From 9abeef2a1c24187f86549746ef5d6346681b97cf Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Sun, 1 Oct 2023 07:14:18 +0000 Subject: [PATCH] portage-stable/metadata: Monthly GLSA metadata updates --- .../portage-stable/metadata/glsa/Manifest | 30 ++-- .../metadata/glsa/Manifest.files.gz | Bin 546284 -> 548981 bytes .../metadata/glsa/glsa-202309-01.xml | 47 ++++++ .../metadata/glsa/glsa-202309-02.xml | 64 ++++++++ .../metadata/glsa/glsa-202309-03.xml | 45 ++++++ .../metadata/glsa/glsa-202309-04.xml | 56 +++++++ .../metadata/glsa/glsa-202309-05.xml | 44 +++++ .../metadata/glsa/glsa-202309-06.xml | 86 ++++++++++ .../metadata/glsa/glsa-202309-07.xml | 43 +++++ .../metadata/glsa/glsa-202309-08.xml | 43 +++++ .../metadata/glsa/glsa-202309-09.xml | 46 ++++++ .../metadata/glsa/glsa-202309-10.xml | 42 +++++ .../metadata/glsa/glsa-202309-11.xml | 43 +++++ .../metadata/glsa/glsa-202309-12.xml | 45 ++++++ .../metadata/glsa/glsa-202309-13.xml | 42 +++++ .../metadata/glsa/glsa-202309-14.xml | 43 +++++ .../metadata/glsa/glsa-202309-15.xml | 50 ++++++ .../metadata/glsa/glsa-202309-16.xml | 58 +++++++ .../metadata/glsa/glsa-202309-17.xml | 152 ++++++++++++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 21 files changed, 966 insertions(+), 17 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-17.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 78bca7b08f..616795a491 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 546284 BLAKE2B ffce95d14dec8e0ecb1658575f411350a797650e5376e656bbe5d1c11b4e05372611ac4ca5de41270e2e69dfa9461b99f212aa044d6509bb082c7f94d92006b8 SHA512 c90fc6416d62b1b09cbafd89df9a8523e7e9eec12dd28fd39f81776bc9076c1e64fdb0203c709c330d323ea0c05daf6d59e5c469948b4d49cc6d59443f29557a -TIMESTAMP 2023-09-01T06:40:05Z +MANIFEST Manifest.files.gz 548981 BLAKE2B 81700173ea02c0d006e3065367bd4b6801ae8e0cad7f0b23c4d86a41c1b860a4cbdeb3051fb86eb2d3f114b8ba0353d6e09e279718eed8ed2607a21c4e7ec67d SHA512 a987e0e64b2dbf1006cecbff251dc3524b4d244d2e54417a697139ac9ee5a97d21aefdfb0fb940e1890076d7fa18c793f4f7a60db6960004ade2253826320f19 +TIMESTAMP 2023-10-01T06:40:07Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmTxh0VfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUZFEdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klA2EBAApIljsr72WlUh5e1T9ri6+5OJB0jKYPaEJlyar/W79IND0gCUZtN+5e4r -nGGpVvfWHSKAZwn/OOH7OMIJ31aodVmHU70cmE/Yu026X/0qZaIzTbYQO8pftEj0 -EDYO9cTV8Vo0t7l/SFJdnOxzCrjjDN25nnfLg/tvHKdbn0Zre5icJPToaYb7qZeJ -HXegiWgmE7+mDSabEwDwhZZ+JwWWdyVZy7phxku699hpzw+pGXA7YUWpMdIlzOa1 -6sfz1+K4KANCx3AeR5358VZnxIw3hOaRBSZnAnz4mPlkQzvgD4YOqe0qvWn2PrNC -tzCBJ3k/GFFopYh1tBi8FQVj9RBcfyCvq9s7ZHsta37GD+op106+liK/gfJqVwPo -BcSSu5QMdGzbHTDhxN15HRUQILpQRE4nhgzBGVeu9tnff7xbbq5oyv5NR6O2OJFQ -OIKn/uNMWDlEqXTJK3ZzE5mkHYXWKH4OBGkSKzKOBW/J9rY8DWDjVDCHtXtwftT1 -kji/B60Zr2MbppfjiJ9uweBGg+Nd0Ht0WxWAPHDQOObFkEpLfa2z/oFHFdTkRwGS -EsQsBCCeCayvL39rRXDa+uXfERy7mAUMqgrmE1L5f1NfVP6gGwclT+i0iVhTJdY8 -bnqPPZqhsOuVQmc7QcI1AiHYDdDADxen8PaJuO/DJ7nn6UwFUYg= -=P6sX +klAXgg/9GGU9Zsh5GEuYoepVc11NhqztXU2fyrn8g4OkbIUFdOq45C/NDOzzmYkS +vve4BAhQZkGn6ixII2dbDqQHmvE4x4NFyobSXLRIYFFAbbQBSRUmib3HbDkxoMhb +nTbnNXX5kOq1m6nb3ydnjOKxfgew50dQYT0Yp+Uh9rRtU7sP74KYkseV9p5z+fp1 ++PKY7Nn0G9qANHMgf1YrxC1cgt4WWXXnXJI7YvjcQ/XZJTrAX2oEEGYee8GsLnAn +uGchKTPCbgBG1Dm9vM3jTctUpXKQ1s3B+T0ynciPHzb8IC0M0BvLdCVA1ZM99rCY +CcCJFkITrSBuUrJl3NJUzlYe1XQUH29c0kQe+mR0F4gDjav7gZBE1mKb9lqw/r2A +vLnm4/kF7IYdxVSFgO2B8GvpPvFQW0hiEAkz+GDRnqYeinVmPTRkBR4VqQfQql1T +rBuhQV9wQ/y/NIZq41X/rljjTdTpvtzB5ZSAxg9fOMmgo3WH6wb/k/6fgEK/WSGf +aTH44QoasTboF9kMrgfR+dB/aaTGAuFWC8Ulkjkxh4wE+HsLats2stAYsAnJfXL9 +jiW3dO8vdIvXYeI0Smmuxv6hHIz1ZJn8jvQv+iv+yonIbZEDQsgIBxxFPW5NrhiJ +a1oJARWuMGvHTeYaqAkfPbS7/ew6b5jLWN3174qxqX6HCsnIyF8= +=otvP -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index 933f01207b152c24101f1ebe8c29c5c304c13992..0926db59085930ac1e675e36e10cc016c356f78b 100644 GIT binary patch delta 8141 zcmV;;A2Q(Vt0DEkA%KJdgaU*Egam{Iga(8Mv@}x}v(fs;eq9e(0pxHQKd%dA2J%!$-XQvRXf#{ZBQ1 zwhGnrwQai^$`VShsIC zsAaEIf2YXO#gKDPRJP6^I*{{k3+MZV<$0%|RtmY@8zJo!&5 zB)_1aOSo7V5V8S3RH$11GrP1l(3U*T%K)$uH-Y&0)J*=eXkT#N% zl1bF}_L}RtRn^s)&boDKQI*N=B!c4}e}}ZK`VeDGmx_E4Tn3NY#(J<6XUAXOKbT8M zz6v>fS*>3N_{Yq?wl|&C@D`zq0Oi^*9SGcl5>I*Up_ZrfEY#1nY3wjn__(KzOp`Fd z^E*sTVKeEUr`12jNfX7YjtG|HaaWxc0IfsVNXf!6f91rex`QG=ppV5W0W^uze{9d7 ze(K=30Hw;Mk2!xMzlLYGz+KVCpmS0bQ|h2)5n@!iDk~fiHO8EZNUSXxM>X8F%rr$h zAXN7w|8f$4I{P($%=zr8S6%JSC9Y(vk#+gz@?B%sONBU_x7O|^_XyQhF?3c_tx89y zu2HtlP}f`Q(hNg@d6KiwOO=X?ePRJ6WNz(mdOfs_<3$oX(2z*(tR+ zr)TO)*L1J4DI)r#w{F#LAYUL}Rc^o=QzPUQ1sS$Q(#7X^4gsxAuMKu&$%Dl9AjZ|5 zEKQP+iJ$})CoQj_>&_RvfAy=f$WOd;q6L9h!ok5?3aGC6!Jxy`CJjDD7Wh`}Xt6 zgAJ`+sam3!hTfN>fBh=_jj)~TL8bOeWnE;jYg0fdd+VY`FUOqC*0zVqA0pRo=#UoD zkfa+Z1ME1>p(UIRG;i`jNz-6lzO2>@%YXE$ov#(5j!b~s2f-pVgJ{OJ?dY~NpO&*^ zOn{7fj~d8mD?A1jYowgB*CmRQiKlk3G)FH303acfo*eX;fy*bw}GDTo}AOlLL2NEcPsf9n5r>mAg${K}98dODl(G|fl= z^I*xLcCl7%Cy?!V_LY#%@5zhxsP>QIx?d2)kIEu>fBt-LuC`5a9m8UW-E7Pv5uq;9 z#t{#T>*Sb6PweXmRCHsH%ezqx)=1!6kZiZWGy)@fIxR?aQnqKPZm3Ln5%w>3)E`kO z(pOLtc)XYE8b`8V9X4DQH76-{Dm<`c85%>`?Y})+U;y59s>-gbFn^g&2Q4SejP}j3 zrRQ{df7d34dQMYAAcA~J>!i-^LDdtvMpK4;73_amt{<62r@vodzB+6U+;Re}UJpeE zMTJ7as<)LSt2>vW%&24{o@!DB*QwY{9_0yoJ$b1yNJ&NbV^o2SI3+C&`b)e=P#I4X2 zYvQlH3CyJ<6AP$7iB83xtjE@dmD)ck=BG~`P;*MZOWx5q{(gG#Me)=4bD+*20#nXm zf7gVt_-eElDvCZiACCTL=Q62v`BsWm-Qmk>{aiJ(3EmAw zCEJGPPW_O)IRx#54=UH<+(|ySHgxnNe^f0S^7!@}b%1L-sp&qqaZzo1a!{y~6_QfV zJ>SHhpmk2z(sru6f^la<4qWo7+vqDdukAcGb)oO>s-US%~!L2x$fcB%?Ud+y6YUg{hJBts0!x-ZA) zRu-CY8?|fCVQ%J_qo6WNNIFVXe@43=jJ+$pme?*~|G!o=F z*p_Q#eKx&9GNEiOTR>nZODxhrS3QDGNep$Z$%O2Lj(O~3Qr zCzhnCCb*Y@^6`$zH<*Fbe>6a7%45h0Z2)p*iU4o-3(WHZl#`J^x9y(%DD=I>k0=g+ z4b%qmx{A_vRobF4u@6n3O4_$$JVF_OoG~CXN5lJX;#xPCDl2mGI!o~yyW|v!tR-)7 z&905;my7uynZ>AT#cSkF1_ULuzRKONLhV&+>&leZu0-@n@+AdLf2nJ#OSL*F=#(wJ zj-|AW^to{;{XjwH12ifX^#+0Rx06x&w*c0X#%)%Is$t7{if@{(mYwIJ-G+{KyYZ_p zG<9FlqG)w~>lQI5vkD)_4v;8CKG*gqEt=Kdj_9*9M^wyjUjSY!tKhI@*pIPgI3D%g z)R@}n#J((bEkkm)5+VOM+4&Ns-;s~6o$Z6PXx zK+bd`IcU&q%%h;}PnR1o^~-p)1aT^!