mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-19 05:21:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2017-01-11 15:24:59 -08:00
parent 8a2b7fb888
commit 8ccad414a4
25 changed files with 1340 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201010-01.xml vendored
View File

@ -7,7 +7,7 @@
</synopsis> </synopsis>
<product type="ebuild">libpng</product> <product type="ebuild">libpng</product>
<announced>October 05, 2010</announced> <announced>October 05, 2010</announced>
<revised>June 06, 2015: 8</revised> <revised>January 03, 2017: 9</revised>
<bug>307637</bug> <bug>307637</bug>
<bug>324153</bug> <bug>324153</bug>
<bug>335887</bug> <bug>335887</bug>
@ -25,6 +25,7 @@
<unaffected range="rge">1.2.54</unaffected> <unaffected range="rge">1.2.54</unaffected>
<unaffected range="rge">1.2.55</unaffected> <unaffected range="rge">1.2.55</unaffected>
<unaffected range="rge">1.2.56</unaffected> <unaffected range="rge">1.2.56</unaffected>
<unaffected range="rge">1.2.57</unaffected>
<vulnerable range="lt">1.4.3</vulnerable> <vulnerable range="lt">1.4.3</vulnerable>
</package> </package>
</affected> </affected>
@ -88,6 +89,6 @@
</uri> </uri>
</references> </references>
<metadata tag="requester" timestamp="Fri, 07 Oct 2011 22:32:46 +0000">craig</metadata> <metadata tag="requester" timestamp="Fri, 07 Oct 2011 22:32:46 +0000">craig</metadata>
<metadata tag="submitter" timestamp="Sat, 06 Jun 2015 23:36:51 +0000">system</metadata> <metadata tag="submitter" timestamp="Tue, 03 Jan 2017 04:37:30 +0000">system</metadata>
<metadata tag="bugReady" timestamp="Sat, 06 Jun 2015 23:36:52 +0000">system</metadata> <metadata tag="bugReady" timestamp="Tue, 03 Jan 2017 04:37:31 +0000">system</metadata>
</glsa> </glsa>

7
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-15.xml vendored
View File

@ -7,7 +7,7 @@
</synopsis> </synopsis>
<product type="ebuild">libpng</product> <product type="ebuild">libpng</product>
<announced>June 22, 2012</announced> <announced>June 22, 2012</announced>
<revised>June 06, 2015: 4</revised> <revised>January 03, 2017: 5</revised>
<bug>373967</bug> <bug>373967</bug>
<bug>386185</bug> <bug>386185</bug>
<bug>401987</bug> <bug>401987</bug>
@ -24,7 +24,8 @@
<unaffected range="rge">1.2.53</unaffected> <unaffected range="rge">1.2.53</unaffected>
<unaffected range="rge">1.2.54</unaffected> <unaffected range="rge">1.2.54</unaffected>
<unaffected range="rge">1.2.55</unaffected> <unaffected range="rge">1.2.55</unaffected>
<unaffected range="rge">1.2.56</unaffected> <unaffected range="ge">1.2.56</unaffected>
<unaffected range="ge">1.2.57</unaffected>
<vulnerable range="lt">1.5.10</vulnerable> <vulnerable range="lt">1.5.10</vulnerable>
</package> </package>
</affected> </affected>
@ -110,5 +111,5 @@
<metadata tag="requester" timestamp="Fri, 07 Oct 2011 23:37:07 +0000"> <metadata tag="requester" timestamp="Fri, 07 Oct 2011 23:37:07 +0000">
underling underling
</metadata> </metadata>
<metadata tag="submitter" timestamp="Sat, 06 Jun 2015 23:37:53 +0000">ackle</metadata> <metadata tag="submitter" timestamp="Tue, 03 Jan 2017 04:38:41 +0000">ackle</metadata>
</glsa> </glsa>

5
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201502-10.xml vendored
View File

