mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-19 05:21:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2017-09-29 11:29:43 -07:00
parent 95f054aadb
commit 89cb118391
2529 changed files with 26180 additions and 26432 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-03.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200310-03">
<title>Apache: multiple buffer overflows</title>
<synopsis>
@ -9,7 +8,7 @@
</synopsis>
<product type="ebuild">Apache</product>
<announced>2003-10-28</announced>
<revised>December 30, 2007: 02</revised>
<revised>2007-12-30: 02</revised>
<bug>32194</bug>
<access>local</access>
<affected>
@ -57,6 +56,6 @@
# /etc/init.d/apache restart</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542 (under review at time of GLSA)</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542 (under review at time of GLSA)</uri>
</references>
</glsa>

7
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200310-04.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200310-04">
<title>Apache: buffer overflows and a possible information disclosure</title>
<synopsis>
@ -11,7 +10,7 @@
</synopsis>
<product type="ebuild">Apache</product>
<announced>2003-10-31</announced>
<revised>December 30, 2007: 02</revised>
<revised>2007-12-30: 02</revised>
<bug>32271</bug>
<access>local</access>
<affected>
@ -65,7 +64,7 @@
</p>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789">CAN-2003-0789</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789">CAN-2003-0789</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542</uri>
</references>
</glsa>

7
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-01.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-01">
<title>kdebase: KDM vulnerabilities</title>
<synopsis>
@ -58,8 +57,8 @@
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690">CAN-2003-0690</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692">CAN-2003-0692</uri>
<uri link="http://www.kde.org/info/security/advisory-20030916-1.txt">KDE Security Advisory</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690">CAN-2003-0690</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692">CAN-2003-0692</uri>
<uri link="https://www.kde.org/info/security/advisory-20030916-1.txt">KDE Security Advisory</uri>
</references>
</glsa>

3
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-02.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-02">
<title>Opera: buffer overflows in 7.11 and 7.20</title>
<synopsis>
@ -58,7 +57,7 @@
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0870">CAN-2003-0870</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0870">CAN-2003-0870</uri>
<uri link="http://www.atstake.com/research/advisories/2003/a102003-1.txt">@stake Security Advisory</uri>
</references>
</glsa>

3
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-03.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-03">
<title>HylaFAX: Remote code exploit in hylafax</title>
<synopsis>
@ -54,7 +53,7 @@
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0886">CAN-2003-0886</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0886">CAN-2003-0886</uri>
<uri link="http://www.novell.com/linux/security/advisories/2003_045_hylafax.html">SuSE Security Announcment</uri>
</references>
</glsa>

1
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-04.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-04">
<title>FreeRADIUS: heap exploit and NULL pointer dereference vulnerability</title>
<synopsis>

1
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-05.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-05">
<title>Ethereal: security problems in ethereal 0.9.15</title>
<synopsis>

3
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-06.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-06">
<title>glibc: getgrouplist buffer overflow vulnerability</title>
<synopsis>
@ -53,6 +52,6 @@
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689">CAN-2003-0689</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689">CAN-2003-0689</uri>
</references>
</glsa>

5
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-07.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-07">
<title>phpSysInfo: arbitrary code execution and directory traversal</title>
<synopsis>
@ -9,7 +8,7 @@
</synopsis>
<product type="ebuild">phpSysInfo</product>
<announced>2003-11-22</announced>
<revised>December 30, 2007: 02</revised>
<revised>2007-12-30: 02</revised>
<bug>26782</bug>
<access>local</access>
<affected>
@ -53,6 +52,6 @@
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0536">CAN-2003-0536</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0536">CAN-2003-0536</uri>
</references>
</glsa>

3
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200311-08.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200311-08">
<title>Libnids: remote code execution vulnerability</title>
<synopsis>
@ -50,6 +49,6 @@
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850">CAN-2003-0850</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850">CAN-2003-0850</uri>
</references>
</glsa>

1
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-01.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-01">
<title>rsync.gentoo.org: rotation server compromised</title>
<synopsis>

9
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-03.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-03">
<title>rsync: exploitable heap overflow</title>
<synopsis>
@ -67,9 +66,9 @@
# /etc/init.d/rsyncd restart</code>
</resolution>
<references>
<uri link="http://rsync.samba.org/#security_dec03">Rsync Security Advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962">CAN-2003-0962</uri>
<uri link="http://security.gentoo.org/glsa/glsa-200312-02.xml">GLSA-200312-02</uri>
<uri link="http://security.gentoo.org/glsa/glsa-200312-01.xml">GLSA-200312-01</uri>
<uri link="https://rsync.samba.org/#security_dec03">Rsync Security Advisory</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962">CAN-2003-0962</uri>
<uri link="https://security.gentoo.org/glsa/glsa-200312-02.xml">GLSA-200312-02</uri>
<uri link="https://security.gentoo.org/glsa/glsa-200312-01.xml">GLSA-200312-01</uri>
</references>
</glsa>

3
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-04.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-04">
<title>CVS: malformed module request vulnerability</title>
<synopsis>
@ -61,6 +60,6 @@
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977">CAN-2003-0977</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977">CAN-2003-0977</uri>
</references>
</glsa>

3
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-05.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-05">
<title>GnuPG: ElGamal signing keys compromised and format string vulnerability</title>
<synopsis>
@ -65,7 +64,7 @@
# emerge clean</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0971">CAN-2003-0971</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0971">CAN-2003-0971</uri>
<uri link="http://marc.theaimsgroup.com/?l=gnupg-announce&amp;m=106992378510843&amp;q=raw">GnuPG Announcement</uri>
<uri link="http://www.s-quadra.com/advisories/Adv-20031203.txt">S-Quadra Advisory</uri>
</references>

3
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-06.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-06">
<title>XChat: malformed dcc send request denial of service</title>
<synopsis>
@ -59,6 +58,6 @@
</p>
</resolution>
<references>
<uri link="http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html">XChat Announcement</uri>
<uri link="https://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html">XChat Announcement</uri>
</references>
</glsa>

9
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-07.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-07">
<title>Two buffer overflows in lftp</title>
<synopsis>
@ -8,8 +7,8 @@
a malicious ftp server, could lead to malicious code being executed.
</synopsis>
<product type="ebuild">lftp</product>
<announced>December 13, 2003</announced>
<revised>200312-07: 2</revised>
<announced>2003-12-13</announced>
<revised>2003-12-07: 2</revised>
<bug>35866</bug>
<access>remote</access>
<affected>
@ -64,8 +63,8 @@
</p>
<code>
# emerge sync
# emerge -pv '>=net-ftp/lftp-2.6.10'
# emerge '>=net-ftp/lftp-2.6.10'
# emerge -pv '&gt;=net-ftp/lftp-2.6.10'
# emerge '&gt;=net-ftp/lftp-2.6.10'
# emerge clean</code>
</resolution>
<references>

1
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200312-08.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200312-08">
<title>CVS: possible root compromise when using CVS pserver</title>
<synopsis>

21
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-01.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200401-01">
<title>Linux kernel do_mremap() local privilege escalation vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
which allows for local privelege escalation.
</synopsis>
<product type="ebuild">Kernel</product>
<announced>January 08, 2004</announced>
<revised>January 08, 2004: 01</revised>
<announced>2004-01-08</announced>
<revised>2004-01-08: 01</revised>
<bug>37292</bug>
<access>local</access>
<affected>
@ -212,15 +211,15 @@
their system:
</p>
<code>
$> emerge sync
$> emerge -pv your-favourite-sources
$> emerge your-favourite-sources
$> # Follow usual procedure for compiling and installing a kernel.
$> # If you use genkernel, run genkernel as you would do normally.
$&gt; emerge sync
$&gt; emerge -pv your-favourite-sources
$&gt; emerge your-favourite-sources
$&gt; # Follow usual procedure for compiling and installing a kernel.
$&gt; # If you use genkernel, run genkernel as you would do normally.
$> # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
$> # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
$> # REPORTS THAT THE SAME VERSION IS INSTALLED.</code>
$&gt; # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
$&gt; # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
$&gt; # REPORTS THAT THE SAME VERSION IS INSTALLED.</code>
</resolution>
<references>
<uri link="http://isec.pl/vulnerabilities/isec-0012-mremap.txt">Vulnerability</uri>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-02.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200401-02">
<title>Honeyd remote detection vulnerability via a probe packet</title>
<synopsis>
@ -9,8 +8,8 @@
known.
</synopsis>
<product type="ebuild">honeyd</product>
<announced>January 21, 2004</announced>
<revised>January 21, 2004: 01</revised>
<announced>2004-01-21</announced>
<revised>2004-01-21: 01</revised>
<bug>38934</bug>
<access>remote</access>
<affected>
@ -51,9 +50,9 @@
All users are recommended to update to honeyd version 0.8:
</p>
<code>
$> emerge sync
$> emerge -pv ">=net-analyzer/honeyd-0.8"
$> emerge ">=net-analyzer/honeyd-0.8"</code>
$&gt; emerge sync
$&gt; emerge -pv "&gt;=net-analyzer/honeyd-0.8"
$&gt; emerge "&gt;=net-analyzer/honeyd-0.8"</code>
</resolution>
<references>
<uri link="http://www.honeyd.org/adv.2004-01.asc">Honeyd Security Advisory 2004-001</uri>

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-03.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200401-03">
<title>Apache mod_python Denial of Service vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
malformed query string was sent.
</synopsis>
<product type="ebuild">mod_python</product>
<announced>January 27, 2004</announced>
<revised>December 30, 2007: 02</revised>
<announced>2004-01-27</announced>
<revised>2007-12-30: 02</revised>
<bug>39154</bug>
<access>remote</access>
<affected>
@ -56,12 +55,12 @@
update their mod_python installation:
</p>
<code>
$> emerge sync
$> emerge -pv ">=www-apache/mod_python-2.7.10"
$> emerge ">=www-apache/mod_python-2.7.10"
$> /etc/init.d/apache restart</code>
$&gt; emerge sync
$&gt; emerge -pv "&gt;=www-apache/mod_python-2.7.10"
$&gt; emerge "&gt;=www-apache/mod_python-2.7.10"
$&gt; /etc/init.d/apache restart</code>
</resolution>
<references>
<uri link="http://www.modpython.org/pipermail/mod_python/2004-January/014879.html">Mod_python 2.7.10 release announcement</uri>
<uri link="https://www.modpython.org/pipermail/mod_python/2004-January/014879.html">Mod_python 2.7.10 release announcement</uri>
</references>
</glsa>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200401-04.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200401-04">
<title>GAIM 0.75 Remote overflows</title>
<synopsis>
@ -8,8 +7,8 @@
GAIM that could lead to a remote compromise of the IM client.
</synopsis>
<product type="ebuild">GAIM</product>
<announced>January 26, 2004</announced>
<revised>January 26, 2004: 01</revised>
<announced>2004-01-26</announced>
<revised>2004-01-26: 01</revised>
<bug>39470</bug>
<access>man-in-the-middle</access>
<affected>
@ -68,9 +67,9 @@
All users are recommended to upgrade GAIM to 0.75-r7.
</p>
<code>
$> emerge sync
$> emerge -pv ">=net-im/gaim-0.75-r7"
$> emerge ">=net-im/gaim-0.75-r7"</code>
$&gt; emerge sync
$&gt; emerge -pv "&gt;=net-im/gaim-0.75-r7"
$&gt; emerge "&gt;=net-im/gaim-0.75-r7"</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/archive/1/351235/2004-01-23/2004-01-29/0">Security advisory from Stefan Esser</uri>

25
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-01.xml vendored
View File

@ -1,19 +1,18 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-01">
<title>PHP setting leaks from .htaccess files on virtual hosts</title>
<synopsis>
If the server configuration &quot;php.ini&quot; file has
&quot;register_globals = on&quot; and a request is made to one virtual host
(which has &quot;php_admin_flag register_globals off&quot;) and the next
If the server configuration "php.ini" file has
"register_globals = on" and a request is made to one virtual host
(which has "php_admin_flag register_globals off") and the next
request is sent to the another virtual host (which does not have the
setting) global variables may leak and may be used to exploit the
site.
</synopsis>
<product type="ebuild">PHP</product>
<announced>February 07, 2004</announced>
<revised>February 07, 2004: 01</revised>
<announced>2004-02-07</announced>
<revised>2004-02-07: 01</revised>
<bug>39952</bug>
<access>remote</access>
<affected>
@ -30,9 +29,9 @@
</background>
<description>
<p>
If the server configuration &quot;php.ini&quot; file has
&quot;register_globals = on&quot; and a request is made to one virtual host
(which has &quot;php_admin_flag register_globals off&quot;) and the next
If the server configuration "php.ini" file has
"register_globals = on" and a request is made to one virtual host
(which has "php_admin_flag register_globals off") and the next
request is sent to the another virtual host (which does not have the
setting) through the same apache child, the setting will persist.
</p>
@ -45,7 +44,7 @@
result, users are urged to upgrade their PHP installations.
</p>
<p>
Gentoo ships PHP with &quot;register_globals&quot; set to &quot;off&quot;
Gentoo ships PHP with "register_globals" set to "off"
by default.
</p>
<p>
@ -64,10 +63,10 @@
</p>
<code>
# emerge sync
# emerge -pv ">=dev-php/mod_php-4.3.4-r4"
# emerge ">=dev-php/mod_php-4.3.4-r4"</code>
# emerge -pv "&gt;=dev-php/mod_php-4.3.4-r4"
# emerge "&gt;=dev-php/mod_php-4.3.4-r4"</code>
</resolution>
<references>
<uri link="http://bugs.php.net/bug.php?id=25753">Corresponding PHP bug</uri>
<uri link="https://bugs.php.net/bug.php?id=25753">Corresponding PHP bug</uri>
</references>
</glsa>

