mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-03 03:21:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2017-08-21 10:25:12 -07:00
parent 293363aac1
commit 802726937a
21 changed files with 557 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-02.xml vendored
View File

@ -7,13 +7,13 @@
</synopsis>
<product type="ebuild">game-music-emu</product>
<announced>2017-07-08</announced>
<revised>2017-07-08: 1</revised>
<revised>2017-08-06: 2</revised>
<bug>603092</bug>
<access>remote</access>
<affected>
<package name="media-libs/game-music-emu" auto="yes" arch="*">
<unaffected range="ge" slot="">0.6.1</unaffected>
<vulnerable range="lt" slot="">0.6.1</vulnerable>
<unaffected range="ge">0.6.1</unaffected>
<vulnerable range="lt">0.6.1</vulnerable>
</package>
</affected>
<background>
@ -52,5 +52,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9961">CVE-2016-9961</uri>
</references>
<metadata tag="requester" timestamp="2017-03-24T05:27:52Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-08T12:04:39Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:04:13Z">whissi</metadata>
</glsa>

12
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-03.xml vendored
View File

@ -7,15 +7,15 @@
</synopsis>
<product type="ebuild">phpmyadmin</product>
<announced>2017-07-08</announced>
<revised>2017-07-08: 1</revised>
<revised>2017-08-06: 2</revised>
<bug>614522</bug>
<access>remote</access>
<affected>
<package name="dev-db/phpmyadmin" auto="yes" arch="*">
<unaffected range="ge" slot="">4.0.10.20</unaffected>
<unaffected range="ge" slot="">4.7.0</unaffected>
<vulnerable range="lt" slot="">4.0.10.20</vulnerable>
<vulnerable range="lt" slot="">4.7.0</vulnerable>
<unaffected range="ge">4.0.10.20</unaffected>
<unaffected range="ge">4.7.0</unaffected>
<vulnerable range="lt">4.0.10.20</vulnerable>
<vulnerable range="lt">4.7.0</vulnerable>
</package>
</affected>
<background>
@ -62,5 +62,5 @@
<uri link="https://www.phpmyadmin.net/security/PMASA-2017-8/">PMASA-2017-8</uri>
</references>
<metadata tag="requester" timestamp="2017-04-28T01:10:27Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-08T12:04:56Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:05:30Z">whissi</metadata>
</glsa>

8
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-04.xml vendored
View File

@ -7,13 +7,13 @@
</synopsis>
<product type="ebuild">libsndfile</product>
<announced>2017-07-08</announced>
<revised>2017-07-08: 1</revised>
<revised>2017-08-06: 2</revised>
<bug>618010</bug>
<access>remote</access>
<affected>
<package name="media-libs/libsndfile" auto="yes" arch="*">
<unaffected range="ge" slot="">1.0.28</unaffected>
<vulnerable range="lt" slot="">1.0.28</vulnerable>
<unaffected range="ge">1.0.28</unaffected>
<vulnerable range="lt">1.0.28</vulnerable>
</package>
</affected>
<background>
@ -51,5 +51,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7742">CVE-2017-7742</uri>
</references>
<metadata tag="requester" timestamp="2017-05-21T07:41:05Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-08T12:05:10Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:06:09Z">whissi</metadata>
</glsa>

8
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-05.xml vendored
View File

@ -8,7 +8,7 @@
</synopsis>
<product type="ebuild">OpenSLP</product>
<announced>2017-07-08</announced>
<revised>2017-07-08: 1</revised>
<revised>2017-08-06: 3</revised>
<bug>360061</bug>
<bug>434918</bug>
<bug>583396</bug>
@ -16,8 +16,8 @@
<access>remote</access>
<affected>
<package name="net-libs/openslp" auto="yes" arch="*">
<unaffected range="ge" slot="">2.0.0-r4</unaffected>
<vulnerable range="lt" slot="">2.0.0-r4</vulnerable>
<unaffected range="ge">2.0.0-r4</unaffected>
<vulnerable range="lt">2.0.0-r4</vulnerable>
</package>
</affected>
<background>
@ -53,5 +53,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7567">CVE-2016-7567</uri>
</references>
<metadata tag="requester" timestamp="2017-05-21T02:50:48Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-08T12:05:22Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:06:57Z">whissi</metadata>
</glsa>

8
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-06.xml vendored
View File

