIav61Q/eM+X4LtGrxeGFzvAmn/yl6f9uda2w16w
mTy1MQuh0HtqYGlUGmGKF6vf7dJiD7RSxM4EGA6ySepCQYtlj62zC+d/smlU9mmJ yG64E9BdgHZEX8r2QCIGs9iJE9DZ+7dgc9RwXVmEDxRiZ96395ZzHta++PypIL4B
4U+j6d1yk0cI518+9Uxj+xlHX6ItY11h18P5UASSIBFbwxajMhw= MkK5S669/ZseQz/2LmceECvdXIKt95dJKvmgVpcs/vU+eCuTu/s=
=1Nn+ =/0PV
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

2
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202007-17.xml vendored
View File

@ -47,8 +47,6 @@
CVE-2019-1010302 CVE-2019-1010302
</uri> </uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19035">CVE-2019-19035</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19035">CVE-2019-19035</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6624">CVE-2020-6624</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6625">CVE-2020-6625</uri>
</references> </references>
<metadata tag="requester" timestamp="2020-07-26T15:53:15Z">sam_c</metadata> <metadata tag="requester" timestamp="2020-07-26T15:53:15Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-07-27T12:29:49Z">sam_c</metadata> <metadata tag="submitter" timestamp="2020-07-27T12:29:49Z">sam_c</metadata>

90
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202202-02.xml vendored Normal file
View File

@ -0,0 +1,90 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202202-02">
<title>Chromium, Google Chrome: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and Google
Chrome, the worst of which could result in the arbitrary execution
of code.
</synopsis>
<product type="ebuild">chromium,google-chrome</product>
<announced>2022-02-20</announced>
<revised count="1">2022-02-20</revised>
<bug>832559</bug>
<bug>833432</bug>
<access>remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">98.0.4758.102</unaffected>
<vulnerable range="lt">98.0.4758.102</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">98.0.4758.102</unaffected>
<vulnerable range="lt">98.0.4758.102</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Google Chrome is one, fast, simple, and secure browser for all your
devices.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-98.0.4758.102"
</code>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-98.0.4758.102"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0452">CVE-2022-0452</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0453">CVE-2022-0453</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0454">CVE-2022-0454</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0455">CVE-2022-0455</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0456">CVE-2022-0456</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0457">CVE-2022-0457</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0458">CVE-2022-0458</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0459">CVE-2022-0459</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0460">CVE-2022-0460</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0461">CVE-2022-0461</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0462">CVE-2022-0462</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0463">CVE-2022-0463</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0464">CVE-2022-0464</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0465">CVE-2022-0465</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0466">CVE-2022-0466</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0467">CVE-2022-0467</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0468">CVE-2022-0468</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0469">CVE-2022-0469</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0470">CVE-2022-0470</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0603">CVE-2022-0603</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0604">CVE-2022-0604</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0605">CVE-2022-0605</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0606">CVE-2022-0606</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0607">CVE-2022-0607</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0608">CVE-2022-0608</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0609">CVE-2022-0609</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0610">CVE-2022-0610</uri>
</references>
<metadata tag="requester" timestamp="2022-02-20T04:27:54.011934Z">sam</metadata>
<metadata tag="submitter" timestamp="2022-02-20T04:27:54.021175Z">sam</metadata>
</glsa>

141
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202202-03.xml vendored Normal file
View File

@ -0,0 +1,141 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202202-03">
<title>Mozilla Firefox: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.</synopsis>
<product type="ebuild">firefox,firefox-bin</product>
<announced>2022-02-21</announced>
<revised count="1">2022-02-21</revised>
<bug>802768</bug>
<bug>807947</bug>
<bug>813498</bug>
<bug>821385</bug>
<bug>828538</bug>
<bug>831039</bug>
<bug>832992</bug>
<access>remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge" slot="esr">91.6.0</unaffected>
<unaffected range="ge" slot="rapid">97.0</unaffected>
<vulnerable range="lt">97.0</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge" slot="esr">91.6.0</unaffected>
<unaffected range="ge" slot="rapid">97.0</unaffected>
<vulnerable range="lt">97.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-91.6.0:esr"
</code>
<p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.6.0:esr"
</code>
<p>All Mozilla Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-97.0:rapid"
</code>
<p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-97.0:rapid"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29970">CVE-2021-29970</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29972">CVE-2021-29972</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29974">CVE-2021-29974</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29975">CVE-2021-29975</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29976">CVE-2021-29976</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29977">CVE-2021-29977</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29980">CVE-2021-29980</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29981">CVE-2021-29981</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29982">CVE-2021-29982</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29984">CVE-2021-29984</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29985">CVE-2021-29985</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29986">CVE-2021-29986</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29987">CVE-2021-29987</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29988">CVE-2021-29988</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29989">CVE-2021-29989</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29990">CVE-2021-29990</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30547">CVE-2021-30547</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38491">CVE-2021-38491</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38493">CVE-2021-38493</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38495">CVE-2021-38495</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38503">CVE-2021-38503</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38504">CVE-2021-38504</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38506">CVE-2021-38506</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38507">CVE-2021-38507</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38508">CVE-2021-38508</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38509">CVE-2021-38509</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4129">CVE-2021-4129</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4140">CVE-2021-4140</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43536">CVE-2021-43536</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43537">CVE-2021-43537</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43538">CVE-2021-43538</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43539">CVE-2021-43539</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43540">CVE-2021-43540</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43541">CVE-2021-43541</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43542">CVE-2021-43542</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43543">CVE-2021-43543</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43545">CVE-2021-43545</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43546">CVE-2021-43546</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0511">CVE-2022-0511</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22737">CVE-2022-22737</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22738">CVE-2022-22738</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22739">CVE-2022-22739</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22740">CVE-2022-22740</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22741">CVE-2022-22741</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22742">CVE-2022-22742</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22743">CVE-2022-22743</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22745">CVE-2022-22745</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22747">CVE-2022-22747</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22748">CVE-2022-22748</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22751">CVE-2022-22751</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22753">CVE-2022-22753</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22754">CVE-2022-22754</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22755">CVE-2022-22755</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22756">CVE-2022-22756</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22757">CVE-2022-22757</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22758">CVE-2022-22758</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22759">CVE-2022-22759</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22760">CVE-2022-22760</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22761">CVE-2022-22761</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22762">CVE-2022-22762</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22763">CVE-2022-22763</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22764">CVE-2022-22764</uri>
<uri>MOZ-2021-0004</uri>
<uri>MOZ-2021-0005</uri>
<uri>MOZ-2021-0006</uri>
<uri>MOZ-2021-0007</uri>
<uri>MOZ-2021-0008</uri>
</references>
<metadata tag="requester" timestamp="2022-02-21T02:34:25.098926Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-02-21T02:34:25.104535Z">ajak</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202207-01.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202207-01">
<title>HashiCorp Vault: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">vault</product>
<announced>2022-07-29</announced>
<revised count="1">2022-07-29</revised>
<bug>768312</bug>
<bug>797244</bug>
<bug>808093</bug>
<bug>817269</bug>
<bug>827945</bug>
<bug>829493</bug>
<bug>835070</bug>
<bug>845405</bug>
<access>remote</access>
<affected>
<package name="app-admin/vault" auto="yes" arch="*">
<unaffected range="ge">1.10.3</unaffected>
<vulnerable range="lt">1.10.3</vulnerable>
</package>
</affected>
<background>
<p>HashiCorp Vault is a tool for managing secrets.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in HashiCorp Vault. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All HashiCorp Vault users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/vault-1.10.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25594">CVE-2020-25594</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27668">CVE-2021-27668</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3024">CVE-2021-3024</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3282">CVE-2021-3282</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32923">CVE-2021-32923</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37219">CVE-2021-37219</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38553">CVE-2021-38553</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38554">CVE-2021-38554</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41802">CVE-2021-41802</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43998">CVE-2021-43998</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45042">CVE-2021-45042</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-25243">CVE-2022-25243</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30689">CVE-2022-30689</uri>
</references>
<metadata tag="requester" timestamp="2022-07-29T21:22:59.361368Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-07-29T21:22:59.365886Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-01.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-01">
<title>3MF Consortium lib3mf: Remote code execution</title>
<synopsis>A vulnerability in lib3mf could lead to remote code execution.</synopsis>
<product type="ebuild">lib3mf</product>
<announced>2022-08-04</announced>
<revised count="1">2022-08-04</revised>
<bug>775362</bug>
<access>remote</access>
<affected>
<package name="media-libs/lib3mf" auto="yes" arch="*">
<unaffected range="ge">2.1.1</unaffected>
<vulnerable range="lt">2.1.1</vulnerable>
</package>
</affected>
<background>
<p>lib3mf is an implementation of the 3D Manufacturing Format file standard.</p>
</background>
<description>
<p>Incorrect memory handling within lib3mf could result in a use-after-free.</p>
</description>
<impact type="normal">
<p>An attacker that can provide malicious input to an application using 3MF Consortium&#39;s lib3mf could achieve remote code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All 3MF Consortium lib3mf users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/lib3mf-2.1.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21772">CVE-2021-21772</uri>
</references>
<metadata tag="requester" timestamp="2022-08-04T13:52:26.273448Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-04T13:52:26.289354Z">ajak</metadata>
</glsa>

101
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-02.xml vendored Normal file
View File

@ -0,0 +1,101 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-02">
<title>Go: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">go</product>
<announced>2022-08-04</announced>
<revised count="1">2022-08-04</revised>
<bug>754210</bug>
<bug>766216</bug>
<bug>775326</bug>
<bug>788640</bug>
<bug>794784</bug>
<bug>802054</bug>
<bug>806659</bug>
<bug>807049</bug>
<bug>816912</bug>
<bug>821859</bug>
<bug>828655</bug>
<bug>833156</bug>
<bug>834635</bug>
<bug>838130</bug>
<bug>843644</bug>
<bug>849290</bug>
<bug>857822</bug>
<bug>862822</bug>
<access>remote</access>
<affected>
<package name="dev-lang/go" auto="yes" arch="*">
<unaffected range="ge">1.18.5</unaffected>
<vulnerable range="lt">1.18.5</vulnerable>
</package>
</affected>
<background>
<p>Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Go users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/go-1.18.5"
</code>
<p>In addition, users using Portage 3.0.9 or later should ensure that packages with Go binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:</p>
<code>
# emerge --ask --oneshot --verbose @golang-rebuild
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28366">CVE-2020-28366</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28367">CVE-2020-28367</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27918">CVE-2021-27918</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27919">CVE-2021-27919</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29923">CVE-2021-29923</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3114">CVE-2021-3114</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3115">CVE-2021-3115</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31525">CVE-2021-31525</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33195">CVE-2021-33195</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33196">CVE-2021-33196</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33197">CVE-2021-33197</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33198">CVE-2021-33198</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34558">CVE-2021-34558</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36221">CVE-2021-36221</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38297">CVE-2021-38297</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41771">CVE-2021-41771</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41772">CVE-2021-41772</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44716">CVE-2021-44716</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44717">CVE-2021-44717</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1705">CVE-2022-1705</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23772">CVE-2022-23772</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23773">CVE-2022-23773</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23806">CVE-2022-23806</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24675">CVE-2022-24675</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24921">CVE-2022-24921</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27536">CVE-2022-27536</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28131">CVE-2022-28131</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28327">CVE-2022-28327</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29526">CVE-2022-29526</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30629">CVE-2022-30629</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30630">CVE-2022-30630</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30631">CVE-2022-30631</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30632">CVE-2022-30632</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30633">CVE-2022-30633</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30635">CVE-2022-30635</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32148">CVE-2022-32148</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32189">CVE-2022-32189</uri>
</references>
<metadata tag="requester" timestamp="2022-08-04T13:53:02.198118Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-04T13:53:02.201567Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-03.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-03">
<title>Babel: Remote code execution</title>
<synopsis>A vulnerability in Babel could result in remote code execution.</synopsis>
<product type="ebuild">Babel</product>
<announced>2022-08-04</announced>
<revised count="1">2022-08-04</revised>
<bug>786954</bug>
<access>remote</access>
<affected>
<package name="dev-python/Babel" auto="yes" arch="*">
<unaffected range="ge">2.9.1</unaffected>
<vulnerable range="lt">2.9.1</vulnerable>
</package>
</affected>
<background>
<p>Babel is a collection of tools for internationalizing Python applications.</p>
</background>
<description>
<p>Babel does not properly restrict which sources a locale can be loaded from. If Babel loads an attacker-controlled .dat file, arbitrary code execution can be achieved via unsafe Pickle deserialization.</p>
</description>
<impact type="normal">
<p>An attacker with filesystem access and control over the locales Babel loads can achieve code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Babel users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/Babel-2.9.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20095">CVE-2021-20095</uri>
</references>
<metadata tag="requester" timestamp="2022-08-04T13:53:26.311668Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-04T13:53:26.316368Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-04.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-04">
<title>libmcpp: Denial of service</title>
<synopsis>Multiple vulnerabilities in libmcpp could result in a denial of service condition.</synopsis>
<product type="ebuild">libmcpp</product>
<announced>2022-08-04</announced>
<revised count="1">2022-08-04</revised>
<bug>718808</bug>
<access>remote</access>
<affected>
<package name="dev-cpp/libmcpp" auto="yes" arch="*">
<unaffected range="ge">2.7.2_p5</unaffected>
<vulnerable range="lt">2.7.2_p5</vulnerable>
</package>
</affected>
<background>
<p>libmcpp is a portable C/C++ preprocessor.</p>
</background>
<description>
<p>A buffer overflow and an out-of-bounds read vulnerability have been discovered in libmcpp, which could be exploited for denial of service.</p>
</description>
<impact type="low">
<p>An attacker that can provide crafted input to libmcpp could achieve denial of service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libmcpp users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-cpp/libmcpp-2.7.2_p5"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14274">CVE-2019-14274</uri>
</references>
<metadata tag="requester" timestamp="2022-08-04T13:53:45.282478Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-04T13:53:45.286989Z">ajak</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-05.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-05">
<title>Icinga Web 2: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Icinga Web 2, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">icingaweb2</product>
<announced>2022-08-04</announced>
<revised count="1">2022-08-04</revised>
<bug>738024</bug>
<bug>834802</bug>
<access>remote</access>
<affected>
<package name="www-apps/icingaweb2" auto="yes" arch="*">
<unaffected range="ge">2.9.6</unaffected>
<vulnerable range="lt">2.9.6</vulnerable>
</package>
</affected>
<background>
<p>Icinga Web 2 is a frontend for icinga2.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Icinga Web 2. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Icinga Web 2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/icingaweb2-2.9.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24368">CVE-2020-24368</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24714">CVE-2022-24714</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24715">CVE-2022-24715</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24716">CVE-2022-24716</uri>
</references>
<metadata tag="requester" timestamp="2022-08-04T13:54:03.704673Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-04T13:54:03.709641Z">ajak</metadata>
</glsa>

48
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-06.xml vendored Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-06">
<title>lxml: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in lxml, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">lxml</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>777579</bug>
<bug>829053</bug>
<bug>856598</bug>
<access>remote</access>
<affected>
<package name="dev-python/lxml" auto="yes" arch="*">
<unaffected range="ge">4.9.1</unaffected>
<vulnerable range="lt">4.9.1</vulnerable>
</package>
</affected>
<background>
<p>lxml is a Pythonic binding for the libxml2 and libxslt libraries.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in lxml. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All lxml users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/lxml-4.9.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28957">CVE-2021-28957</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43818">CVE-2021-43818</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2309">CVE-2022-2309</uri>
<uri>GHSL-2021-1037</uri>
<uri>GHSL-2021-1038</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T03:53:32.555864Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T03:53:32.562720Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-07.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-07">
<title>LibRaw: Stack buffer overread</title>
<synopsis>A buffer overread in LibRaw might allow an attacker to cause denial of service.</synopsis>
<product type="ebuild">libraw</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>793956</bug>
<access>remote</access>
<affected>
<package name="media-libs/libraw" auto="yes" arch="*">
<unaffected range="ge">0.20.2</unaffected>
<vulnerable range="lt">0.20.2</vulnerable>
</package>
</affected>
<background>
<p>LibRaw is a library for reading RAW files obtained from digital photo cameras.</p>
</background>
<description>
<p>LibRaw incorrectly handles parsing DNG fields in some cases, potentially resulting in a buffer overread leading to denial of service.</p>
</description>
<impact type="low">
<p>An attacker capable of providing crafted input to LibRaw could trigger denial of service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All LibRaw users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libraw-0.20.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24870">CVE-2020-24870</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T04:06:16.242209Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T04:06:16.247568Z">ajak</metadata>
</glsa>