12
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-02.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-02">
<title>XFree86 Font Information File Buffer Overflow</title>
<synopsis>
@ -8,8 +7,8 @@
Window System allows local attackers to gain root privileges.
</synopsis>
<product type="ebuild">200402-02</product>
<announced>February 11, 2004</announced>
<revised>February 11, 2004: 01</revised>
<announced>2004-02-11</announced>
<revised>2004-02-11: 01</revised>
<access>local</access>
<affected>
<package name="x11-base/xfree" auto="yes" arch="*">
@ -44,11 +43,11 @@
To reproduce the overflow on the command line one can run:
</p>
<code>
# cat > fonts.dir &lt;&lt;EOF
# cat &gt; fonts.dir &lt;&lt;EOF
1
word.bdf -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1
EOF
# perl -e 'print "0" x 1024 . "A" x 96 . "\n"' > fonts.alias
# perl -e 'print "0" x 1024 . "A" x 96 . "\n"' &gt; fonts.alias
# X :0 -fp $PWD</code>
<p>
{Some output removed}... Server aborting... Segmentation fault (core dumped)
@ -84,8 +83,7 @@
# emerge x11-base/xfree</code>
</resolution>
<references>
<uri
link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083">CVE: CAN-2004-0083</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083">CVE: CAN-2004-0083</uri>
<uri link="http://www.idefense.com/application/poi/display?id=72&amp;type=vulnerabilities">Vulnerability:
XFree86 Font Information File Buffer Overflow</uri>
</references>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-03.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-03">
<title>Monkeyd Denial of Service vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
launched against the webserver.
</synopsis>
<product type="ebuild">monkeyd</product>
<announced>February 11, 2004</announced>
<revised>February 11, 2004: 01</revised>
<announced>2004-02-11</announced>
<revised>2004-02-11: 01</revised>
<bug>41156</bug>
<access>remote</access>
<affected>
@ -50,10 +49,10 @@
</p>
<code>
# emerge sync
# emerge -pv ">=www-servers/monkeyd-0.8.2"
# emerge ">=www-servers/monkeyd-0.8.2"</code>
# emerge -pv "&gt;=www-servers/monkeyd-0.8.2"
# emerge "&gt;=www-servers/monkeyd-0.8.2"</code>
</resolution>
<references>
<uri link="http://cvs.sourceforge.net/viewcvs.py/monkeyd/monkeyd/src/utils.c?r1=1.3&amp;r2=1.4">CVS Patch</uri>
<uri link="https://cvs.sourceforge.net/viewcvs.py/monkeyd/monkeyd/src/utils.c?r1=1.3&amp;r2=1.4">CVS Patch</uri>
</references>
</glsa>

9
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-04.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-04">
<title>Gallery 1.4.1 and below remote exploit vulnerability</title>
<synopsis>
@ -9,8 +8,8 @@
remote exploit of your webserver.
</synopsis>
<product type="ebuild">Gallery</product>
<announced>February 11, 2004</announced>
<revised>February 11, 2004: 01</revised>
<announced>2004-02-11</announced>
<revised>2004-02-11: 01</revised>
<bug>39638</bug>
<access>remote</access>
<affected>
@ -57,8 +56,8 @@
</p>
<code>
# emerge sync
# emerge -p ">=www-apps/gallery-1.4.1_p1"
# emerge ">=www-apps/gallery-1.4.1_p1"</code>
# emerge -p "&gt;=www-apps/gallery-1.4.1_p1"
# emerge "&gt;=www-apps/gallery-1.4.1_p1"</code>
</resolution>
<references>
</references>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-05.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-05">
<title>phpMyAdmin &lt; 2.5.6-rc1: possible attack against export.php</title>
<synopsis>
@ -8,8 +7,8 @@
generated input could lead to a directory traversal attack.
</synopsis>
<product type="ebuild">phpmyadmin</product>
<announced>February 17, 2004</announced>
<revised>February 17, 2004: 01</revised>
<announced>2004-02-17</announced>
<revised>2004-02-17: 01</revised>
<bug>40268</bug>
<access>remote</access>
<affected>
@ -55,11 +54,11 @@
</p>
<code>
# emerge sync
# emerge -pv ">=dev-db/phpmyadmin-2.5.6_rc1"
# emerge ">=dev-db/phpmyadmin-2.5.6_rc1"
# emerge -pv "&gt;=dev-db/phpmyadmin-2.5.6_rc1"
# emerge "&gt;=dev-db/phpmyadmin-2.5.6_rc1"
# emerge clean</code>
</resolution>
<references>
<uri link="http://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/export.php?r1=2.3&amp;r2=2.3.2.1">CVS Patch</uri>
<uri link="https://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/export.php?r1=2.3&amp;r2=2.3.2.1">CVS Patch</uri>
</references>
</glsa>

5
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-06.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-06">
<title>Updated kernel packages fix the AMD64 ptrace vulnerability</title>
<synopsis>
@ -9,8 +8,8 @@
elevated priveleges.
</synopsis>
<product type="ebuild">Kernel</product>
<announced>February 17, 2004</announced>
<revised>February 17, 2004: 01</revised>
<announced>2004-02-17</announced>
<revised>2004-02-17: 01</revised>
<access>local</access>
<affected>
<package name="sys-kernel/ck-sources" auto="yes" arch="amd64">

9
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200402-07.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200402-07">
<title>Clam Antivirus DoS vulnerability</title>
<synopsis>
@ -9,8 +8,8 @@
programs that rely on the clamav daemon, such as SMTP daemons.
</synopsis>
<product type="ebuild">clamav</product>
<announced>February 17, 2004</announced>
<revised>February 17, 2004: 01</revised>
<announced>2004-02-17</announced>
<revised>2004-02-17: 01</revised>
<bug>41248</bug>
<access>remote</access>
<affected>
@ -58,8 +57,8 @@
</p>
<code>
# emerge sync
# emerge -pv ">=app-antivirus/clamav-0.6.7"
# emerge ">=app-antivirus/clamav-0.6.7"</code>
# emerge -pv "&gt;=app-antivirus/clamav-0.6.7"
# emerge "&gt;=app-antivirus/clamav-0.6.7"</code>
</resolution>
<references>
</references>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-01.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-01">
<title>Libxml2 URI Parsing Buffer Overflow Vulnerabilities</title>
<synopsis>
@ -9,8 +8,8 @@
arbitrary code.
</synopsis>
<product type="ebuild">libxml</product>
<announced>March 05, 2004</announced>
<revised>March 05, 2004: 01</revised>
<announced>2004-03-05</announced>
<revised>2004-03-05: 01</revised>
<bug>42735</bug>
<access>local and remote combination</access>
<affected>
@ -44,10 +43,10 @@
</p>
<code>
# emerge sync
# emerge -pv ">=dev-libs/libxml2-2.6.6"
# emerge ">=dev-libs/libxml2-2.6.6"</code>
# emerge -pv "&gt;=dev-libs/libxml2-2.6.6"
# emerge "&gt;=dev-libs/libxml2-2.6.6"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110">CVE 2004-0110</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110">CVE 2004-0110</uri>
</references>
</glsa>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-02.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-02">
<title>Linux kernel do_mremap local privilege escalation vulnerability</title>
<synopsis>
@ -9,8 +8,8 @@
escalations.
</synopsis>
<product type="ebuild">Kernel</product>
<announced>March 05, 2004</announced>
<revised>May 22, 2006: 03</revised>
<announced>2004-03-05</announced>
<revised>2006-05-22: 03</revised>
<bug>42024</bug>
<access>local</access>
<affected>
@ -228,15 +227,15 @@
# # Follow usual procedure for compiling and installing a kernel.
# # If you use genkernel, run genkernel as you would do normally.
# # IF YOUR KERNEL IS MARKED as &quot;remerge required!&quot; THEN
# # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
# # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
# # REPORTS THAT THE SAME VERSION IS INSTALLED.</code>
</resolution>
<references>
<uri link="http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt">Advisory released by iSEC</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0077">CVE-2004-0077</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0077">CVE-2004-0077</uri>
</references>
<metadata tag="submitter" timestamp="Sat, 2 Apr 2005 12:59:08 +0000">
<metadata tag="submitter" timestamp="2005-04-02T12:59:08Z">
koon
</metadata>
</glsa>

17
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-03.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-03">
<title>Multiple OpenSSL Vulnerabilities</title>
<synopsis>
@ -8,8 +7,8 @@
suite for the TLS protocol developed by Codenomicon Ltd.
</synopsis>
<product type="ebuild">OpenSSL</product>
<announced>March 17, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-03-17</announced>
<revised>2006-05-22: 02</revised>
<bug>44941</bug>
<access>remote</access>
<affected>
@ -77,15 +76,15 @@
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=dev-libs/openssl-0.9.7d&quot;
# emerge &quot;&gt;=dev-libs/openssl-0.9.7d&quot;</code>
# emerge -pv "&gt;=dev-libs/openssl-0.9.7d"
# emerge "&gt;=dev-libs/openssl-0.9.7d"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079">CVE-2004-0079</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0081">CVE-2004-0081</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112">CVE-2004-0112</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079">CVE-2004-0079</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0081">CVE-2004-0081</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112">CVE-2004-0112</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:54:03 +0000">
<metadata tag="submitter" timestamp="2006-05-22T05:54:03Z">
DerCorny
</metadata>
</glsa>

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-04.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-04">
<title>Multiple security vulnerabilities in Apache 2</title>
<synopsis>
@ -11,8 +10,8 @@
mod_disk_cache module.
</synopsis>
<product type="ebuild">Apache</product>
<announced>March 22, 2004</announced>
<revised>December 30, 2007: 03</revised>
<announced>2004-03-22</announced>
<revised>2007-12-30: 03</revised>
<bug>45206</bug>
<access>remote</access>
<affected>
@ -79,8 +78,8 @@
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-servers/apache-2.0.49&quot;
# emerge &quot;&gt;=www-servers/apache-2.0.49&quot;
# emerge -pv "&gt;=www-servers/apache-2.0.49"
# emerge "&gt;=www-servers/apache-2.0.49"
# ** IMPORTANT **
@ -102,10 +101,10 @@
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/9933/info/">Apache mod_disk_cache authentication storage weakness vulnerability</uri>
<uri link="http://www.apache.org/dist/httpd/Announcement2.html">Apache HTTP Server 2.0.49 Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</uri>
<uri link="https://www.apache.org/dist/httpd/Announcement2.html">Apache HTTP Server 2.0.49 Announcement</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:52:59 +0000">
<metadata tag="submitter" timestamp="2006-05-22T05:52:59Z">
DerCorny
</metadata>
</glsa>

9
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-05.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-05">
<title>UUDeview MIME Buffer Overflow</title>
<synopsis>
@ -8,8 +7,8 @@
extensions) may cause UUDeview to crash or execute arbitrary code.
</synopsis>
<product type="ebuild">UUDeview</product>
<announced>March 26, 2004</announced>
<revised>March 26, 2004: 01</revised>
<announced>2004-03-26</announced>
<revised>2004-03-26: 01</revised>
<bug>44859</bug>
<access>remote</access>
<affected>
@ -57,8 +56,8 @@
</p>
<code>
# emerge sync
# emerge -pv ">=app-text/uudeview-0.5.20"
# emerge ">=app-text/uudeview-0.5.20"
# emerge -pv "&gt;=app-text/uudeview-0.5.20"
# emerge "&gt;=app-text/uudeview-0.5.20"
</code>
</resolution>
<references>

