mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 02:16:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2017-01-24 14:50:27 -08:00
parent 7d9dd7a7d4
commit 75cadf13ca
24 changed files with 1213 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-06.xml vendored
View File

@ -7,14 +7,16 @@
the worst of which may allow remote execution of arbitrary code.
</synopsis>
<product type="ebuild">firefox</product>
<announced>May 31, 2016</announced>
<revised>May 31, 2016: 1</revised>
<announced>2016-05-31</announced>
<revised>2017-01-20: 4</revised>
<bug>549356</bug>
<bug>550288</bug>
<bug>557590</bug>
<bug>559186</bug>
<bug>561246</bug>
<bug>563230</bug>
<bug>564834</bug>
<bug>571086</bug>
<bug>573074</bug>
<bug>574596</bug>
<bug>576862</bug>
@ -138,6 +140,8 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717">CVE-2015-2717</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718">CVE-2015-2718</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718">CVE-2015-2718</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721">CVE-2015-2721</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000">CVE-2015-4000</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473">CVE-2015-4473</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473">CVE-2015-4473</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474">CVE-2015-4474</uri>
@ -181,6 +185,7 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181">CVE-2015-7181</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182">CVE-2015-7182</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183">CVE-2015-7183</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575">CVE-2015-7575</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930">CVE-2016-1930</uri>
@ -302,8 +307,6 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
</references>
<metadata tag="requester" timestamp="Thu, 31 Dec 2015 02:35:40 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Tue, 31 May 2016 05:43:42 +0000">b-man</metadata>
<metadata tag="requester" timestamp="2015-12-31T02:35:40Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-01-20T18:11:38Z">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-36.xml vendored
View File

@ -7,7 +7,7 @@
</synopsis>
<product type="ebuild">apache</product>
<announced>2017-01-15</announced>
<revised count="2">2017-01-17</revised>
<revised>2017-01-17: 02</revised>
<bug>529130</bug>
<bug>589226</bug>
<bug>601736</bug>

79
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-43.xml vendored Normal file
View File