@ -8,7 +8,7 @@
</synopsis>
<product type="ebuild">virglrenderer</product>
<announced>2017-07-08</announced>
<revised>2017-07-08: 1</revised>
<revised>2017-08-06: 2</revised>
<bug>606996</bug>
<bug>607022</bug>
<bug>608734</bug>
@ -24,8 +24,8 @@
<access>local</access>
<affected>
<package name="media-libs/virglrenderer" auto="yes" arch="*">
<unaffected range="ge" slot="">0.6.0</unaffected>
<vulnerable range="lt" slot="">0.6.0</vulnerable>
<unaffected range="ge">0.6.0</unaffected>
<vulnerable range="lt">0.6.0</vulnerable>
</package>
</affected>
<background>
@ -71,5 +71,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6386">CVE-2017-6386</uri>
</references>
<metadata tag="requester" timestamp="2017-05-05T00:14:09Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-08T12:06:05Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:08:07Z">whissi</metadata>
</glsa>

8
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-07.xml vendored
View File

@ -7,7 +7,7 @@
</synopsis>
<product type="ebuild">JasPer</product>
<announced>2017-07-08</announced>
<revised>2017-07-08: 1</revised>
<revised>2017-08-06: 2</revised>
<bug>559164</bug>
<bug>559168</bug>
<bug>571256</bug>
@ -16,8 +16,8 @@
<access>remote</access>
<affected>
<package name="media-libs/jasper" auto="yes" arch="*">
<unaffected range="ge" slot="">2.0.12</unaffected>
<vulnerable range="lt" slot="">2.0.12</vulnerable>
<unaffected range="ge">2.0.12</unaffected>
<vulnerable range="lt">2.0.12</vulnerable>
</package>
</affected>
<background>
@ -54,5 +54,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9591">CVE-2016-9591</uri>
</references>
<metadata tag="requester" timestamp="2017-04-30T19:55:35Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-08T12:06:24Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:08:50Z">whissi</metadata>
</glsa>

8
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-08.xml vendored
View File

@ -7,13 +7,13 @@
</synopsis>
<product type="ebuild">feh</product>
<announced>2017-07-08</announced>
<revised>2017-07-08: 1</revised>
<revised>2017-08-06: 2</revised>
<bug>616470</bug>
<access>remote</access>
<affected>
<package name="media-gfx/feh" auto="yes" arch="*">
<unaffected range="ge" slot="">2.18.3</unaffected>
<vulnerable range="lt" slot="">2.18.3</vulnerable>
<unaffected range="ge">2.18.3</unaffected>
<vulnerable range="lt">2.18.3</vulnerable>
</package>
</affected>
<background>
@ -47,5 +47,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7875">CVE-2017-7875</uri>
</references>
<metadata tag="requester" timestamp="2017-05-05T00:04:28Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-08T12:06:41Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:09:29Z">whissi</metadata>
</glsa>

8
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-09.xml vendored
View File

@ -7,13 +7,13 @@
</synopsis>
<product type="ebuild">nm-applet</product>
<announced>2017-07-08</announced>
<revised>2017-07-08: 1</revised>
<revised>2017-08-06: 2</revised>
<bug>613768</bug>
<access>local</access>
<affected>
<package name="gnome-extra/nm-applet" auto="yes" arch="*">
<unaffected range="ge" slot="">1.4.6-r1</unaffected>
<vulnerable range="lt" slot="">1.4.6-r1</vulnerable>
<unaffected range="ge">1.4.6-r1</unaffected>
<vulnerable range="lt">1.4.6-r1</vulnerable>
</package>
</affected>
<background>
@ -49,5 +49,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6590">CVE-2017-6590</uri>
</references>
<metadata tag="requester" timestamp="2017-04-02T12:44:50Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-08T12:07:02Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:10:08Z">whissi</metadata>
</glsa>

10
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-12.xml vendored
View File

@ -7,13 +7,13 @@
</synopsis>
<product type="ebuild">man-db</product>
<announced>2017-07-09</announced>
<revised>2017-07-09: 1</revised>
<revised>2017-08-06: 2</revised>
<bug>602588</bug>
<access>local</access>
<affected>
<package name="sys-apps/man-db" auto="yes" arch="*">
<unaffected range="ge" slot="">2.7.6.1-r2</unaffected>
<vulnerable range="lt" slot="">2.7.6.1-r2</vulnerable>
<unaffected range="ge">2.7.6.1-r2</unaffected>
<vulnerable range="lt">2.7.6.1-r2</vulnerable>
</package>
</affected>
<background>
@ -40,12 +40,12 @@
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/man-db-2.7.6.1-r2"
# emerge --ask --oneshot --verbose "&gt;=sys-apps/man-db-2.7.6.1-r2:0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1336">CVE-2015-1336</uri>
</references>
<metadata tag="requester" timestamp="2017-01-18T16:57:30Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-07-09T20:19:23Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:10:41Z">whissi</metadata>
</glsa>