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-06.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-06">
<title>Multiple remote buffer overflow vulnerabilities in Courier</title>
<synopsis>
@ -9,8 +8,8 @@
allowing unauthorized access to a vulnerable system.
</synopsis>
<product type="ebuild">Courier</product>
<announced>March 26, 2004</announced>
<revised>March 26, 2004: 01</revised>
<announced>2004-03-26</announced>
<revised>2004-03-26: 01</revised>
<bug>45584</bug>
<access>remote</access>
<affected>
@ -56,17 +55,17 @@
<code>
# emerge sync
# emerge -pv ">=net-mail/courier-imap-3.0.0"
# emerge ">=net-mail/courier-imap-3.0.0"
# emerge -pv "&gt;=net-mail/courier-imap-3.0.0"
# emerge "&gt;=net-mail/courier-imap-3.0.0"
# ** Or; depending on your installation... **
# emerge -pv ">=mail-mta/courier-0.45"
# emerge ">=mail-mta/courier-0.45"
# emerge -pv "&gt;=mail-mta/courier-0.45"
# emerge "&gt;=mail-mta/courier-0.45"
</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/9845">Courier Multiple Remote Buffer Overflow Vulnerabilities</uri>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224">CAN-2004-0224</uri>
<uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224">CAN-2004-0224</uri>
</references>
</glsa>

19
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-07.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-07">
<title>Multiple remote overflows and vulnerabilities in Ethereal</title>
<synopsis>
@ -8,8 +7,8 @@
attacker to crash the program or run arbitrary code.
</synopsis>
<product type="ebuild">ethereal</product>
<announced>March 28, 2004</announced>
<revised>March 28, 2004: 01</revised>
<announced>2004-03-28</announced>
<revised>2004-03-28: 01</revised>
<bug>45543</bug>
<access>remote</access>
<affected>
@ -23,13 +22,13 @@
Quote from http://www.ethereal.com
</p>
<p>
&quot;Ethereal is used by network professionals around the world for
"Ethereal is used by network professionals around the world for
troubleshooting, analysis, software and protocol development, and
education. It has all of the standard features you would expect in a
protocol analyzer, and several features not seen in any other product. Its
open source license allows talented experts in the networking community to
add enhancements. It runs on all popular computing platforms, including
Unix, Linux, and Windows.&quot;
Unix, Linux, and Windows."
</p>
</background>
<description>
@ -60,13 +59,13 @@
<code>
# emerge sync
# emerge -pv ">=net-analyzer/ethereal-0.10.3"
# emerge ">=net-analyzer/ethereal-0.10.3"</code>
# emerge -pv "&gt;=net-analyzer/ethereal-0.10.3"
# emerge "&gt;=net-analyzer/ethereal-0.10.3"</code>
</resolution>
<references>
<uri link="http://www.ethereal.com/appnotes/enpa-sa-00013.html">Multiple security problems in Ethereal 0.10.2</uri>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176">CAN-2004-0176</uri>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365">CAN-2004-0365</uri>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367">CAN-2004-0367</uri>
<uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176">CAN-2004-0176</uri>
<uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365">CAN-2004-0365</uri>
<uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367">CAN-2004-0367</uri>
</references>
</glsa>

18
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-08.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-08">
<title>oftpd DoS vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
crash the oftpd daemon.
</synopsis>
<product type="ebuild">oftpd</product>
<announced>March 29, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-03-29</announced>
<revised>2006-05-22: 02</revised>
<bug>45738</bug>
<access>remote</access>
<affected>
@ -20,8 +19,7 @@
</affected>
<background>
<p>
Quote from <uri
link="http://www.time-travellers.org/oftpd/">http://www.time-travellers
Quote from <uri link="http://www.time-travellers.org/oftpd/">http://www.time-travellers
.org/oftpd/</uri>
</p>
<p>
@ -62,14 +60,14 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-ftp/oftpd-0.3.7&quot;
# emerge &quot;&gt;=net-ftp/oftpd-0.3.7&quot;</code>
# emerge -pv "&gt;=net-ftp/oftpd-0.3.7"
# emerge "&gt;=net-ftp/oftpd-0.3.7"</code>
</resolution>
<references>
<uri link="http://www.time-travellers.org/oftpd/oftpd-dos.html">osftpd DoS Vulnerability</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0376">CVE-2004-0376</uri>
<uri link="https://www.time-travellers.org/oftpd/oftpd-dos.html">osftpd DoS Vulnerability</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0376">CVE-2004-0376</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:52:22 +0000">
<metadata tag="submitter" timestamp="2006-05-22T05:52:22Z">
DerCorny
</metadata>
</glsa>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-09.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-09">
<title>Buffer overflow in Midnight Commander</title>
<synopsis>
@ -8,8 +7,8 @@
arbitrary code to be run on a user's computer
</synopsis>
<product type="ebuild">mc</product>
<announced>March 29, 2004</announced>
<revised>March 29, 2004: 01</revised>
<announced>2004-03-29</announced>
<revised>2004-03-29: 01</revised>
<bug>45957</bug>
<access>remote</access>
<affected>
@ -48,10 +47,10 @@
<code>
# emerge sync
# emerge -pv ">=app-misc/mc-4.6.0-r5"
# emerge ">=app-misc/mc-4.6.0-r5"</code>
# emerge -pv "&gt;=app-misc/mc-4.6.0-r5"
# emerge "&gt;=app-misc/mc-4.6.0-r5"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023">CAN-2003-1023</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023">CAN-2003-1023</uri>
</references>
</glsa>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-10.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-10">
<title>Fetchmail 6.2.5 fixes a remote DoS</title>
<synopsis>
@ -8,8 +7,8 @@
specially-crafted email to a fetchmail user.
</synopsis>
<product type="ebuild">fetchmail</product>
<announced>March 30, 2004</announced>
<revised>March 30, 2004: 01</revised>
<announced>2004-03-30</announced>
<revised>2004-03-30: 01</revised>
<bug>37717</bug>
<access>remote</access>
<affected>
@ -49,11 +48,11 @@
</p>
<code>
# emerge sync
# emerge -pv ">=net-mail/fetchmail-6.2.5"
# emerge ">=net-mail/fetchmail-6.2.5"</code>
# emerge -pv "&gt;=net-mail/fetchmail-6.2.5"
# emerge "&gt;=net-mail/fetchmail-6.2.5"</code>
</resolution>
<references>
<uri link="http://xforce.iss.net/xforce/xfdb/13450">ISS X-Force Listing</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792">CVE Candidate (CAN-2003-0792)</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0792">CVE Candidate (CAN-2003-0792)</uri>
</references>
</glsa>

17
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-11.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-11">
<title>Squid ACL [url_regex] bypass vulnerability</title>
<synopsis>
@ -11,8 +10,8 @@
ACL.
</synopsis>
<product type="ebuild">Squid</product>
<announced>March 30, 2004</announced>
<revised>September 02, 2004: 02</revised>
<announced>2004-03-30</announced>
<revised>2004-09-02: 02</revised>
<bug>45273</bug>
<access>remote</access>
<affected>
@ -32,13 +31,13 @@
<description>
<p>
A bug in Squid allows users to bypass certain access controls by passing a
URL containing &quot;%00&quot; which exploits the Squid decoding function.
URL containing "%00" which exploits the Squid decoding function.
This may insert a NUL character into decoded URLs, which may allow users to
bypass url_regex access control lists that are enforced upon them.
</p>
<p>
In such a scenario, Squid will insert a NUL character after
the&quot;%00&quot; and it will make a comparison between the URL to the end
the"%00" and it will make a comparison between the URL to the end
of the NUL character rather than the contents after it: the comparison does
not result in a match, and the user's request is not denied.
</p>
@ -65,14 +64,14 @@
<code>
# emerge sync
# emerge -pv ">=net-proxy/squid-2.5.5"
# emerge ">=net-proxy/squid-2.5.5"</code>
# emerge -pv "&gt;=net-proxy/squid-2.5.5"
# emerge "&gt;=net-proxy/squid-2.5.5"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189">CAN-2004-0189</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0189">CAN-2004-0189</uri>
<uri link="http://www.squid-cache.org/Advisories/SQUID-2004_1.txt">Squid 2.5.STABLE5 Release Announcement</uri>
</references>
<metadata tag="submitter" timestamp="Thu, 2 Sep 2004 21:11:59 +0000">
<metadata tag="submitter" timestamp="2004-09-02T21:11:59Z">
vorlon078
</metadata>
</glsa>

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-12.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-12">
<title>OpenLDAP DoS Vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
using the back-ldbm backend, to free memory that was never allocated.
</synopsis>
<product type="ebuild">openldap</product>
<announced>March 31, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-03-31</announced>
<revised>2006-05-22: 02</revised>
<bug>26728</bug>
<access>remote</access>
<affected>
@ -56,14 +55,14 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-nds/openldap-2.1.13&quot;
# emerge &quot;&gt;=net-nds/openldap-2.1.13&quot;</code>
# emerge -pv "&gt;=net-nds/openldap-2.1.13"
# emerge "&gt;=net-nds/openldap-2.1.13"</code>
</resolution>
<references>
<uri link="http://www.openldap.org/its/index.cgi?findid=2390">OpenLDAP ITS Bug and Patch</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1201">CVE-2003-1201</uri>
<uri link="https://www.openldap.org/its/index.cgi?findid=2390">OpenLDAP ITS Bug and Patch</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1201">CVE-2003-1201</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:51:37 +0000">
<metadata tag="submitter" timestamp="2006-05-22T05:51:37Z">
DerCorny
</metadata>
</glsa>

21
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-13">
<title>Remote buffer overflow in MPlayer</title>
<synopsis>
@ -8,8 +7,8 @@
that may allow attackers to run arbitrary code on a user's computer.
</synopsis>
<product type="ebuild">mplayer</product>
<announced>March 31, 2004</announced>
<revised>October 11, 2006: 03</revised>
<announced>2004-03-31</announced>
<revised>2006-10-11: 03</revised>
<bug>46246</bug>
<access>remote</access>
<affected>
@ -69,30 +68,30 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=media-video/mplayer-0.92-r1&quot;
# emerge &quot;&gt;=media-video/mplayer-0.92-r1&quot;</code>
# emerge -pv "&gt;=media-video/mplayer-0.92-r1"
# emerge "&gt;=media-video/mplayer-0.92-r1"</code>
<p>
AMD64 users should:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=media-video/mplayer-1.0_pre2-r1&quot;
# emerge &quot;&gt;=media-video/mplayer-1.0_pre2-r1&quot;</code>
# emerge -pv "&gt;=media-video/mplayer-1.0_pre2-r1"
# emerge "&gt;=media-video/mplayer-1.0_pre2-r1"</code>
<p>
PPC users should:
</p>
<code>
# emerge sync
# emerge -pv &quot;&gt;=media-video/mplayer-1.0_pre3-r2&quot;
# emerge &quot;&gt;=media-video/mplayer-1.0_pre3-r2&quot;</code>
# emerge -pv "&gt;=media-video/mplayer-1.0_pre3-r2"
# emerge "&gt;=media-video/mplayer-1.0_pre3-r2"</code>
</resolution>
<references>
<uri link="http://www.mplayerhq.hu/homepage/design6/news.html">MPlayerHQ News</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0386">CVE-2004-0386</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0386">CVE-2004-0386</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:45:24 +0000">
<metadata tag="submitter" timestamp="2006-05-22T05:45:24Z">
DerCorny
</metadata>
</glsa>

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-14.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200403-14">
<title>Multiple Security Vulnerabilities in Monit</title>
<synopsis>
@ -8,8 +7,8 @@
Monit.
</synopsis>
<product type="ebuild">app-admin/monit</product>
<announced>March 31, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-03-31</announced>
<revised>2006-05-22: 02</revised>
<bug>43967</bug>
<access>remote</access>
<affected>
@ -58,16 +57,16 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-admin/monit-4.2&quot;
# emerge &quot;&gt;=app-admin/monit-4.2&quot;</code>
# emerge -pv "&gt;=app-admin/monit-4.2"
# emerge "&gt;=app-admin/monit-4.2"</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/9098">Monit HTTP Content-Length Parameter Denial of Service Vulnerability</uri>
<uri link="http://www.securityfocus.com/bid/9099">Monit Overly Long HTTP Request Buffer Overrun Vulnerability</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1083">CVE-2003-1083</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1084">CVE-2003-1084</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1083">CVE-2003-1083</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1084">CVE-2003-1084</uri>
</references>
<metadata tag="submitter" timestamp="Mon, 22 May 2006 05:44:45 +0000">
<metadata tag="submitter" timestamp="2006-05-22T05:44:45Z">
DerCorny
</metadata>
</glsa>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-01.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-01">
<title>Insecure sandbox temporary lockfile vulnerabilities in Portage</title>
<synopsis>
@ -11,8 +10,8 @@
the system.
</synopsis>
<product type="ebuild">Portage</product>
<announced>April 04, 2004</announced>
<revised>April 04, 2004: 01</revised>
<announced>2004-04-04</announced>
<revised>2004-04-04: 01</revised>
<bug>21923</bug>
<access>local</access>
<affected>
@ -26,7 +25,7 @@
Portage is Gentoo's package management system which is responsible for
installing, compiling and updating any ebuilds on the system through the
Gentoo rsync tree. Under default configurations, most ebuilds run under a
sandbox which prevent the build process writing to the &quot;real&quot;
sandbox which prevent the build process writing to the "real"
system outside the build directory - packages are installed into a
temporary location and then copied over safely by Portage instead. During
the process the sandbox wrapper creates lockfiles in the /tmp directory
@ -84,8 +83,8 @@
<code>
# emerge sync
# emerge -pv ">=sys-apps/portage-2.0.50-r3"
# emerge ">=sys-apps/portage-2.0.50-r3"</code>
# emerge -pv "&gt;=sys-apps/portage-2.0.50-r3"
# emerge "&gt;=sys-apps/portage-2.0.50-r3"</code>
</resolution>
<references>
</references>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-02.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-02">
<title>KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
unauthorized access to an affected system.
</synopsis>
<product type="ebuild">kde-base/kde</product>
<announced>April 06, 2004</announced>
<revised>April 06, 2004: 01</revised>
<announced>2004-04-06</announced>
<revised>2004-04-06: 01</revised>
<bug>38256</bug>
<access>remote</access>
<affected>
@ -49,11 +48,11 @@
<code>
# emerge sync
# emerge -pv ">=kde-base/kde-3.1.5"
# emerge ">=kde-base/kde-3.1.5"</code>
# emerge -pv "&gt;=kde-base/kde-3.1.5"
# emerge "&gt;=kde-base/kde-3.1.5"</code>
</resolution>
<references>
<uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988">CAN-2003-0988</uri>
<uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988">CAN-2003-0988</uri>
</references>
<metadata tag="submitter">aescriva</metadata>
</glsa>