@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-43">
<title>IcedTea: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in IcedTea allowing remote
attackers to affect confidentiality, integrity, and availability through
various vectors.
</synopsis>
<product type="ebuild">icedtea, java</product>
<announced>2017-01-19</announced>
<revised>2017-01-19: 01</revised>
<bug>590590</bug>
<bug>600224</bug>
<access>remote</access>
<affected>
<package name="dev-java/icedtea-bin" auto="yes" arch="*">
<unaffected range="ge" slot="7">7.2.6.8</unaffected>
<unaffected range="ge" slot="8">3.2.0</unaffected>
<vulnerable range="lt">7.2.6.8</vulnerable>
</package>
</affected>
<background>
<p>IcedTeas aim is to provide OpenJDK in a form suitable for easy
configuration, compilation and distribution with the primary goal of
allowing inclusion in GNU/Linux distributions.
</p>
</background>
<description>
<p>Various OpenJDK attack vectors in IcedTea, such as 2D, Corba, Hotspot,
Libraries, and JAXP, exist which allows remote attackers to affect the
confidentiality, integrity, and availability of vulnerable systems. Many
of the vulnerabilities can only be exploited through sandboxed Java Web
Start applications and java applets. Please review the CVE identifiers
referenced below for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers may execute arbitrary code, compromise information, or
cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All IcedTea-bin 7.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-7.2.6.8:7"
</code>
<p>All IcedTea-bin 3.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-3.2.0:8"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3458">CVE-2016-3458</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3485">CVE-2016-3485</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3500">CVE-2016-3500</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3508">CVE-2016-3508</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3550">CVE-2016-3550</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3587">CVE-2016-3587</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3598">CVE-2016-3598</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3606">CVE-2016-3606</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3610">CVE-2016-3610</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5542">CVE-2016-5542</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5554">CVE-2016-5554</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5568">CVE-2016-5568</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5573">CVE-2016-5573</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5582">CVE-2016-5582</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5597">CVE-2016-5597</uri>
</references>
<metadata tag="requester" timestamp="2017-01-04T03:38:18Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-19T18:34:11Z">b-man</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-44.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-44">
<title>CVS: Heap-based overflow</title>
<synopsis>A heap-based buffer overflow in CVS might allow remote attackers to
execute
arbitrary code.
</synopsis>
<product type="ebuild">cvs</product>
<announced>2017-01-19</announced>
<revised>2017-01-19: 01</revised>
<bug>402593</bug>
<access>remote</access>
<affected>
<package name="dev-vcs/cvs" auto="yes" arch="*">
<unaffected range="ge">1.12.12-r11</unaffected>
<vulnerable range="lt">1.12.12-r11</vulnerable>
</package>
</affected>
<background>
<p>CVS (Concurrent Versions System) is an open-source network-transparent
version control system. It contains both a client utility and a server.
</p>
</background>
<description>
<p>A heap-based buffer overflow was discovered in the proxy_connect
function in src/client.c in CVS.
</p>
</description>
<impact type="normal">
<p>An attacker, utilizing a remote HTTP proxy server, could cause a Denial
of Service condition or possibly execute arbitrary code via a crafted
HTTP response.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All CVS users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-vcs/cvs-1.12.12-r11"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0804">CVE-2012-0804</uri>
</references>
<metadata tag="requester" timestamp="2017-01-18T08:43:18Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-19T19:06:48Z">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-45.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-45">
<title>irssi: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in irssi, the worst of
which could allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">irssi</product>
<announced>2017-01-19</announced>
<revised>2017-01-19: 01</revised>
<bug>604772</bug>
<access>remote</access>
<affected>
<package name="net-irc/irssi" auto="yes" arch="*">
<unaffected range="ge">0.8.21</unaffected>
<vulnerable range="lt">0.8.21</vulnerable>
</package>
</affected>
<background>
<p>irssi is a modular textUI IRC client with IPv6 support.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in irssi. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process or cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All irssi users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-irc/irssi-0.8.21"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5193">CVE-2017-5193</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5194">CVE-2017-5194</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5195">CVE-2017-5195</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5196">CVE-2017-5196</uri>
</references>
<metadata tag="requester" timestamp="2017-01-18T08:22:08Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-19T19:13:03Z">b-man</metadata>
</glsa>

62
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-46.xml vendored Normal file
View File

@ -0,0 +1,62 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-46">
<title>Mozilla Network Security Service (NSS): Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in NSS, the worst of which
could allow remote attackers to obtain access to private key information.
</synopsis>
<product type="ebuild">mozilla, nss</product>
<announced>2017-01-19</announced>
<revised>2017-01-19: 01</revised>
<bug>550288</bug>
<bug>571086</bug>
<bug>604916</bug>
<access>remote</access>
<affected>
<package name="dev-libs/nss" auto="yes" arch="*">
<unaffected range="ge">3.28</unaffected>
<vulnerable range="lt">3.28</vulnerable>
</package>
</affected>
<background>
<p>The Mozilla Network Security Service (NSS) is a library implementing
security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
#12, S/MIME and X.509 certificates.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in NSS. Please review the
CVE identifiers and technical papers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers could conduct man-in-the-middle attacks, obtain access
to private key information, or cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All NSS users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.28"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721">CVE-2015-2721</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000">CVE-2015-4000</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575">CVE-2015-7575</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938">CVE-2016-1938</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5285">CVE-2016-5285</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8635">CVE-2016-8635</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074">CVE-2016-9074</uri>
<uri link="http://www.mitls.org/pages/attacks/SLOTH">SLOTH Attack Technical
Paper
</uri>
</references>
<metadata tag="requester" timestamp="2017-01-19T08:24:32Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-19T19:17:52Z">b-man</metadata>
</glsa>

80
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-47.xml vendored Normal file
View File