8
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-13.xml vendored
View File

@ -7,13 +7,13 @@
</synopsis>
<product type="ebuild">libcroco</product>
<announced>2017-07-09</announced>
<revised>2017-07-09: 1</revised>
<revised>2017-08-06: 3</revised>
<bug>618012</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libcroco" auto="yes" arch="*">
<unaffected range="ge" slot="">0.6.12-r1</unaffected>
<vulnerable range="lt" slot="">0.6.12-r1</vulnerable>
<unaffected range="ge">0.6.12-r1</unaffected>
<vulnerable range="lt">0.6.12-r1</vulnerable>
</package>
</affected>
<background>
@ -46,5 +46,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7961">CVE-2017-7961</uri>
</references>
<metadata tag="requester" timestamp="2017-05-21T07:37:50Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-09T20:40:19Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-06T11:11:14Z">whissi</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-14.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201707-14">
<title>Gajim: Information disclosure</title>
<synopsis>A vulnerability in Gajim might allow remote attackers to intercept
encrypted communications.
</synopsis>
<product type="ebuild">gajim</product>
<announced>2017-07-10</announced>
<revised>2017-07-10: 1</revised>
<bug>620146</bug>
<access>remote</access>
<affected>
<package name="net-im/gajim" auto="yes" arch="*">
<unaffected range="ge">0.16.6-r1</unaffected>
<vulnerable range="lt">0.16.6-r1</vulnerable>
</package>
</affected>
<background>
<p>Gajim is a Jabber/XMPP client which uses GTK+.</p>
</background>
<description>
<p>Gajim unconditionally implements the “XEP-0146: Remote Controlling
Clients” extension.
</p>
</description>
<impact type="normal">
<p>Remote attackers, by enticing a user to connect to a malicious XMPP
server, could extract plaintext from Off The Record (OTR) encrypted
sessions.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Gajim users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-im/gajim-0.16.6-r1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10376">
CVE-2016-10376
</uri>
</references>
<metadata tag="requester" timestamp="2017-07-04T21:23:24Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-07-10T00:02:36Z">b-man</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201707-15.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201707-15">
<title>Adobe Flash Player: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which allows remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">adobeflashplayer</product>
<announced>2017-07-21</announced>
<revised>2017-07-21: 1</revised>
<bug>621680</bug>
<bug>624620</bug>
<access>remote</access>
<affected>
<package name="www-plugins/adobe-flash" auto="yes" arch="*">
<unaffected range="ge">26.0.0.137</unaffected>
<vulnerable range="lt">26.0.0.137</vulnerable>
</package>
</affected>
<background>
<p>The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process or bypass security restrictions.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Adobe Flash users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-plugins/adobe-flash-26.0.0.137"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3075">CVE-2017-3075</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3076">CVE-2017-3076</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3077">CVE-2017-3077</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3078">CVE-2017-3078</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3079">CVE-2017-3079</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3080">CVE-2017-3080</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3081">CVE-2017-3081</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3082">CVE-2017-3082</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3083">CVE-2017-3083</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3084">CVE-2017-3084</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3099">CVE-2017-3099</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3100">CVE-2017-3100</uri>
</references>
<metadata tag="requester" timestamp="2017-07-16T01:48:22Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-07-21T23:12:54Z">b-man</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201708-01.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201708-01">
<title>BIND: Multiple vulnerabilities </title>
<synopsis>Multiple vulnerabilities have been found in BIND, the worst of
which allows remote attackers to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">bind</product>
<announced>2017-08-17</announced>
<revised>2017-08-17: 1</revised>
<bug>605454</bug>
<bug>608740</bug>
<bug>615420</bug>
<bug>621730</bug>
<access>remote</access>