+E3|wC!bHiEtQ-e={;XZIcj-Fd7BZsYwFn+ zc{$Brw3_acKy<)+G;RRvpGwn8lfS4`6%Yl`sAugYHtF6ge`F<7rYiXA6cH1^vSAv* zqH#EEgE?}%w!7QSY<-LJzr@oIfqBOhQ=1x%K2@2SAX3SW#~Gl!l^_!n=Pjs=sgVb1 znn_x`d$CK994w7P8~ndniM7sr*V46#xHZ03r9v0pL8!j<+ZcAj%Go~f764aG>TZSe zR0U+or-hPie-E5Gzc`XNR^SRbu0V3Fu*&N~mew@TeeuRe{t_kmza@tqLfCfP__UvqQfWe{l4Kf} zeU-kVb?8G7R!UMmy|wQUk2Ga?0D3uWjz5xCHNjI-p+@`Ffl5`iV=a3wMc(-qSySkFG3&1y;!`q?`ma&yX)qq zf6bv)1hIbDRcF7o=-B_&1I4{oV)~X4))fBg-|*HCmIt7}@fJws*j;9h|1CJxtNYUS zTC&U<7Ob2f1MmHme#ytW?Y~S;Lp@apIym=NcFv$XgJub%Fft`^b;i1p8WSZ;Qt+35 zN{Jn}#jkq#Zy}qfpS-jck0Kr#f{X@Kf1lJr(T@6(esoPxKG~GqZ2fWBmkbmgL;wjS zoJD7qi7COwI`r@XWy|MbH);s%tl}}LLZm0F&Q?}t zMVsBhI|IXb4?teiO`KAUvd;?Q5!lbmDJ2c{9tki0ZMke$RPa1ds^+Sy;UXJFe{#q{ zqGJPO-3J;6D^gY+M3nW4Tl&*o9Bv{XXLh^M5cuNtJf|90PTx^7J2nLf5RX*yYUzx>n)elm$ zY7KvAic`5KKB@yar4cy~HDIPAf8YILziP{4C4XoDF&^(KL=PdA$02=kg+o%huuL6j zbOy2=^l;7{N=Qut6P5e1i^NOWyf?{4;e_jth82bV3X%c|Wj*U`s%kc+tNPiUolZR? zk3r9cM-2$d&#>a1z54)$@r<0GjoU8OUhyR*$eF#VhHJ@uB6X^sIUgsYf5%@&h4*Ux zkZjt=N!0Y^HvJN`4${i>x{f;jvh#KJDvc#73%CueNQQ@oCmOh4cFm>DKHBQ=G>JLH zcd$lMK1>Zd5bex_d7^7=grTCj0qK;L)*pSw_r-jd7!Fh$QUyqh#4k3x(_b?KRX|Fe zP`!9ikpigKeG6IzpapoSe;bW%OjCN7^PZYQbZh6(gG0|x64dZOjg@Lt5$iqG<#B8) zlrJr^ADKns>BkTmxRd}ml(Rm4z0b9aFA|*jI`yo_Nv|r9 z>#jvD!1_>`S)h=-sb5t$v&BJ_iK<9Y7icM)omfzE={5YS35t@5f25$T*hm$n{qE3( z&dbF~)hxbMnRTN&FwRabEQ&Y2@vP=VyT>cr3s;q}df&?e5mkX_sw=XQ&ZhY1b!Dx5 zw{nn@gkM(c50>|PziGN_OLEvJnYNE@?Vd}cw#%J+Q!=l|<&>FEcBbCT*H-sjLa-KY z>!wjv%J4d*iw&)|f7uv1T33BUo$Zob>_sE*FuVZMF7gm z79DGUQk5wFk`sSq79Bi)ua*ijWcO~PMrMjOOH^!*N<1|ie;EmjIW@cCT_8U6tsXKz zHJBA~SLa}bkS^NzDz-fK*|WX^kmO{$(6 z&J=eckW#ife|3_bzO2@d{ShekLsDudNzy7twPC!+fVArx2_pGQRjo+agA8TNc_r;`zNe<7d(&q{9H7AUtGElGi{ehvMn z~CL%#d6R_@3R3pZie< z2&%j*A7Fwq63XP#(#`?A?)Kao2SaUkI4nW5W{K^J^lblmI@b?RA+eKonFqAtt!;y;HZ|)#?~Ot`o5|l#|iW1TVI@Qw)kupe_e?= zJVh|1ymaD$B*sG*+$v!+J0MA9YCbr1wbHNsQT-6$s==EO zttjT%`;+171c_y!7GPzpU2p(0=~7gHTAC zlWe0cC@f&hl~1-ER{6Bgb)-L2< zbY4%YA5a|Bth*dhF4vKp!VzGkp};f0ON?`hUf07r8DTVq6|Jc1>?~h%&FYuc%D)nx zAEPTt2@W8yyE24ET2V0We`p%vSQ1e`L}KLBEkPb?012p$LC!f;gtp#4fC;v<0SaC9 zWJPKp_WtGn&(ZjsT!Jq;bp2!T~NuUvC4Df<2BpK>@~Yw z&I>Jdc&SyXt`r@AYLSPgG}+wZ@=>f!pw|p2ofjVm$hGIeM_1f8f3H=R*ETFP$7r7E z%WD0Sn&Z2(&(}R{c$GNY?Az>SyVMW2t~wXRSVF=CBI+=yz=EaQ#b3Bl{h(83luN#{N%7|HYrc+f;fHske7!~9QEZKjN zN}nn|v8iY0Q#sKWe6;qY;{2cRocvWoJ{E5lvr6?cy6l6wQ3Ja9*jqNmNq zgY=myk4+=Zlkk5UuW#$*r|JR40pNF3REsK#y(QBn-OBble;-ep0-g>VDO68He7s;# zZQNvN9_qy>%8onQUSNkim2n1#S6t^| zUw%E`qWtgO>G3I!m&AQc0s{ptP-$(tIVGe< z_VQ`@Z9;{~y*hHR3C|QJUDmhej`FK)O9**{v?YL6(pyqWt6?CVrX;CLYLE^EWCJJI zv8Cv_l}}W7Lt>Uv^FXH+E-QAn?aVq!