@ -0,0 +1,80 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-47">
<title>cURL: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in cURL, the worst of
which could allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">curl</product>
<announced>2017-01-19</announced>
<revised>2017-01-19: 01</revised>
<bug>536014</bug>
<bug>573102</bug>
<bug>583394</bug>
<bug>590482</bug>
<bug>592974</bug>
<bug>593716</bug>
<bug>597760</bug>
<bug>603370</bug>
<bug>603574</bug>
<access>remote</access>
<affected>
<package name="net-misc/curl" auto="yes" arch="*">
<unaffected range="ge">7.52.1</unaffected>
<vulnerable range="lt">7.52.1</vulnerable>
</package>
</affected>
<background>
<p>cURL is a tool and libcurl is a library for transferring data with URL
syntax.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in cURL. Please review the
CVE identifiers and bug reports referenced for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers could conduct a Man-in-the-Middle attack to obtain
sensitive information, cause a Denial of Service condition, or execute
arbitrary code.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All cURL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.52.1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8150">CVE-2014-8150</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8151">CVE-2014-8151</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0755">CVE-2016-0755</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3739">CVE-2016-3739</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5419">CVE-2016-5419</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5420">CVE-2016-5420</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5421">CVE-2016-5421</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7141">CVE-2016-7141</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7167">CVE-2016-7167</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8615">CVE-2016-8615</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8616">CVE-2016-8616</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8617">CVE-2016-8617</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8618">CVE-2016-8618</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8619">CVE-2016-8619</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8620">CVE-2016-8620</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8621">CVE-2016-8621</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8622">CVE-2016-8622</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8623">CVE-2016-8623</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8624">CVE-2016-8624</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8625">CVE-2016-8625</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9586">CVE-2016-9586</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9594">CVE-2016-9594</uri>
</references>
<metadata tag="requester" timestamp="2016-07-01T05:35:33Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-19T19:23:08Z">b-man</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-48.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-48">
<title>Quagga: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Quagga, the worst of
which could allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">quagga</product>
<announced>2017-01-21</announced>
<revised>2017-01-21: 1</revised>
<bug>581526</bug>
<bug>597410</bug>
<access>remote</access>
<affected>
<package name="net-misc/quagga" auto="yes" arch="*">
<unaffected range="ge">1.1.0-r2</unaffected>
<vulnerable range="lt">1.1.0-r2</vulnerable>
</package>
</affected>
<background>
<p>Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and
BGP.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Quagga. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could send a specially crafted packet possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Quagga users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/quagga-1.1.0-r2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1245">CVE-2016-1245</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4049">CVE-2016-4049</uri>
</references>
<metadata tag="requester" timestamp="2016-12-15T10:32:23Z">pinkbyte</metadata>
<metadata tag="submitter" timestamp="2017-01-21T05:46:06Z">whissi</metadata>
</glsa>

75
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-49.xml vendored Normal file
View File