147
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-08.xml vendored Normal file
View File

@ -0,0 +1,147 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-08">
<title>Mozilla Firefox: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.</synopsis>
<product type="ebuild">firefox,firefox-bin</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>834631</bug>
<bug>834804</bug>
<bug>836866</bug>
<bug>842438</bug>
<bug>846593</bug>
<bug>849044</bug>
<bug>857045</bug>
<bug>861515</bug>
<access>remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge" slot="esr">91.12.0</unaffected>
<unaffected range="ge" slot="rapid">103.0</unaffected>
<vulnerable range="lt" slot="rapid">103.0</vulnerable>
<vulnerable range="lt" slot="esr">91.12.0</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge" slot="esr">91.12.0</unaffected>
<unaffected range="ge" slot="rapid">103.0</unaffected>
<vulnerable range="lt" slot="esr">91.12.0</vulnerable>
<vulnerable range="lt" slot="rapid">103.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-91.12.0:esr"
</code>
<p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.12.0:esr"
</code>
<p>All Mozilla Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-103.0:rapid"
</code>
<p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-103.0:rapid"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0843">CVE-2022-0843</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1196">CVE-2022-1196</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1529">CVE-2022-1529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1802">CVE-2022-1802</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1919">CVE-2022-1919</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2200">CVE-2022-2200</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2505">CVE-2022-2505</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24713">CVE-2022-24713</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26381">CVE-2022-26381</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26382">CVE-2022-26382</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26383">CVE-2022-26383</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26384">CVE-2022-26384</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26385">CVE-2022-26385</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26386">CVE-2022-26386</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26387">CVE-2022-26387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26485">CVE-2022-26485</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26486">CVE-2022-26486</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28281">CVE-2022-28281</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28282">CVE-2022-28282</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28283">CVE-2022-28283</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28284">CVE-2022-28284</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28285">CVE-2022-28285</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28286">CVE-2022-28286</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28287">CVE-2022-28287</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28288">CVE-2022-28288</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28289">CVE-2022-28289</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29909">CVE-2022-29909</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29910">CVE-2022-29910</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29911">CVE-2022-29911</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29912">CVE-2022-29912</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29914">CVE-2022-29914</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29915">CVE-2022-29915</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29916">CVE-2022-29916</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29917">CVE-2022-29917</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29918">CVE-2022-29918</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31736">CVE-2022-31736</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31737">CVE-2022-31737</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31738">CVE-2022-31738</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31740">CVE-2022-31740</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31741">CVE-2022-31741</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31742">CVE-2022-31742</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31743">CVE-2022-31743</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31744">CVE-2022-31744</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31745">CVE-2022-31745</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31747">CVE-2022-31747</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31748">CVE-2022-31748</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34468">CVE-2022-34468</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34469">CVE-2022-34469</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34470">CVE-2022-34470</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34471">CVE-2022-34471</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34472">CVE-2022-34472</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34473">CVE-2022-34473</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34474">CVE-2022-34474</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34475">CVE-2022-34475</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34476">CVE-2022-34476</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34477">CVE-2022-34477</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34478">CVE-2022-34478</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34479">CVE-2022-34479</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34480">CVE-2022-34480</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34481">CVE-2022-34481</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34482">CVE-2022-34482</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34483">CVE-2022-34483</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34484">CVE-2022-34484</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34485">CVE-2022-34485</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36315">CVE-2022-36315</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36316">CVE-2022-36316</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36318">CVE-2022-36318</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36319">CVE-2022-36319</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36320">CVE-2022-36320</uri>
<uri>MFSA-2022-14</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T04:06:48.151092Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T04:06:48.153620Z">ajak</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-09.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-09">
<title>HashiCorp Consul: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">consul</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>760696</bug>
<bug>783483</bug>
<bug>802522</bug>
<bug>812497</bug>
<bug>834006</bug>
<bug>838328</bug>
<access>remote</access>
<affected>
<package name="app-admin/consul" auto="yes" arch="*">
<unaffected range="ge">1.9.17</unaffected>
<vulnerable range="lt">1.9.17</vulnerable>
</package>
</affected>
<background>
<p>HashiCorp Consul is a tool for service discovery, monitoring and configuration.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All HashiCorp Consul users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/consul-1.9.17"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25201">CVE-2020-25201</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25864">CVE-2020-25864</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28053">CVE-2020-28053</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28156">CVE-2021-28156</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32574">CVE-2021-32574</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36213">CVE-2021-36213</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38698">CVE-2021-38698</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24687">CVE-2022-24687</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29153">CVE-2022-29153</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T04:07:00.827758Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T04:07:00.832395Z">ajak</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-10.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-10">
<title>Spice Server: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Spice Server, the worst of which may result in the remote execution of arbitrary code.</synopsis>
<product type="ebuild">spice</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>746920</bug>
<bug>792618</bug>
<access>remote</access>
<affected>
<package name="app-emulation/spice" auto="yes" arch="*">
<unaffected range="ge">0.15.0</unaffected>
<vulnerable range="lt">0.15.0</vulnerable>
</package>
</affected>
<background>
<p>Provides a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share USB devices and share folders without complications.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Spice Server, please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Spice Server users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/spice-0.15.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-14355">CVE-2021-14355</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20201">CVE-2021-20201</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T04:07:16.230391Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T04:07:16.235454Z">ajak</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-11.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-11">
<title>Yubico pam-u2f: Local PIN Bypass vulnerability</title>
<synopsis>A vulnerability has been discovered in pam-u2f which could allow a local attacker to bypass PIN entry.</synopsis>
<product type="ebuild">pam_u2f</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>792270</bug>
<access>local</access>
<affected>
<package name="sys-auth/pam_u2f" auto="yes" arch="*">
<unaffected range="ge">1.1.1</unaffected>
<vulnerable range="lt">1.1.1</vulnerable>
</package>
</affected>
<background>
<p>Yubico pam-u2f is a PAM module for FIDO2 and U2F keys.</p>
</background>
<description>
<p>A logic issue in Yubico pam-u2f could result in the bypass of a PIN entry requirement when authenticating with FIDO2.</p>
</description>
<impact type="low">
<p>An attacker with local access to certain applications using pam-u2f for authentication could incorrectly successfully authenticate without entering the authentication PIN.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Yubico pam-u2f users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/pam_u2f-1.1.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31924">CVE-2021-31924</uri>
<uri>YSA-2021-03</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T04:07:59.824838Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T04:07:59.828973Z">ajak</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-12.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-12">
<title>mdbtools: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in mdbtools, the worst of which</synopsis>
<product type="ebuild">mdbtools</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>773289</bug>
<bug>830371</bug>
<access>remote</access>
<affected>
<package name="app-office/mdbtools" auto="yes" arch="*">
<unaffected range="ge">0.9.3</unaffected>
<vulnerable range="lt">0.9.3</vulnerable>
</package>
</affected>
<background>
<p>mdbtools is a set of libraries and utilities for reading Microsoft Access database (MDB) files.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in mdbtools. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All mdbtools users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/mdbtools-0.9.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45926">CVE-2021-45926</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45927">CVE-2021-45927</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T04:08:26.317866Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T04:08:26.320752Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-13.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-13">
<title>libass: Denial of service</title>
<synopsis>A vulnerability in libass could result in denial of service.</synopsis>
<product type="ebuild">libass</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>803119</bug>
<access>remote</access>
<affected>
<package name="media-libs/libass" auto="yes" arch="*">
<unaffected range="ge">0.15.1</unaffected>
<vulnerable range="lt">0.15.1</vulnerable>
</package>
</affected>
<background>
<p>libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) subtitle format.</p>
</background>
<description>
<p>A one-byte buffer overwrite in ASS font decoding could trigger an assertion failure resulting in denial of service.</p>
</description>
<impact type="low">
<p>An attacker with control over the ASS track input to libass via an application using it could trigger a denial of service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libass users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libass-0.15.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36430">CVE-2020-36430</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T04:08:39.534267Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T04:08:39.537350Z">ajak</metadata>
</glsa>

165
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-14.xml vendored Normal file
View File

@ -0,0 +1,165 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-14">
<title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.</synopsis>
<product type="ebuild">thunderbird,thunderbird-bin</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>794085</bug>
<bug>802759</bug>
<bug>807943</bug>
<bug>811912</bug>
<bug>813501</bug>
<bug>822294</bug>
<bug>828539</bug>
<bug>831040</bug>
<bug>833520</bug>
<bug>834805</bug>
<bug>845057</bug>
<bug>846596</bug>
<bug>849047</bug>
<bug>857048</bug>
<bug>864577</bug>
<access>remote</access>
<affected>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">91.12.0</unaffected>
<vulnerable range="lt">91.12.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">91.12.0</unaffected>
<vulnerable range="lt">91.12.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-91.12.0"
</code>
<p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-91.12.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4129">CVE-2021-4129</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4140">CVE-2021-4140</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29967">CVE-2021-29967</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29969">CVE-2021-29969</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29970">CVE-2021-29970</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29976">CVE-2021-29976</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29980">CVE-2021-29980</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29984">CVE-2021-29984</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29985">CVE-2021-29985</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29986">CVE-2021-29986</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29988">CVE-2021-29988</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29989">CVE-2021-29989</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30547">CVE-2021-30547</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38492">CVE-2021-38492</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38493">CVE-2021-38493</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38495">CVE-2021-38495</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38503">CVE-2021-38503</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38504">CVE-2021-38504</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38506">CVE-2021-38506</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38507">CVE-2021-38507</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38508">CVE-2021-38508</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38509">CVE-2021-38509</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40529">CVE-2021-40529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43528">CVE-2021-43528</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43529">CVE-2021-43529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43536">CVE-2021-43536</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43537">CVE-2021-43537</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43538">CVE-2021-43538</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43539">CVE-2021-43539</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43541">CVE-2021-43541</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43542">CVE-2021-43542</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43543">CVE-2021-43543</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43545">CVE-2021-43545</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43546">CVE-2021-43546</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0566">CVE-2022-0566</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1196">CVE-2022-1196</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1197">CVE-2022-1197</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1520">CVE-2022-1520</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1529">CVE-2022-1529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1802">CVE-2022-1802</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1834">CVE-2022-1834</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2200">CVE-2022-2200</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2226">CVE-2022-2226</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22737">CVE-2022-22737</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22738">CVE-2022-22738</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22739">CVE-2022-22739</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22740">CVE-2022-22740</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22741">CVE-2022-22741</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22742">CVE-2022-22742</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22743">CVE-2022-22743</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22745">CVE-2022-22745</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22747">CVE-2022-22747</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22748">CVE-2022-22748</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22751">CVE-2022-22751</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22754">CVE-2022-22754</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22756">CVE-2022-22756</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22759">CVE-2022-22759</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22760">CVE-2022-22760</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22761">CVE-2022-22761</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22763">CVE-2022-22763</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22764">CVE-2022-22764</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24713">CVE-2022-24713</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26381">CVE-2022-26381</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26383">CVE-2022-26383</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26384">CVE-2022-26384</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26386">CVE-2022-26386</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26387">CVE-2022-26387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26485">CVE-2022-26485</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26486">CVE-2022-26486</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28281">CVE-2022-28281</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28282">CVE-2022-28282</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28285">CVE-2022-28285</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28286">CVE-2022-28286</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28289">CVE-2022-28289</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29909">CVE-2022-29909</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29911">CVE-2022-29911</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29912">CVE-2022-29912</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29913">CVE-2022-29913</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29914">CVE-2022-29914</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29916">CVE-2022-29916</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29917">CVE-2022-29917</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31736">CVE-2022-31736</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31737">CVE-2022-31737</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31738">CVE-2022-31738</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31740">CVE-2022-31740</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31741">CVE-2022-31741</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31742">CVE-2022-31742</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31747">CVE-2022-31747</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34468">CVE-2022-34468</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34470">CVE-2022-34470</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34472">CVE-2022-34472</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34478">CVE-2022-34478</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34479">CVE-2022-34479</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34481">CVE-2022-34481</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34484">CVE-2022-34484</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36318">CVE-2022-36318</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36319">CVE-2022-36319</uri>
<uri>MOZ-2021-0007</uri>
<uri>MOZ-2021-0008</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T04:08:55.757755Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T04:08:55.760111Z">ajak</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-15.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-15">
<title>isync: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in isync, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">isync</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>771738</bug>
<bug>794772</bug>
<bug>826902</bug>
<access>remote</access>
<affected>
<package name="net-mail/isync" auto="yes" arch="*">
<unaffected range="ge">1.4.4</unaffected>
<vulnerable range="lt">1.4.4</vulnerable>
</package>
</affected>
<background>
<p>isync is an IMAP and MailDir mailbox synchronizer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in isync. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All isync users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/isync-1.4.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3578">CVE-2021-3578</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3657">CVE-2021-3657</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20247">CVE-2021-20247</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44143">CVE-2021-44143</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T22:30:18.734099Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T22:30:18.742070Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-16.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-16">
<title>faac: Denial of service</title>
<synopsis>A vulnerability in faac could result in denial of service.</synopsis>
<product type="ebuild">faac</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>762505</bug>
<access>remote</access>
<affected>
<package name="media-libs/faac" auto="yes" arch="*">
<unaffected range="ge">1.30</unaffected>
<vulnerable range="lt">1.30</vulnerable>
</package>
</affected>
<background>
<p>faac contains free MPEG-4 audio codecs by AudioCoding.com.</p>
</background>
<description>
<p>An invalid pointer can be dereferenced in the huffcode function of libfaac/huff2.c, leading to a crash.</p>
</description>
<impact type="low">
<p>An attacker with the ability to provide crafted input to faac could cause a denial of service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All faac users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/faac-1.30"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19886">CVE-2018-19886</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T22:30:58.155858Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T22:30:58.161210Z">ajak</metadata>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-17.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-17">
<title>Nextcloud: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Nextcloud, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">nextcloud</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>848873</bug>
<bug>835073</bug>
<bug>834803</bug>
<bug>820368</bug>
<bug>812443</bug>
<bug>802096</bug>
<bug>797253</bug>
<access>remote</access>
<affected>
<package name="www-apps/nextcloud" auto="yes" arch="*">
<unaffected range="ge">23.0.4</unaffected>
<vulnerable range="lt">23.0.4</vulnerable>
</package>
</affected>
<background>
<p>Nextcloud is a personal cloud that runs on your own server.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Nextcloud. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Nextcloud users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/nextcloud-23.0.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32653">CVE-2021-32653</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32654">CVE-2021-32654</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32655">CVE-2021-32655</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32656">CVE-2021-32656</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32657">CVE-2021-32657</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32678">CVE-2021-32678</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32679">CVE-2021-32679</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32680">CVE-2021-32680</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32688">CVE-2021-32688</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32703">CVE-2021-32703</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32705">CVE-2021-32705</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32725">CVE-2021-32725</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32726">CVE-2021-32726</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32734">CVE-2021-32734</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32800">CVE-2021-32800</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32801">CVE-2021-32801</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32802">CVE-2021-32802</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41177">CVE-2021-41177</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41178">CVE-2021-41178</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41239">CVE-2021-41239</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41241">CVE-2021-41241</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24741">CVE-2022-24741</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24888">CVE-2022-24888</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24889">CVE-2022-24889</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29243">CVE-2022-29243</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T22:31:11.259654Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T22:31:11.265242Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-18.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-18">
<title>Motion: Denial of service</title>
<synopsis>A vulnerability in Motion allows a remote attacker to cause denial of service.</synopsis>
<product type="ebuild">motion</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>760714</bug>
<access>remote</access>
<affected>
<package name="media-video/motion" auto="yes" arch="*">
<unaffected range="ge">4.3.2</unaffected>
<vulnerable range="lt">4.3.2</vulnerable>
</package>
</affected>
<background>
<p>Motion is a program that monitors the video signal from one or more cameras and is able to detect motions.</p>
</background>
<description>
<p>The Motion HTTP server does not correctly perform URL decoding. If the HTTP server receives a request for a URL containing an incomplete percent-encoded character, a flaw in parsing results in an infinite loop trying to parse the rest of the character, which eventually results in a denial of service condition when reading out-of-bounds.</p>
</description>
<impact type="low">
<p>A remote attacker can trigger a denial of service condition in Motion.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Motion users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/motion-4.3.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26566">CVE-2020-26566</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T22:31:25.890188Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T22:31:25.895137Z">ajak</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-19.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-19">
<title>aiohttp: Open redirect vulnerability</title>
<synopsis>An open redirect vulnerability has been discovered in aiohttp.</synopsis>
<product type="ebuild">aiohttp</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>772932</bug>
<access>remote</access>
<affected>
<package name="dev-python/aiohttp" auto="yes" arch="*">
<unaffected range="ge">3.7.4</unaffected>
<vulnerable range="lt">3.7.4</vulnerable>
</package>
</affected>
<background>
<p>aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.</p>
</background>
<description>
<p>A bug in aiohttp.web_middlewares.normalize_path_middleware creates an open redirect vulnerability.</p>
</description>
<impact type="low">
<p>An attacker use this vulnerability to craft a link that, while appearing to be a link to an aiohttp-based website, redirects users to an arbitrary attacker-controlled URL.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All aiohttp users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/aiohttp-3.7.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21330">CVE-2021-21330</uri>
<uri>GHSA-v6wp-4m6f-gcjg</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T22:31:38.516415Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T22:31:38.521134Z">ajak</metadata>
</glsa>