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-03.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-03">
<title>Tcpdump Vulnerabilities in ISAKMP Parsing</title>
<synopsis>
@ -8,8 +7,8 @@
parsing of ISAKMP packets.
</synopsis>
<product type="ebuild">tcpdump</product>
<announced>March 31, 2004</announced>
<revised>March 31, 2004: 01</revised>
<announced>2004-03-31</announced>
<revised>2004-03-31: 01</revised>
<bug>38206</bug>
<bug>46258</bug>
<access>remote</access>
@ -59,12 +58,12 @@
<code>
# emerge sync
# emerge -pv ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
# emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"</code>
# emerge -pv "&gt;=net-libs/libpcap-0.8.3-r1" "&gt;=net-analyzer/tcpdump-3.8.3-r1"
# emerge "&gt;=net-libs/libpcap-0.8.3-r1" "&gt;=net-analyzer/tcpdump-3.8.3-r1"</code>
</resolution>
<references>
<uri link="http://www.rapid7.com/advisories/R7-0017.html">Rapid7 Advisory</uri>
<uri link="http://rhn.redhat.com/errata/RHSA-2004-008.html">Red Hat Security Advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989">CVE Advisory</uri>
<uri link="https://www.rapid7.com/advisories/R7-0017.html">Rapid7 Advisory</uri>
<uri link="https://rhn.redhat.com/errata/RHSA-2004-008.html">Red Hat Security Advisory</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989">CVE Advisory</uri>
</references>
</glsa>

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-04.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-04">
<title>Multiple vulnerabilities in sysstat</title>
<synopsis>
@ -8,8 +7,8 @@
attacker to execute arbitrary code or overwrite arbitrary files
</synopsis>
<product type="ebuild">sysstat</product>
<announced>April 06, 2004</announced>
<revised>April 06, 2004: 01</revised>
<announced>2004-04-06</announced>
<revised>2004-04-06: 01</revised>
<bug>45159</bug>
<access>local</access>
<affected>
@ -55,12 +54,12 @@
<code>
# emerge sync
# emerge -pv ">=app-admin/sysstat-5.0.2"
# emerge ">=app-admin/sysstat-5.0.2"</code>
# emerge -pv "&gt;=app-admin/sysstat-5.0.2"
# emerge "&gt;=app-admin/sysstat-5.0.2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0107">CVE (1)</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0108">CVE (2)</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0107">CVE (1)</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0108">CVE (2)</uri>
</references>
<metadata tag="submitter">klieber</metadata>
</glsa>

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-05.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-05">
<title>ipsec-tools contains an X.509 certificates vulnerability.</title>
<synopsis>
@ -8,8 +7,8 @@
with X.509 certificates.
</synopsis>
<product type="ebuild">ipsec-tools</product>
<announced>April 07, 2004</announced>
<revised>April 07, 2004: 01</revised>
<announced>2004-04-07</announced>
<revised>2004-04-07: 01</revised>
<bug>47013</bug>
<access>remote</access>
<affected>
@ -23,8 +22,8 @@
From http://ipsec-tools.sourceforge.net/ :
</p>
<p>
&quot;IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6
IPsec implementation.&quot;
"IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6
IPsec implementation."
</p>
</background>
<description>
@ -54,8 +53,8 @@
<code>
# emerge sync
# emerge -pv ">=net-firewall/ipsec-tools-0.2.5"
# emerge ">=net-firewall/ipsec-tools-0.2.5"</code>
# emerge -pv "&gt;=net-firewall/ipsec-tools-0.2.5"
# emerge "&gt;=net-firewall/ipsec-tools-0.2.5"</code>
</resolution>
<references>
</references>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-06.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-06">
<title>Util-linux login may leak sensitive data</title>
<synopsis>
@ -8,8 +7,8 @@
under certain conditions.
</synopsis>
<product type="ebuild"> </product>
<announced>April 07, 2004</announced>
<revised>April 07, 2004: 01</revised>
<announced>2004-04-07</announced>
<revised>2004-04-07: 01</revised>
<bug>46422</bug>
<access>remote</access>
<affected>
@ -54,12 +53,12 @@
<code>
# emerge sync
# emerge -pv ">=sys-apps/util-linux-2.12"
# emerge ">=sys-apps/util-linux-2.12"
# emerge -pv "&gt;=sys-apps/util-linux-2.12"
# emerge "&gt;=sys-apps/util-linux-2.12"
</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0080">CAN-2004-0080</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0080">CAN-2004-0080</uri>
</references>
<metadata tag="submitter">lcars</metadata>
</glsa>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-07.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-07">
<title>ClamAV RAR Archive Remote Denial Of Service Vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
RAR archives.
</synopsis>
<product type="ebuild">clamav</product>
<announced>April 07, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-04-07</announced>
<revised>2006-05-22: 02</revised>
<bug>45357</bug>
<access>remote</access>
<affected>
@ -59,11 +58,11 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-antivirus/clamav-0.68.1&quot;
# emerge &quot;&gt;=app-antivirus/clamav-0.68.1&quot;</code>
# emerge -pv "&gt;=app-antivirus/clamav-0.68.1"
# emerge "&gt;=app-antivirus/clamav-0.68.1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1909">CVE-2004-1909</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1909">CVE-2004-1909</uri>
</references>
<metadata tag="submitter">
klieber

5
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-08.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-08">
<title>GNU Automake symbolic link vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
attacker to modify data or elevate their privileges.
</synopsis>
<product type="ebuild">automake</product>
<announced>April 08, 2004</announced>
<revised>January 31, 2005: 05</revised>
<announced>2004-04-08</announced>
<revised>2005-01-31: 05</revised>
<bug>45646</bug>
<access>local</access>
<affected>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-09.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-09">
<title>Cross-realm trust vulnerability in Heimdal</title>
<synopsis>
@ -8,8 +7,8 @@
over a realm to impersonate anyone in the cross-realm trust path.
</synopsis>
<product type="ebuild">heimdal</product>
<announced>April 09, 2004</announced>
<revised>April 09, 2004: 01</revised>
<announced>2004-04-09</announced>
<revised>2004-04-09: 01</revised>
<bug>46590</bug>
<access>local</access>
<affected>
@ -49,11 +48,11 @@
<code>
# emerge sync
# emerge -pv ">=app-crypt/heimdal-0.6.1"
# emerge ">=app-crypt/heimdal-0.6.1"</code>
# emerge -pv "&gt;=app-crypt/heimdal-0.6.1"
# emerge "&gt;=app-crypt/heimdal-0.6.1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0371">CVE</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0371">CVE</uri>
</references>
<metadata tag="submitter">klieber</metadata>
</glsa>

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-10.xml vendored
View File

@ -1,14 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-10">
<title>iproute local Denial of Service vulnerability</title>
<synopsis>
The iproute package allows local users to cause a denial of service.
</synopsis>
<product type="ebuild"></product>
<announced>April 09, 2004</announced>
<revised>April 09, 2004: 01</revised>
<product type="ebuild"/>
<announced>2004-04-09</announced>
<revised>2004-04-09: 01</revised>
<bug>34294</bug>
<access>local</access>
<affected>
@ -48,12 +47,12 @@
<code>
# emerge sync
# emerge -pv ">=sys-apps/iproute-20010824-r5";
# emerge ">=sys-apps/iproute-20010824-r5";
# emerge -pv "&gt;=sys-apps/iproute-20010824-r5";
# emerge "&gt;=sys-apps/iproute-20010824-r5";
</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856">CAN-2003-0856</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856">CAN-2003-0856</uri>
</references>
<metadata tag="submitter">
lcars

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-11.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-11">
<title>Multiple Vulnerabilities in pwlib</title>
<synopsis>
@ -8,8 +7,8 @@
denial of service or buffer overflow attack.
</synopsis>
<product type="ebuild">dev-libs/pwlib</product>
<announced>April 09, 2004</announced>
<revised>April 09, 2004: 01</revised>
<announced>2004-04-09</announced>
<revised>2004-04-09: 01</revised>
<bug>45846</bug>
<access>remote</access>
<affected>
@ -51,11 +50,11 @@
<code>
# emerge sync
# emerge -pv ">=dev-libs/pwlib-1.5.2-r3"
# emerge ">=dev-libs/pwlib-1.5.2-r3"</code>
# emerge -pv "&gt;=dev-libs/pwlib-1.5.2-r3"
# emerge "&gt;=dev-libs/pwlib-1.5.2-r3"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097">CAN-2004-0097</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0097">CAN-2004-0097</uri>
<uri link="http://www.uniras.gov.uk/vuls/2004/006489/h323.htm">NISCC Vulnerability Advisory 006489/H323</uri>
</references>
<metadata tag="submitter">

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-12.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-12">
<title>Scorched 3D server chat box format string vulnerability</title>
<synopsis>
@ -9,8 +8,8 @@
of arbitrary code.
</synopsis>
<product type="ebuild">scorched3d</product>
<announced>April 09, 2004</announced>
<revised>April 09, 2004: 08</revised>
<announced>2004-04-09</announced>
<revised>2004-04-09: 08</revised>
<bug>39302</bug>
<access>remote</access>
<affected>
@ -21,8 +20,8 @@
</affected>
<background>
<p>
Scorched 3D is a game based loosely on the classic DOS game &quot;Scorched
Earth&quot;. Scorched 3D adds amongst other new features a 3D island
Scorched 3D is a game based loosely on the classic DOS game "Scorched
Earth". Scorched 3D adds amongst other new features a 3D island
environment and LAN and internet play. Scorched 3D is totally free and is
available for multiple operating systems.
</p>
@ -56,8 +55,8 @@
<code>
# emerge sync
# emerge -pv ">=games-strategy/scorched3d-37"
# emerge ">=games-strategy/scorched3d-37"</code>
# emerge -pv "&gt;=games-strategy/scorched3d-37"
# emerge "&gt;=games-strategy/scorched3d-37"</code>
</resolution>
<references>
</references>

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-13.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-13">
<title>CVS Server and Client Vulnerabilities</title>
<synopsis>
@ -9,8 +8,8 @@
files on both client and server.
</synopsis>
<product type="ebuild">cvs</product>
<announced>April 14, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-04-14</announced>
<revised>2006-05-22: 02</revised>
<bug>47800</bug>
<access>remote</access>
<affected>
@ -57,13 +56,13 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=dev-util/cvs-1.11.15&quot;
# emerge &quot;&gt;=dev-util/cvs-1.11.15&quot;</code>
# emerge -pv "&gt;=dev-util/cvs-1.11.15"
# emerge "&gt;=dev-util/cvs-1.11.15"</code>
</resolution>
<references>
<uri link="http://ccvs.cvshome.org/source/browse/ccvs/NEWS?rev=1.116.2.92&amp;content-type=text/x-cvsweb-markup">CVS commit log</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0180">CVE-2004-0180</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0405">CVE-2004-0405</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0180">CVE-2004-0180</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0405">CVE-2004-0405</uri>
</references>
<metadata tag="submitter">
condordes