@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-49">
<title>QEMU: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
which could cause a Denial of Service condition.
</synopsis>
<product type="ebuild">qemu</product>
<announced>2017-01-23</announced>
<revised>2017-01-23: 1</revised>
<bug>598330</bug>
<bug>601450</bug>
<bug>601824</bug>
<bug>601826</bug>
<bug>601830</bug>
<bug>601832</bug>
<bug>602626</bug>
<bug>602628</bug>
<bug>602630</bug>
<bug>602632</bug>
<bug>602634</bug>
<bug>603444</bug>
<access>local</access>
<affected>
<package name="app-emulation/qemu" auto="yes" arch="*">
<unaffected range="ge">2.8.0</unaffected>
<vulnerable range="lt">2.8.0</vulnerable>
</package>
</affected>
<background>
<p>QEMU is a generic and open source machine emulator and virtualizer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in QEMU. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A privileged user/process within a guest QEMU environment can cause a
Denial of Service condition against the QEMU guest process or the host.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All QEMU users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.8.0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10028">
CVE-2016-10028
</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9101">CVE-2016-9101</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9776">CVE-2016-9776</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9845">CVE-2016-9845</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9846">CVE-2016-9846</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9907">CVE-2016-9907</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9908">CVE-2016-9908</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9911">CVE-2016-9911</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9912">CVE-2016-9912</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9913">CVE-2016-9913</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9914">CVE-2016-9914</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9915">CVE-2016-9915</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9916">CVE-2016-9916</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9921">CVE-2016-9921</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9923">CVE-2016-9923</uri>
</references>
<metadata tag="requester" timestamp="2017-01-21T23:01:11Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-01-23T03:01:17Z">b-man</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-50.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-50">
<title>PPP: Buffer overflow</title>
<synopsis>A buffer overflow in PPP might allow remote attackers to cause a
Denial of Service condition.
</synopsis>
<product type="ebuild">ppp</product>
<announced>2017-01-23</announced>
<revised>2017-01-23: 1</revised>
<bug>546554</bug>
<access>remote</access>
<affected>
<package name="net-dialup/ppp" auto="yes" arch="*">
<unaffected range="ge">2.4.7-r3</unaffected>
<vulnerable range="lt">2.4.7-r3</vulnerable>
</package>
</affected>
<background>
<p>PPP is a Unix implementation of the Point-to-Point Protocol</p>
</background>
<description>
<p>A buffer overflow was discovered in the rc_mksid function in
plugins/radius/util.c in PPP when the PID for pppd is greater than 65535.
</p>
</description>
<impact type="normal">
<p>A remote attacker could cause a Denial of Service condition.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PPP users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-dialup/ppp-2.4.7-r3"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3310">CVE-2015-3310</uri>
</references>
<metadata tag="requester" timestamp="2017-01-18T22:55:39Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-23T03:15:31Z">b-man</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-51.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-51">
<title>DBD::mysql: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in DBD::mysql, the worst
of which might allow an attacker to execute arbitrary code.
</synopsis>
<product type="ebuild">dbd,mysql</product>
<announced>2017-01-23</announced>
<revised>2017-01-23: 2</revised>
<bug>589818</bug>
<bug>596424</bug>
<bug>600180</bug>
<bug>601144</bug>
<access>local, remote</access>
<affected>
<package name="dev-perl/DBD-mysql" auto="yes" arch="*">
<unaffected range="ge">4.41.0</unaffected>
<vulnerable range="lt">4.41.0</vulnerable>
</package>
</affected>
<background>
<p>MySQL driver for the Perl5 Database Interface (DBI)</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in DBD::mysql. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker could cause a Denial of Service condition, execute arbitrary
code, or have other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All DBD::mysql users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-perl/DBD-mysql-4.41.0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8949">CVE-2015-8949</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1246">CVE-2016-1246</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1249">CVE-2016-1249</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1251">CVE-2016-1251</uri>
</references>
<metadata tag="requester" timestamp="2017-01-22T09:49:40Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-23T03:20:17Z">b-man</metadata>
</glsa>