78
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-20.xml vendored Normal file
View File

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-20">
<title>Apache HTTPD: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">apache,apache-tools</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>813429</bug>
<bug>816399</bug>
<bug>816864</bug>
<bug>829722</bug>
<bug>835131</bug>
<bug>850622</bug>
<access>remote</access>
<affected>
<package name="app-admin/apache-tools" auto="yes" arch="*">
<unaffected range="ge">2.4.54</unaffected>
<vulnerable range="lt">2.4.54</vulnerable>
</package>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="ge">2.4.54</unaffected>
<vulnerable range="lt">2.4.54</vulnerable>
</package>
</affected>
<background>
<p>The Apache HTTP server is one of the most popular web servers on the Internet.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Apache HTTPD users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
</code>
<p>All Apache HTTPD tools users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33193">CVE-2021-33193</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34798">CVE-2021-34798</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36160">CVE-2021-36160</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39275">CVE-2021-39275</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40438">CVE-2021-40438</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41524">CVE-2021-41524</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41773">CVE-2021-41773</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42013">CVE-2021-42013</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44224">CVE-2021-44224</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44790">CVE-2021-44790</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22719">CVE-2022-22719</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22720">CVE-2022-22720</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22721">CVE-2022-22721</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23943">CVE-2022-23943</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26377">CVE-2022-26377</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28614">CVE-2022-28614</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28615">CVE-2022-28615</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29404">CVE-2022-29404</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30522">CVE-2022-30522</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30556">CVE-2022-30556</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31813">CVE-2022-31813</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T00:09:33.469438Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T00:09:33.474207Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-21.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-21">
<title>libebml: Heap buffer overflow vulnerability</title>
<synopsis>A heap-based buffer overflow in libeml might allow attackers to execute arbitrary code.</synopsis>
<product type="ebuild">libebml</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>772272</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libebml" auto="yes" arch="arm,ppc,sparc,x86">
<unaffected range="ge">1.4.2</unaffected>
<vulnerable range="lt">1.4.2</vulnerable>
</package>
</affected>
<background>
<p>libebml is a C++ library to parse EBML files.</p>
</background>
<description>
<p>On 32bit builds of libebml, the length of a string is miscalculated, potentially leading to an exploitable heap overflow.</p>
</description>
<impact type="high">
<p>An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Users of libebml on 32 bit architectures should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libebml-1.4.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3405">CVE-2021-3405</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T00:09:54.090013Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T00:09:54.093255Z">ajak</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-22.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-22">
<title>xterm: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in xterm, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">xterm</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>769839</bug>
<bug>832409</bug>
<access>remote</access>
<affected>
<package name="x11-terms/xterm" auto="yes" arch="*">
<unaffected range="ge">371</unaffected>
<vulnerable range="lt">371</vulnerable>
</package>
</affected>
<background>
<p>xterm is a terminal emulator for the X Window system.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in xterm. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All xterm users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/xterm-371"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27135">CVE-2021-27135</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24130">CVE-2022-24130</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T00:10:06.372997Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T00:10:06.379758Z">ajak</metadata>
</glsa>

88
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-23.xml vendored Normal file
View File

@ -0,0 +1,88 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-23">
<title>Xen: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape).</synopsis>
<product type="ebuild">xen,xen-tools</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>810341</bug>
<bug>812485</bug>
<bug>816882</bug>
<bug>825354</bug>
<bug>832039</bug>
<bug>835401</bug>
<bug>850802</bug>
<access>remote</access>
<affected>
<package name="app-emulation/xen" auto="yes" arch="*">
<unaffected range="ge">4.15.3</unaffected>
<vulnerable range="lt">4.15.3</vulnerable>
</package>
<package name="app-emulation/xen-tools" auto="yes" arch="*">
<unaffected range="ge">4.15.3</unaffected>
<vulnerable range="lt">4.15.3</vulnerable>
</package>
</affected>
<background>
<p>Xen is a bare-metal hypervisor.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Xen users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.15.3"
</code>
<p>All Xen tools users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.15.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28694">CVE-2021-28694</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28695">CVE-2021-28695</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28696">CVE-2021-28696</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28697">CVE-2021-28697</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28698">CVE-2021-28698</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28699">CVE-2021-28699</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28700">CVE-2021-28700</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28701">CVE-2021-28701</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28702">CVE-2021-28702</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28710">CVE-2021-28710</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21123">CVE-2022-21123</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21125">CVE-2022-21125</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21166">CVE-2022-21166</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23033">CVE-2022-23033</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23034">CVE-2022-23034</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23035">CVE-2022-23035</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26362">CVE-2022-26362</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26363">CVE-2022-26363</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26364">CVE-2022-26364</uri>
<uri>XSA-378</uri>
<uri>XSA-379</uri>
<uri>XSA-380</uri>
<uri>XSA-382</uri>
<uri>XSA-383</uri>
<uri>XSA-384</uri>
<uri>XSA-386</uri>
<uri>XSA-390</uri>
<uri>XSA-401</uri>
<uri>XSA-402</uri>
<uri>XSA-404</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T14:28:39.018721Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T14:28:39.023416Z">sam</metadata>
</glsa>

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-24.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-24">
<title>GNU C Library: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in the GNU C Library, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">glibc</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>803437</bug>
<bug>807935</bug>
<bug>831096</bug>
<bug>831212</bug>
<access>remote</access>
<affected>
<package name="sys-libs/glibc" auto="yes" arch="*">
<unaffected range="ge">2.34</unaffected>
<vulnerable range="lt">2.34</vulnerable>
</package>
</affected>
<background>
<p>The GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related functions.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GNU C Library users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.34-r7"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3998">CVE-2021-3998</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3999">CVE-2021-3999</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35942">CVE-2021-35942</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38604">CVE-2021-38604</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23218">CVE-2022-23218</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23219">CVE-2022-23219</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T14:29:01.578271Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T14:29:01.583276Z">sam</metadata>
</glsa>

284
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-25.xml vendored Normal file
View File

@ -0,0 +1,284 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-25">
<title>Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">chromium,google-chrome,microsoft-edge,qtwebengine</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>828519</bug>
<bug>834477</bug>
<bug>835397</bug>
<bug>836011</bug>
<bug>836381</bug>
<bug>836777</bug>
<bug>838049</bug>
<bug>838433</bug>
<bug>841371</bug>
<bug>843728</bug>
<bug>847370</bug>
<bug>851003</bug>
<bug>853643</bug>
<bug>773040</bug>
<bug>787950</bug>
<bug>800181</bug>
<bug>810781</bug>
<bug>815397</bug>
<bug>829161</bug>
<bug>835761</bug>
<bug>836830</bug>
<bug>847613</bug>
<bug>853229</bug>
<bug>837497</bug>
<bug>838682</bug>
<bug>843035</bug>
<bug>848864</bug>
<bug>851009</bug>
<bug>854372</bug>
<access>remote</access>
<affected>
<package name="dev-qt/qtwebengine" auto="yes" arch="*">
<unaffected range="ge">5.15.5_p20220618</unaffected>
<vulnerable range="lt">5.15.5_p20220618</vulnerable>
</package>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">103.0.5060.53</unaffected>
<vulnerable range="lt">103.0.5060.53</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">103.0.5060.53</unaffected>
<vulnerable range="lt">103.0.5060.53</vulnerable>
</package>
<package name="www-client/microsoft-edge" auto="yes" arch="*">
<unaffected range="ge">101.0.1210.47</unaffected>
<vulnerable range="lt">101.0.1210.47</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
</code>
<p>All Chromium binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"
</code>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"
</code>
<p>All Microsoft Edge users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
</code>
<p>All QtWebEngine users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.5_p20220618"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4052">CVE-2021-4052</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4053">CVE-2021-4053</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4054">CVE-2021-4054</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4055">CVE-2021-4055</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4056">CVE-2021-4056</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4057">CVE-2021-4057</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4058">CVE-2021-4058</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4059">CVE-2021-4059</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4061">CVE-2021-4061</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4062">CVE-2021-4062</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4063">CVE-2021-4063</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4064">CVE-2021-4064</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4065">CVE-2021-4065</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4066">CVE-2021-4066</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4067">CVE-2021-4067</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4068">CVE-2021-4068</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4078">CVE-2021-4078</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4079">CVE-2021-4079</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30551">CVE-2021-30551</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0789">CVE-2022-0789</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0790">CVE-2022-0790</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0791">CVE-2022-0791</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0792">CVE-2022-0792</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0793">CVE-2022-0793</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0794">CVE-2022-0794</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0795">CVE-2022-0795</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0796">CVE-2022-0796</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0797">CVE-2022-0797</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0798">CVE-2022-0798</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0799">CVE-2022-0799</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0800">CVE-2022-0800</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0801">CVE-2022-0801</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0802">CVE-2022-0802</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0803">CVE-2022-0803</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0804">CVE-2022-0804</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0805">CVE-2022-0805</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0806">CVE-2022-0806</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0807">CVE-2022-0807</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0808">CVE-2022-0808</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0809">CVE-2022-0809</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0971">CVE-2022-0971</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0972">CVE-2022-0972</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0973">CVE-2022-0973</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0974">CVE-2022-0974</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0975">CVE-2022-0975</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0976">CVE-2022-0976</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0977">CVE-2022-0977</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0978">CVE-2022-0978</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0979">CVE-2022-0979</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0980">CVE-2022-0980</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1096">CVE-2022-1096</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1125">CVE-2022-1125</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1127">CVE-2022-1127</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1128">CVE-2022-1128</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1129">CVE-2022-1129</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1130">CVE-2022-1130</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1131">CVE-2022-1131</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1132">CVE-2022-1132</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1133">CVE-2022-1133</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1134">CVE-2022-1134</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1135">CVE-2022-1135</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1136">CVE-2022-1136</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1137">CVE-2022-1137</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1138">CVE-2022-1138</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1139">CVE-2022-1139</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1141">CVE-2022-1141</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1142">CVE-2022-1142</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1143">CVE-2022-1143</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1144">CVE-2022-1144</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1145">CVE-2022-1145</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1146">CVE-2022-1146</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1232">CVE-2022-1232</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1305">CVE-2022-1305</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1306">CVE-2022-1306</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1307">CVE-2022-1307</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1308">CVE-2022-1308</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1309">CVE-2022-1309</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1310">CVE-2022-1310</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1311">CVE-2022-1311</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1312">CVE-2022-1312</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1313">CVE-2022-1313</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1314">CVE-2022-1314</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1364">CVE-2022-1364</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1477">CVE-2022-1477</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1478">CVE-2022-1478</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1479">CVE-2022-1479</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1480">CVE-2022-1480</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1481">CVE-2022-1481</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1482">CVE-2022-1482</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1483">CVE-2022-1483</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1484">CVE-2022-1484</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1485">CVE-2022-1485</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1486">CVE-2022-1486</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1487">CVE-2022-1487</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1488">CVE-2022-1488</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1489">CVE-2022-1489</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1490">CVE-2022-1490</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1491">CVE-2022-1491</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1492">CVE-2022-1492</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1493">CVE-2022-1493</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1494">CVE-2022-1494</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1495">CVE-2022-1495</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1496">CVE-2022-1496</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1497">CVE-2022-1497</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1498">CVE-2022-1498</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1499">CVE-2022-1499</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1500">CVE-2022-1500</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1501">CVE-2022-1501</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1633">CVE-2022-1633</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1634">CVE-2022-1634</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1635">CVE-2022-1635</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1636">CVE-2022-1636</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1637">CVE-2022-1637</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1639">CVE-2022-1639</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1640">CVE-2022-1640</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1641">CVE-2022-1641</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1853">CVE-2022-1853</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1854">CVE-2022-1854</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1855">CVE-2022-1855</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1856">CVE-2022-1856</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1857">CVE-2022-1857</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1858">CVE-2022-1858</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1859">CVE-2022-1859</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1860">CVE-2022-1860</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1861">CVE-2022-1861</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1862">CVE-2022-1862</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1863">CVE-2022-1863</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1864">CVE-2022-1864</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1865">CVE-2022-1865</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1866">CVE-2022-1866</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1867">CVE-2022-1867</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1868">CVE-2022-1868</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1869">CVE-2022-1869</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1870">CVE-2022-1870</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1871">CVE-2022-1871</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1872">CVE-2022-1872</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1873">CVE-2022-1873</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1874">CVE-2022-1874</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1875">CVE-2022-1875</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1876">CVE-2022-1876</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2007">CVE-2022-2007</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2010">CVE-2022-2010</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2011">CVE-2022-2011</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2156">CVE-2022-2156</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2157">CVE-2022-2157</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2158">CVE-2022-2158</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2160">CVE-2022-2160</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2161">CVE-2022-2161</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2162">CVE-2022-2162</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2163">CVE-2022-2163</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2164">CVE-2022-2164</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2165">CVE-2022-2165</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22021">CVE-2022-22021</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24475">CVE-2022-24475</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24523">CVE-2022-24523</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26891">CVE-2022-26891</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26894">CVE-2022-26894</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26895">CVE-2022-26895</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26900">CVE-2022-26900</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26905">CVE-2022-26905</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26908">CVE-2022-26908</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26909">CVE-2022-26909</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26912">CVE-2022-26912</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29144">CVE-2022-29144</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29146">CVE-2022-29146</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29147">CVE-2022-29147</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30127">CVE-2022-30127</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30128">CVE-2022-30128</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30192">CVE-2022-30192</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33638">CVE-2022-33638</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33639">CVE-2022-33639</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T14:29:30.785120Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T14:29:30.789119Z">sam</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-26.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-26">
<title>libarchive: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in libarchive, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">libarchive</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>803128</bug>
<bug>836352</bug>
<bug>837266</bug>
<access>remote</access>
<affected>
<package name="app-arch/libarchive" auto="yes" arch="*">
<unaffected range="ge">3.6.1</unaffected>
<vulnerable range="lt">3.6.1</vulnerable>
</package>
</affected>
<background>
<p>libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libarchive users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.6.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31566">CVE-2021-31566</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36976">CVE-2021-36976</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26280">CVE-2022-26280</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28066">CVE-2022-28066</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T16:08:34.091685Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T16:08:34.098278Z">sam</metadata>
</glsa>

85
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-27.xml vendored Normal file
View File

@ -0,0 +1,85 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-27">
<title>QEMU: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape).</synopsis>
<product type="ebuild">qemu</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>733448</bug>
<bug>736605</bug>
<bug>773220</bug>
<bug>775713</bug>
<bug>780816</bug>
<bug>792624</bug>
<bug>807055</bug>
<bug>810544</bug>
<bug>820743</bug>
<bug>835607</bug>
<bug>839762</bug>
<access>remote</access>
<affected>
<package name="app-emulation/qemu" auto="yes" arch="*">
<unaffected range="ge">7.0.0</unaffected>
<vulnerable range="lt">7.0.0</vulnerable>
</package>
</affected>
<background>
<p>QEMU is a generic and open source machine emulator and virtualizer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in QEMU.Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All QEMU users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/qemu-7.0.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15859">CVE-2020-15859</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15863">CVE-2020-15863</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16092">CVE-2020-16092</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35504">CVE-2020-35504</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35505">CVE-2020-35505</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35506">CVE-2020-35506</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35517">CVE-2020-35517</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3409">CVE-2021-3409</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3416">CVE-2021-3416</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3527">CVE-2021-3527</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3544">CVE-2021-3544</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3545">CVE-2021-3545</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3546">CVE-2021-3546</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3582">CVE-2021-3582</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3607">CVE-2021-3607</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3608">CVE-2021-3608</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3611">CVE-2021-3611</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3682">CVE-2021-3682</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3713">CVE-2021-3713</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3748">CVE-2021-3748</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3750">CVE-2021-3750</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3929">CVE-2021-3929</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3930">CVE-2021-3930</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3947">CVE-2021-3947</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4145">CVE-2021-4145</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4158">CVE-2021-4158</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4206">CVE-2021-4206</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4207">CVE-2021-4207</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20203">CVE-2021-20203</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20257">CVE-2021-20257</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20263">CVE-2021-20263</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0358">CVE-2022-0358</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26353">CVE-2022-26353</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26354">CVE-2022-26354</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T16:09:07.836051Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T16:09:07.841731Z">sam</metadata>
</glsa>