&5IbJ!U45advrCG?7$jpQwcWnvfi2Qczc2G z1eRGse_N)%uGX(y8H@jp@~7(fJ&B=hLhJp#YWNbH|(rGt&;y~z|%@inV z6=9UjoHYHm{8!?DZDnC&lIR52E%MHOtK-kapq`LLaDAw;^(Hl|wA+Zdfo(iU(drG>|lDXVy#N;Wkw6C7=H&nt3Fe+hCs^xrJ>RTEU7TaGNzFN2gR5;c`w zx?zt*)X@x0fsZe%^~;0!9DY^wx4oWt!F#Vp@#@BsAbe*l)#@SY$| z)tG`t5BfkyU-4Pv`LwpOgp46d5NbaC@KRIie|KB9vD4-OKRT4O<_u2Mj_rMSdM?Uo5(9vR z9T2>5aLAo4?6}SzTan}Cb>mbG_O_*~3zJut-C-gC&zc(ccw^;I*A;>jf}WUTQR+C; zp)1PXj`o}7G^XYa%9qtjzrz^sej=qWA5ToF4iQhc)ioSrklIPkmf-;Q3C`wRf7h+B zy9TU@&{CwZ)d}Jrex}`@+3c|`J+EZ+0dzkV%{?6DrSxRoDd{QF9A%f){(q~6O(2@QKzp2)E&0Y*`K^SE2ty|2fN}lHry!B9w zI;OnH4NEHN;D1FS?V%@Z7bjBy1v1bef<-6%4yO(tHLnO;Hq6gGg~kpBe{C1)5su*q znkehTtm_cFIq8wHL8^v|&VVTJ@nyAsco65u=!%w=(@ADMcgh;JQ@!yDlsLqjtQ-(W zsww4mIyrc#AqNOEh(yjT^&aP+68dziWU>H3S0XC=<)}lgHYO=koYzsU$QCXIme(HF z@fJw}@COMtp{3~MqRn&ff8r@A0qD<&$+>tdLDuI~2~bAUXf_J()U~~#;$a8Y+pn); z!l|3Ky&@S1mgm|e#||v1s!IW$^>nw3z~T6^T0cC9^1*}Xmlz-|>H6UMl~r6(KF4d{ zvGs?jgC-CH=mQ8Y>2VOV^mc1Pd)($@!Wdyl5#suIMWVq7VA|;6e?VbySWj0VwZ5jl zKgSekKH+VXD|tzel>@XcFVZ7@^XH^66NQqEz)HcD$T7zg>45%)e#WD z%%QI!%V|f*`w7-iY54^FdN|JU-hDDhy6=;0pTWo)sB%)%Gx1OV`hWlJ-~Z!Z{`v3! n^|$AL{@(xg|NqbZpa1>kAO63;{q4X0{!jl4^C}x{KIRVqN`%oq delta 5423 zcmV+~70~MSz#;6bA%KJdgaU*Egam{Iga(8Mv25}MH{;np$r(Q4<(Jj^sqBBM@v~K6 z&t=E9D{XHRXy5b1x3lx`0kCf0ZcvZ4 zQk^1me-}f}JyF>@f9OEY|IM857nbLpf?6r$c5j@3FVo2Z2oEHV(CnEbNQ~-@0#o$lp_;^a{E_xSD;MdT`E|{7LeqUDW_cZ7E zQGIoKNSJ85;<;-mb_N?}Vo*!SHV<}VCxq%de@MvMN@JH9;e>3tqAcZMXI3M7f^M5+ zD5;G}SmE0dVjmls)WE0_hNZyCp$T4kv+Bua079~p>Q0xootAh@Pu8#2ZMZ!7&sIo& zgMKdOZNIL@LI>HUN9fz-SYl9qPeBNv_Pl_mYNjeKY8U?PSb$AtYBzbmsTS$~ulelN zfBLP=a(?tdDAn=o!E7K|B=)HWmJRuAc-{1x_e9wSGtJsnpfcnbz@6fR!cMYrwVJKp zs6t03zn}{Na1qGPI^6fc!6Rq@_OD$an_CejzgBChCCH%#HxWv_U49mOSV_-e+sJt; znFPPL)?BZxs;Tix^|NROEx;GI-P$)`L`>9bdeEFqe>g z6>|8pTE9EMKW6r|z3Hrmw+LMXXs`XF1A$x6##3H6ANSOeX%Z%Q zeus%E>`wZ%TKz>%nkZIvM6eu>yXvd}XdS{vC=18@l@p`t4vPGMJ|0#Hph=u&e|rY? zQwPTdD3yyo=KPEOH9Wfq+!ZYhIwu90QU@)G5TnXfN#TH~G3Hc6;@OgMu;H#{rYX_^ zp}HUWmy`HY*{|ti&Sy`(>S}jA;!3s}S(k5aziaGzsSsz=*4o|8JwkO=44u_ftJ2Y_ zGV-<=>UwJx%`gO*7diVXs#Fx7e|ROq?uHW^i#cH$CPTc}d#)NDPL>4U6Ys%WZV2zE z!E;_7Rp$tZLb@qwndh`#jJt=bKw0^(KW2D~vfLO!D)!?MU(_#EpH&|37`V8Y5)s@H8R?c#%ivK(bR04(?dP zQk7KY5%yO9rI=Ls%kO_2&#m#@937ND6c8ZL-P+S?!e>+Vuq11<6EMM2_>1{y*m$s& z;?{9d_WMH#FmLC_|0TkpCiZ;Rh~g=`gz{Kt%~Efw*3oi-+n%6 zu%WdpRZFyJ=v^G`e^=pegza1pDz#Q>*F^%mHU)%|w=Qb*a?IImZF`vfYUJ7l9n!)% zY|;(T04q*&XbEQl&6|8s(li+7FRS&!@*lNo=WB(iBN3qXL6C$d5X~stj&4iyX*o;A z1jwlOsDX^O!ehW#BXrJMmnh0kJhg*ubM!I*01_hU$w8kPe<8xp5Lha+-)*{m*Av+X zw;Czdd>&m7bqu}K&(4NI)zR#Ya7LXaoQJ(rfVi$2c(>&w*xo?wB}3gw&jn#cSALIJ zl5NygLO-33a5a9k`e6$sY=Que>&t5Wbm=Ob`R=jlSJj~c%8@QDgHD|XwmAG1YSPqbt zEi%_D${!|!xjhZlGKgv)s`Fx$h7dU-d0y2FW4oxb{!{<2TkoL0wZBHKPrplfBEaZx!N|xbqtFgcC#_FjR^H2 zZ5;8CT%V44^pkxZfr@VIQM?<~V2uR61<7^^Od~L&r_+K&CuMtv>W0dMXJP-tj`}4E zMfwU#0+07{m2sRB)?vX_QFD@Fhv9)G^UxT|YX9xo0t4`-Q&o0dh56fbI_Po2%xK>n zTUwXXf4dej)N`5|0uki%`CRbq9#lQC*J#>dUj_SLmg`4m(dq9On6D0-1Gk(2t7Snl zAQcJ)tKODRySh^z%8c4f#8W+0!F4J&kw&*vtuF0@yS!b3qH$ z`xZ9i%Q8KQ2 z^~iC}+tJ~%eWj5__&{oR0NeO>nS-xJdxlZ;$@y^fM?04Z*X3I&R&|FjtMzl$%qDmj z6qRfnnmhHw=FK5!Cw#zMvvViu+S<_3e~VDHY{=u=Z`1*lgN8`XHu3WI?