<affected>
<package name="net-dns/bind" auto="yes" arch="*">
<unaffected range="ge">9.11.1_p1</unaffected>
<vulnerable range="lt">9.11.1_p1</vulnerable>
</package>
</affected>
<background>
<p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in BIND. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could send a specially crafted DNS request to the BIND
resolver resulting in a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All BIND users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.11.1_p1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9131">CVE-2016-9131</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9147">CVE-2016-9147</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9444">CVE-2016-9444</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9778">CVE-2016-9778</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3135">CVE-2017-3135</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3136">CVE-2017-3136</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3137">CVE-2017-3137</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3138">CVE-2017-3138</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3140">CVE-2017-3140</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3141">CVE-2017-3141</uri>
</references>
<metadata tag="requester" timestamp="2017-06-08T18:18:24Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-17T02:10:16Z">whissi</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201708-02.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201708-02">
<title>TNEF: Multiple vulnerabilities </title>
<synopsis>Multiple vulnerabilities have been found in TNEF, the worst of
which allows remote attackers to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">tnef</product>
<announced>2017-08-17</announced>
<revised>2017-08-17: 1</revised>
<bug>611426</bug>
<bug>618658</bug>
<access>remote</access>
<affected>
<package name="net-mail/tnef" auto="yes" arch="*">
<unaffected range="ge">1.4.15</unaffected>
<vulnerable range="lt">1.4.15</vulnerable>
</package>
</affected>
<background>
<p>TNEF is a program for unpacking MIME attachments of type
“application/ms-tnef”.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in TNEF. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to process a specially crafted
MIME attachment of type “application/ms-tnef” using TNEF, possibly
resulting in a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All TNEF users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-mail/tnef-1.4.15"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6307">CVE-2017-6307</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6308">CVE-2017-6308</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6309">CVE-2017-6309</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6310">CVE-2017-6310</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8911">CVE-2017-8911</uri>
</references>
<metadata tag="requester" timestamp="2017-05-21T07:12:51Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-08-17T03:12:51Z">whissi</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201708-04.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201708-04">
<title>Ked Password Manager: Information leak</title>
<synopsis>An insecure file usage has been reported in Ked Password Manager
possibly allowing confidential information to be disclosed.
</synopsis>
<product type="ebuild">kedpm</product>
<announced>2017-08-21</announced>
<revised>2017-08-21: 1</revised>
<bug>616690</bug>
<access>local, remote</access>
<affected>
<package name="app-admin/kedpm" auto="yes" arch="*">
<vulnerable range="lt">0.4.0-r2</vulnerable>
</package>
</affected>
<background>
<p>Helps to manage large numbers of passwords and related information and
simplifies the tasks of searching and entering password data.
</p>
</background>
<description>
<p>A history file in ~/.kedpm/history is written in clear text. All of the
commands performed in the password manager are written there. This can
lead to the disclosure of the master password if the “password”
command is used with an argument. The names of the password entries
created and consulted are also accessible in clear text.
</p>
</description>
<impact type="normal">
<p>An attacker could obtain confidential information.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo Security recommends that users unmerge Ked Password Manager:</p>
<code>
# emerge --unmerge "app-admin/kedpm"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8296">CVE-2017-8296</uri>
</references>
<metadata tag="requester" timestamp="2017-08-14T23:18:50Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-08-21T00:06:05Z">b-man</metadata>
</glsa>