48
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-28.xml vendored Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-28">
<title>Puma: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Puma, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">puma</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>794034</bug>
<bug>817893</bug>
<bug>833155</bug>
<bug>836431</bug>
<access>remote</access>
<affected>
<package name="www-servers/puma" auto="yes" arch="*">
<unaffected range="ge">5.6.4</unaffected>
<vulnerable range="lt">5.6.4</vulnerable>
</package>
</affected>
<background>
<p>Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Puma. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Puma users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/puma-5.6.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29509">CVE-2021-29509</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41136">CVE-2021-41136</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23634">CVE-2022-23634</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24790">CVE-2022-24790</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T21:41:58.068305Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T21:41:58.074010Z">sam</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-29.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-29">
<title>Nokogiri: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">nokogiri</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>846623</bug>
<bug>837902</bug>
<bug>762685</bug>
<access>remote</access>
<affected>
<package name="dev-ruby/nokogiri" auto="yes" arch="*">
<unaffected range="ge">1.13.6</unaffected>
<vulnerable range="lt">1.13.6</vulnerable>
</package>
</affected>
<background>
<p>Nokogiri is an HTML, XML, SAX, and Reader parser.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Nokogiri. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Nokogiri users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ruby/nokogiri-1.13.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26247">CVE-2020-26247</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24836">CVE-2022-24836</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29181">CVE-2022-29181</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T21:44:58.167705Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T21:44:58.173585Z">sam</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-30.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-30">
<title>GNU Binutils: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">binutils,binutils-libs</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>778545</bug>
<bug>792342</bug>
<bug>829304</bug>
<access>remote</access>
<affected>
<package name="sys-devel/binutils" auto="yes" arch="*">
<unaffected range="ge">2.38</unaffected>
<vulnerable range="lt">2.38</vulnerable>
</package>
<package name="sys-libs/binutils-libs" auto="yes" arch="*">
<unaffected range="ge">2.38</unaffected>
<vulnerable range="lt">2.38</vulnerable>
</package>
</affected>
<background>
<p>The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Binutils users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.38"
</code>
<p>All Binutils library users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/binutils-libs-2.38"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3487">CVE-2021-3487</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3530">CVE-2021-3530</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3549">CVE-2021-3549</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20197">CVE-2021-20197</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20284">CVE-2021-20284</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20294">CVE-2021-20294</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45078">CVE-2021-45078</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T21:47:19.226452Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T21:47:19.232334Z">sam</metadata>
</glsa>

111
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-31.xml vendored Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-31">
<title>GStreamer, GStreamer Plugins: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">gst-plugins-bad,gst-plugins-base,gst-plugins-good,gst-plugins-libav,gst-plugins-ugly,gstreamer</product>
<announced>2022-08-14</announced>
<revised count="1">2022-08-14</revised>
<bug>766336</bug>
<bug>785652</bug>
<bug>785655</bug>
<bug>785658</bug>
<bug>785661</bug>
<bug>835368</bug>
<bug>843770</bug>
<bug>765163</bug>
<access>remote</access>
<affected>
<package name="media-libs/gst-plugins-bad" auto="yes" arch="*">
<unaffected range="ge">1.16.3</unaffected>
<vulnerable range="lt">1.16.3</vulnerable>
</package>
<package name="media-libs/gst-plugins-base" auto="yes" arch="*">
<unaffected range="ge">1.18.4</unaffected>
<vulnerable range="lt">1.18.4</vulnerable>
</package>
<package name="media-libs/gst-plugins-good" auto="yes" arch="*">
<unaffected range="ge">1.18.4</unaffected>
<vulnerable range="lt">1.18.4</vulnerable>
</package>
<package name="media-libs/gst-plugins-ugly" auto="yes" arch="*">
<unaffected range="ge">1.18.4</unaffected>
<vulnerable range="lt">1.18.4</vulnerable>
</package>
<package name="media-libs/gstreamer" auto="yes" arch="*">
<unaffected range="ge">1.20.2</unaffected>
<vulnerable range="lt">1.20.2</vulnerable>
</package>
<package name="media-plugins/gst-plugins-libav" auto="yes" arch="*">
<unaffected range="ge">1.18.4</unaffected>
<vulnerable range="lt">1.18.4</vulnerable>
</package>
</affected>
<background>
<p>GStreamer is an open source multimedia framework.</p>
</background>
<description>
<p>Multiple vulnerabilities have been found in GStreamer and its plugins. Please review the CVE and GStreamer-SA identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GStreamer users should update to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.20.2"
</code>
<p>All gst-plugins-bad users should update to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-bad-1.20.2"
</code>
<p>All gst-plugins-good users should update to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-good-1.20.2"
</code>
<p>All gst-plugins-ugly users should update to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-ugly-1.20.2"
</code>
<p>All gst-plugins-base users should update to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-base-1.20.2"
</code>
<p>All gst-plugins-libav users should update to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-libav-1.20.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3185">CVE-2021-3185</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3497">CVE-2021-3497</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3498">CVE-2021-3498</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3522">CVE-2021-3522</uri>
<uri>GStreamer-SA-2021-0001</uri>
<uri>GStreamer-SA-2021-0002</uri>
<uri>GStreamer-SA-2021-0004</uri>
<uri>GStreamer-SA-2021-0005</uri>
</references>
<metadata tag="requester" timestamp="2022-08-14T21:47:49.592909Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-14T21:47:49.599041Z">sam</metadata>
</glsa>

168
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-32.xml vendored Normal file
View File

@ -0,0 +1,168 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-32">
<title>Vim, gVim: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">gvim,vim,vim-core</product>
<announced>2022-08-21</announced>
<revised count="1">2022-08-21</revised>
<bug>811870</bug>
<bug>818562</bug>
<bug>819528</bug>
<bug>823473</bug>
<bug>824930</bug>
<bug>828583</bug>
<bug>829658</bug>
<bug>830106</bug>
<bug>830994</bug>
<bug>833572</bug>
<bug>836432</bug>
<bug>851231</bug>
<access>remote</access>
<affected>
<package name="app-editors/gvim" auto="yes" arch="*">
<unaffected range="ge">9.0.0060</unaffected>
<vulnerable range="lt">9.0.0060</vulnerable>
</package>
<package name="app-editors/vim" auto="yes" arch="*">
<unaffected range="ge">9.0.0060</unaffected>
<vulnerable range="lt">9.0.0060</vulnerable>
</package>
<package name="app-editors/vim-core" auto="yes" arch="*">
<unaffected range="ge">9.0.0060</unaffected>
<vulnerable range="lt">9.0.0060</vulnerable>
</package>
</affected>
<background>
<p>Vim is an efficient, highly configurable improved version of the classic vi text editor. gVim is the GUI version of Vim.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Vim users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
</code>
<p>All gVim users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
</code>
<p>All vim-core users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3770">CVE-2021-3770</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3778">CVE-2021-3778</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3796">CVE-2021-3796</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3872">CVE-2021-3872</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3875">CVE-2021-3875</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3927">CVE-2021-3927</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3928">CVE-2021-3928</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3968">CVE-2021-3968</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3973">CVE-2021-3973</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3974">CVE-2021-3974</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3984">CVE-2021-3984</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4019">CVE-2021-4019</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4069">CVE-2021-4069</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4136">CVE-2021-4136</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4166">CVE-2021-4166</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4173">CVE-2021-4173</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4187">CVE-2021-4187</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4192">CVE-2021-4192</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4193">CVE-2021-4193</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46059">CVE-2021-46059</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0128">CVE-2022-0128</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0156">CVE-2022-0156</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0158">CVE-2022-0158</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0213">CVE-2022-0213</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0261">CVE-2022-0261</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0318">CVE-2022-0318</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0319">CVE-2022-0319</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0351">CVE-2022-0351</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0359">CVE-2022-0359</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0361">CVE-2022-0361</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0368">CVE-2022-0368</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0392">CVE-2022-0392</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0393">CVE-2022-0393</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0407">CVE-2022-0407</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0408">CVE-2022-0408</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0413">CVE-2022-0413</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0417">CVE-2022-0417</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0443">CVE-2022-0443</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0554">CVE-2022-0554</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0629">CVE-2022-0629</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0685">CVE-2022-0685</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0714">CVE-2022-0714</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0729">CVE-2022-0729</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0943">CVE-2022-0943</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1154">CVE-2022-1154</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1160">CVE-2022-1160</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1381">CVE-2022-1381</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1420">CVE-2022-1420</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1616">CVE-2022-1616</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1619">CVE-2022-1619</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1620">CVE-2022-1620</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1621">CVE-2022-1621</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1629">CVE-2022-1629</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1674">CVE-2022-1674</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1720">CVE-2022-1720</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1733">CVE-2022-1733</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1735">CVE-2022-1735</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1769">CVE-2022-1769</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1771">CVE-2022-1771</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1785">CVE-2022-1785</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1796">CVE-2022-1796</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1851">CVE-2022-1851</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1886">CVE-2022-1886</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1897">CVE-2022-1897</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1898">CVE-2022-1898</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1927">CVE-2022-1927</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1942">CVE-2022-1942</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1968">CVE-2022-1968</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2000">CVE-2022-2000</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2042">CVE-2022-2042</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2124">CVE-2022-2124</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2125">CVE-2022-2125</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2126">CVE-2022-2126</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2129">CVE-2022-2129</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2175">CVE-2022-2175</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2182">CVE-2022-2182</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2183">CVE-2022-2183</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2206">CVE-2022-2206</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2207">CVE-2022-2207</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2208">CVE-2022-2208</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2210">CVE-2022-2210</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2231">CVE-2022-2231</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2257">CVE-2022-2257</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2264">CVE-2022-2264</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2284">CVE-2022-2284</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2285">CVE-2022-2285</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2286">CVE-2022-2286</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2287">CVE-2022-2287</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2288">CVE-2022-2288</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2289">CVE-2022-2289</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2304">CVE-2022-2304</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2343">CVE-2022-2343</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2344">CVE-2022-2344</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2345">CVE-2022-2345</uri>
</references>
<metadata tag="requester" timestamp="2022-08-21T01:33:31.581561Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-21T01:33:31.591372Z">ajak</metadata>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-33.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-33">
<title>Gnome Shell, gettext, libcroco: Multiple Vulnerabilities</title>
<synopsis>A vulnerability has been found in libcroco which could result in denial of service.</synopsis>
<product type="ebuild">gettext,gnome-shell,libcroco</product>
<announced>2022-08-21</announced>
<revised count="1">2022-08-21</revised>
<bug>722752</bug>
<bug>755848</bug>
<bug>769998</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libcroco" auto="yes" arch="*">
<unaffected range="ge">0.6.13</unaffected>
<vulnerable range="lt">0.6.13</vulnerable>
</package>
<package name="gnome-base/gnome-shell" auto="yes" arch="*">
<unaffected range="ge">3.36.7</unaffected>
<vulnerable range="lt">3.36.7</vulnerable>
</package>
<package name="sys-devel/gettext" auto="yes" arch="*">
<unaffected range="ge">0.21</unaffected>
<vulnerable range="lt">0.21</vulnerable>
</package>
</affected>
<background>
<p>GNOME Shell provides core user interface functions for the GNOME desktop, like switching to windows and launching applications.
gettext contains the GNU locale utilities.
libcroco is a standalone CSS2 parsing and manipulation library.</p>
</background>
<description>
<p>The cr_parser_parse_any_core function in libcroco&#39;s cr-parser.c does not limit recursion, leading to a denial of service via a stack overflow when trying to parse crafted CSS.
Gnome Shell and gettext bundle libcroco in their own sources and thus are potentially vulnerable as well.</p>
</description>
<impact type="normal">
<p>An attacker with control over the input to the library can cause a denial of service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All gettext users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.21"
</code>
<p>All Gnome Shell users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=gnome-base/gnome-shell-3.36.7"
</code>
<p>All libcroco users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libcroco-0.6.13"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12825">CVE-2020-12825</uri>
</references>
<metadata tag="requester" timestamp="2022-08-21T01:34:48.802416Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-21T01:34:48.808281Z">ajak</metadata>
</glsa>

69
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-34.xml vendored Normal file
View File

@ -0,0 +1,69 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-34">
<title>Apache Tomcat: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">tomcat</product>
<announced>2022-08-21</announced>
<revised count="1">2022-08-21</revised>
<bug>773571</bug>
<bug>801916</bug>
<bug>818160</bug>
<bug>855971</bug>
<access>remote</access>
<affected>
<package name="www-servers/tomcat" auto="yes" arch="*">
<unaffected range="ge" slot="10">10.0.23</unaffected>
<unaffected range="ge" slot="9">9.0.65</unaffected>
<unaffected range="ge" slot="8.5">8.5.82</unaffected>
<vulnerable range="lt" slot="10">10.0.23</vulnerable>
<vulnerable range="lt" slot="9">9.0.65</vulnerable>
<vulnerable range="lt" slot="8.5">8.5.82</vulnerable>
</package>
</affected>
<background>
<p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Apache Tomcat 10.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10"
</code>
<p>All Apache Tomcat 9.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9"
</code>
<p>All Apache Tomcat 8.5.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25122">CVE-2021-25122</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25329">CVE-2021-25329</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30639">CVE-2021-30639</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30640">CVE-2021-30640</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33037">CVE-2021-33037</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42340">CVE-2021-42340</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34305">CVE-2022-34305</uri>
</references>
<metadata tag="requester" timestamp="2022-08-21T01:35:21.756179Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-21T01:35:21.761073Z">ajak</metadata>
</glsa>

126
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-35.xml vendored Normal file
View File

@ -0,0 +1,126 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-35">
<title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">chromium,chromium-bin,google-chrome,microsoft-edge</product>
<announced>2022-08-21</announced>
<revised count="1">2022-08-21</revised>
<bug>858104</bug>
<bug>859442</bug>
<bug>863512</bug>
<bug>865501</bug>
<bug>864723</bug>
<access>remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">104.0.5112.101</unaffected>
<vulnerable range="lt">104.0.5112.101</vulnerable>
</package>
<package name="www-client/chromium-bin" auto="yes" arch="*">
<unaffected range="ge">104.0.5112.101</unaffected>
<vulnerable range="lt">104.0.5112.101</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">104.0.5112.101</unaffected>
<vulnerable range="lt">104.0.5112.101</vulnerable>
</package>
<package name="www-client/microsoft-edge" auto="yes" arch="*">
<unaffected range="ge">104.0.1293.63</unaffected>
<vulnerable range="lt">104.0.1293.63</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"
</code>
<p>All Chromium binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"
</code>
<p>All Google Chrome users should upgrade to tha latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"
</code>
<p>All Microsoft Edge users should upgrade to tha latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2163">CVE-2022-2163</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2294">CVE-2022-2294</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2295">CVE-2022-2295</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2296">CVE-2022-2296</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2477">CVE-2022-2477</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2478">CVE-2022-2478</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2479">CVE-2022-2479</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2480">CVE-2022-2480</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2481">CVE-2022-2481</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2603">CVE-2022-2603</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2604">CVE-2022-2604</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2605">CVE-2022-2605</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2606">CVE-2022-2606</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2607">CVE-2022-2607</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2608">CVE-2022-2608</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2609">CVE-2022-2609</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2610">CVE-2022-2610</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2611">CVE-2022-2611</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2612">CVE-2022-2612</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2613">CVE-2022-2613</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2614">CVE-2022-2614</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2615">CVE-2022-2615</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2616">CVE-2022-2616</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2617">CVE-2022-2617</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2618">CVE-2022-2618</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2619">CVE-2022-2619</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2620">CVE-2022-2620</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2621">CVE-2022-2621</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2622">CVE-2022-2622</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2623">CVE-2022-2623</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2624">CVE-2022-2624</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2852">CVE-2022-2852</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2853">CVE-2022-2853</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2854">CVE-2022-2854</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2855">CVE-2022-2855</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2856">CVE-2022-2856</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2857">CVE-2022-2857</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2858">CVE-2022-2858</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2859">CVE-2022-2859</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2860">CVE-2022-2860</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2861">CVE-2022-2861</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33636">CVE-2022-33636</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33649">CVE-2022-33649</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35796">CVE-2022-35796</uri>
</references>
<metadata tag="requester" timestamp="2022-08-21T06:11:41.017671Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-21T06:11:41.021023Z">sam</metadata>
</glsa>