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-52.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-52">
<title>libupnp: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in libupnp, the worst of
which could lead to the execution of arbitrary code.
</synopsis>
<product type="ebuild">libupnp</product>
<announced>2017-01-23</announced>
<revised>2017-01-23: 1</revised>
<bug>589136</bug>
<bug>598202</bug>
<access>remote</access>
<affected>
<package name="net-libs/libupnp" auto="yes" arch="*">
<unaffected range="ge">1.6.21</unaffected>
<vulnerable range="lt">1.6.21</vulnerable>
</package>
</affected>
<background>
<p>libupnp is a portable, open source, UPnP development kit.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libupnp. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attack could arbitrarily write files to a users file system,
cause a Denial of Service condition, or execute arbitrary code.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libupnp users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/libupnp-1.6.21"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6255">CVE-2016-6255</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8863">CVE-2016-8863</uri>
</references>
<metadata tag="requester" timestamp="2017-01-19T08:52:15Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-23T03:28:22Z">b-man</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-53.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-53">
<title>Lua: Buffer overflow</title>
<synopsis>A buffer overflow in Lua might allow context-dependent attackers to
execute arbitrary code.
</synopsis>
<product type="ebuild">lua</product>
<announced>2017-01-23</announced>
<revised>2017-01-23: 1</revised>
<bug>520480</bug>
<access>local, remote</access>
<affected>
<package name="dev-lang/lua" auto="yes" arch="*">
<unaffected range="ge">5.1.5-r4</unaffected>
<vulnerable range="lt">5.1.5-r4</vulnerable>
</package>
</affected>
<background>
<p>Lua is a powerful, efficient, lightweight, embeddable scripting
language. It supports procedural programming, object-oriented
programming, functional programming, data-driven programming, and data
description.
</p>
</background>
<description>
<p>A buffer overflow was discovered in the vararg functions in ldo.c in
Lua.
</p>
</description>
<impact type="normal">
<p>Context-dependent could cause a Denial of Service condition or execute
arbitrary code.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Lua users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/lua-5.1.5-r4"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5461">CVE-2014-5461</uri>
</references>
<metadata tag="requester" timestamp="2017-01-19T10:51:05Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-23T03:32:26Z">b-man</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-54.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-54">
<title>DCRaw: Buffer overflow</title>
<synopsis>A buffer overflow in DCRaw might allow remote attackers to cause a
Denial of Service condition.
</synopsis>
<product type="ebuild">dcraw</product>
<announced>2017-01-23</announced>
<revised>2017-01-23: 1</revised>
<bug>549336</bug>
<access>remote</access>
<affected>
<package name="media-gfx/dcraw" auto="yes" arch="*">
<unaffected range="ge">9.26.0</unaffected>
<vulnerable range="lt">9.26.0</vulnerable>
</package>
</affected>
<background>
<p>Command-line decoder for raw digital photos.</p>
</background>
<description>
<p>An integer overflow was discovered in the ljpeg_start function in DCRaw.</p>
</description>
<impact type="normal">
<p>Remote attackers, by enticing a user to open a specially crafted image,
could cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All DCRaw users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-gfx/dcraw-9.26.0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3885">CVE-2015-3885</uri>
</references>
<metadata tag="requester" timestamp="2017-01-18T08:16:14Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-23T03:34:47Z">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-55.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-55">
<title>DirectFB: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in DirectFB, all of which
could allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">directfb</product>
<announced>2017-01-23</announced>
<revised>2017-01-23: 1</revised>
<bug>510472</bug>
<access>remote</access>
<affected>
<package name="dev-libs/DirectFB" auto="yes" arch="*">
<unaffected range="ge">1.7.5</unaffected>
<vulnerable range="lt">1.7.5</vulnerable>
</package>
</affected>
<background>
<p>DirectFB (Direct Frame Buffer) is a set of graphics APIs implemented on
top of the Linux Frame Buffer (fbdev) abstraction layer.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in DirectFB. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers could cause a Denial of Service condition or execute
arbitrary code via the Voodoo interface.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All DirectFB users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/DirectFB-1.7.5"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2977">CVE-2014-2977</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2978">CVE-2014-2978</uri>
</references>
<metadata tag="requester" timestamp="2017-01-18T08:12:23Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-23T03:38:25Z">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-56.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-56">
<title>zlib: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in zlib, the worst of
which could allow attackers to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">zlib</product>
<announced>2017-01-23</announced>
<revised>2017-01-23: 1</revised>
<bug>601828</bug>
<access>local, remote</access>
<affected>
<package name="sys-libs/zlib" auto="yes" arch="*">
<unaffected range="ge">1.2.9</unaffected>
<vulnerable range="lt">1.2.9</vulnerable>
</package>
</affected>
<background>
<p>zlib is a widely used free and patent unencumbered data compression
library.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in zlib. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker could cause a Denial of Service condition.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All zlib users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-libs/zlib-1.2.9"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9840">CVE-2016-9840</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9841">CVE-2016-9841</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9842">CVE-2016-9842</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9843">CVE-2016-9843</uri>
</references>
<metadata tag="requester" timestamp="2017-01-16T18:59:28Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-01-23T03:40:28Z">b-man</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-57.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-57">
<title>T1Lib: : Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in T1Lib, the worst
of which could lead to remote execution of arbitrary code.
</synopsis>
<product type="ebuild">t1lib</product>
<announced>2017-01-23</announced>
<revised>2017-01-23: 1</revised>
<bug>358667</bug>
<access>remote</access>
<affected>
<package name="media-libs/t1lib" auto="yes" arch="*">
<unaffected range="ge">5.1.2-r1</unaffected>
<vulnerable range="lt">5.1.2-r1</vulnerable>
</package>
</affected>
<background>
<p>T1Lib is a library for rasterizing bitmaps from Adobe Type 1 fonts.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in T1Lib. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers, by coercing users to process specially crafted AFM
font or PDF file, could cause a Denial of Service condition or execute