14
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-14.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-14">
<title>Multiple format string vulnerabilities in cadaver</title>
<synopsis>
@ -9,8 +8,8 @@
to a malicious server.
</synopsis>
<product type="ebuild">cadaver</product>
<announced>April 19, 2004</announced>
<revised>April 19, 2004: 01</revised>
<announced>2004-04-19</announced>
<revised>2004-04-19: 01</revised>
<bug>47799</bug>
<access>remote </access>
<affected>
@ -21,8 +20,7 @@
</affected>
<background>
<p>
According to <uri
link="http://www.webdav.org/cadaver">http://www.webdav.org/cadaver</uri>,
According to <uri link="http://www.webdav.org/cadaver">http://www.webdav.org/cadaver</uri>,
cadaver is a command-line WebDAV client for Unix. It supports file upload,
download, on-screen display, namespace operations (move/copy), collection
creation and deletion, and locking operations.
@ -56,11 +54,11 @@
<code>
# emerge sync
# emerge -pv ">=net-misc/cadaver-0.22.1"
# emerge ">=net-misc/cadaver-0.22.1"</code>
# emerge -pv "&gt;=net-misc/cadaver-0.22.1"
# emerge "&gt;=net-misc/cadaver-0.22.1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CAN-2004-0179</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CAN-2004-0179</uri>
</references>
<metadata tag="submitter">
koon

17
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-15.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-15">
<title>XChat 2.0.x SOCKS5 Vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
run arbitrary code.
</synopsis>
<product type="ebuild">xchat</product>
<announced>April 19, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-04-19</announced>
<revised>2006-05-22: 02</revised>
<bug>46856</bug>
<access>remote</access>
<affected>
@ -50,8 +49,8 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-irc/xchat-2.0.8-r1&quot;
# emerge &quot;&gt;=net-irc/xchat-2.0.8-r1&quot;</code>
# emerge -pv "&gt;=net-irc/xchat-2.0.8-r1"
# emerge "&gt;=net-irc/xchat-2.0.8-r1"</code>
<p>
Note that users of the gtk1 version of xchat (1.8.*) should upgrade to
xchat-1.8.11-r1:
@ -59,12 +58,12 @@
<code>
# emerge sync
# emerge -pv &quot;=net-irc/xchat-1.8.11-r1&quot;
# emerge &quot;=net-irc/xchat-1.8.11-r1&quot;</code>
# emerge -pv "=net-irc/xchat-1.8.11-r1"
# emerge "=net-irc/xchat-1.8.11-r1"</code>
</resolution>
<references>
<uri link="http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html">XChat 2.0.x SOCKS5 Vulnerability</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0409">CVE-2004-0409</uri>
<uri link="https://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html">XChat 2.0.x SOCKS5 Vulnerability</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0409">CVE-2004-0409</uri>
</references>
<metadata tag="submitter">
klieber

9
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-16.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-16">
<title>Multiple new security vulnerabilities in monit</title>
<synopsis>
@ -8,8 +7,8 @@
possibly leading to denial of service or execution of arbitrary code.
</synopsis>
<product type="ebuild">monit</product>
<announced>April 19, 2004</announced>
<revised>April 19, 2004: 01</revised>
<announced>2004-04-19</announced>
<revised>2004-04-19: 01</revised>
<bug>47631</bug>
<access>remote </access>
<affected>
@ -51,8 +50,8 @@
<code>
# emerge sync
# emerge -pv ">=app-admin/monit-4.2.1"
# emerge ">=app-admin/monit-4.2.1"</code>
# emerge -pv "&gt;=app-admin/monit-4.2.1"
# emerge "&gt;=app-admin/monit-4.2.1"</code>
</resolution>
<references>
<uri link="http://www.tildeslash.com/monit/secadv_20040305.txt">Monit security advisory 20040305</uri>

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-17.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-17">
<title>ipsec-tools and iputils contain a remote DoS vulnerability</title>
<synopsis>
@ -10,8 +9,8 @@
system resoources, causing a Denial of Service.
</synopsis>
<product type="ebuild">ipsec-utils</product>
<announced>April 24, 2004</announced>
<revised>April 24, 2004: 01</revised>
<announced>2004-04-24</announced>
<revised>2004-04-24: 01</revised>
<bug>48847</bug>
<access>remote </access>
<affected>
@ -65,19 +64,19 @@
<code>
# emerge sync
# emerge -pv ">=net-firewall/ipsec-tools-0.3.1"
# emerge ">=net-firewall/ipsec-tools-0.3.1"</code>
# emerge -pv "&gt;=net-firewall/ipsec-tools-0.3.1"
# emerge "&gt;=net-firewall/ipsec-tools-0.3.1"</code>
<p>
iputils users should upgrade to version 021109-r3 or later:
</p>
<code>
# emerge sync
# emerge -pv ">=net-misc/iputils-021109-r3"
# emerge ">=net-misc/iputils-021109-r3"</code>
# emerge -pv "&gt;=net-misc/iputils-021109-r3"
# emerge "&gt;=net-misc/iputils-021109-r3"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403">CVE</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403">CVE</uri>
</references>
<metadata tag="submitter">
klieber

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-18.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-18">
<title>Multiple Vulnerabilities in ssmtp</title>
<synopsis>
@ -9,8 +8,8 @@
(potentially root).
</synopsis>
<product type="ebuild">ssmtp</product>
<announced>April 26, 2004</announced>
<revised>April 26, 2004: 01</revised>
<announced>2004-04-26</announced>
<revised>2004-04-26: 01</revised>
<bug>47918</bug>
<bug>48435</bug>
<access>remote root </access>
@ -55,13 +54,13 @@
<code>
# emerge sync
# emerge -pv ">=mail-mta/ssmtp-2.60.7"
# emerge ">=mail-mta/ssmtp-2.60.7"</code>
# emerge -pv "&gt;=mail-mta/ssmtp-2.60.7"
# emerge "&gt;=mail-mta/ssmtp-2.60.7"</code>
</resolution>
<references>
<uri link="http://secunia.com/advisories/11378/">Secunia Advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0156">CVE Reference</uri>
<uri link="http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00084.html">Debian Advisory</uri>
<uri link="https://secunia.com/advisories/11378/">Secunia Advisory</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0156">CVE Reference</uri>
<uri link="https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00084.html">Debian Advisory</uri>
</references>
<metadata tag="submitter">
condordes

9
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-19.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-19">
<title>Buffer overflows and format string vulnerabilities in LCDproc</title>
<synopsis>
@ -8,8 +7,8 @@
allowing execution of arbitrary code with the rights of the LCDd user.
</synopsis>
<product type="ebuild">lcdproc</product>
<announced>April 27, 2004</announced>
<revised>April 27, 2004: 01</revised>
<announced>2004-04-27</announced>
<revised>2004-04-27: 01</revised>
<bug>47340</bug>
<access>remote </access>
<affected>
@ -53,8 +52,8 @@
<code>
# emerge sync
# emerge -pv ">=app-misc/lcdproc-0.4.5"
# emerge ">=app-misc/lcdproc-0.4.5"</code>
# emerge -pv "&gt;=app-misc/lcdproc-0.4.5"
# emerge "&gt;=app-misc/lcdproc-0.4.5"</code>
</resolution>
<references>
<uri link="http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html">LCDproc advisory</uri>

17
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-20.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-20">
<title>Multiple vulnerabilities in xine</title>
<synopsis>
@ -9,8 +8,8 @@
user.
</synopsis>
<product type="ebuild">xine</product>
<announced>April 27, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-04-27</announced>
<revised>2006-05-22: 02</revised>
<bug>45448</bug>
<bug>48107</bug>
<bug>48108</bug>
@ -69,17 +68,17 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=media-video/xine-ui-0.9.23-r2&quot;
# emerge &quot;&gt;=media-video/xine-ui-0.9.23-r2&quot;
# emerge -pv "&gt;=media-video/xine-ui-0.9.23-r2"
# emerge "&gt;=media-video/xine-ui-0.9.23-r2"
# emerge -pv &quot;&gt;=media-libs/xine-lib-1_rc3-r3&quot;
# emerge &quot;&gt;=media-libs/xine-lib-1_rc3-r3&quot;</code>
# emerge -pv "&gt;=media-libs/xine-lib-1_rc3-r3"
# emerge "&gt;=media-libs/xine-lib-1_rc3-r3"</code>
</resolution>
<references>
<uri link="http://xinehq.de/index.php/security">Xine Security Advisories</uri>
<uri link="http://nettwerked.mg2.org/advisories/xinebug">xine-bugreport and xine-check vulnerability</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0372">CVE-2004-0372</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1951">CVE-2004-1951</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0372">CVE-2004-0372</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1951">CVE-2004-1951</uri>
</references>
<metadata tag="submitter">
koon

9
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200404-21.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200404-21">
<title>Multiple Vulnerabilities in Samba</title>
<synopsis>
@ -9,8 +8,8 @@
vulnerability in the smbprint script distributed with Samba.
</synopsis>
<product type="ebuild">samba</product>
<announced>April 29, 2004</announced>
<revised>April 29, 2004: 01</revised>
<announced>2004-04-29</announced>
<revised>2004-04-29: 01</revised>
<bug>41800</bug>
<bug>45965</bug>
<access>local </access>
@ -74,8 +73,8 @@
<code>
# emerge sync
# emerge -pv ">=net-fs/samba-3.0.2a-r2"
# emerge ">=net-fs/samba-3.0.2a-r2"</code>
# emerge -pv "&gt;=net-fs/samba-3.0.2a-r2"
# emerge "&gt;=net-fs/samba-3.0.2a-r2"</code>
<p>
Those who are using Samba's password database also need to run the
following command:

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-01.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-01">
<title>Multiple format string vulnerabilities in neon 0.24.4 and earlier</title>
<synopsis>
@ -8,8 +7,8 @@
a malicious WebDAV server to execute arbitrary code.
</synopsis>
<product type="ebuild">neon</product>
<announced>May 09, 2004</announced>
<revised>May 09, 2004: 01</revised>
<announced>2004-05-09</announced>
<revised>2004-05-09: 01</revised>
<bug>48448</bug>
<access>remote </access>
<affected>
@ -49,11 +48,11 @@
<code>
# emerge sync
# emerge -pv ">=net-misc/neon-0.24.5"
# emerge ">=net-misc/neon-0.24.5"</code>
# emerge -pv "&gt;=net-misc/neon-0.24.5"
# emerge "&gt;=net-misc/neon-0.24.5"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CVE</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CVE</uri>
</references>
<metadata tag="submitter">
klieber

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-02.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-02">
<title>Multiple vulnerabilities in LHa</title>
<synopsis>
@ -9,8 +8,8 @@
code or as a denial of service attack.
</synopsis>
<product type="ebuild">lha</product>
<announced>May 09, 2004</announced>
<revised>October 20, 2006: 02</revised>
<announced>2004-05-09</announced>
<revised>2006-10-20: 02</revised>
<bug>49961</bug>
<access>remote </access>
<affected>
@ -57,12 +56,12 @@
<code>
# emerge sync
# emerge -pv ">=app-arch/lha-114i-r2"
# emerge ">=app-arch/lha-114i-r2"</code>
# emerge -pv "&gt;=app-arch/lha-114i-r2"
# emerge "&gt;=app-arch/lha-114i-r2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234">CAN-2004-0234</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235">CAN-2004-0235</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234">CAN-2004-0234</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235">CAN-2004-0235</uri>
</references>
<metadata tag="submitter">
koon

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-03.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-03">
<title>ClamAV VirusEvent parameter vulnerability</title>
<synopsis>
@ -9,8 +8,8 @@
commands.
</synopsis>
<product type="ebuild">ClamAV</product>
<announced>May 11, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-05-11</announced>
<revised>2006-05-22: 02</revised>
<bug>46264</bug>
<access>remote</access>
<affected>
@ -64,11 +63,11 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-antivirus/clamav-0.70&quot;
# emerge &quot;&gt;=app-antivirus/clamav-0.70&quot;</code>
# emerge -pv "&gt;=app-antivirus/clamav-0.70"
# emerge "&gt;=app-antivirus/clamav-0.70"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1876">CVE-2004-1876</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1876">CVE-2004-1876</uri>
</references>
<metadata tag="submitter">
koon