98
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-36.xml vendored Normal file
View File

@ -0,0 +1,98 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-36">
<title>Oracle VirtualBox: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.</synopsis>
<product type="ebuild">virtualbox,virtualbox-additions,virtualbox-extpack-oracle,virtualbox-guest-additions,virtualbox-modules</product>
<announced>2022-08-31</announced>
<revised count="1">2022-08-31</revised>
<bug>785445</bug>
<bug>803134</bug>
<bug>820425</bug>
<bug>831440</bug>
<bug>839990</bug>
<bug>859391</bug>
<access>remote</access>
<affected>
<package name="app-emulation/virtualbox" auto="yes" arch="*">
<unaffected range="ge">6.1.36</unaffected>
<vulnerable range="lt">6.1.36</vulnerable>
</package>
<package name="app-emulation/virtualbox-additions" auto="yes" arch="*">
<unaffected range="ge">6.1.36</unaffected>
<vulnerable range="lt">6.1.36</vulnerable>
</package>
<package name="app-emulation/virtualbox-extpack-oracle" auto="yes" arch="*">
<unaffected range="ge">6.1.36</unaffected>
<vulnerable range="lt">6.1.36</vulnerable>
</package>
<package name="app-emulation/virtualbox-guest-additions" auto="yes" arch="*">
<unaffected range="ge">6.1.36</unaffected>
<vulnerable range="lt">6.1.36</vulnerable>
</package>
<package name="app-emulation/virtualbox-modules" auto="yes" arch="*">
<unaffected range="ge">6.1.36</unaffected>
<vulnerable range="lt">6.1.36</vulnerable>
</package>
</affected>
<background>
<p>VirtualBox is a powerful virtualization product from Oracle.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All VirtualBox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.36"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2145">CVE-2021-2145</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2250">CVE-2021-2250</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2264">CVE-2021-2264</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2266">CVE-2021-2266</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2279">CVE-2021-2279</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2280">CVE-2021-2280</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2281">CVE-2021-2281</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2282">CVE-2021-2282</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2283">CVE-2021-2283</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2284">CVE-2021-2284</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2285">CVE-2021-2285</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2286">CVE-2021-2286</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2287">CVE-2021-2287</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2291">CVE-2021-2291</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2296">CVE-2021-2296</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2297">CVE-2021-2297</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2306">CVE-2021-2306</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2309">CVE-2021-2309</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2310">CVE-2021-2310</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2312">CVE-2021-2312</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2409">CVE-2021-2409</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2442">CVE-2021-2442</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2443">CVE-2021-2443</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2454">CVE-2021-2454</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2475">CVE-2021-2475</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35538">CVE-2021-35538</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35540">CVE-2021-35540</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35542">CVE-2021-35542</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35545">CVE-2021-35545</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21394">CVE-2022-21394</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21465">CVE-2022-21465</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21471">CVE-2022-21471</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21487">CVE-2022-21487</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21488">CVE-2022-21488</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21554">CVE-2022-21554</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21571">CVE-2022-21571</uri>
</references>
<metadata tag="requester" timestamp="2022-08-31T23:36:15.558358Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-31T23:36:15.564378Z">sam</metadata>
</glsa>

77
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-37.xml vendored Normal file
View File

@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-37">
<title>Mozilla Firefox: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">firefox,firefox-bin</product>
<announced>2022-08-31</announced>
<revised count="1">2022-08-31</revised>
<bug>866215</bug>
<access>remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge" slot="rapid">104</unaffected>
<unaffected range="ge" slot="esr">91.13.0</unaffected>
<vulnerable range="lt" slot="rapid">104</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge" slot="rapid">104</unaffected>
<unaffected range="ge" slot="esr">91.13.0</unaffected>
<vulnerable range="lt" slot="rapid">104</vulnerable>
<vulnerable range="lt" slot="esr">91.13.0</vulnerable>
<vulnerable range="lt" slot="esr">91.13.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-91.13.0"
</code>
<p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.13.0"
</code>
<p>All Mozilla Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-104.0"
</code>
<p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-104.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38472">CVE-2022-38472</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38473">CVE-2022-38473</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38474">CVE-2022-38474</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38475">CVE-2022-38475</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38476">CVE-2022-38476</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38477">CVE-2022-38477</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38478">CVE-2022-38478</uri>
</references>
<metadata tag="requester" timestamp="2022-08-31T23:36:29.134771Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-31T23:36:29.138193Z">sam</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-38.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-38">
<title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">thunderbird,thunderbird-bin</product>
<announced>2022-08-31</announced>
<revised count="1">2022-08-31</revised>
<bug>866217</bug>
<access>remote</access>
<affected>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">91.13.0</unaffected>
<vulnerable range="lt">91.13.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">91.13.0</unaffected>
<vulnerable range="lt">91.13.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.2.0"
</code>
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.2.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38472">CVE-2022-38472</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38473">CVE-2022-38473</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38476">CVE-2022-38476</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38477">CVE-2022-38477</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38478">CVE-2022-38478</uri>
</references>
<metadata tag="requester" timestamp="2022-08-31T23:36:36.839468Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-31T23:36:36.842807Z">sam</metadata>
</glsa>

74
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202208-39.xml vendored Normal file
View File

@ -0,0 +1,74 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-39">
<title>WebKitGTK+: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.</synopsis>
<product type="ebuild">webkit-gtk</product>
<announced>2022-08-31</announced>
<revised count="1">2022-08-31</revised>
<bug>866494</bug>
<bug>864427</bug>
<bug>856445</bug>
<bug>861740</bug>
<bug>837305</bug>
<bug>845252</bug>
<bug>839984</bug>
<bug>833568</bug>
<bug>832990</bug>
<access>remote</access>
<affected>
<package name="net-libs/webkit-gtk" auto="yes" arch="*">
<unaffected range="ge">2.36.7</unaffected>
<vulnerable range="lt">2.36.7</vulnerable>
</package>
</affected>
<background>
<p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All WebKitGTK+ users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2294">CVE-2022-2294</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22589">CVE-2022-22589</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22590">CVE-2022-22590</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22592">CVE-2022-22592</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22620">CVE-2022-22620</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22624">CVE-2022-22624</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22628">CVE-2022-22628</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22629">CVE-2022-22629</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22662">CVE-2022-22662</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22677">CVE-2022-22677</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26700">CVE-2022-26700</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26709">CVE-2022-26709</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26710">CVE-2022-26710</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26716">CVE-2022-26716</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26717">CVE-2022-26717</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26719">CVE-2022-26719</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30293">CVE-2022-30293</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30294">CVE-2022-30294</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32784">CVE-2022-32784</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32792">CVE-2022-32792</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32893">CVE-2022-32893</uri>
<uri link="https://webkitgtk.org/security/WSA-2022-0002.html">WSA-2022-0002</uri>
<uri link="https://webkitgtk.org/security/WSA-2022-0003.html">WSA-2022-0003</uri>
<uri link="https://webkitgtk.org/security/WSA-2022-0007.html">WSA-2022-0007</uri>
<uri link="https://webkitgtk.org/security/WSA-2022-0008.html">WSA-2022-0008</uri>
</references>
<metadata tag="requester" timestamp="2022-08-31T23:54:04.006418Z">sam</metadata>
<metadata tag="submitter" timestamp="2022-08-31T23:54:04.011928Z">ajak</metadata>
</glsa>

56
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-01.xml vendored Normal file
View File

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-01">
<title>GNU Gzip, XZ Utils: Arbitrary file write</title>
<synopsis>A vulnerability has been discovered in GNU Gzip and XZ Utils&#39; grep helpers which could result in writes to arbitrary files.</synopsis>
<product type="ebuild">gzip,xz-utils</product>
<announced>2022-09-07</announced>
<revised count="1">2022-09-07</revised>
<bug>837152</bug>
<bug>837155</bug>
<access>remote</access>
<affected>
<package name="app-arch/gzip" auto="yes" arch="*">
<unaffected range="ge">1.12</unaffected>
<vulnerable range="lt">1.12</vulnerable>
</package>
<package name="app-arch/xz-utils" auto="yes" arch="*">
<unaffected range="ge">5.2.5</unaffected>
<vulnerable range="lt">5.2.5</vulnerable>
</package>
</affected>
<background>
<p>GNU Gzip is a popular data compression program.
XZ Utils is free general-purpose data compression software with a high compression ratio.</p>
</background>
<description>
<p>GNU Gzip and XZ Utils&#39; grep helpers do not sufficiently validate certain multi-line file names.</p>
</description>
<impact type="high">
<p>In some cases, writing to arbitrary files such as shell initialization files can be escalation to remote code execution.</p>
</impact>
<workaround>
<p>Ensuring only trusted input is passed to GNU Gzip and XZ Utils&#39; grep helpers minimizes the potential impact.</p>
</workaround>
<resolution>
<p>All GNU Gzip users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/gzip-1.12"
</code>
<p>All XZ Utils users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/xz-utils-5.2.5"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1271">CVE-2022-1271</uri>
</references>
<metadata tag="requester" timestamp="2022-09-07T02:51:56.494624Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-07T02:51:56.504364Z">ajak</metadata>
</glsa>

48
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-02.xml vendored Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-02">
<title>IBM Spectrum Protect: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in IBM Spectrum Protect, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">tsm</product>
<announced>2022-09-07</announced>
<revised count="1">2022-09-07</revised>
<bug>788115</bug>
<bug>829189</bug>
<bug>831509</bug>
<access>remote</access>
<affected>
<package name="app-backup/tsm" auto="yes" arch="*">
<unaffected range="ge">8.1.13.3</unaffected>
<vulnerable range="lt">8.1.13.3</vulnerable>
</package>
</affected>
<background>
<p>TSM provides the client and the API for IBM Spectrum Protect (formerly known as Tivoli Storage Manager), a backup and archival client/server solution targetting large tape libraries.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in IBM Spectrum Protect. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All IBM Spectrum Protect users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-backup/tsm-8.1.13.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3711">CVE-2021-3711</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3712">CVE-2021-3712</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4104">CVE-2021-4104</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29672">CVE-2021-29672</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39048">CVE-2021-39048</uri>
</references>
<metadata tag="requester" timestamp="2022-09-07T02:52:10.543581Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-07T02:52:10.548069Z">ajak</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-03.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-03">
<title>OpenSC: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in OpenSC, the worst of which could result in the execution of arbitrary code.</synopsis>
<product type="ebuild">opensc</product>
<announced>2022-09-07</announced>
<revised count="1">2022-09-07</revised>
<bug>839357</bug>
<access>remote</access>
<affected>
<package name="dev-libs/opensc" auto="yes" arch="*">
<unaffected range="ge">0.22.0</unaffected>
<vulnerable range="lt">0.22.0</vulnerable>
</package>
</affected>
<background>
<p>OpenSC contains tools and libraries for smart cards.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenSC users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.22.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42778">CVE-2021-42778</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42779">CVE-2021-42779</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42780">CVE-2021-42780</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42781">CVE-2021-42781</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42782">CVE-2021-42782</uri>
</references>
<metadata tag="requester" timestamp="2022-09-07T02:52:29.199741Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-07T02:52:29.203955Z">ajak</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-04.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-04">
<title>OpenJPEG: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in OpenJPEG, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">openjpeg</product>
<announced>2022-09-07</announced>
<revised count="1">2022-09-07</revised>
<bug>783513</bug>
<bug>836969</bug>
<bug>844064</bug>
<access>remote</access>
<affected>
<package name="media-libs/openjpeg" auto="yes" arch="*">
<unaffected range="ge">2.5.0</unaffected>
<vulnerable range="lt">2.5.0</vulnerable>
</package>
</affected>
<background>
<p>OpenJPEG is an open-source JPEG 2000 library.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenJPEG. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenJPEG 2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/openjpeg-2.5.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29338">CVE-2021-29338</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1122">CVE-2022-1122</uri>
</references>
<metadata tag="requester" timestamp="2022-09-07T02:52:40.959934Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-07T02:52:40.964269Z">ajak</metadata>
</glsa>

153
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-05.xml vendored Normal file
View File

@ -0,0 +1,153 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-05">
<title>OpenJDK: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in OpenJDK, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">openjdk,openjdk-bin,openjdk-jre-bin</product>
<announced>2022-09-07</announced>
<revised count="1">2022-09-07</revised>
<bug>803605</bug>
<bug>831446</bug>
<bug>784611</bug>
<access>remote</access>
<affected>
<package name="dev-java/openjdk" auto="yes" arch="*">
<unaffected range="ge" slot="17">17.0.2_p8</unaffected>
<unaffected range="ge" slot="11">11.0.14_p9</unaffected>
<unaffected range="ge" slot="8">8.322_p06</unaffected>
<vulnerable range="lt" slot="17">17.0.2_p8</vulnerable>
<vulnerable range="lt" slot="11">11.0.14_p9</vulnerable>
<vulnerable range="lt" slot="8">8.322_p06</vulnerable>
</package>
<package name="dev-java/openjdk-bin" auto="yes" arch="*">
<unaffected range="ge" slot="17">17.0.2_p8</unaffected>
<unaffected range="ge" slot="11">11.0.14_p9</unaffected>
<unaffected range="ge" slot="8">8.322_p06</unaffected>
<vulnerable range="lt" slot="17">17.0.2_p8</vulnerable>
<vulnerable range="lt" slot="11">11.0.14_p9</vulnerable>
<vulnerable range="lt" slot="8">8.322_p06</vulnerable>
</package>
<package name="dev-java/openjdk-jre-bin" auto="yes" arch="*">
<unaffected range="ge" slot="17">17.0.2_p8</unaffected>
<unaffected range="ge" slot="11">11.0.14_p9</unaffected>
<unaffected range="ge" slot="8">8.322_p06</unaffected>
<vulnerable range="lt" slot="17">17.0.2_p8</vulnerable>
<vulnerable range="lt" slot="11">11.0.14_p9</vulnerable>
<vulnerable range="lt" slot="8">8.322_p06</vulnerable>
</package>
</affected>
<background>
<p>OpenJDK is an open source implementation of the Java programming language.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenJDK 8 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.322_p06:8"
</code>
<p>All OpenJDK 8 JRE binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.322_p06:8"
</code>
<p>All OpenJDK 8 binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.322_p06:8"
</code>
<p>All OpenJDK 11 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.14_p9:11"
</code>
<p>All OpenJDK 11 JRE binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.14_p9:11"
</code>
<p>All OpenJDK 11 binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.14_p9:11"
</code>
<p>All OpenJDK 17 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.2_p8:17"
</code>
<p>All OpenJDK 17 JRE binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.2_p8:17"
</code>
<p>All OpenJDK 17 binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.2_p8:17"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2161">CVE-2021-2161</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2163">CVE-2021-2163</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2341">CVE-2021-2341</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2369">CVE-2021-2369</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2388">CVE-2021-2388</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2432">CVE-2021-2432</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35550">CVE-2021-35550</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35556">CVE-2021-35556</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35559">CVE-2021-35559</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35561">CVE-2021-35561</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35564">CVE-2021-35564</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35565">CVE-2021-35565</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35567">CVE-2021-35567</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35578">CVE-2021-35578</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35586">CVE-2021-35586</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35588">CVE-2021-35588</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35603">CVE-2021-35603</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21248">CVE-2022-21248</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21271">CVE-2022-21271</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21277">CVE-2022-21277</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21282">CVE-2022-21282</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21283">CVE-2022-21283</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21291">CVE-2022-21291</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21293">CVE-2022-21293</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21294">CVE-2022-21294</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21296">CVE-2022-21296</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21299">CVE-2022-21299</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21305">CVE-2022-21305</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21340">CVE-2022-21340</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21341">CVE-2022-21341</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21349">CVE-2022-21349</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21360">CVE-2022-21360</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21365">CVE-2022-21365</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21366">CVE-2022-21366</uri>
</references>
<metadata tag="requester" timestamp="2022-09-07T02:52:51.955536Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-07T02:52:51.960448Z">ajak</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-06.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-06">
<title>Rizin: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Rizin, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">rizin</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>861524</bug>
<bug>868999</bug>
<access>local and remote</access>
<affected>
<package name="dev-util/rizin" auto="yes" arch="*">
<unaffected range="ge">0.4.1</unaffected>
<vulnerable range="lt">0.4.1</vulnerable>
</package>
</affected>
<background>
<p>Rizin is a reverse engineering framework for binary analysis.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Rizin. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Rizin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/rizin-0.4.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34612">CVE-2022-34612</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36039">CVE-2022-36039</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36040">CVE-2022-36040</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36041">CVE-2022-36041</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36042">CVE-2022-36042</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36043">CVE-2022-36043</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36044">CVE-2022-36044</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:33:58.550630Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:33:58.562441Z">ajak</metadata>
</glsa>