arbitrary code.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All T1Lib users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/t1lib-5.1.2-r1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2642">CVE-2010-2642</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0433">CVE-2011-0433</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0764">CVE-2011-0764</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1552">CVE-2011-1552</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1553">CVE-2011-1553</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1554">CVE-2011-1554</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5244">CVE-2011-5244</uri>
</references>
<metadata tag="requester" timestamp="2017-01-18T03:19:11Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-23T22:39:53Z">b-man</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-58.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-58">
<title>ICU: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in ICU, the worst of which
could cause a Denial of Service condition.
</synopsis>
<product type="ebuild">icu</product>
<announced>2017-01-24</announced>
<revised>2017-01-24: 1</revised>
<bug>589814</bug>
<bug>594494</bug>
<bug>601396</bug>
<access>remote</access>
<affected>
<package name="dev-libs/icu" auto="yes" arch="*">
<unaffected range="ge">58.1</unaffected>
<vulnerable range="lt">58.1</vulnerable>
</package>
</affected>
<background>
<p>ICU is a mature, widely used set of C/C++ and Java libraries providing
Unicode and Globalization support for software applications.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in ICU. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers could cause a Denial of Service condition or possibly
have other unspecified impacts via a long locale string or
httpAcceptLanguage argument. Additionally, A remote attacker, via a
specially crafted file, could cause an application using ICU to parse
untrusted font files resulting in a Denial of Service condition.
Finally, remote attackers could affect confidentiality via unknown
vectors related to 2D.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All ICU users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/icu-58.1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632">CVE-2015-2632</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6293">CVE-2016-6293</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7415">CVE-2016-7415</uri>
</references>
<metadata tag="requester" timestamp="2017-01-16T18:37:12Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-01-24T10:46:19Z">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-59.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-59">
<title>ADOdb: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in ADOdb, all of which
could allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">adodb</product>
<announced>2017-01-24</announced>
<revised>2017-01-24: 1</revised>
<bug>604714</bug>
<access>remote</access>
<affected>
<package name="dev-php/adodb" auto="yes" arch="*">
<unaffected range="ge">5.20.9</unaffected>
<vulnerable range="lt">5.20.9</vulnerable>
</package>
</affected>
<background>
<p>ADOdb is an abstraction library for PHP creating a common API for a wide
range of database backends.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in ADOdb. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, through the use of SQL injection or Cross Site
Scripting (XSS) attacks, could execute arbitrary code.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All ADOdb users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-php/adodb-5.20.9"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4855">CVE-2016-4855</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7405">CVE-2016-7405</uri>
</references>
<metadata tag="requester" timestamp="2017-01-21T23:56:54Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-01-24T10:50:50Z">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-60.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-60">
<title>LibRaw: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in LibRaw, the worst of
which may allow attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">libraw</product>
<announced>2017-01-24</announced>
<revised>2017-01-24: 1</revised>
<bug>567254</bug>
<access>local, remote</access>
<affected>
<package name="media-libs/libraw" auto="yes" arch="*">
<unaffected range="ge">0.17.1</unaffected>
<vulnerable range="lt">0.17.1</vulnerable>
</package>
</affected>
<background>
<p>LibRaw is a library for reading RAW files obtained from digital photo
cameras.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in LibRaw. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker could execute arbitrary code, cause a Denial of Service
condition, or have other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All LibRaw users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/libraw-0.17.1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8366">CVE-2015-8366</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8367">CVE-2015-8367</uri>
</references>
<metadata tag="requester" timestamp="2017-01-18T08:14:05Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-24T10:53:14Z">b-man</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-61.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-61">
<title>WebP: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in WebP, the worst of
which could allow a remote attacker to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">webp</product>
<announced>2017-01-24</announced>
<revised>2017-01-24: 3</revised>
<bug>598208</bug>
<access>remote</access>
<affected>
<package name="media-libs/libwebp" auto="yes" arch="*">
<unaffected range="ge">0.5.2</unaffected>
<vulnerable range="lt">0.5.2</vulnerable>
</package>
</affected>
<background>
<p>WebP is an image format employing both lossy and lossless compression.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in WebPs gif2webp tool.
Please review the CVE identifier and bug reference for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing a user to process a specially crafted
file using WebPs gif2webp tool, could possibly cause a Denial of
Service condition or other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All WebP users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/libwebp-0.5.2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9085">CVE-2016-9085</uri>
</references>
<metadata tag="requester" timestamp="2017-01-19T08:48:39Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-24T11:09:59Z">b-man</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-62.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-62">
<title>Firejail: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Firejail, the
worst of which may allow privilege escalation.
</synopsis>
<product type="ebuild">firejail</product>
<announced>2017-01-24</announced>
<revised>2017-01-24: 1</revised>
<bug>604758</bug>
<access>local, remote</access>
<affected>
<package name="sys-apps/firejail" auto="yes" arch="*">
<unaffected range="ge">0.9.44.4</unaffected>
<vulnerable range="lt">0.9.44.4</vulnerable>
</package>
<package name="sys-apps/firejail-lts" auto="yes" arch="*">
<unaffected range="ge">0.9.38.8</unaffected>
<vulnerable range="lt">0.9.38.8</vulnerable>
</package>
</affected>
<background>
<p>A SUID program that reduces the risk of security breaches by restricting
the running environment of untrusted applications using Linux namespaces
and seccomp-bpf.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Firejail. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker could possibly bypass sandbox protection, cause a Denial of
Service condition, or escalate privileges.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Firejail users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-0.9.44.4"
</code>
<p>All Firejail-lts users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/firejail-lts-0.9.38.8"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5180">CVE-2017-5180</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5206">CVE-2017-5206</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5207">CVE-2017-5207</uri>
</references>
<metadata tag="requester" timestamp="2017-01-13T15:06:51Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-24T11:32:53Z">whissi</metadata>
</glsa>