~)$fA_M$j`FGIkn^~=dPtWXYH+NN2a@4^*{Rf!jRp)R(Y1LzK&L$%quoNOX;SfD1c52!8KG~Z3=emHW* z&a@eq6Xj&(FlWiE7blujVh?1{qK0$tMAnN|LkfbkS+`SFK-z0x4)Rjh7$6y9P||%l zu3K4X!fn*9J%zbD#~cN!BV#~rB*^%hBYtZZ`hOUd=?VD_lNb{ zRrAY0F?;~7Gmjm3b!ga%Pc~Wr-7lr*raQQ?g%zkHXh$`gSP3=E91$Y=$#q~ z@*FJ7HL^aNUcs=cpbH2%W@kq^+8SH}S5!gaOKX{sx0Wp+u#+Vo(m+=|f`{!e_Te0gaueCD?NV!PDP}x^N_kbg#%6Cy)fPh)HlCG&9haJZ z*S$|HNmEU5F9YqzJ0{;?e+Ev|0HG<5VNYlSkSkLJc)MR^lMt*JEJ$Whgy~U3p z2fzlnfqh+BX}fCMqA{@#O`r0)Z^w9qb^vn5fXo~X@4ty_-CU}y$i?eCiq}{rha|F= zyg`{=8__Qp^FK0+QPqmq$ekS!P-cCVyI%$FRcq_Yl-I6A^hNR|e+5lj*Ho8kbwcQr zEiK2Rw2bX@<52nmLgoWBDrNNsf%3PLQTn$4)=rJvWQVF@+w&CPZMs@^UWaxYI@;~R zufEXmzMw_X)A?Pui1{?D@NujFiBjz6+Ww?jv)bDceRk%Eiuvse!15#&9JUPmF}4iH zQr}IDc|B@UhtGYve`@}1pvVb&!_zyT8sJ=AO(av=UAhLDUJ_+?wfF3NgXFw=)~(bM zq9O?7Oed0q2F=Di2xVX0-hioJ#?lhRsd%`b()Uh2Uw~VfoF3^tl_MWDzoWdx2;DXH zY>T{{<}X@JcbhX>F4)FjWOa0W|7aJBdxYfAk{pjSKzS=cCMM2HsEnzR z2Wgr)wRrbpmmoP<8izLcr&)=$&V1M0wTZYjzE-6|7v4drzV+J}R>JbtKJXR*S54|J z!&y}US@LOyf0FHiQ|A}Q>5Ub*!X8&3xmMWuRzW*>**=fHmHAaSv>jB>T{Eh3Y0eS@ zBejtV%Tw8jzOsEo1nOtCs9|R9-=h5Qwvms5qKr*-8D)pI@8nXin}iF|v!t*z1hE}Y zZUZ79e^@kqKo`Ng*oe_q1}7fI_U=H+sS%4(O@VN&s}iRgU`|rgma(%xc_#d{`~hb0 zx@zvHKH-{pvKZnLJGfNYGwte1#x4NgXbx|QI^;`$DtuF|HQKmo*%(kdfl~IJvY|^+ zPb#s@Z9+SpX0yxew)~;eIkABA%YOd0T0izjf4t&{wbl$>#~URw)VqQ%TcXbPgiNPw zN%_Mor=TVjj3(cXG=Pf$0mkoIwgD$-HqN9Ol(D%#n`V>C;N}TcMG)(URdx1Ti;n%59w7HxiRoKHSX20`f5TfpSRR1>##Ph7#T`jow07D#uLhND)`HP zg<{8T@vC0`TgYbhiN@Z!JbV!5J%=Ydi+RaFfivQZ?5e;gz_ zHbBySpmDGwwCW(DJg>N=KV9K)6Ztr^+l_|67t30g8dpx=L75$!0tAT3p9mONG(_dx zypk^2B%0kot33w*J3qOrem%E~J%pA>pi@O6#2+L9&JcKbbkORT%hTU7i@DT~re@U| zezhr1<(~Mc4&dZQMKH`PsPbQmqviTY{X~n`*e`#3xdxYR$Qvh#r3#e-+-V_0we2 zK2D;hFSqHJpmmT|rq^}w_+sVj>eV)us4U<%up${A8lGt2UaXqiHoLUd;b{_ci0@#H zQ~5A8=s>hH5$1`mwGoE0<_4rwR$71b8Q&N4-NtaB+OSoCv`GA7vpfAY6Ho=D)CtuO z4=O@{dfm66RREfShq}?|f5tRz?{eN#Q;05i4m~*ZyiP$457bzxMisH%Q=OM%TOofb zk^RUl5>G#d$iSrpz@eP=5w=7uVePS{_HLGl`TEhKX0rDAZ1P2dGhd%Q>2cDl3go(L z!39_!n3)8Hx z32PSLs?54k9T;b)78b=D-*{DXqSfOkSqoQ{uzKIi0ufb#XR0f*k*=orXDLZ5->n>^ zB;l9U`i15F-tRWuXG?NeCz+OyE$v>9Ms3BNdqbI@<#O7YPj-gyrLxsMA0b!^x4dao zl`^~z>0(3KHXB1nf9tA`sIy%*7kkmjI}9(tw2M5(i}`p}pO+Wd(f&{tJu1;b$hsUb z7dALTp(de<&tNl)9eJFJ#S}h4w>#@*RTVU8g~ZOsAR5E(^Djd;P614`@0$Rkwdh#; zld44Vmz?+`v*_UYd$m-MA-i`AHFlA~SLa}bkS^NuqY?=_}XGUvU(CRI-jXNtQJ zNGV&LI>}C7e^%?q{s;^cTc>pPtR4iwW=N_3G zJTVdz)ZQXB>r?G5+r0*l<6S`{e}VlKQVCU}XFZp18@lbh)d}0TNRoTgy(k~+Te)?`<$Y==c1Hylm3@wD`%=G^F81Mwlk zll&ms?XiImlo)gwnVQevHrnjVN*;mDqD{(qtH=nsP!zs^n3QA@S@Fu=9lzq1tz&@T zgY?>#f3g=(Cd2BEx|YV?Hh9&z?Z=c`A_duLk;NokiC!;EbRyBf<5I?+_W)UBE7Kq% zAkdQA2E|F8J+{`TP>IS$NBYaXe0jC$9v@P8$!1Z3*z#f@%&@r_@IAX5KlP&y5LA9M zA7Fwq63X;lH(^D4&5*Zklugy(Piv9SnY{~1#HQd~qAsQ?b$~OI(sBn8zPScG_`y+k zX8yG49CQesRp71iZREF2A=hUD7fUCW{O#ZV_22*FKmX;Q{`~tN>mPsiKmPZh@BjMm Z6)*qsfByL6?|=U7{{Uj@aqTeD4*+(Vo-+Ud diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-01.xml new file mode 100644 index 0000000000..0892fd30ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-01.xml @@ -0,0 +1,47 @@ + + + + Apache HTTPD: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. + apache + 2023-09-08 + 2023-09-08 + 891211 + 900416 + remote + + + 2.4.56 + 2.4.56 + + + +