40
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-07.xml vendored Normal file
View File

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-07">
<title>Mrxvt: Arbitrary Code Execution</title>
<synopsis>A vulnerability has been discovered in Mrxvt which could allow for arbitrary code execution</synopsis>
<product type="ebuild">mrxvt</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>791004</bug>
<access>local and remote</access>
<affected>
<package name="x11-terms/mrxvt" auto="yes" arch="*">
<vulnerable range="le">0.5.4</vulnerable>
</package>
</affected>
<background>
<p>Mrxvt is a multi-tabbed rxvt clone with XFT, transparent background and CJK support.</p>
</background>
<description>
<p>Mrxvt mishandles certain escape sequences, some of which allow for shell command execution.</p>
</description>
<impact type="normal">
<p>An attacker with sufficient access to write arbitrary text to the Mrxvt terminal could execute arbitrary code.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo has discontinued support for Mrxvt. We recommend that users remove it:</p>
<code>
# emerge --ask --depclean "x11-terms/mrxvt"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33477">CVE-2021-33477</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:34:13.204482Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:34:13.210077Z">ajak</metadata>
</glsa>

41
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-08.xml vendored Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-08">
<title>Smokeping: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Smokeping, the worst of which could result in root privilege escalation.</synopsis>
<product type="ebuild">smokeping</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>631140</bug>
<bug>602652</bug>
<access>local</access>
<affected>
<package name="net-analyzer/smokeping" auto="yes" arch="*">
<vulnerable range="le">2.7.3-r1</vulnerable>
</package>
</affected>
<background>
<p>Smokeping is a powerful latency measurement tool</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Smokeping. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>A local attacker which gains access to the smokeping user could gain root privileges.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo has discontinued support for Smokeping. We recommend that users remove it:</p>
<code>
# emerge --ask --depclean "net-analyzer/smokeping"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-20147">CVE-2017-20147</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:34:27.263575Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:34:27.268533Z">ajak</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-09.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-09">
<title>Smarty: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution</synopsis>
<product type="ebuild">smarty</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>830980</bug>
<bug>845180</bug>
<bug>870100</bug>
<access>remote</access>
<affected>
<package name="dev-php/smarty" auto="yes" arch="*">
<unaffected range="ge">4.2.1</unaffected>
<vulnerable range="lt">4.2.1</vulnerable>
</package>
</affected>
<background>
<p>Smarty is a template engine for PHP. The &#34;template security&#34; feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Smarty. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Smarty users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/smarty-4.2.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-25047">CVE-2018-25047</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21408">CVE-2021-21408</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29454">CVE-2021-29454</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29221">CVE-2022-29221</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:34:41.298611Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:34:41.303400Z">ajak</metadata>
</glsa>

40
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-10.xml vendored Normal file
View File

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-10">
<title>Logcheck: Root privilege escalation</title>
<synopsis>A vulnerability has been discovered in Logcheck&#39;s ebuilds which could allow for root privilege escalation.</synopsis>
<product type="ebuild">logcheck</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>630752</bug>
<access>remote</access>
<affected>
<package name="app-admin/logcheck" auto="yes" arch="*">
<vulnerable range="le">1.3.23</vulnerable>
</package>
</affected>
<background>
<p>Logcheck mails anomalies in the system logfiles to the administrator.</p>
</background>
<description>
<p>The pkg_postinst phase of the Logcheck ebuilds recursively chown the /etc/logcheck and /var/lib/logcheck directories. If the logcheck adds hardlinks to other files in these directories, the chown call will follow the link and transfer ownership of any file to the logcheck user.</p>
</description>
<impact type="normal">
<p>A local attacker with access to the logcheck user could escalate to root privileges.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo has discontinued support for Logcheck. We recommend that users remove it:</p>
<code>
# emerge --ask --depclean "app-admin/logcheck"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-20148">CVE-2017-20148</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:34:57.482832Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:34:57.487714Z">ajak</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-11.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-11">
<title>HarfBuzz: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">harfbuzz</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>830372</bug>
<bug>856049</bug>
<access>remote</access>
<affected>
<package name="media-libs/harfbuzz" auto="yes" arch="*">
<unaffected range="ge">4.4.0</unaffected>
<vulnerable range="lt">4.4.0</vulnerable>
</package>
</affected>
<background>
<p>HarfBuzz is an OpenType text shaping engine.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All HarfBuzz users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-4.4.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45931">CVE-2021-45931</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33068">CVE-2022-33068</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:35:18.213772Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:35:18.218222Z">ajak</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-12.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-12">
<title>GRUB: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.</synopsis>
<product type="ebuild">grub</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>850535</bug>
<bug>835082</bug>
<access>local</access>
<affected>
<package name="sys-boot/grub" auto="yes" arch="*">
<unaffected range="ge">2.06</unaffected>
<vulnerable range="lt">2.06</vulnerable>
</package>
</affected>
<background>
<p>GNU GRUB is a multiboot boot loader used by most Linux systems.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GRUB users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-boot/grub-2.06-r3"
</code>
<p>After upgrading, make sure to run the grub-install command with options appropriate for your system. See the GRUB2 Gentoo Wiki page for directions. Your system will be vulnerable until this action is performed.</p>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3695">CVE-2021-3695</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3696">CVE-2021-3696</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3697">CVE-2021-3697</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3981">CVE-2021-3981</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28733">CVE-2022-28733</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28734">CVE-2022-28734</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28735">CVE-2022-28735</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28736">CVE-2022-28736</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28737">CVE-2022-28737</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:35:30.406656Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:35:30.411250Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-13.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-13">
<title>libaacplus: Denial of Service</title>
<synopsis>Multiple vulnerabilities have been discovered in libaacplus, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">libaacplus</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>618000</bug>
<access>local and remote</access>
<affected>
<package name="media-libs/libaacplus" auto="yes" arch="*">
<vulnerable range="le">2.0.2-r3</vulnerable>
</package>
</affected>
<background>
<p>libaacplus is an HE-AAC+ v2 library, based on the reference implementation.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libaacplus. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo has discontinued suport for libaacplus. We recommend that users remove it:</p>
<code>
# emerge --ask --depclean "media-libs/libaacplus"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7603">CVE-2017-7603</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7604">CVE-2017-7604</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7605">CVE-2017-7605</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:35:43.192701Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:35:43.197563Z">ajak</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-14.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-14">
<title>Fetchmail: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties.</synopsis>
<product type="ebuild">fetchmail</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>810676</bug>
<bug>804921</bug>
<access>remote</access>
<affected>
<package name="net-mail/fetchmail" auto="yes" arch="*">
<unaffected range="ge">6.4.22</unaffected>
<vulnerable range="lt">6.4.22</vulnerable>
</package>
</affected>
<background>
<p>Fetchmail is a remote mail retrieval and forwarding utility.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Fetchmail. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Fetchmail users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.4.22"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36386">CVE-2021-36386</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39272">CVE-2021-39272</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:35:56.538201Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:35:56.542922Z">ajak</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-15.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-15">
<title>Oracle JDK/JRE: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code.</synopsis>
<product type="ebuild">oracle-jdk-bin,oracle-jre-bin</product>
<announced>2022-09-25</announced>
<revised count="1">2022-09-25</revised>
<bug>732630</bug>
<bug>717638</bug>
<access>remote</access>
<affected>
<package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
<vulnerable range="le">11.0.2</vulnerable>
</package>
<package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
<vulnerable range="le">1.8.0.202</vulnerable>
</package>
</affected>
<background>
<p>Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today&#39;s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today&#39;s applications require.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Oracle&#39;s JDK and JRE software suites. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Certain uses of untrusted data by Oracle JDK and JRE could result in arbitrary code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo has discontinued support for the Oracle JDK and JRE. We recommend that users remove it, and use dev-java/openjdk, dev-java/openjdk-bin, or dev-java/openjdk-jre-bin instead:</p>
<code>
# emerge --ask --depclean "dev-java/oracle-jre-bin"
# emerge --ask --depclean "dev-java/oracle-jdk-bin"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2585">CVE-2020-2585</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2755">CVE-2020-2755</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2756">CVE-2020-2756</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2757">CVE-2020-2757</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2773">CVE-2020-2773</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2781">CVE-2020-2781</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2800">CVE-2020-2800</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2803">CVE-2020-2803</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2805">CVE-2020-2805</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14556">CVE-2020-14556</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14562">CVE-2020-14562</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14573">CVE-2020-14573</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14577">CVE-2020-14577</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14578">CVE-2020-14578</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14579">CVE-2020-14579</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14581">CVE-2020-14581</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14583">CVE-2020-14583</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14593">CVE-2020-14593</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14621">CVE-2020-14621</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14664">CVE-2020-14664</uri>
</references>
<metadata tag="requester" timestamp="2022-09-25T13:36:11.652902Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-25T13:36:11.657278Z">ajak</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-16.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-16">
<title>BlueZ: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">bluez</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>797712</bug>
<bug>835077</bug>
<access>remote</access>
<affected>
<package name="net-wireless/bluez" auto="yes" arch="*">
<unaffected range="ge">5.63</unaffected>
<vulnerable range="lt">5.63</vulnerable>
</package>
</affected>
<background>
<p>BlueZ is the canonical bluetooth tools and system daemons package for Linux.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All BlueZ users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.63"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26558">CVE-2020-26558</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-0129">CVE-2021-0129</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3588">CVE-2021-3588</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0204">CVE-2022-0204</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:21:34.715873Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:21:34.729713Z">ajak</metadata>
</glsa>

60
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-17.xml vendored Normal file
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-17">
<title>Redis: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Redis, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">redis</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>803302</bug>
<bug>816282</bug>
<bug>841404</bug>
<bug>856040</bug>
<bug>859181</bug>
<bug>872278</bug>
<access>remote</access>
<affected>
<package name="dev-db/redis" auto="yes" arch="*">
<unaffected range="ge">7.0.5</unaffected>
<vulnerable range="lt">7.0.5</vulnerable>
</package>
</affected>
<background>
<p>Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Redis users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/redis-7.0.5"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32626">CVE-2021-32626</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32627">CVE-2021-32627</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32628">CVE-2021-32628</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32672">CVE-2021-32672</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32675">CVE-2021-32675</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32687">CVE-2021-32687</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32761">CVE-2021-32761</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32762">CVE-2021-32762</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41099">CVE-2021-41099</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24735">CVE-2022-24735</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24736">CVE-2022-24736</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31144">CVE-2022-31144</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33105">CVE-2022-33105</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35951">CVE-2022-35951</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:21:49.334830Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:21:49.338636Z">ajak</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-18.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-18">
<title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">thunderbird,thunderbird-bin</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>872572</bug>
<access>remote</access>
<affected>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">102.3.0</unaffected>
<vulnerable range="lt">102.3.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">102.3.0</unaffected>
<vulnerable range="lt">102.3.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.3.0"
</code>
<p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.3.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3155">CVE-2022-3155</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40956">CVE-2022-40956</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40957">CVE-2022-40957</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40958">CVE-2022-40958</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40959">CVE-2022-40959</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40960">CVE-2022-40960</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40962">CVE-2022-40962</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:22:02.610681Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:22:02.615638Z">ajak</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-19.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-19">
<title>GraphicsMagick: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which are fuzzing issues presumed to allow for arbitrary code execution.</synopsis>
<product type="ebuild">graphicsmagick</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>721328</bug>
<bug>836283</bug>
<bug>873367</bug>
<access>remote</access>
<affected>
<package name="media-gfx/graphicsmagick" auto="yes" arch="*">
<unaffected range="ge">1.3.38</unaffected>
<vulnerable range="lt">1.3.38</vulnerable>
</package>
</affected>
<background>
<p>GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GraphicsMagick users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.38"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12672">CVE-2020-12672</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1270">CVE-2022-1270</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:22:18.052582Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:22:18.057915Z">ajak</metadata>
</glsa>

71
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-20.xml vendored Normal file
View File

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-20">
<title>PHP: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.</synopsis>
<product type="ebuild">php</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>799776</bug>
<bug>810526</bug>
<bug>819510</bug>
<bug>833585</bug>
<bug>850772</bug>
<bug>857054</bug>
<access>remote</access>
<affected>
<package name="dev-lang/php" auto="yes" arch="*">
<unaffected range="ge" slot="7.4">7.4.30</unaffected>
<unaffected range="ge" slot="8.0">8.0.23</unaffected>
<unaffected range="ge" slot="8.1">8.1.8</unaffected>
<vulnerable range="lt" slot="7.4">7.4.30</vulnerable>
<vulnerable range="lt" slot="8.0">8.0.23</vulnerable>
<vulnerable range="lt" slot="8.1">8.1.8</vulnerable>
</package>
</affected>
<background>
<p>PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PHP 7.4 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.30:7.4"
</code>
<p>All PHP 8.0 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-8.0.23:8.0"
</code>
<p>All PHP 8.1 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-8.1.8:8.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21703">CVE-2021-21703</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21704">CVE-2021-21704</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21705">CVE-2021-21705</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21708">CVE-2021-21708</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31625">CVE-2022-31625</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31626">CVE-2022-31626</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31627">CVE-2022-31627</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:23:13.296193Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:23:13.301732Z">ajak</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-21.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-21">
<title>Poppler: Arbitrary Code Execution</title>
<synopsis>A vulnerability has been discovered in Poppler which could allow for arbitrary code execution.</synopsis>
<product type="ebuild">poppler</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>867958</bug>
<access>remote</access>
<affected>
<package name="app-text/poppler" auto="yes" arch="*">
<unaffected range="ge">22.09.0</unaffected>
<vulnerable range="lt">22.09.0</vulnerable>
</package>
</affected>
<background>
<p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code.</p>
</impact>
<workaround>
<p>Avoid opening untrusted PDFs.</p>
</workaround>
<resolution>
<p>All Poppler users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-22.09.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30860">CVE-2021-30860</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38784">CVE-2022-38784</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:23:57.782903Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:23:57.787650Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-22.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-22">
<title>Kitty: Arbitrary Code Execution</title>
<synopsis>A vulnerability has been found in Kitty which could allow for arbitrary code execution with user input.</synopsis>
<product type="ebuild">kitty</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>868543</bug>
<access>remote</access>
<affected>
<package name="x11-terms/kitty" auto="yes" arch="*">
<unaffected range="ge">0.26.2</unaffected>
<vulnerable range="lt">0.26.2</vulnerable>
</package>
</affected>
<background>
<p>Kitty is a fast, feature-rich, GPU-based terminal.</p>
</background>
<description>
<p>Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands.</p>
</description>
<impact type="normal">
<p>Kitty can produce notifications that, when clicked, can execute arbitrary commands.</p>
</impact>
<workaround>
<p>Avoid clicking unexpected notifications.</p>
</workaround>
<resolution>
<p>All Kitty users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/kitty-0.26.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41322">CVE-2022-41322</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:24:10.185134Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:24:10.190433Z">ajak</metadata>
</glsa>

112
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-23.xml vendored Normal file
View File

