bump(metadata/glsa): sync with upstream

2025-12-15 22:31:59 +01:00 · 2019-04-17 20:55:08 +00:00 · 2019-04-17 20:55:08 +00:00 · 769e3ca945
commit 769e3ca945
parent 60e9f26c5d
7 changed files with 164 additions and 17 deletions
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512

-MANIFEST Manifest.files.gz 441389 BLAKE2B 093e93262bf483b8a2bcc307a67ed12b9a008b091206b3199a591d3750f160ecd8d405fa2d589c50e6bc2325d61eb79b1d8446527955e000c6a79db6428aa4c4 SHA512 94781b7611851868089b1a2920af50bbaa946ae05421f4009d9efb8e3c447cfa812f2ffd4557a4e7723d44d2c3de8d5f75a986179eb0599749c45f97424f8f9a
-TIMESTAMP 2019-04-15T22:38:45Z
+MANIFEST Manifest.files.gz 441860 BLAKE2B 42660ae46077e4a9e7437540059276e5d8c03bba0cbf41ae4d1528525d01c1f1aa20986d326ca29f6b004f9ed6d1432a8d0d2105937171bf162dea272120291b SHA512 1f444ca7421a7efb1ae619b481942be43c32f3ca1b877de6feb5d595fd24bd2f5594ee8a4f3f194f5a5b6f9006b608396118df784309aa0cc2de9b3e6a17424a
+TIMESTAMP 2019-04-17T20:08:50Z
 -----BEGIN PGP SIGNATURE-----

-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAly1B/VfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAly3h9JfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCTTQ/+LoyNjk0WaohJfdGwelXIvxc8PK+Es4GejfugAVE8Kw4j5avBTRncesRy
-0K66JbwrVDHapotEGCgebVXlF/aorinnWl/9fImUIgcQ7carpH8w8OZYSFmT6ZLI
-Wz2VKDJUS/3bhHw4no+MwXYKkG/z4q+EEo29aXVtDs7tWh8I+XNn3Bc5pf7eOyWv
-Wlf1FqK84D/qoRJJO8P5azocqAQ+B0H0U3J6JkWcms4ks/czq+xTqLMki7o8/J2O
-8IeJLOK5kDyYG8wMOLhX2Btnth+2stQDv+vcA+UFcAWkuyPv5VpR7rZizZONz4I8
-AcGfd598jYoU1WBvxZ+xDpDe6ryG80RvztSVF3l80t78MoR30vXhLuHHYh3rR9cX
-Uey+Mdx9wpz7sg3B+kRpvRDxpQ++u6uzhC5hTgmRazVWcJYx27yC7DCMHWWvtto3
-h7aF4gX3e62pUno2pkQAWvjjwEi5elXNeFNE2gK0+jl6msCthv0C5eMEmmjX26m3
-wIWdTifPdJt3ACOO4E9MGLm5qn1uMuSVtujiqrwuB+tUF9H5m4unZHKXwatNKr7M
-lOw3p7j57k0UXu8GyH1lzyxin9ThsA8zTFCeJaoRGmxM1kmNgRV8eGTkllt2xvqZ
-+KPpPIoy9Lo/txXM0B1lYoL7B64KWj383VOcx8Eaplc0pgUlti4=
-=Zh34
+klCosw/+Jsxx5eQYhfqE+nllUNMvYqnA4JGQvF4sx9iE4taLkgObjgtPJtplUmFY
+we74NGpt6LzSHq2RBCw8A6Dmely8aHrIR8qI0WX+LzsPfTKBTiMRUFEkP1kbG5SA
+MgRROa7kwt8BIMgHbBVjg09ZTZ3TDme7HDitK/a+jtpCaqOtHsGJTVrrzcRyyGj4
+zR//jMy6QFU5z6pQAqcUF8qVy0fAQhGx3Q5vO5/FOFt/vo1VC1fsTRnFPi09wv4s
+/hr22RIL/l//CVDCTargPtnXGQGkIualx6ANdvkU5OUsxyppLgMHnt10cJQ21hCS
+CWwQOpql6rXJ1t5ziQwzNaQUzjoVGf3yEu09hUjPkuJCMVszI/6xwDec35iRi/19
+9nfVvwlFC3RRCxWTN4928WOSTgCMF9gKQzs1kVuvsENDXq7u9LvXhXdfgg5LK53R
+m7LAEPez2Fs++LMp9S7q/ldjM6bksdoN+dMiT9jVYf3mNxR4SRoLaghJ9JTr61Ne
+d5XnILqhUz6vIRSqFjZnoF3FVlNK3uubRoh8QUWwHoKCFqMzNeGlpP/6c2YbyQB7
+mfSlVfQN4EuKzDHBv+PAja1oqfTRd8kKfRWpPdFZN4HHeQvRdE3uLyVQMm/BOw2x
+uyn2vCYItXQv+Tq3kZ8o9IlsvbczE9Xna0BlRqMEa/6RCUYIrH8=
+=6T8P
 -----END PGP SIGNATURE-----
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-17.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-17.xml
@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-17">
+  <title>Patch: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Patch, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">patch</product>
+  <announced>2019-04-17</announced>
+  <revised count="1">2019-04-17</revised>
+  <bug>647792</bug>
+  <bug>647794</bug>
+  <bug>652710</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-devel/patch" auto="yes" arch="*">
+      <unaffected range="ge">2.7.6-r3</unaffected>
+      <vulnerable range="lt">2.7.6-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Patch takes a patch file containing a difference listing produced by the
+      diff program and applies those differences to one or more original files,
+      producing patched versions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Patch. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Patch users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/patch-2.7.6-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000156">
+      CVE-2018-1000156
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6951">CVE-2018-6951</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6952">CVE-2018-6952</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-11T21:19:29Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-04-17T18:28:49Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-18.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-18.xml
@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-18">
+  <title>libseccomp: Privilege escalation</title>
+  <synopsis>A vulnerability in libseccomp allows for privilege escalation.</synopsis>
+  <product type="ebuild">libseccomp</product>
+  <announced>2019-04-17</announced>
+  <revised count="1">2019-04-17</revised>
+  <bug>680442</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-libs/libseccomp" auto="yes" arch="*">
+      <unaffected range="ge">2.4.0</unaffected>
+      <vulnerable range="lt">2.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library that provides an easy to use, platform independent, interface
+      to the Linux Kernel’s syscall filtering mechanism.
+    </p>
+  </background>
+  <description>
+    <p>Please review the CVE identifier referenced below for details.</p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifier for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libseccomp users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/libseccomp-2.4.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9893">CVE-2019-9893</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-24T13:22:58Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-17T18:31:42Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-19.xml
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-19.xml
@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201904-19">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of
+    which could result in root privilege escalation.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2019-04-17</announced>
+  <revised count="1">2019-04-17</revised>
+  <bug>677350</bug>
+  <bug>681922</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">2.3.5.1</unaffected>
+      <vulnerable range="lt">2.3.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an open source IMAP and POP3 email server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dovecot. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.3.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3814">CVE-2019-3814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7524">CVE-2019-7524</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-04-02T07:08:40Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-04-17T18:33:06Z">b-man</metadata>
+</glsa>
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@ -1 +1 @@
-Mon, 15 Apr 2019 22:38:42 +0000
+Wed, 17 Apr 2019 20:08:47 +0000
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@ -1 +1 @@
-9b59bd6cf27bbcd9bc148340e6758177e493f624 1555361601 2019-04-15T20:53:21+00:00
+6c18ba31f4c4516ed01d1b3ca04795cfadc11f86 1555526007 2019-04-17T18:33:27+00:00