The Apache HTTP server is one of the most popular web servers on the Internet.

+ + +

Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Apache HTTPD users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.56" + + + + CVE-2006-20001 + CVE-2022-36760 + CVE-2022-37436 + CVE-2023-25690 + CVE-2023-27522 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-02.xml new file mode 100644 index 0000000000..8e65a0ee7f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-02.xml @@ -0,0 +1,64 @@ + + + + Wireshark: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Wireshark, the worst of which could result in denial of service. + wireshark + 2023-09-17 + 2023-09-17 + 878421 + 899548 + 904248 + 907133 + remote + + + 4.0.6 + 4.0.6 + + + +

Wireshark is a versatile network protocol analyzer.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Wireshark users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-4.0.6" + + + + CVE-2022-3725 + CVE-2023-0666 + CVE-2023-0667 + CVE-2023-0668 + CVE-2023-1161 + CVE-2023-1992 + CVE-2023-1993 + CVE-2023-1994 + CVE-2023-2854 + CVE-2023-2855 + CVE-2023-2856 + CVE-2023-2857 + CVE-2023-2858 + CVE-2023-2879 + CVE-2023-2952 + WNPA-SEC-2022-07 + WNPA-SEC-2023-08 + WNPA-SEC-2023-09 + WNPA-SEC-2023-10 + WNPA-SEC-2023-11 + + ajak + sam + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-03.xml new file mode 100644 index 0000000000..71c1f8f027 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-03.xml @@ -0,0 +1,45 @@ + + + + GPL Ghostscript: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution. + ghostscript-gpl + 2023-09-17 + 2023-09-17 + 904245 + 910294 + remote + + + 10.01.2 + 10.01.2 + + + +

Ghostscript is an interpreter for the PostScript language and for PDF.

+ + +

Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All GPL Ghostscript users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-10.01.2" + + + + CVE-2022-2085 + CVE-2023-28879 + CVE-2023-36664 + + ajak + sam + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-04.xml new file mode 100644 index 0000000000..2e5d9dd4cb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-04.xml @@ -0,0 +1,56 @@ + + + + RAR, UnRAR: Arbitrary File Overwrite + An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. + rar,unrar + 2023-09-17 + 2023-09-17 + 843611 + 849686 + 912652 + remote + + + 6.23 + 6.23 + + + 6.2.10 + 6.2.10 + + + +

RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.

+ + +

Due to an error in the validation of symbolic links within archives, RAR and UnRAR can potentially write files to a directory which is outside of the intended unpack directory.

+ + +

If the user running RAR or UnRAR extracts a malicious archive, the archive could overwrite a file such as the user's shell initialization scripts, potentially resulting in arbitrary code execution in the context of that user.

+ + +

There is no known workaround at this time.

+ + +

All RAR users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/rar-6.23" + + +

All UnRAR users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/unrar-6.2.10" + + + + CVE-2022-30333 + CVE-2023-40477 + + ajak + sam + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-05.xml new file mode 100644 index 0000000000..db6582797f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-05.xml @@ -0,0 +1,44 @@ + + + + WebP: Multiple vulnerabilities + Multiple vulnerabilities have been discovered in WebP, the worst of which could result in remote code execution. + libwebp + 2023-09-17 + 2023-09-17 + 909369 + 914010 + remote + + + 1.3.1_p20230908 + 1.3.1_p20230908 + + + +

WebP is an image format employing both lossy and lossless compression.

+ + +

Multiple vulnerabilities have been discovered in WebP. Please review the CVE identifiers referenced below for details.