@ -0,0 +1,112 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-23">
<title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">chromium,chromium-bin,google-chrome,microsoft-edge</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>868156</bug>
<bug>868354</bug>
<bug>872407</bug>
<bug>870142</bug>
<access>remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">105.0.5195.125</unaffected>
<vulnerable range="lt">105.0.5195.125</vulnerable>
</package>
<package name="www-client/chromium-bin" auto="yes" arch="*">
<unaffected range="ge">105.0.5195.125</unaffected>
<vulnerable range="lt">105.0.5195.125</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">105.0.5195.125</unaffected>
<vulnerable range="lt">105.0.5195.125</vulnerable>
</package>
<package name="www-client/microsoft-edge" auto="yes" arch="*">
<unaffected range="ge">105.0.1343.42</unaffected>
<vulnerable range="lt">105.0.1343.42</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium, Google Chrome, Microsoft Edge. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-105.0.5195.125"
</code>
<p>All Chromium binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-bin-105.0.5195.125"
</code>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-105.0.5195.125"
</code>
<p>All Microsoft Edge users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-105.0.1343.42"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3038">CVE-2022-3038</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3039">CVE-2022-3039</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3040">CVE-2022-3040</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3041">CVE-2022-3041</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3042">CVE-2022-3042</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3043">CVE-2022-3043</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3044">CVE-2022-3044</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3045">CVE-2022-3045</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3046">CVE-2022-3046</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3047">CVE-2022-3047</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3048">CVE-2022-3048</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3049">CVE-2022-3049</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3050">CVE-2022-3050</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3051">CVE-2022-3051</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3052">CVE-2022-3052</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3053">CVE-2022-3053</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3054">CVE-2022-3054</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3055">CVE-2022-3055</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3056">CVE-2022-3056</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3057">CVE-2022-3057</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3058">CVE-2022-3058</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3071">CVE-2022-3071</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3075">CVE-2022-3075</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3195">CVE-2022-3195</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3196">CVE-2022-3196</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3197">CVE-2022-3197</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3198">CVE-2022-3198</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3199">CVE-2022-3199</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3200">CVE-2022-3200</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3201">CVE-2022-3201</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38012">CVE-2022-38012</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:24:25.561065Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:24:25.563560Z">ajak</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-24.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-24">
<title>Expat: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">expat</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>791703</bug>
<bug>830422</bug>
<bug>831918</bug>
<bug>833431</bug>
<bug>870097</bug>
<access>remote</access>
<affected>
<package name="dev-libs/expat" auto="yes" arch="*">
<unaffected range="ge">2.4.9</unaffected>
<vulnerable range="lt">2.4.9</vulnerable>
</package>
</affected>
<background>
<p>Expat is a set of XML parsing libraries.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Expat users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/expat-2.4.9"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45960">CVE-2021-45960</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46143">CVE-2021-46143</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22822">CVE-2022-22822</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22823">CVE-2022-22823</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22824">CVE-2022-22824</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22825">CVE-2022-22825</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22826">CVE-2022-22826</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22827">CVE-2022-22827</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23852">CVE-2022-23852</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23990">CVE-2022-23990</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-25235">CVE-2022-25235</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-25236">CVE-2022-25236</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-25313">CVE-2022-25313</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-25314">CVE-2022-25314</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-25315">CVE-2022-25315</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40674">CVE-2022-40674</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:24:39.510183Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:24:39.514035Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-25.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-25">
<title>Zutty: Arbitrary Code Execution</title>
<synopsis>A vulnerability has been discovered in Zutty which could allow for arbitrary code execution.</synopsis>
<product type="ebuild">zutty</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>868495</bug>
<access>remote</access>
<affected>
<package name="x11-terms/zutty" auto="yes" arch="*">
<unaffected range="ge">0.13</unaffected>
<vulnerable range="lt">0.13</vulnerable>
</package>
</affected>
<background>
<p>Zutty is an X terminal emulator rendering through OpenGL ES Compute Shaders.</p>
</background>
<description>
<p>Zutty does not correctly handle invalid DECRQSS commands, which can be exploited to run arbitrary commands in the terminal.</p>
</description>
<impact type="normal">
<p>Untrusted text written to the Zutty terminal can achieve arbitrary code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Zutty users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/zutty-0.13"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41138">CVE-2022-41138</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:24:54.456443Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:24:54.462355Z">ajak</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-26.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-26">
<title>Go: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">go</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>869002</bug>
<access>remote</access>
<affected>
<package name="dev-lang/go" auto="yes" arch="*">
<unaffected range="ge">1.18.6</unaffected>
<vulnerable range="lt">1.18.6</vulnerable>
</package>
</affected>
<background>
<p>Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Go users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/go-1.18.6"
</code>
<p>In addition, users using Portage 3.0.9 or later should ensure that packages with Go binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:</p>
<code>
# emerge --ask --oneshot --verbose @golang-rebuild
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27664">CVE-2022-27664</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32190">CVE-2022-32190</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:25:08.594710Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:25:08.600219Z">ajak</metadata>
</glsa>

76
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202209-27.xml vendored Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202209-27">
<title>Mozilla Firefox: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">firefox,firefox-bin</product>
<announced>2022-09-29</announced>
<revised count="1">2022-09-29</revised>
<bug>872059</bug>
<access>remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge" slot="rapid">105.0</unaffected>
<unaffected range="ge" slot="esr">102.3.0</unaffected>
<vulnerable range="lt" slot="rapid">105.0</vulnerable>
<vulnerable range="lt" slot="esr">102.3.0</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge" slot="rapid">105.0</unaffected>
<unaffected range="ge" slot="esr">102.3.0</unaffected>
<vulnerable range="lt" slot="rapid">105.0</vulnerable>
<vulnerable range="lt" slot="esr">102.3.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-102.3.0"
</code>
<p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.3.0"
</code>
<p>All Mozilla Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-105.0"
</code>
<p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-105.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40956">CVE-2022-40956</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40957">CVE-2022-40957</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40958">CVE-2022-40958</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40959">CVE-2022-40959</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40960">CVE-2022-40960</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40962">CVE-2022-40962</uri>
</references>
<metadata tag="requester" timestamp="2022-09-29T14:25:19.979184Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-09-29T14:25:19.985055Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-01.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-01">
<title>Open Asset Import Library (&#34;assimp&#34;): Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Open Asset Import Library, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">assimp</product>
<announced>2022-10-16</announced>
<revised count="1">2022-10-16</revised>
<bug>830374</bug>
<access>remote</access>
<affected>
<package name="media-libs/assimp" auto="yes" arch="*">
<unaffected range="ge">5.2.2</unaffected>
<vulnerable range="lt">5.2.2</vulnerable>
</package>
</affected>
<background>
<p>Open Asset Import Library is a library to import and export various 3d-model-formats including scene-post-processing to generate missing render data.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Open Asset Import Library users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/assimp-5.2.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45948">CVE-2021-45948</uri>
</references>
<metadata tag="requester" timestamp="2022-10-16T14:26:28.704832Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-16T14:26:28.710311Z">ajak</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-02.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-02">
<title>OpenSSL: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">openssl</product>
<announced>2022-10-16</announced>
<revised count="1">2022-10-16</revised>
<bug>741570</bug>
<bug>809980</bug>
<bug>832339</bug>
<bug>835343</bug>
<bug>842489</bug>
<bug>856592</bug>
<access>remote</access>
<affected>
<package name="dev-libs/openssl" auto="yes" arch="*">
<unaffected range="ge">1.1.1q</unaffected>
<vulnerable range="lt">1.1.1q</vulnerable>
</package>
</affected>
<background>
<p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenSSL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1q"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1968">CVE-2020-1968</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3711">CVE-2021-3711</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3712">CVE-2021-3712</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4160">CVE-2021-4160</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0778">CVE-2022-0778</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1292">CVE-2022-1292</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1473">CVE-2022-1473</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2097">CVE-2022-2097</uri>
</references>
<metadata tag="requester" timestamp="2022-10-16T14:27:07.365886Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-16T14:27:07.370780Z">ajak</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-03.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-03">
<title>libxml2: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in libxml2, the worst of which could result in arbitrary code execution.</synopsis>
<product type="ebuild">libxml2</product>
<announced>2022-10-16</announced>
<revised count="1">2022-10-16</revised>
<bug>833809</bug>
<bug>842261</bug>
<bug>865727</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libxml2" auto="yes" arch="*">
<unaffected range="ge">2.10.2</unaffected>
<vulnerable range="lt">2.10.2</vulnerable>
</package>
</affected>
<background>
<p>libxml2 is the XML C parser and toolkit developed for the GNOME project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libxml2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23308">CVE-2022-23308</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29824">CVE-2022-29824</uri>
</references>
<metadata tag="requester" timestamp="2022-10-16T14:40:08.100268Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-16T14:40:08.111318Z">ajak</metadata>
</glsa>

68
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-04.xml vendored Normal file
View File

@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-04">
<title>Wireshark: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Wireshark, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">wireshark</product>
<announced>2022-10-16</announced>
<revised count="1">2022-10-16</revised>
<bug>802216</bug>
<bug>824474</bug>
<bug>830343</bug>
<bug>833294</bug>
<bug>869140</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/wireshark" auto="yes" arch="*">
<unaffected range="ge">3.6.8</unaffected>
<vulnerable range="lt">3.6.8</vulnerable>
</package>
</affected>
<background>
<p>Wireshark is a versatile network protocol analyzer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Wireshark users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-3.6.8"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4181">CVE-2021-4181</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4182">CVE-2021-4182</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4183">CVE-2021-4183</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4184">CVE-2021-4184</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4185">CVE-2021-4185</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4186">CVE-2021-4186</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4190">CVE-2021-4190</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22235">CVE-2021-22235</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39920">CVE-2021-39920</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39921">CVE-2021-39921</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39922">CVE-2021-39922</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39924">CVE-2021-39924</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39925">CVE-2021-39925</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39926">CVE-2021-39926</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39928">CVE-2021-39928</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39929">CVE-2021-39929</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0581">CVE-2022-0581</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0582">CVE-2022-0582</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0583">CVE-2022-0583</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0585">CVE-2022-0585</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0586">CVE-2022-0586</uri>
<uri>WNPA-SEC-2021-06</uri>
<uri>WNPA-SEC-2022-06</uri>
</references>
<metadata tag="requester" timestamp="2022-10-16T14:40:26.419748Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-16T14:40:26.423750Z">ajak</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-05.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-05">
<title>virglrenderer: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in virglrenderer, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">virglrenderer</product>
<announced>2022-10-16</announced>
<revised count="1">2022-10-16</revised>
<bug>866821</bug>
<access>remote</access>
<affected>
<package name="media-libs/virglrenderer" auto="yes" arch="*">
<unaffected range="ge">0.10.1</unaffected>
<vulnerable range="lt">0.10.1</vulnerable>
</package>
</affected>
<background>
<p>A virtual 3D GPU library, that allows the guest operating system to use the host GPU to accelerate 3D rendering.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in virglrenderer. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All virglrenderer users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/virglrenderer-0.10.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0135">CVE-2022-0135</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0175">CVE-2022-0175</uri>
</references>
<metadata tag="requester" timestamp="2022-10-16T14:41:23.560398Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-16T14:41:23.564666Z">ajak</metadata>
</glsa>

60
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-06.xml vendored Normal file
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-06">
<title>libvirt: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in libvirt, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">libvirt,libvirt-python</product>
<announced>2022-10-16</announced>
<revised count="1">2022-10-16</revised>
<bug>746119</bug>
<bug>799713</bug>
<bug>812317</bug>
<bug>836128</bug>
<access>remote</access>
<affected>
<package name="app-emulation/libvirt" auto="yes" arch="*">
<unaffected range="ge">8.2.0</unaffected>
<vulnerable range="lt">8.2.0</vulnerable>
</package>
<package name="dev-python/libvirt-python" auto="yes" arch="*">
<unaffected range="ge">8.2.0</unaffected>
<vulnerable range="lt">8.2.0</vulnerable>
</package>
</affected>
<background>
<p>libvirt is a C toolkit for manipulating virtual machines.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libvirt users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/libvirt-8.2.0"
</code>
<p>All libvirt-python users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/libvirt-python-8.2.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14339">CVE-2020-14339</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25637">CVE-2020-25637</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3631">CVE-2021-3631</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3667">CVE-2021-3667</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0897">CVE-2022-0897</uri>
</references>
<metadata tag="requester" timestamp="2022-10-16T14:42:10.219617Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-16T14:42:10.224150Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-07.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-07">
<title>Deluge: Cross-Site Scripting</title>
<synopsis>A vulnerability has been found in Deluge which could result in XSS.</synopsis>
<product type="ebuild">deluge</product>
<announced>2022-10-16</announced>
<revised count="1">2022-10-16</revised>
<bug>866842</bug>
<access>remote</access>
<affected>
<package name="net-p2p/deluge" auto="yes" arch="*">
<unaffected range="ge">2.1.1</unaffected>
<vulnerable range="lt">2.1.1</vulnerable>
</package>
</affected>
<background>
<p>Deluge is a BitTorrent client.</p>
</background>
<description>
<p>Deluge does not sufficiently sanitize crafted torrent file data, leading to the application interpreting untrusted data as HTML.</p>
</description>
<impact type="low">
<p>An attacker can achieve XSS via a crafted torrent file.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Deluge users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/deluge-2.1.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3427">CVE-2021-3427</uri>
</references>
<metadata tag="requester" timestamp="2022-10-16T14:42:29.766021Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-16T14:42:29.770310Z">ajak</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-08.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-08">
<title>Tcpreplay: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Tcpreplay, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">tcpreplay</product>
<announced>2022-10-16</announced>
<revised count="1">2022-10-16</revised>
<bug>833139</bug>
<bug>836240</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/tcpreplay" auto="yes" arch="*">
<unaffected range="ge">4.4.2</unaffected>
<vulnerable range="lt">4.4.2</vulnerable>
</package>
</affected>
<background>
<p>Tcpreplay is a suite of utilities for UNIX systems for editing and replaying network traffic which was previously captured by tools like tcpdump and ethereal/wireshark.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Tcpreplay. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Tcpreplay users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/tcpreplay-4.4.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45386">CVE-2021-45386</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45387">CVE-2021-45387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27416">CVE-2022-27416</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27418">CVE-2022-27418</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27939">CVE-2022-27939</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27940">CVE-2022-27940</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27941">CVE-2022-27941</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27942">CVE-2022-27942</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28487">CVE-2022-28487</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37047">CVE-2022-37047</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37048">CVE-2022-37048</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37049">CVE-2022-37049</uri>
</references>
<metadata tag="requester" timestamp="2022-10-16T14:42:49.366484Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-16T14:42:49.370906Z">ajak</metadata>
</glsa>

76
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-09.xml vendored Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-09">
<title>Rust: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">rust,rust-bin</product>
<announced>2022-10-16</announced>
<revised count="1">2022-10-16</revised>
<bug>870166</bug>
<bug>831638</bug>
<bug>821157</bug>
<bug>807052</bug>
<bug>782367</bug>
<access>remote</access>
<affected>
<package name="dev-lang/rust" auto="yes" arch="*">
<unaffected range="ge">1.63.0-r1</unaffected>
<vulnerable range="lt">1.63.0-r1</vulnerable>
</package>
<package name="dev-lang/rust-bin" auto="yes" arch="*">
<unaffected range="ge">1.64.0</unaffected>
<vulnerable range="lt">1.64.0</vulnerable>
</package>
</affected>
<background>
<p>A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Rust users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/rust-1.63.0-r1"
</code>
<p>All Rust binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/rust-bin-1.64.0"
</code>
<p>In addition, users using Portage 3.0.38 or later should ensure that packages with Rust binaries have no vulnerable code statically linked into their binaries by rebuilding the @rust-rebuild set:</p>
<code>
# emerge --ask --oneshot --verbose @rust-rebuild
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28875">CVE-2021-28875</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28876">CVE-2021-28876</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28877">CVE-2021-28877</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28878">CVE-2021-28878</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28879">CVE-2021-28879</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29922">CVE-2021-29922</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31162">CVE-2021-31162</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36317">CVE-2021-36317</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36318">CVE-2021-36318</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42574">CVE-2021-42574</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42694">CVE-2021-42694</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21658">CVE-2022-21658</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36113">CVE-2022-36113</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36114">CVE-2022-36114</uri>
</references>
<metadata tag="requester" timestamp="2022-10-16T14:43:11.432733Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-16T14:43:11.437329Z">ajak</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-10.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-10">
<title>LibTIFF: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">tiff</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>830981</bug>
<bug>837560</bug>
<access>remote</access>
<affected>
<package name="media-libs/tiff" auto="yes" arch="*">
<unaffected range="ge">4.4.0</unaffected>
<vulnerable range="lt">4.4.0</vulnerable>
</package>
</affected>
<background>
<p>LibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All LibTIFF users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-4.4.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0561">CVE-2022-0561</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0562">CVE-2022-0562</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0865">CVE-2022-0865</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0891">CVE-2022-0891</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0907">CVE-2022-0907</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0908">CVE-2022-0908</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0909">CVE-2022-0909</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0924">CVE-2022-0924</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1056">CVE-2022-1056</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1210">CVE-2022-1210</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1354">CVE-2022-1354</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1355">CVE-2022-1355</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1622">CVE-2022-1622</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1623">CVE-2022-1623</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22844">CVE-2022-22844</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:08:31.094552Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:08:31.101464Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-11.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-11">
<title>schroot: Denial of Service</title>
<synopsis>A vulnerability has been discovered in schroot which could result in denial of service of the schroot service.</synopsis>
<product type="ebuild">schroot</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>867016</bug>
<access>remote</access>
<affected>
<package name="dev-util/schroot" auto="yes" arch="*">
<unaffected range="ge">1.6.13_p2</unaffected>
<vulnerable range="lt">1.6.13_p2</vulnerable>
</package>
</affected>
<background>
<p>schroot is a utility to execute commands in a chroot environment.</p>
</background>
<description>
<p>schroot is unecessarily permissive in rules regarding chroot and session names.</p>
</description>
<impact type="low">
<p>A crafted chroot or session name can break the internal state of the schroot service, leading to denial of service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All schroot users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/schroot-1.6.13"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2787">CVE-2022-2787</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:08:56.631015Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:08:56.636355Z">ajak</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-12.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-12">
<title>Lighttpd: Denial of Service</title>
<synopsis>A vulnerability has been discovered in lighttpd which could result in denial of service.</synopsis>
<product type="ebuild">lighttpd</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>869890</bug>
<access>remote</access>
<affected>
<package name="www-servers/lighttpd" auto="yes" arch="*">
<unaffected range="ge">1.4.67</unaffected>
<vulnerable range="lt">1.4.67</vulnerable>
</package>
</affected>
<background>
<p>Lighttpd is a lightweight high-performance web server.</p>
</background>
<description>
<p>Lighttpd&#39;s mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.</p>
</description>
<impact type="low">
<p>An attacker can trigger a denial of service via making Lighttpd try to call an uninitialized function pointer.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All lighttpd users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.67"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37797">CVE-2022-37797</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41556">CVE-2022-41556</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:09:14.713606Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:09:14.718507Z">ajak</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-13.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-13">
<title>libgcrypt: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in libgcrypt, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">libgcrypt</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>766213</bug>
<bug>795480</bug>
<bug>811900</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libgcrypt" auto="yes" arch="*">
<unaffected range="ge">1.9.4</unaffected>
<vulnerable range="lt">1.9.4</vulnerable>
</package>
</affected>
<background>
<p>libgcrypt is a general purpose cryptographic library derived out of GnuPG.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libgcrypt users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.9.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33560">CVE-2021-33560</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40528">CVE-2021-40528</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:09:53.561970Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:09:53.566557Z">ajak</metadata>
</glsa>