65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201708-05.xml vendored Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201708-05">
<title>RAR and UnRAR: User-assisted execution of arbitrary code</title>
<synopsis>An integer overflow in RAR and UnRAR might allow remote attackers
to execute arbitrary code.
</synopsis>
<product type="ebuild">rar,unrar</product>
<announced>2017-08-21</announced>
<revised>2017-08-21: 1</revised>
<bug>622342</bug>
<bug>622382</bug>
<access>remote</access>
<affected>
<package name="app-arch/rar" auto="yes" arch="*">
<unaffected range="ge">5.5.0_beta4_p20170628</unaffected>
<vulnerable range="lt">5.5.0_beta4_p20170628</vulnerable>
</package>
<package name="app-arch/unrar" auto="yes" arch="*">
<unaffected range="ge">5.5.5</unaffected>
<vulnerable range="lt">5.5.5</vulnerable>
</package>
</affected>
<background>
<p>RAR and UnRAR provide command line interfaces for compressing and
decompressing RAR files.
</p>
</background>
<description>
<p>A VMSF_DELTA memory corruption was discovered in which an integer
overflow can be caused in DataSize+CurChannel. The result is a negative
value of the “DestPos” variable which allows writing out of bounds
when setting Mem[DestPos].
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing a user to open a specially crafted
archive, could execute arbitrary code with the privileges of the process.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All RAR users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=app-arch/rar-5.5.0_beta4_p20170628"
</code>
<p>All UnRAR users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-arch/unrar-5.5.5"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6706">CVE-2012-6706</uri>
</references>
<metadata tag="requester" timestamp="2017-06-21T12:23:53Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-21T01:03:02Z">b-man</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201708-06.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201708-06">
<title>GPL Ghostscript: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the
worst of which can resulting in the execution of arbitrary code.
</synopsis>
<product type="ebuild">ghostscriptgpl</product>
<announced>2017-08-21</announced>
<revised>2017-08-21: 1</revised>
<bug>616814</bug>
<bug>617016</bug>
<bug>617018</bug>
<bug>617020</bug>
<bug>617022</bug>
<bug>618818</bug>
<access>remote</access>
<affected>
<package name="app-text/ghostscript-gpl" auto="yes" arch="*">
<unaffected range="ge">9.21</unaffected>
<vulnerable range="lt">9.21</vulnerable>
</package>
</affected>
<background>
<p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
review the CVE identifiers referenced below for additional information.
</p>
</description>
<impact type="normal">
<p>A context-dependent attacker could entice a user to open a specially
crafted PostScript file or PDF document using GPL Ghostscript possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GPL Ghostscript users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gpl-9.21"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10219">
CVE-2016-10219
</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10220">
CVE-2016-10220
</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5951">CVE-2017-5951</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6196">CVE-2017-6196</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7207">CVE-2017-7207</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8291">CVE-2017-8291</uri>
</references>
<metadata tag="requester" timestamp="2017-07-17T22:58:42Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-08-21T01:03:33Z">b-man</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201708-07.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201708-07">
<title>evilvte: User-assisted execution of arbitrary code </title>
<synopsis>Improper hypertext validation might allow remote attackers to
execute arbitrary code.
</synopsis>
<product type="ebuild">evilvte</product>
<announced>2017-08-21</announced>
<revised>2017-08-21: 1</revised>
<bug>611290</bug>
<access>remote</access>
<affected>
<package name="x11-terms/evilvte" auto="yes" arch="*">
<vulnerable range="lt">0.5.1</vulnerable>
</package>
</affected>
<background>
<p>VTE based, highly customizable terminal emulator</p>
</background>
<description>
<p>Steve Kemp of Debian identified a flaw in evilvte which does not
properly validate hypertext links. Please review the Debian bug report
referenced below.
</p>
</description>
<impact type="normal">
<p>Remote attackers could execute arbitrary code by enticing a user to
click a hyperlink in their terminal.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo Security recommends that users unmerge evilvte:</p>
<code>
# emerge --unmerge "x11-terms/evilvte"
</code>
</resolution>
<references>
<uri link="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854585">Debian
Bug #854585
</uri>
</references>
<metadata tag="requester" timestamp="2017-08-14T23:29:51Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-08-21T01:03:58Z">b-man</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201708-08.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201708-08">
<title>bzip2: Denial of Service</title>
<synopsis>An use-after-free vulnerability has been found in bzip2 that could
allow remote attackers to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">bzip2</product>
<announced>2017-08-21</announced>
<revised>2017-08-21: 1</revised>
<bug>620466</bug>
<access>remote</access>
<affected>
<package name="app-arch/bzip2" auto="yes" arch="*">
<unaffected range="ge" slot="">1.0.6-r8</unaffected>
<vulnerable range="lt" slot="">1.0.6-r8</vulnerable>
</package>
</affected>
<background>
<p>bzip2 is a high-quality data compressor used extensively by Gentoo
Linux.
</p>
</background>
<description>
<p>A use-after-free flaw was found in bzip2recover, leading to a null
pointer dereference, or a write to a closed file descriptor. Please
review the CVE identifier referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to process a specially crafted
bzip2 archive using bzip2recover, possibly resulting in a Denial of
Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All bzip2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-arch/bzip2-1.0.6-r8"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3189">CVE-2016-3189</uri>
</references>
<metadata tag="requester" timestamp="2017-06-04T20:39:15Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-08-21T01:24:45Z">whissi</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Sun, 09 Jul 2017 23:40:01 +0000
Mon, 21 Aug 2017 16:39:23 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
0d1886fce079a5b039baee6ef4287f5a55945dea 1499633121 2017-07-09T20:45:21+00:00
e6b03f4f47a8d3f64f4dc686f054a6ecc4d23f8e 1503278719 2017-08-21T01:25:19+00:00