29
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-04.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-04">
<title>OpenOffice.org vulnerability when using DAV servers</title>
<synopsis>
@ -9,8 +8,8 @@
when connected to an untrusted WebDAV server.
</synopsis>
<product type="ebuild">openoffice</product>
<announced>May 11, 2004</announced>
<revised>October 27, 2004: 02</revised>
<announced>2004-05-11</announced>
<revised>2004-10-27: 02</revised>
<bug>47926</bug>
<access>remote</access>
<affected>
@ -76,44 +75,44 @@
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.1-r1"
# emerge ">=app-office/openoffice-1.1.1-r1"</code>
# emerge -pv "&gt;=app-office/openoffice-1.1.1-r1"
# emerge "&gt;=app-office/openoffice-1.1.1-r1"</code>
<p>
openoffice users on the sparc architecture should:
</p>
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.0-r3"
# emerge ">=app-office/openoffice-1.1.0-r3"</code>
# emerge -pv "&gt;=app-office/openoffice-1.1.0-r3"
# emerge "&gt;=app-office/openoffice-1.1.0-r3"</code>
<p>
openoffice users on the ppc architecture should:
</p>
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-1.0.3-r1"
# emerge ">=app-office/openoffice-1.0.3-r1"</code>
# emerge -pv "&gt;=app-office/openoffice-1.0.3-r1"
# emerge "&gt;=app-office/openoffice-1.0.3-r1"</code>
<p>
openoffice-ximian users should:
</p>
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-ximian-1.1.51-r1"
# emerge ">=app-office/openoffice-ximian-1.1.51-r1"</code>
# emerge -pv "&gt;=app-office/openoffice-ximian-1.1.51-r1"
# emerge "&gt;=app-office/openoffice-ximian-1.1.51-r1"</code>
<p>
openoffice-bin users should:
</p>
<code>
# emerge sync
# emerge -pv ">=app-office/openoffice-bin-1.1.2"
# emerge ">=app-office/openoffice-bin-1.1.2"</code>
# emerge -pv "&gt;=app-office/openoffice-bin-1.1.2"
# emerge "&gt;=app-office/openoffice-bin-1.1.2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CAN-2004-0179</uri>
<uri link="/security/en/glsa/glsa-200405-01.xml">Neon vulnerabilities (GLSA 200405-01)</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CAN-2004-0179</uri>
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-01.xml">Neon vulnerabilities (GLSA 200405-01)</uri>
</references>
<metadata tag="submitter">
koon

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-05.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-05">
<title>Utempter symlink vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
arbitrary files via a symlink attack.
</synopsis>
<product type="ebuild">utempter</product>
<announced>May 13, 2004</announced>
<revised>May 13, 2004: 01</revised>
<announced>2004-05-13</announced>
<revised>2004-05-13: 01</revised>
<bug>49536</bug>
<access>local </access>
<affected>
@ -49,11 +48,11 @@
<code>
# emerge sync
# emerge -pv ">=sys-apps/utempter-0.5.5.4"
# emerge ">=sys-apps/utempter-0.5.5.4"</code>
# emerge -pv "&gt;=sys-apps/utempter-0.5.5.4"
# emerge "&gt;=sys-apps/utempter-0.5.5.4"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233">CAN-2004-0233</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233">CAN-2004-0233</uri>
</references>
<metadata tag="submitter">
klieber

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-06.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-06">
<title>libpng denial of service vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
that library to decode PNG images.
</synopsis>
<product type="ebuild">libpng</product>
<announced>May 14, 2004</announced>
<revised>May 14, 2004: 01</revised>
<announced>2004-05-14</announced>
<revised>2004-05-14: 01</revised>
<bug>49887</bug>
<access>remote </access>
<affected>
@ -53,8 +52,8 @@
<code>
# emerge sync
# emerge -pv ">=media-libs/libpng-1.2.5-r5"
# emerge ">=media-libs/libpng-1.2.5-r5"</code>
# emerge -pv "&gt;=media-libs/libpng-1.2.5-r5"
# emerge "&gt;=media-libs/libpng-1.2.5-r5"</code>
<p>
You should also run revdep-rebuild to rebuild any packages that depend on
older versions of libpng :
@ -63,7 +62,7 @@
# revdep-rebuild</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421">CAN-2004-0421</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421">CAN-2004-0421</uri>
</references>
<metadata tag="submitter">
koon

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-07.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-07">
<title>Exim verify=header_syntax buffer overflow</title>
<synopsis>
@ -8,8 +7,8 @@
Exim that allows remote execution of arbitrary code.
</synopsis>
<product type="ebuild">Exim</product>
<announced>May 14, 2004</announced>
<revised>May 14, 2004: 01</revised>
<announced>2004-05-14</announced>
<revised>2004-05-14: 01</revised>
<bug>50217</bug>
<access>remote </access>
<affected>
@ -52,11 +51,11 @@
<code>
# emerge sync
# emerge -pv ">=mail-mta/exim-4.33-r1"
# emerge ">=mail-mta/exim-4.33-r1"</code>
# emerge -pv "&gt;=mail-mta/exim-4.33-r1"
# emerge "&gt;=mail-mta/exim-4.33-r1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0400">CAN-2004-0400</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0400">CAN-2004-0400</uri>
</references>
<metadata tag="submitter">
koon

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-08.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-08">
<title>Pound format string vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
arbitrary code with the rights of the Pound process.
</synopsis>
<product type="ebuild">pound</product>
<announced>May 18, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-05-18</announced>
<revised>2006-05-22: 02</revised>
<bug>50421</bug>
<access>remote</access>
<affected>
@ -51,12 +50,12 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-servers/pound-1.6&quot;
# emerge &quot;&gt;=www-servers/pound-1.6&quot;</code>
# emerge -pv "&gt;=www-servers/pound-1.6"
# emerge "&gt;=www-servers/pound-1.6"</code>
</resolution>
<references>
<uri link="http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000">Pound announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2026">CVE-2004-2026</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2026">CVE-2004-2026</uri>
</references>
<metadata tag="submitter">
koon

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-09.xml vendored
View File

@ -1,16 +1,15 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-09">
<title>ProFTPD Access Control List bypass vulnerability</title>
<synopsis>
Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based
Access Control Lists (ACLs) to be treated as &quot;AllowAll&quot;, thereby
Access Control Lists (ACLs) to be treated as "AllowAll", thereby
allowing remote users full access to files available to the FTP daemon.
</synopsis>
<product type="ebuild">proftpd</product>
<announced>May 19, 2004</announced>
<revised>May 19, 2004: 01</revised>
<announced>2004-05-19</announced>
<revised>2004-05-19: 01</revised>
<bug>49496</bug>
<access>remote </access>
<affected>
@ -52,11 +51,11 @@
<code>
# emerge sync
# emerge -pv ">=net-ftp/proftpd-1.2.9-r2"
# emerge ">=net-ftp/proftpd-1.2.9-r2"</code>
# emerge -pv "&gt;=net-ftp/proftpd-1.2.9-r2"
# emerge "&gt;=net-ftp/proftpd-1.2.9-r2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0432">CAN-2004-0432</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0432">CAN-2004-0432</uri>
</references>
<metadata tag="submitter">
klieber

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-10.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-10">
<title>Icecast denial of service vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
to crash the application.
</synopsis>
<product type="ebuild">icecast</product>
<announced>May 19, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-05-19</announced>
<revised>2006-05-22: 02</revised>
<bug>50935</bug>
<access>remote</access>
<affected>
@ -51,12 +50,12 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-misc/icecast-2.0.1&quot;
# emerge &quot;&gt;=net-misc/icecast-2.0.1&quot;</code>
# emerge -pv "&gt;=net-misc/icecast-2.0.1"
# emerge "&gt;=net-misc/icecast-2.0.1"</code>
</resolution>
<references>
<uri link="http://www.xiph.org/archives/icecast/7144.html">Icecast 2.0.1 announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2027">CVE-2004-2027</uri>
<uri link="https://www.xiph.org/archives/icecast/7144.html">Icecast 2.0.1 announcement</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2027">CVE-2004-2027</uri>
</references>
<metadata tag="submitter">
koon

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-11.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-11">
<title>KDE URI Handler Vulnerabilities</title>
<synopsis>
@ -8,8 +7,8 @@
attacks.
</synopsis>
<product type="ebuild">kdelibs</product>
<announced>May 19, 2004</announced>
<revised>May 19, 2004: 01</revised>
<announced>2004-05-19</announced>
<revised>2004-05-19: 01</revised>
<bug>51276</bug>
<access>remote </access>
<affected>
@ -64,11 +63,11 @@
<code>
# emerge sync
# emerge -pv ">=kde-base/kdelibs-3.2.2-r1"
# emerge ">=kde-base/kdelibs-3.2.2-r1"</code>
# emerge -pv "&gt;=kde-base/kdelibs-3.2.2-r1"
# emerge "&gt;=kde-base/kdelibs-3.2.2-r1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411">CAN-2004-0411</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411">CAN-2004-0411</uri>
</references>
<metadata tag="submitter">
koon

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-12.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-12">
<title>CVS heap overflow vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
compromise.
</synopsis>
<product type="ebuild">cvs</product>
<announced>May 20, 2004</announced>
<revised>May 20, 2004: 01</revised>
<announced>2004-05-20</announced>
<revised>2004-05-20: 01</revised>
<bug>51460</bug>
<access>remote </access>
<affected>
@ -53,12 +52,12 @@
<code>
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.16"
# emerge ">=dev-util/cvs-1.11.16"</code>
# emerge -pv "&gt;=dev-util/cvs-1.11.16"
# emerge "&gt;=dev-util/cvs-1.11.16"</code>
</resolution>
<references>
<uri link="http://security.e-matters.de/advisories/072004.html">E-matters advisory 07/2004</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396">CAN-2004-0396</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396">CAN-2004-0396</uri>
</references>
<metadata tag="submitter">
koon

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-13.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-13">
<title>neon heap-based buffer overflow</title>
<synopsis>
@ -8,8 +7,8 @@
been discovered in the neon library.
</synopsis>
<product type="ebuild">neon</product>
<announced>May 20, 2004</announced>
<revised>May 20, 2004: 01</revised>
<announced>2004-05-20</announced>
<revised>2004-05-20: 01</revised>
<bug>51490</bug>
<access>remote </access>
<affected>
@ -50,12 +49,12 @@
<code>
# emerge sync
# emerge -pv ">=net-misc/neon-0.24.6"
# emerge ">=net-misc/neon-0.24.6"</code>
# emerge -pv "&gt;=net-misc/neon-0.24.6"
# emerge "&gt;=net-misc/neon-0.24.6"</code>
</resolution>
<references>
<uri link="http://security.e-matters.de/advisories/062004.html">E-matters advisory 06/2004</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398">CAN-2004-0398</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398">CAN-2004-0398</uri>
</references>
<metadata tag="submitter">
koon

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-14.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-14">
<title>Buffer overflow in Subversion</title>
<synopsis>
@ -9,8 +8,8 @@
client and server are vulnerable.
</synopsis>
<product type="ebuild">subversion</product>
<announced>May 20, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-05-20</announced>
<revised>2006-05-22: 02</revised>
<bug>51462</bug>
<access>remote</access>
<affected>
@ -60,13 +59,13 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=dev-util/subversion-1.0.3&quot;
# emerge &quot;&gt;=dev-util/subversion-1.0.3&quot;</code>
# emerge -pv "&gt;=dev-util/subversion-1.0.3"
# emerge "&gt;=dev-util/subversion-1.0.3"</code>
</resolution>
<references>
<uri link="http://subversion.tigris.org/servlets/ReadMsg?list=announce&amp;msgNo=125">Subversion Announcement</uri>
<uri link="http://security.e-matters.de/advisories/082004.html">E-Matters Advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0397">CVE-2004-0397</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0397">CVE-2004-0397</uri>
</references>
<metadata tag="submitter">
condordes

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-15.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-15">
<title>cadaver heap-based buffer overflow</title>
<synopsis>
@ -9,8 +8,8 @@
connected to a malicious server.
</synopsis>
<product type="ebuild">cadaver</product>
<announced>May 20, 2004</announced>
<revised>May 20, 2004: 01</revised>
<announced>2004-05-20</announced>
<revised>2004-05-20: 01</revised>
<bug>51461</bug>
<access>remote </access>
<affected>
@ -50,12 +49,12 @@
<code>
# emerge sync
# emerge -pv ">=net-misc/cadaver-0.22.2"
# emerge ">=net-misc/cadaver-0.22.2"</code>
# emerge -pv "&gt;=net-misc/cadaver-0.22.2"
# emerge "&gt;=net-misc/cadaver-0.22.2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398">CAN-2004-0398</uri>
<uri link="/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398">CAN-2004-0398</uri>
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
</references>
<metadata tag="submitter">
koon

17
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-16.xml vendored
View File

@ -1,14 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-16">
<title>Multiple XSS Vulnerabilities in SquirrelMail</title>
<synopsis>
SquirrelMail is subject to several XSS and one SQL injection vulnerability.
</synopsis>
<product type="ebuild">SquirrelMail</product>
<announced>May 25, 2004</announced>
<revised>May 27, 2006: 04</revised>
<announced>2004-05-25</announced>
<revised>2006-05-27: 04</revised>
<bug>49675</bug>
<access>remote</access>
<affected>
@ -54,15 +53,15 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=mail-client/squirrelmail-1.4.3_rc1&quot;
# emerge &quot;&gt;=mail-client/squirrelmail-1.4.3_rc1&quot;</code>
# emerge -pv "&gt;=mail-client/squirrelmail-1.4.3_rc1"
# emerge "&gt;=mail-client/squirrelmail-1.4.3_rc1"</code>
</resolution>
<references>
<uri link="http://sourceforge.net/mailarchive/forum.php?thread_id=4199060&amp;forum_id=1988">SquirrelMail 1.4.3_rc1 release annoucement</uri>
<uri link="https://sourceforge.net/mailarchive/forum.php?thread_id=4199060&amp;forum_id=1988">SquirrelMail 1.4.3_rc1 release annoucement</uri>
<uri link="http://www.securityfocus.com/bid/10246/">Bugtraq security annoucement</uri>
<uri link="http://www.cert.org/advisories/CA-2000-02.html">CERT description of XSS</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0519">CVE-2004-0519</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0521">CVE-2004-0521</uri>
<uri link="https://www.cert.org/advisories/CA-2000-02.html">CERT description of XSS</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0519">CVE-2004-0519</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0521">CVE-2004-0521</uri>
</references>
<metadata tag="submitter">
jaervosz