+ + +

Please review the CVE identifiers referenced below for details.

+ + +

There is no known workaround at this time.

+ + +

All WebP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libwebp-1.3.1_p20230908" + + + + CVE-2023-1999 + CVE-2023-4863 + + sam + sam + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-06.xml new file mode 100644 index 0000000000..0451d2193b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-06.xml @@ -0,0 +1,86 @@ + + + + Samba: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. + samba + 2023-09-17 + 2023-09-17 + 820566 + 821688 + 830983 + 832433 + 861512 + 866225 + 869122 + 878273 + 880437 + 886153 + 903621 + 905320 + 910334 + remote + + + 4.18.4 + 4.18.4 + + + +

Samba is a suite of SMB and CIFS client/server programs.

+ + +

Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Samba users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-4.18.4" + + + + CVE-2007-4559 + CVE-2016-2124 + CVE-2020-17049 + CVE-2020-25717 + CVE-2020-25718 + CVE-2020-25719 + CVE-2020-25721 + CVE-2020-25722 + CVE-2021-3670 + CVE-2021-3738 + CVE-2021-20251 + CVE-2021-20316 + CVE-2021-23192 + CVE-2021-44141 + CVE-2021-44142 + CVE-2022-0336 + CVE-2022-1615 + CVE-2022-2031 + CVE-2022-3437 + CVE-2022-3592 + CVE-2022-32742 + CVE-2022-32743 + CVE-2022-32744 + CVE-2022-32745 + CVE-2022-32746 + CVE-2022-37966 + CVE-2022-37967 + CVE-2022-38023 + CVE-2022-42898 + CVE-2022-45141 + CVE-2023-0225 + CVE-2023-0614 + CVE-2023-0922 + + ajak + sam + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-07.xml new file mode 100644 index 0000000000..86b9773737 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-07.xml @@ -0,0 +1,43 @@ + + + + Binwalk: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Binwalk, the worst of which could result in remote code execution. + binwalk + 2023-09-17 + 2023-09-17 + 820614 + 903652 + remote + + + 2.3.4 + 2.3.4 + + + +

Binwalk is a tool for identifying files embedded inside firmware images.

+ + +

Multiple vulnerabilities have been discovered in Binwalk. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Binwalk users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/binwalk-2.3.4" + + + + CVE-2022-4510 + + ajak + sam + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-08.xml new file mode 100644 index 0000000000..0b12314c22 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-08.xml @@ -0,0 +1,43 @@ + + + + Requests: Information Leak + A vulnerability has been discovered in Requests which could result in the disclosure of plaintext secrets. + requests + 2023-09-17 + 2023-09-17 + 906970 + remote + + + 2.31.0 + 2.31.0 + + + +

Requests is an HTTP library for human beings.

+ + +

Requests is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin with authentication credentials encoded into the URL.

+ + +

Users' proxy authentication secrets could be disclosed to parties beyond the used HTTP proxy server.

+ + +

There is no known workaround at this time.

+ + +

All Requests users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/requests-2.31.0" + + + + CVE-2023-32681 + GHSA-j8r2-6x86-q33q + + ajak + sam + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-09.xml new file mode 100644 index 0000000000..aec4099dc0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-09.xml @@ -0,0 +1,46 @@ + + + + Pacemaker: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Pacemaker, the worst of which could result in root privilege escalation. + pacemaker + 2023-09-29 + 2023-09-29 + 711674 + 751430 + remote + + + 2.0.5_rc2 + 2.0.5_rc2 + + + +

Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters.

+ + +

Multiple vulnerabilities have been discovered in Pacemaker. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Pacemaker users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/pacemaker-2.0.5_rc2" + + + + CVE-2018-16877 + CVE-2018-16878 + CVE-2019-3885 + CVE-2020-25654 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-10.xml new file mode 100644 index 0000000000..ab90f225c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-10.xml @@ -0,0 +1,42 @@ + + + + Fish: User-assisted execution of arbitrary code + A vulnerability was discovered in Fish when handling git repository configuration that may lead to execution of arbitrary code + fish + 2023-09-29 + 2023-09-29 + 835337 + local + + + 3.4.0 + 3.4.0 + + + +

Smart and user-friendly command line shell for macOS, Linux, and the rest of the family. It includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required.

+ + +

A vulnerability have been discovered in Fish. Please review the CVE identifiers referenced below for details.

+ + +

A user may be enticed to cd into a git repository under control by an attacker (e.g. on a shared filesystem or by unpacking an archive) and execute arbitrary commands.

+ + +

There is no known workaround at this time.

+ + +

All fish users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/fish-3.4.0" + + + + CVE-2022-20001 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-11.xml new file mode 100644 index 0000000000..91f9f39a8d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-11.xml @@ -0,0 +1,43 @@ + + + + libsndfile: Multiple Vulnerabilities + Multiple vulnerabilities have been found in libsndfile, the worst of which could result in arbitrary code execution. + libsndfile + 2023-09-29 + 2023-09-29 + 803065 + remote + + + 1.1.0 + 1.1.0 + + + +

libsndfile is a C library for reading and writing files containing sampled sound.

+ + +

Multiple vulnerabilities have been discovered in libsndfile. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All libsndfile users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.1.0" + + + + CVE-2021-3246 + CVE-2021-4156 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-12.xml new file mode 100644 index 0000000000..95404c8496 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-12.xml @@ -0,0 +1,45 @@ + + + + sudo: Multiple Vulnerabilities + Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege escalation. + sudo + 2023-09-29 + 2023-09-29 + 898510 + 905322 + remote + + + 1.9.13_p2 + 1.9.13_p2 + + + +

sudo allows a system administrator to give users the ability to run commands as other users.