48
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-14.xml vendored Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-14">
<title>Gitea: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Gitea, the worst of which could lead to denial of service</synopsis>
<product type="ebuild">gitea</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>848465</bug>
<bug>857819</bug>
<bug>868996</bug>
<bug>877355</bug>
<access>remote</access>
<affected>
<package name="www-apps/gitea" auto="yes" arch="*">
<unaffected range="ge">1.17.3</unaffected>
<vulnerable range="lt">1.17.3</vulnerable>
</package>
</affected>
<background>
<p>Gitea is a painless self-hosted Git service.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Gitea users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gitea-1.17.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1928">CVE-2022-1928</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32149">CVE-2022-32149</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38183">CVE-2022-38183</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42968">CVE-2022-42968</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:10:13.201097Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:10:13.205677Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-15.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-15">
<title>GDAL: Heap Buffer Overflow</title>
<synopsis>A heap buffer overflow vulnerability has been found in GDAL which could result in denial of service.</synopsis>
<product type="ebuild">gdal</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>830370</bug>
<access>remote</access>
<affected>
<package name="sci-libs/gdal" auto="yes" arch="*">
<unaffected range="ge">3.4.1</unaffected>
<vulnerable range="lt">3.4.1</vulnerable>
</package>
</affected>
<background>
<p>GDAL is a geospatial data abstraction library.</p>
</background>
<description>
<p>GDAL does not sufficiently sanitize input when loading PCIDSK binary segments.</p>
</description>
<impact type="low">
<p>Loading crafted PCIDSK data via GDAL could result in denial of service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GDAL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sci-libs/gdal-3.4.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45943">CVE-2021-45943</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:10:36.240702Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:10:36.246058Z">ajak</metadata>
</glsa>

106
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-16.xml vendored Normal file
View File

@ -0,0 +1,106 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-16">
<title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">chromium,chromium-bin,google-chrome,microsoft-edge</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>873817</bug>
<bug>874855</bug>
<bug>876855</bug>
<bug>873217</bug>
<access>remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">106.0.5249.119</unaffected>
<vulnerable range="lt">106.0.5249.119</vulnerable>
</package>
<package name="www-client/chromium-bin" auto="yes" arch="*">
<unaffected range="ge">106.0.5249.119</unaffected>
<vulnerable range="lt">106.0.5249.119</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">106.0.5249.119</unaffected>
<vulnerable range="lt">106.0.5249.119</vulnerable>
</package>
<package name="www-client/microsoft-edge" auto="yes" arch="*">
<unaffected range="ge">106.0.1370.37</unaffected>
<vulnerable range="lt">106.0.1370.37</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium, Google Chrome, and Microsoft Edge. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-106.0.5249.119"
</code>
<p>All Chromium binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-bin-106.0.5249.119"
</code>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-106.0.5249.119"
</code>
<p>All Microsoft Edge users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-106.0.1370.37"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3201">CVE-2022-3201</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3304">CVE-2022-3304</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3305">CVE-2022-3305</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3306">CVE-2022-3306</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3307">CVE-2022-3307</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3308">CVE-2022-3308</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3309">CVE-2022-3309</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3310">CVE-2022-3310</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3311">CVE-2022-3311</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3312">CVE-2022-3312</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3313">CVE-2022-3313</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3314">CVE-2022-3314</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3315">CVE-2022-3315</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3316">CVE-2022-3316</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3317">CVE-2022-3317</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3318">CVE-2022-3318</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3370">CVE-2022-3370</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3373">CVE-2022-3373</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3445">CVE-2022-3445</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3446">CVE-2022-3446</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3447">CVE-2022-3447</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3448">CVE-2022-3448</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3449">CVE-2022-3449</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3450">CVE-2022-3450</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41035">CVE-2022-41035</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:11:15.409827Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:11:15.412125Z">ajak</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-17.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-17">
<title>JHead: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in JHead, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">jhead</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>730746</bug>
<access>remote</access>
<affected>
<package name="media-gfx/jhead" auto="yes" arch="*">
<unaffected range="ge">3.06.0.1</unaffected>
<vulnerable range="lt">3.06.0.1</vulnerable>
</package>
</affected>
<background>
<p>JHead is an EXIF JPEG header manipulation tool.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All JHead users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/jhead-3.06.0.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3496">CVE-2021-3496</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28275">CVE-2021-28275</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28276">CVE-2021-28276</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28277">CVE-2021-28277</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28278">CVE-2021-28278</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:12:23.524182Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:12:23.530335Z">ajak</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-18.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-18">
<title>Sofia-SIP: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Sofia-SIP, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">sofia-sip</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>848870</bug>
<access>remote</access>
<affected>
<package name="net-libs/sofia-sip" auto="yes" arch="*">
<unaffected range="ge">1.13.8</unaffected>
<vulnerable range="lt">1.13.8</vulnerable>
</package>
</affected>
<background>
<p>Sofia-SIP is an RFC3261 compliant SIP User-Agent library.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Sofia-SIP users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/sofia-sip-1.13.8"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31001">CVE-2022-31001</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31002">CVE-2022-31002</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31003">CVE-2022-31003</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:12:52.132249Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:12:52.137910Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-19.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-19">
<title>Apptainer: Lack of Digital Signature Hash Verification</title>
<synopsis>A vulnerability has been found in Apptainer which could result in the usage of an unexpected of a container.</synopsis>
<product type="ebuild">apptainer</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>875869</bug>
<access>remote</access>
<affected>
<package name="app-containers/apptainer" auto="yes" arch="*">
<unaffected range="ge">1.1.2</unaffected>
<vulnerable range="lt">1.1.2</vulnerable>
</package>
</affected>
<background>
<p>Apptainer is the container system for secure high-performance computing.</p>
</background>
<description>
<p>The Go module &#34;sif&#34; version 2.8.0 and older, which is a statically linked dependency of Apptainer, does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.</p>
</description>
<impact type="low">
<p>An image whose verification relies on a cryptographically insecure hash algorithm could be replaced, resulting in users using an image other than the one that was expected.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Apptainer users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-containers/apptainer-1.1.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39237">CVE-2022-39237</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:13:42.466161Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:13:42.470930Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-20.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-20">
<title>Nicotine+: Denial of Service</title>
<synopsis>A vulnerability has been found in Nicotine+ which could result in denial of service.</synopsis>
<product type="ebuild">nicotine+</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>835374</bug>
<access>remote</access>
<affected>
<package name="net-p2p/nicotine+" auto="yes" arch="*">
<unaffected range="ge">3.2.1</unaffected>
<vulnerable range="lt">3.2.1</vulnerable>
</package>
</affected>
<background>
<p>Nicotine+ is a fork of nicotine, a Soulseek client in Python.</p>
</background>
<description>
<p>Nicotine+ does not sufficiently validate file path in download requests.</p>
</description>
<impact type="low">
<p>A file path in a download request which contains a null character will cause a crash of Nicotine+.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Nicotine+ users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/nicotine+-3.2.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45848">CVE-2021-45848</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:14:04.156383Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:14:04.161504Z">ajak</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-21.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-21">
<title>FasterXML jackson-databind: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">jackson-databind</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>874033</bug>
<access>remote</access>
<affected>
<package name="dev-java/jackson-databind" auto="yes" arch="*">
<unaffected range="ge">2.13.4.1</unaffected>
<vulnerable range="lt">2.13.4.1</vulnerable>
</package>
</affected>
<background>
<p>FasterXML jackson-databind is a general data-binding package for Jackson (2.x) which works on streaming API (core) implementation(s).</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in FasterXML jackson-databind. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All FasterXML jackson-databind users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/jackson-databind-2.13.4.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42003">CVE-2022-42003</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42004">CVE-2022-42004</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:15:38.213258Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:15:38.220174Z">ajak</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-22.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-22">
<title>RPM: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in RPM, the worst of which could lead to root privilege escalation.</synopsis>
<product type="ebuild">rpm</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>830380</bug>
<bug>866716</bug>
<access>remote</access>
<affected>
<package name="app-arch/rpm" auto="yes" arch="*">
<unaffected range="ge">4.18.0</unaffected>
<vulnerable range="lt">4.18.0</vulnerable>
</package>
</affected>
<background>
<p>The Red Hat Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All RPM users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rpm-4.18.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3521">CVE-2021-3521</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35937">CVE-2021-35937</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35938">CVE-2021-35938</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35939">CVE-2021-35939</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:15:56.870970Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:15:56.876124Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-23.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-23">
<title>libksba: Remote Code Execution</title>
<synopsis>An integer overflow vulnerability has been found in libksba which could result in remote code execution.</synopsis>
<product type="ebuild">libksba</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>877453</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libksba" auto="yes" arch="*">
<unaffected range="ge">1.6.2</unaffected>
<vulnerable range="lt">1.6.2</vulnerable>
</package>
</affected>
<background>
<p>Libksba is a X.509 and CMS (PKCS#7) library.</p>
</background>
<description>
<p>An integer overflow in parsing ASN.1 objects could lead to a buffer overflow.</p>
</description>
<impact type="high">
<p>Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libksba users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.6.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3515">CVE-2022-3515</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:16:48.468327Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:16:48.474794Z">ajak</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-24.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-24">
<title>FreeRDP: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in FreeRDP, the worst of which could result in remote code execution.</synopsis>
<product type="ebuild">freerdp</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>876905</bug>
<bug>842231</bug>
<bug>819534</bug>
<access>remote</access>
<affected>
<package name="net-misc/freerdp" auto="yes" arch="*">
<unaffected range="ge">2.8.1</unaffected>
<vulnerable range="lt">2.8.1</vulnerable>
</package>
</affected>
<background>
<p>FreeRDP is a free implementation of the remote desktop protocol.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All FreeRDP users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/freerdp-2.8.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41159">CVE-2021-41159</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41160">CVE-2021-41160</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24882">CVE-2022-24882</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24883">CVE-2022-24883</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39282">CVE-2022-39282</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39283">CVE-2022-39283</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:17:11.581235Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:17:11.586318Z">ajak</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-25.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-25">
<title>ISC BIND: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">bind,bind-tools</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>820563</bug>
<bug>835439</bug>
<bug>872206</bug>
<access>remote</access>
<affected>
<package name="net-dns/bind" auto="yes" arch="*">
<unaffected range="ge">9.16.33</unaffected>
<vulnerable range="lt">9.16.33</vulnerable>
</package>
<package name="net-dns/bind-tools" auto="yes" arch="*">
<unaffected range="ge">9.16.33</unaffected>
<vulnerable range="lt">9.16.33</vulnerable>
</package>
</affected>
<background>
<p>ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in ISC BIND. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All ISC BIND users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/bind-9.16.33"
</code>
<p>All ISC BIND-tools users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/bind-tools-9.16.33"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25219">CVE-2021-25219</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25220">CVE-2021-25220</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0396">CVE-2022-0396</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2795">CVE-2022-2795</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2881">CVE-2022-2881</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2906">CVE-2022-2906</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3080">CVE-2022-3080</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38177">CVE-2022-38177</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38178">CVE-2022-38178</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:18:02.086645Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:18:02.092498Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-26.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-26">
<title>Shadow: TOCTOU Race</title>
<synopsis>A TOCTOU race has been discovered in Shadow, which could result in the unauthorized modification of files.</synopsis>
<product type="ebuild">shadow</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>830486</bug>
<access>remote</access>
<affected>
<package name="sys-apps/shadow" auto="yes" arch="*">
<unaffected range="ge">4.12.2</unaffected>
<vulnerable range="lt">4.12.2</vulnerable>
</package>
</affected>
<background>
<p>Shadow contains utilities to deal with user accounts</p>
</background>
<description>
<p>A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes usermod/userdel.</p>
</description>
<impact type="normal">
<p>An unauthorized user could potentially modify files which they do not have write permissions for.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Shadow users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.12.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2013-4235">CVE-2013-4235</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:22:12.661215Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:22:12.666288Z">ajak</metadata>
</glsa>

43
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-27.xml vendored Normal file
View File

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-27">
<title>open-vm-tools: Local Privilege Escalation</title>
<synopsis>A vulnerability has been discovered in open-vm-tools which could allow for local privilege escalation.</synopsis>
<product type="ebuild">open-vm-tools</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>866227</bug>
<access>remote</access>
<affected>
<package name="app-emulation/open-vm-tools" auto="yes" arch="*">
<unaffected range="ge">12.1.0</unaffected>
<vulnerable range="lt">12.1.0</vulnerable>
</package>
</affected>
<background>
<p>open-vm-tools contains tools for VMware guests.</p>
</background>
<description>
<p>A pipe accessible to unprivileged users in the VMWare guest does not sufficiently sanitize input.</p>
</description>
<impact type="high">
<p>An unprivileged guest user could achieve root privileges within the guest.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All open-vm-tools users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/open-vm-tools-12.1.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31676">CVE-2022-31676</uri>
<uri>VMSA-2022-0024.1</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:23:04.771992Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:23:04.777600Z">ajak</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202210-28.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202210-28">
<title>exif: Denial of Service</title>
<synopsis>A vulnerability has been discovered in exif which could result in denial of service.</synopsis>
<product type="ebuild">exif</product>
<announced>2022-10-31</announced>
<revised count="1">2022-10-31</revised>
<bug>783522</bug>
<access>remote</access>
<affected>
<package name="media-gfx/exif" auto="yes" arch="*">
<unaffected range="ge">0.6.22</unaffected>
<vulnerable range="lt">0.6.22</vulnerable>
</package>
</affected>
<background>
<p>libexif is a library for parsing, editing and saving Exif metadata from images. exif is a small command line interface for libexif.</p>
</background>
<description>
<p>There is a bug in exif&#39;s XML output format which can result in a null pointer dereference when outputting crafted JPEG EXIF data.</p>
</description>
<impact type="low">
<p>A crafted JPEG image can trigger a denial of service in the form of a null pointer dereference.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All exif users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/exif-0.6.22"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27815">CVE-2021-27815</uri>
</references>
<metadata tag="requester" timestamp="2022-10-31T01:23:34.557009Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-10-31T01:23:34.562073Z">ajak</metadata>
</glsa>

Some files were not shown because too many files have changed in this diff Show More