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-17.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-17">
<title>Multiple vulnerabilities in metamail</title>
<synopsis>
@ -8,8 +7,8 @@
metamail, potentially allowing execution of arbitrary code remotely.
</synopsis>
<product type="ebuild">metamail</product>
<announced>May 21, 2004</announced>
<revised>May 21, 2004: 01</revised>
<announced>2004-05-21</announced>
<revised>2004-05-21: 01</revised>
<bug>42133</bug>
<access>remote </access>
<affected>
@ -48,12 +47,12 @@
<code>
# emerge sync
# emerge -pv ">=net-mail/metamail-2.7.45.3"
# emerge ">=net-mail/metamail-2.7.45.3"</code>
# emerge -pv "&gt;=net-mail/metamail-2.7.45.3"
# emerge "&gt;=net-mail/metamail-2.7.45.3"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104">CAN-2004-0104</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105">CAN-2004-0105</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0104">CAN-2004-0104</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0105">CAN-2004-0105</uri>
</references>
<metadata tag="submitter">
koon

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-18.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-18">
<title>Buffer Overflow in Firebird</title>
<synopsis>
@ -9,8 +8,8 @@
binaries.
</synopsis>
<product type="ebuild">firebird</product>
<announced>May 23, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-05-23</announced>
<revised>2006-05-22: 02</revised>
<bug>20837</bug>
<access>local</access>
<affected>
@ -52,13 +51,13 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=dev-db/firebird-1.5&quot;
# emerge &quot;&gt;=dev-db/firebird-1.5&quot;</code>
# emerge -pv "&gt;=dev-db/firebird-1.5"
# emerge "&gt;=dev-db/firebird-1.5"</code>
</resolution>
<references>
<uri link="http://securityfocus.com/bid/7546/info/">Bugtraq Security Announcement</uri>
<uri link=" http://sourceforge.net/tracker/?group_id=9028&amp;atid=109028&amp;func=detail&amp;aid=739480">Sourceforge BugTracker Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0281">CVE-2003-0281</uri>
<uri link=" https://sourceforge.net/tracker/?group_id=9028&amp;atid=109028&amp;func=detail&amp;aid=739480">Sourceforge BugTracker Announcement</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0281">CVE-2003-0281</uri>
</references>
<metadata tag="submitter">
dmargoli

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-19.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-19">
<title>Opera telnet URI handler file creation/truncation vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
remote attacker to overwrite arbitrary files.
</synopsis>
<product type="ebuild">opera</product>
<announced>May 25, 2004</announced>
<revised>December 30, 2007: 03</revised>
<announced>2004-05-25</announced>
<revised>2007-12-30: 03</revised>
<bug>50857</bug>
<access>remote</access>
<affected>
@ -62,12 +61,12 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-client/opera-7.50_beta1&quot;
# emerge &quot;&gt;=www-client/opera-7.50_beta1&quot;</code>
# emerge -pv "&gt;=www-client/opera-7.50_beta1"
# emerge "&gt;=www-client/opera-7.50_beta1"</code>
</resolution>
<references>
<uri link="http://www.idefense.com/application/poi/display?id=104&amp;type=vulnerabilities&amp;flashstatus=true">iDEFENSE Security Advisory 05.12.04</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0473">CVE-2004-0473</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0473">CVE-2004-0473</uri>
</references>
<metadata tag="submitter">
klieber

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-20.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-20">
<title>Insecure Temporary File Creation In MySQL</title>
<synopsis>
@ -9,8 +8,8 @@
data.
</synopsis>
<product type="ebuild">MySQL</product>
<announced>May 25, 2004</announced>
<revised>May 25, 2004: 01</revised>
<announced>2004-05-25</announced>
<revised>2004-05-25: 01</revised>
<bug>46242</bug>
<access>local </access>
<affected>
@ -55,12 +54,12 @@
<code>
# emerge sync
# emerge -pv ">=dev-db/mysql-4.0.18-r2"
# emerge ">=dev-db/mysql-4.0.18-r2"</code>
# emerge -pv "&gt;=dev-db/mysql-4.0.18-r2"
# emerge "&gt;=dev-db/mysql-4.0.18-r2"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381">CAN-2004-0381</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388">CAN-2004-0388</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381">CAN-2004-0381</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388">CAN-2004-0388</uri>
</references>
<metadata tag="submitter">
dmargoli

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-21.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-21">
<title>Midnight Commander: Multiple vulnerabilities</title>
<synopsis>
@ -8,8 +7,8 @@
including several buffer overflows and string format vulnerabilities.
</synopsis>
<product type="ebuild">MC</product>
<announced>May 26, 2004</announced>
<revised>May 26, 2004: 01</revised>
<announced>2004-05-26</announced>
<revised>2004-05-26: 01</revised>
<bug>49990</bug>
<access>local </access>
<affected>
@ -53,13 +52,13 @@
<code>
# emerge sync
# emerge -pv ">=app-misc/mc-4.6.0-r7
# emerge ">=app-misc/mc-4.6.0-r7"</code>
# emerge -pv "&gt;=app-misc/mc-4.6.0-r7
# emerge "&gt;=app-misc/mc-4.6.0-r7"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226">CAN-2004-0226</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231">CAN-2004-0231</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232">CAN-2004-0232</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226">CAN-2004-0226</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231">CAN-2004-0231</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232">CAN-2004-0232</uri>
</references>
<metadata tag="submitter">
jaervosz

17
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-22.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-22">
<title>Apache 1.3: Multiple vulnerabilities</title>
<synopsis>
@ -8,8 +7,8 @@
Apache 1.3.
</synopsis>
<product type="ebuild">Apache</product>
<announced>May 26, 2004</announced>
<revised>December 30, 2007: 02</revised>
<announced>2004-05-26</announced>
<revised>2007-12-30: 02</revised>
<bug>51815</bug>
<access>remote </access>
<affected>
@ -68,14 +67,14 @@
<code>
# emerge sync
# emerge -pv ">=www-servers/apache-1.3.31"
# emerge ">=www-servers/apache-1.3.31"</code>
# emerge -pv "&gt;=www-servers/apache-1.3.31"
# emerge "&gt;=www-servers/apache-1.3.31"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993">CAN-2003-0993</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987">CAN-2003-0987</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993">CAN-2003-0993</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987">CAN-2003-0987</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</uri>
</references>
<metadata tag="submitter">
jaervosz

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-23.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-23">
<title>Heimdal: Kerberos 4 buffer overflow in kadmin</title>
<synopsis>
@ -8,8 +7,8 @@
discovered.
</synopsis>
<product type="ebuild">Heimdal</product>
<announced>May 27, 2004</announced>
<revised>May 27, 2004: 01</revised>
<announced>2004-05-27</announced>
<revised>2004-05-27: 01</revised>
<bug>50208</bug>
<access>remote </access>
<affected>
@ -50,12 +49,12 @@
<code>
# emerge sync
# emerge -pv ">=app-crypt/heimdal-0.6.2"
# emerge ">=app-crypt/heimdal-0.6.2"</code>
# emerge -pv "&gt;=app-crypt/heimdal-0.6.2"
# emerge "&gt;=app-crypt/heimdal-0.6.2"</code>
</resolution>
<references>
<uri link="http://www.pdc.kth.se/heimdal/advisory/2004-05-06/">Heimdal 0.6.2 Release Notice</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0434">CAN-2004-0434</uri>
<uri link="https://www.pdc.kth.se/heimdal/advisory/2004-05-06/">Heimdal 0.6.2 Release Notice</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0434">CAN-2004-0434</uri>
</references>
<metadata tag="submitter">
jaervosz

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-24.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-24">
<title>MPlayer, xine-lib: vulnerabilities in RTSP stream handling</title>
<synopsis>
@ -8,8 +7,8 @@
have been found in code common to MPlayer and the xine library.
</synopsis>
<product type="ebuild">mplayer</product>
<announced>May 28, 2004</announced>
<revised>May 28, 2004: 01</revised>
<announced>2004-05-28</announced>
<revised>2004-05-28: 01</revised>
<bug>49387</bug>
<access>remote </access>
<affected>
@ -61,15 +60,15 @@
<code>
# emerge sync
# emerge -pv ">=media-video/mplayer-1.0_pre4"
# emerge ">=media-video/mplayer-1.0_pre4"
# emerge -pv "&gt;=media-video/mplayer-1.0_pre4"
# emerge "&gt;=media-video/mplayer-1.0_pre4"
# emerge -pv ">=media-libs/xine-lib-1_rc4"
# emerge ">=media-libs/xine-lib-1_rc4"</code>
# emerge -pv "&gt;=media-libs/xine-lib-1_rc4"
# emerge "&gt;=media-libs/xine-lib-1_rc4"</code>
</resolution>
<references>
<uri link="http://xinehq.de/index.php/security/XSA-2004-3">Xine security advisory</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0433">CAN-2004-0433</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0433">CAN-2004-0433</uri>
</references>
<metadata tag="submitter">
koon

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200405-25.xml vendored
View File

@ -1,14 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200405-25">
<title>tla: Multiple vulnerabilities in included libneon</title>
<synopsis>
tla includes a vulnerable version of the neon library.
</synopsis>
<product type="ebuild">tla</product>
<announced>May 30, 2004</announced>
<revised>June 02, 2004: 02</revised>
<announced>2004-05-30</announced>
<revised>2004-06-02: 02</revised>
<bug>51586</bug>
<access>remote</access>
<affected>
@ -50,12 +49,12 @@
<code>
# emerge sync
# emerge -pv ">=dev-util/tla-1.2-r2"
# emerge ">=dev-util/tla-1.2-r2"</code>
# emerge -pv "&gt;=dev-util/tla-1.2-r2"
# emerge "&gt;=dev-util/tla-1.2-r2"</code>
</resolution>
<references>
<uri link="/security/en/glsa/glsa-200405-01.xml">GLSA 200405-01</uri>
<uri link="/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-01.xml">GLSA 200405-01</uri>
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
</references>
<metadata tag="submitter">
jaervosz

19
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-01.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-01">
<title>Ethereal: Multiple security problems</title>
<synopsis>
@ -8,8 +7,8 @@
which may allow an attacker to run arbitrary code or crash the program.
</synopsis>
<product type="ebuild">Ethereal</product>
<announced>June 04, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-06-04</announced>
<revised>2006-05-22: 02</revised>
<bug>51022</bug>
<access>remote</access>
<affected>
@ -48,7 +47,7 @@
<workaround>
<p>
For a temporary workaround you can disable all affected protocol
dissectors by selecting Analyze->Enabled Protocols... and deselecting
dissectors by selecting Analyze-&gt;Enabled Protocols... and deselecting
them from the list. However, it is strongly recommended to upgrade to
the latest stable release.
</p>
@ -60,15 +59,15 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=net-analyzer/ethereal-0.10.4&quot;
# emerge &quot;&gt;=net-analyzer/ethereal-0.10.4&quot;</code>
# emerge -pv "&gt;=net-analyzer/ethereal-0.10.4"
# emerge "&gt;=net-analyzer/ethereal-0.10.4"</code>
</resolution>
<references>
<uri link="http://www.ethereal.com/appnotes/enpa-sa-00014.html">Ethereal enpa-sa-00014</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0504">CVE-2004-0504</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0505">CVE-2004-0505</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0506">CVE-2004-0506</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0507">CVE-2004-0507</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0504">CVE-2004-0504</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0505">CVE-2004-0505</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0506">CVE-2004-0506</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0507">CVE-2004-0507</uri>
</references>
<metadata tag="submitter">
jaervosz

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-02.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-02">
<title>tripwire: Format string vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
circumstances has been found.
</synopsis>
<product type="ebuild">tripwire</product>
<announced>June 04, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-06-04</announced>
<revised>2006-05-22: 02</revised>
<bug>52945</bug>
<access>local</access>
<affected>
@ -48,12 +47,12 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-admin/tripwire-2.3.1.2-r1&quot;
# emerge &quot;&gt;=app-admin/tripwire-2.3.1.2-r1&quot;</code>
# emerge -pv "&gt;=app-admin/tripwire-2.3.1.2-r1"
# emerge "&gt;=app-admin/tripwire-2.3.1.2-r1"</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/archive/1/365036/2004-05-31/2004-06-06/0">Bugtraq Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0536">CVE-2004-0536</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0536">CVE-2004-0536</uri>
</references>
<metadata tag="submitter">
jaervosz