69
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-63.xml vendored Normal file
View File

@ -0,0 +1,69 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-63">
<title>Graphite: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Graphite, the worst of
which could lead to the remote execution of arbitrary code.
</synopsis>
<product type="ebuild">graphite</product>
<announced>2017-01-24</announced>
<revised>2017-01-24: 1</revised>
<bug>574276</bug>
<bug>576864</bug>
<access>remote</access>
<affected>
<package name="media-gfx/graphite2" auto="yes" arch="*">
<unaffected range="ge">1.3.7</unaffected>
<vulnerable range="lt">1.3.7</vulnerable>
</package>
</affected>
<background>
<p>Graphite is a “smart font” system developed specifically to handle
the complexities of lesser-known languages of the world.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Graphite. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or obtain
sensitive information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Graphite users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-gfx/graphite2-1.3.7"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1521">CVE-2016-1521</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1522">CVE-2016-1522</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1526">CVE-2016-1526</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977">CVE-2016-1977</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790">CVE-2016-2790</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791">CVE-2016-2791</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792">CVE-2016-2792</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793">CVE-2016-2793</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794">CVE-2016-2794</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795">CVE-2016-2795</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796">CVE-2016-2796</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797">CVE-2016-2797</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798">CVE-2016-2798</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799">CVE-2016-2799</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800">CVE-2016-2800</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801">CVE-2016-2801</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
</references>
<metadata tag="requester" timestamp="2016-06-30T12:16:41Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-01-24T16:36:53Z">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Tue, 17 Jan 2017 18:43:18 +0000
Tue, 24 Jan 2017 22:13:22 +0000