diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index d81eff2c93..f1e0751125 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 441389 BLAKE2B 093e93262bf483b8a2bcc307a67ed12b9a008b091206b3199a591d3750f160ecd8d405fa2d589c50e6bc2325d61eb79b1d8446527955e000c6a79db6428aa4c4 SHA512 94781b7611851868089b1a2920af50bbaa946ae05421f4009d9efb8e3c447cfa812f2ffd4557a4e7723d44d2c3de8d5f75a986179eb0599749c45f97424f8f9a -TIMESTAMP 2019-04-15T22:38:45Z +MANIFEST Manifest.files.gz 441860 BLAKE2B 42660ae46077e4a9e7437540059276e5d8c03bba0cbf41ae4d1528525d01c1f1aa20986d326ca29f6b004f9ed6d1432a8d0d2105937171bf162dea272120291b SHA512 1f444ca7421a7efb1ae619b481942be43c32f3ca1b877de6feb5d595fd24bd2f5594ee8a4f3f194f5a5b6f9006b608396118df784309aa0cc2de9b3e6a17424a +TIMESTAMP 2019-04-17T20:08:50Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAly1B/VfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAly3h9JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCTTQ/+LoyNjk0WaohJfdGwelXIvxc8PK+Es4GejfugAVE8Kw4j5avBTRncesRy -0K66JbwrVDHapotEGCgebVXlF/aorinnWl/9fImUIgcQ7carpH8w8OZYSFmT6ZLI -Wz2VKDJUS/3bhHw4no+MwXYKkG/z4q+EEo29aXVtDs7tWh8I+XNn3Bc5pf7eOyWv -Wlf1FqK84D/qoRJJO8P5azocqAQ+B0H0U3J6JkWcms4ks/czq+xTqLMki7o8/J2O -8IeJLOK5kDyYG8wMOLhX2Btnth+2stQDv+vcA+UFcAWkuyPv5VpR7rZizZONz4I8 -AcGfd598jYoU1WBvxZ+xDpDe6ryG80RvztSVF3l80t78MoR30vXhLuHHYh3rR9cX -Uey+Mdx9wpz7sg3B+kRpvRDxpQ++u6uzhC5hTgmRazVWcJYx27yC7DCMHWWvtto3 -h7aF4gX3e62pUno2pkQAWvjjwEi5elXNeFNE2gK0+jl6msCthv0C5eMEmmjX26m3 -wIWdTifPdJt3ACOO4E9MGLm5qn1uMuSVtujiqrwuB+tUF9H5m4unZHKXwatNKr7M -lOw3p7j57k0UXu8GyH1lzyxin9ThsA8zTFCeJaoRGmxM1kmNgRV8eGTkllt2xvqZ -+KPpPIoy9Lo/txXM0B1lYoL7B64KWj383VOcx8Eaplc0pgUlti4= -=Zh34 +klCosw/+Jsxx5eQYhfqE+nllUNMvYqnA4JGQvF4sx9iE4taLkgObjgtPJtplUmFY +we74NGpt6LzSHq2RBCw8A6Dmely8aHrIR8qI0WX+LzsPfTKBTiMRUFEkP1kbG5SA +MgRROa7kwt8BIMgHbBVjg09ZTZ3TDme7HDitK/a+jtpCaqOtHsGJTVrrzcRyyGj4 +zR//jMy6QFU5z6pQAqcUF8qVy0fAQhGx3Q5vO5/FOFt/vo1VC1fsTRnFPi09wv4s +/hr22RIL/l//CVDCTargPtnXGQGkIualx6ANdvkU5OUsxyppLgMHnt10cJQ21hCS +CWwQOpql6rXJ1t5ziQwzNaQUzjoVGf3yEu09hUjPkuJCMVszI/6xwDec35iRi/19 +9nfVvwlFC3RRCxWTN4928WOSTgCMF9gKQzs1kVuvsENDXq7u9LvXhXdfgg5LK53R +m7LAEPez2Fs++LMp9S7q/ldjM6bksdoN+dMiT9jVYf3mNxR4SRoLaghJ9JTr61Ne +d5XnILqhUz6vIRSqFjZnoF3FVlNK3uubRoh8QUWwHoKCFqMzNeGlpP/6c2YbyQB7 +mfSlVfQN4EuKzDHBv+PAja1oqfTRd8kKfRWpPdFZN4HHeQvRdE3uLyVQMm/BOw2x +uyn2vCYItXQv+Tq3kZ8o9IlsvbczE9Xna0BlRqMEa/6RCUYIrH8= +=6T8P -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index 6400182233..8a1a92e731 100644 Binary files a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz and b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz differ diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-17.xml new file mode 100644 index 0000000000..16ee810064 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-17.xml @@ -0,0 +1,55 @@ + + + + Patch: Multiple vulnerabilities + Multiple vulnerabilities have been found in Patch, the worst of + which could result in the execution of arbitrary code. + + patch + 2019-04-17 + 2019-04-17 + 647792 + 647794 + 652710 + remote + + + 2.7.6-r3 + 2.7.6-r3 + + + +

Patch takes a patch file containing a difference listing produced by the + diff program and applies those differences to one or more original files, + producing patched versions. +

+ + +

Multiple vulnerabilities have been discovered in Patch. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Patch users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/patch-2.7.6-r3" + + + + + CVE-2018-1000156 + + CVE-2018-6951 + CVE-2018-6952 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-18.xml new file mode 100644 index 0000000000..3c23d4bace --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-18.xml @@ -0,0 +1,44 @@ + + + + libseccomp: Privilege escalation + A vulnerability in libseccomp allows for privilege escalation. + libseccomp + 2019-04-17 + 2019-04-17 + 680442 + remote + + + 2.4.0 + 2.4.0 + + + +

A library that provides an easy to use, platform independent, interface + to the Linux Kernel’s syscall filtering mechanism. +

+ + +

Please review the CVE identifier referenced below for details.

+ + +

Please review the referenced CVE identifier for details.

+ + +

There is no known workaround at this time.

+ + +

All libseccomp users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/libseccomp-2.4.0" + + + + CVE-2019-9893 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-19.xml new file mode 100644 index 0000000000..71f6cdb43a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-19.xml @@ -0,0 +1,48 @@ + + + + Dovecot: Multiple vulnerabilities + Multiple vulnerabilities have been found in Dovecot, the worst of + which could result in root privilege escalation. + + dovecot + 2019-04-17 + 2019-04-17 + 677350 + 681922 + remote + + + 2.3.5.1 + 2.3.5.1 + + + +

Dovecot is an open source IMAP and POP3 email server.

+ + +

Multiple vulnerabilities have been discovered in Dovecot. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details

+ + +

There is no known workaround at this time.

+ + +

All Dovecot users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.3.5.1" + + + + CVE-2019-3814 + CVE-2019-7524 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 62cd880947..d7258a36de 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Mon, 15 Apr 2019 22:38:42 +0000 +Wed, 17 Apr 2019 20:08:47 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index d11ec825e1..0773d72858 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -9b59bd6cf27bbcd9bc148340e6758177e493f624 1555361601 2019-04-15T20:53:21+00:00 +6c18ba31f4c4516ed01d1b3ca04795cfadc11f86 1555526007 2019-04-17T18:33:27+00:00