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-03.xml vendored
View File

@ -1,14 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-03">
<title>sitecopy: Multiple vulnerabilities in included libneon</title>
<synopsis>
sitecopy includes a vulnerable version of the neon library.
</synopsis>
<product type="ebuild">sitecopy</product>
<announced>June 05, 2004</announced>
<revised>August 15, 2004: 04</revised>
<announced>2004-06-05</announced>
<revised>2004-08-15: 04</revised>
<bug>51585</bug>
<access>remote</access>
<affected>
@ -51,12 +50,12 @@
<code>
# emerge sync
# emerge -pv ">=net-misc/sitecopy-0.13.4-r2"
# emerge ">=net-misc/sitecopy-0.13.4-r2"</code>
# emerge -pv "&gt;=net-misc/sitecopy-0.13.4-r2"
# emerge "&gt;=net-misc/sitecopy-0.13.4-r2"</code>
</resolution>
<references>
<uri link="/security/en/glsa/glsa-200405-01.xml">GLSA 200405-01</uri>
<uri link="/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-01.xml">GLSA 200405-01</uri>
<uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-13.xml">GLSA 200405-13</uri>
</references>
<metadata tag="submitter">
jaervosz

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-04.xml vendored
View File

@ -1,14 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-04">
<title>Mailman: Member password disclosure vulnerability</title>
<synopsis>
Mailman contains a bug allowing 3rd parties to retrieve member passwords.
</synopsis>
<product type="ebuild">mailman</product>
<announced>June 09, 2004</announced>
<revised>June 09, 2004: 01</revised>
<announced>2004-06-09</announced>
<revised>2004-06-09: 01</revised>
<bug>51671</bug>
<access>remote </access>
<affected>
@ -47,12 +46,12 @@
<code>
# emerge sync
# emerge -pv ">=net-mail/mailman-2.1.5"
# emerge ">=net-mail/mailman-2.1.5"</code>
# emerge -pv "&gt;=net-mail/mailman-2.1.5"
# emerge "&gt;=net-mail/mailman-2.1.5"</code>
</resolution>
<references>
<uri link="http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html">Mailman 2.1.5 Release Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412">CAN-2004-0412</uri>
<uri link="https://mail.python.org/pipermail/mailman-announce/2004-May/000072.html">Mailman 2.1.5 Release Announcement</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0412">CAN-2004-0412</uri>
</references>
<metadata tag="submitter">
jaervosz

17
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-05.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-05">
<title>Apache: Buffer overflow in mod_ssl</title>
<synopsis>
@ -8,8 +7,8 @@
Apache is configured a certain way.
</synopsis>
<product type="ebuild">Apache</product>
<announced>June 09, 2004</announced>
<revised>December 30, 2007: 03</revised>
<announced>2004-06-09</announced>
<revised>2007-12-30: 03</revised>
<bug>51368</bug>
<access>remote</access>
<affected>
@ -42,7 +41,7 @@
<p>
Given the right server configuration, an attacker could cause a Denial of
Service or execute code as the user running Apache, usually
&quot;apache&quot;. It is thought to be impossible to exploit this to
"apache". It is thought to be impossible to exploit this to
execute code on the x86 platform, but the possibility for other platforms
is unknown. This does not preclude a DoS on x86 systems.
</p>
@ -60,19 +59,19 @@
<code>
# emerge sync
# emerge -pv ">=net-www/mod_ssl-2.8.18"
# emerge ">=net-www/mod_ssl-2.8.18"</code>
# emerge -pv "&gt;=net-www/mod_ssl-2.8.18"
# emerge "&gt;=net-www/mod_ssl-2.8.18"</code>
<p>
Apache 2.x users should upgrade to the latest version of Apache:
</p>
<code>
# emerge sync
# emerge -pv ">=www-servers/apache-2.0.49-r3"
# emerge ">=www-servers/apache-2.0.49-r3"</code>
# emerge -pv "&gt;=www-servers/apache-2.0.49-r3"
# emerge "&gt;=www-servers/apache-2.0.49-r3"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488">CAN-2004-0488</uri>
</references>
<metadata tag="submitter">
dmargoli

21
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-06.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-06">
<title>CVS: additional DoS and arbitrary code execution vulnerabilities</title>
<synopsis>
@ -8,8 +7,8 @@
an attacker to remotely compromise a CVS server.
</synopsis>
<product type="ebuild">CVS</product>
<announced>June 10, 2004</announced>
<revised>June 10, 2004: 01</revised>
<announced>2004-06-10</announced>
<revised>2004-06-10: 01</revised>
<bug>53408</bug>
<access>remote</access>
<affected>
@ -31,8 +30,8 @@
vulnerabilities including:
</p>
<ul>
<li>no-null-termination of &quot;Entry&quot; lines</li>
<li>error_prog_name &quot;double-free()&quot;</li>
<li>no-null-termination of "Entry" lines</li>
<li>error_prog_name "double-free()"</li>
<li>Argument integer overflow</li>
<li>serve_notify() out of bounds writes</li>
</ul>
@ -56,15 +55,15 @@
<code>
# emerge sync
# emerge -pv ">=dev-util/cvs-1.11.17"
# emerge ">=dev-util/cvs-1.11.17"</code>
# emerge -pv "&gt;=dev-util/cvs-1.11.17"
# emerge "&gt;=dev-util/cvs-1.11.17"</code>
</resolution>
<references>
<uri link="http://security.e-matters.de/advisories/092004.html">E-matters Advisory 09/2004</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414">CAN-2004-0414</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416">CAN-2004-0416</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0417">CAN-2004-0417</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0418">CAN-2004-0418</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414">CAN-2004-0414</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416">CAN-2004-0416</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0417">CAN-2004-0417</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0418">CAN-2004-0418</uri>
</references>
<metadata tag="submitter">
jaervosz

15
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-07.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-07">
<title>Subversion: Remote heap overflow</title>
<synopsis>
@ -8,8 +7,8 @@
exploitable to execute arbitrary code on the server running svnserve.
</synopsis>
<product type="ebuild">dev-util/subversion</product>
<announced>June 10, 2004</announced>
<revised>June 10, 2004: 01</revised>
<announced>2004-06-10</announced>
<revised>2004-06-10: 01</revised>
<access>remote</access>
<affected>
<package name="dev-util/subversion" auto="yes" arch="*">
@ -19,8 +18,8 @@
</affected>
<background>
<p>
Subversion is a revision control system that aims to be a &quot;compelling
replacement for CVS&quot;. It enjoys wide use in the open source community.
Subversion is a revision control system that aims to be a "compelling
replacement for CVS". It enjoys wide use in the open source community.
svnserve allows access to Subversion repositories using URIs with the
svn://, svn+ssh://, and other tunelled svn+*:// protocols.
</p>
@ -58,11 +57,11 @@
<code>
# emerge sync
# emerge -pv ">=dev-util/subversion-1.0.4-r1"
# emerge ">=dev-util/subversion-1.0.4-r1"</code>
# emerge -pv "&gt;=dev-util/subversion-1.0.4-r1"
# emerge "&gt;=dev-util/subversion-1.0.4-r1"</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0413">CAN-2004-0413</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0413">CAN-2004-0413</uri>
</references>
<metadata tag="submitter">
dmargoli

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-08.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-08">
<title>Squirrelmail: Another XSS vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
compromise of webmail accounts.
</synopsis>
<product type="ebuild">Squirrelmail</product>
<announced>June 15, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-06-15</announced>
<revised>2006-05-22: 02</revised>
<bug>52434</bug>
<access>remote</access>
<affected>
@ -51,13 +50,13 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=mail-client/squirrelmail-1.4.3&quot;
# emerge &quot;&gt;=mail-client/squirrelmail-1.4.3&quot;</code>
# emerge -pv "&gt;=mail-client/squirrelmail-1.4.3"
# emerge "&gt;=mail-client/squirrelmail-1.4.3"</code>
</resolution>
<references>
<uri link="http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt">RS-Labs Advisory</uri>
<uri link="http://www.cert.org/advisories/CA-2000-02.html">CERT description of XSS</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0520">CVE-2004-0520</uri>
<uri link="https://www.cert.org/advisories/CA-2000-02.html">CERT description of XSS</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0520">CVE-2004-0520</uri>
</references>
<metadata tag="submitter">
jaervosz

9
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-09.xml vendored
View File

@ -1,14 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-09">
<title>Horde-Chora: Remote code execution</title>
<synopsis>
A vulnerability in Chora allows remote code execution and file upload.
</synopsis>
<product type="ebuild">www-apps/horde-chora</product>
<announced>June 15, 2004</announced>
<revised>December 30, 2007: 02</revised>
<announced>2004-06-15</announced>
<revised>2007-12-30: 02</revised>
<bug>53800</bug>
<access>remote</access>
<affected>
@ -49,8 +48,8 @@
<code>
# emerge sync
# emerge -pv ">=www-apps/horde-chora-1.2.2"
# emerge ">=www-apps/horde-chora-1.2.2"</code>
# emerge -pv "&gt;=www-apps/horde-chora-1.2.2"
# emerge "&gt;=www-apps/horde-chora-1.2.2"</code>
</resolution>
<references>
<uri link="http://security.e-matters.de/advisories/102004.html">e-matters Advisory</uri>

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-10.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-10">
<title>Gallery: Privilege escalation vulnerability</title>
<synopsis>
@ -8,8 +7,8 @@
allow an attacker to gain administrator privileges within Gallery.
</synopsis>
<product type="ebuild">gallery</product>
<announced>June 15, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-06-15</announced>
<revised>2006-05-22: 02</revised>
<bug>52798</bug>
<access>remote</access>
<affected>
@ -53,12 +52,12 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-apps/gallery-1.4.3_p2&quot;
# emerge &quot;&gt;=www-apps/gallery-1.4.3_p2&quot;</code>
# emerge -pv "&gt;=www-apps/gallery-1.4.3_p2"
# emerge "&gt;=www-apps/gallery-1.4.3_p2"</code>
</resolution>
<references>
<uri link="http://gallery.menalto.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=123&amp;mode=thread&amp;order=0&amp;thold=0">Gallery Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0522">CVE-2004-0522</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0522">CVE-2004-0522</uri>
</references>
<metadata tag="submitter">
condordes

11
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-11.xml vendored
View File

@ -1,14 +1,13 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-11">
<title>Horde-IMP: Input validation vulnerability</title>
<synopsis>
An input validation vulnerability has been discovered in Horde-IMP.
</synopsis>
<product type="ebuild">horde-imp</product>
<announced>June 16, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-06-16</announced>
<revised>2006-05-22: 02</revised>
<bug>53862</bug>
<access>remote</access>
<affected>
@ -49,12 +48,12 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=www-apps/horde-imp-3.2.4&quot;
# emerge &quot;&gt;=www-apps/horde-imp-3.2.4&quot;</code>
# emerge -pv "&gt;=www-apps/horde-imp-3.2.4"
# emerge "&gt;=www-apps/horde-imp-3.2.4"</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/10501">Bugtraq Announcement</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0584">CVE-2004-0584</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0584">CVE-2004-0584</uri>
</references>
<metadata tag="submitter">
jaervosz

13
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200406-12.xml vendored
View File

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200406-12">
<title>Webmin: Multiple vulnerabilities</title>
<synopsis>
@ -8,8 +7,8 @@
of Service attack and information disclosure.
</synopsis>
<product type="ebuild">webmin</product>
<announced>June 16, 2004</announced>
<revised>May 22, 2006: 02</revised>
<announced>2004-06-16</announced>
<revised>2006-05-22: 02</revised>
<bug>53375</bug>
<access>remote</access>
<affected>
@ -52,14 +51,14 @@
<code>
# emerge sync
# emerge -pv &quot;&gt;=app-admin/app-admin/webmin-1.150&quot;
# emerge &quot;&gt;=app-admin/app-admin/webmin-1.150&quot;</code>
# emerge -pv "&gt;=app-admin/app-admin/webmin-1.150"
# emerge "&gt;=app-admin/app-admin/webmin-1.150"</code>
</resolution>
<references>
<uri link="http://www.securityfocus.com/bid/10474">Bugtraq Announcement</uri>
<uri link="http://www.webmin.com/changes-1.150.html">Webmin Changelog</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0582">CVE-2004-0582</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0583">CVE-2004-0583</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0582">CVE-2004-0582</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0583">CVE-2004-0583</uri>
</references>
<metadata tag="submitter">
jaervosz

Some files were not shown because too many files have changed in this diff Show More