+ + +

Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All sudo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.13_p2" + + + + CVE-2023-27320 + CVE-2023-28486 + CVE-2023-28487 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-13.xml new file mode 100644 index 0000000000..c9a0101591 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-13.xml @@ -0,0 +1,42 @@ + + + + GMP: Buffer Overflow Vulnerability + A buffer overflow vulnerability has been found in GMP which could result in denial of service. + gmp + 2023-09-29 + 2023-09-29 + 823804 + remote + + + 6.2.1-r2 + 6.2.1-r2 + + + +

The GNU Multiple Precision Arithmetic Library is a library forarbitrary-precision arithmetic on different types of numbers.

+ + +

There is an integer overflow leading to a buffer overflow when processing untrusted input via GMP's mpz_inp_raw function.

+ + +

Untrusted input can cause a denial of service via segmentation fault.

+ + +

Users can ensure no untrusted input is passed into GMP's mpz_inp_raw function.

+ + +

All GMP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/gmp-6.2.1-r2" + + + + CVE-2021-43618 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-14.xml new file mode 100644 index 0000000000..c9c5190770 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-14.xml @@ -0,0 +1,43 @@ + + + + libarchive: Multiple Vulnerabilities + Multiple vulnerabilities have been found in libarchive, the worst of which could result in denial of service. + libarchive + 2023-09-29 + 2023-09-29 + 882521 + 911486 + remote + + + 3.7.1 + 3.7.1 + + + +

libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants.

+ + +

Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All libarchive users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.7.1" + + + + CVE-2022-36227 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-15.xml new file mode 100644 index 0000000000..e83f9ead61 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-15.xml @@ -0,0 +1,50 @@ + + + + GNU Binutils: Multiple Vulnerabilities + Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. + binutils + 2023-09-30 + 2023-09-30 + 866713 + 867937 + 903893 + remote + + + 2.40 + 2.40 + + + +

The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.

+ + +

Multiple vulnerabilities have been discovered in GNU Binutils. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All GNU Binutils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.40" + + + + CVE-2022-4285 + CVE-2022-38126 + CVE-2022-38127 + CVE-2022-38128 + CVE-2022-38533 + CVE-2023-1579 + CVE-2023-1972 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-16.xml new file mode 100644 index 0000000000..7761b83f6f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-16.xml @@ -0,0 +1,58 @@ + + + + wpa_supplicant, hostapd: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution. + hostapd,wpa_supplicant + 2023-09-30 + 2023-09-30 + 768759 + 780135 + 780138 + 831332 + remote + + + 2.10 + 2.10 + + + 2.10 + 2.10 + + + +

wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN). hostapd is a user space daemon for access point and authentication servers.

+ + +

Multiple vulnerabilities have been discovered in hostapd and wpa_supplicant. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All wpa_supplicant users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-2.10" + + +

All hostapd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.10" + + + + CVE-2021-30004 + CVE-2022-23303 + CVE-2022-23304 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-17.xml new file mode 100644 index 0000000000..d19efa9eb3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202309-17.xml @@ -0,0 +1,152 @@ + + + + Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. + chromium,chromium-bin,google-chrome,microsoft-edge + 2023-09-30 + 2023-09-30 + 893660 + 904252 + 904394 + 904560 + 905297 + 905620 + 905883 + 906586 + remote + + + 113.0.5672.126 + 113.0.5672.126 + + + 113.0.5672.126 + + + 113.0.5672.126 + 113.0.5672.126 + + + 113.0.1774.50 + 113.0.1774.50 + + + +

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. + +Google Chrome is one fast, simple, and secure browser for all your devices. + +Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.

+ + +

Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-113.0.5672.126" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/google-chrome-113.0.5672.126" + + +

All Microsoft Edge users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-113.0.1774.50" + + +

Gentoo has discontinued support for www-client/chromium-bin. Users should unmerge it in favor of the above alternatives:

+ + + # emerge --ask --depclean --verbose "www-client/chromium-bin" + + + + CVE-2023-0696 + CVE-2023-0697 + CVE-2023-0698 + CVE-2023-0699 + CVE-2023-0700 + CVE-2023-0701 + CVE-2023-0702 + CVE-2023-0703 + CVE-2023-0704 + CVE-2023-0705 + CVE-2023-0927 + CVE-2023-0928 + CVE-2023-0929 + CVE-2023-0930 + CVE-2023-0931 + CVE-2023-0932 + CVE-2023-0933 + CVE-2023-0941 + CVE-2023-1528 + CVE-2023-1529 + CVE-2023-1530 + CVE-2023-1531 + CVE-2023-1532 + CVE-2023-1533 + CVE-2023-1534 + CVE-2023-1810 + CVE-2023-1811 + CVE-2023-1812 + CVE-2023-1813 + CVE-2023-1814 + CVE-2023-1815 + CVE-2023-1816 + CVE-2023-1817 + CVE-2023-1818 + CVE-2023-1819 + CVE-2023-1820 + CVE-2023-1821 + CVE-2023-1822 + CVE-2023-1823 + CVE-2023-2033 + CVE-2023-2133 + CVE-2023-2134 + CVE-2023-2135 + CVE-2023-2136 + CVE-2023-2137 + CVE-2023-2459 + CVE-2023-2460 + CVE-2023-2461 + CVE-2023-2462 + CVE-2023-2463 + CVE-2023-2464 + CVE-2023-2465 + CVE-2023-2466 + CVE-2023-2467 + CVE-2023-2468 + CVE-2023-2721 + CVE-2023-2722 + CVE-2023-2723 + CVE-2023-2724 + CVE-2023-2725 + CVE-2023-2726 + CVE-2023-21720 + CVE-2023-21794 + CVE-2023-23374 + CVE-2023-28261 + CVE-2023-28286 + CVE-2023-29334 + CVE-2023-29350 + CVE-2023-29354 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 8df96fe108..bcd865f7f1 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 01 Sep 2023 06:40:01 +0000 +Sun, 01 Oct 2023 06:40:03 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index e8299091e6..cfb8823901 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -6394ef8ae23b1cf183b45b603eceea6389a3c371 1689819508 2023-07-20T02:18:28+00:00 +de793de405f9e13d0d29d94de3f236ce0b5b3338 1696064247 2023-09-30T08:57:27+00:00