@ -7,7 +7,7 @@
</synopsis> </synopsis>
<product type="ebuild">libpng</product> <product type="ebuild">libpng</product>
<announced>February 15, 2015</announced> <announced>February 15, 2015</announced>
<revised>June 06, 2015: 2</revised> <revised>January 03, 2017: 3</revised>
<bug>531264</bug> <bug>531264</bug>
<bug>533358</bug> <bug>533358</bug>
<access>local, remote</access> <access>local, remote</access>
@ -24,6 +24,7 @@
<unaffected range="rge">1.5.23</unaffected> <unaffected range="rge">1.5.23</unaffected>
<unaffected range="rge">1.5.24</unaffected> <unaffected range="rge">1.5.24</unaffected>
<unaffected range="rge">1.5.25</unaffected> <unaffected range="rge">1.5.25</unaffected>
<unaffected range="rge">1.2.57</unaffected>
<vulnerable range="lt">1.6.16</vulnerable> <vulnerable range="lt">1.6.16</vulnerable>
</package> </package>
</affected> </affected>
@ -78,5 +79,5 @@
<metadata tag="requester" timestamp="Thu, 15 Jan 2015 22:55:48 +0000"> <metadata tag="requester" timestamp="Thu, 15 Jan 2015 22:55:48 +0000">
BlueKnight BlueKnight
</metadata> </metadata>
<metadata tag="submitter" timestamp="Sat, 06 Jun 2015 23:41:25 +0000">ackle</metadata> <metadata tag="submitter" timestamp="Tue, 03 Jan 2017 04:39:38 +0000">ackle</metadata>
</glsa> </glsa>

6
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201507-20.xml vendored
View File

@ -8,7 +8,7 @@
</synopsis> </synopsis>
<product type="ebuild">postgresql</product> <product type="ebuild">postgresql</product>
<announced>July 18, 2015</announced> <announced>July 18, 2015</announced>
<revised>August 22, 2015: 2</revised> <revised>January 03, 2017: 3</revised>
<bug>539018</bug> <bug>539018</bug>
<bug>550172</bug> <bug>550172</bug>
<access>remote</access> <access>remote</access>
@ -32,6 +32,8 @@
<unaffected range="rge">9.3.10</unaffected> <unaffected range="rge">9.3.10</unaffected>
<unaffected range="rge">9.3.11</unaffected> <unaffected range="rge">9.3.11</unaffected>
<unaffected range="rge">9.3.12</unaffected> <unaffected range="rge">9.3.12</unaffected>
<unaffected range="rge">9.3.14</unaffected>
<unaffected range="rge">9.3.15</unaffected>
<vulnerable range="lt">9.4.3</vulnerable> <vulnerable range="lt">9.4.3</vulnerable>
</package> </package>
</affected> </affected>
@ -103,5 +105,5 @@
<metadata tag="requester" timestamp="Wed, 22 Apr 2015 20:30:11 +0000"> <metadata tag="requester" timestamp="Wed, 22 Apr 2015 20:30:11 +0000">
BlueKnight BlueKnight
</metadata> </metadata>
<metadata tag="submitter" timestamp="Sat, 22 Aug 2015 16:22:06 +0000">Zlogene</metadata> <metadata tag="submitter" timestamp="Tue, 03 Jan 2017 04:30:36 +0000">Zlogene</metadata>
</glsa> </glsa>

5
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201612-56.xml vendored
View File

@ -7,12 +7,13 @@
</synopsis> </synopsis>
<product type="ebuild">xen</product> <product type="ebuild">xen</product>
<announced>December 31, 2016</announced> <announced>December 31, 2016</announced>
<revised>December 31, 2016: 1</revised> <revised>January 03, 2017: 2</revised>
<bug>600382</bug> <bug>600382</bug>
<bug>600662</bug> <bug>600662</bug>
<bug>601248</bug> <bug>601248</bug>
<bug>601250</bug> <bug>601250</bug>
<bug>601986</bug> <bug>601986</bug>
<bug>603420</bug>
<access>local</access> <access>local</access>
<affected> <affected>
<package name="app-emulation/xen" auto="yes" arch="*"> <package name="app-emulation/xen" auto="yes" arch="*">
@ -91,5 +92,5 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9932">CVE-2016-9932</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9932">CVE-2016-9932</uri>
</references> </references>
<metadata tag="requester" timestamp="Sat, 26 Nov 2016 10:47:37 +0000">b-man</metadata> <metadata tag="requester" timestamp="Sat, 26 Nov 2016 10:47:37 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Sat, 31 Dec 2016 16:13:07 +0000">b-man</metadata> <metadata tag="submitter" timestamp="Tue, 03 Jan 2017 05:55:18 +0000">b-man</metadata>
</glsa> </glsa>

56
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-14.xml vendored Normal file
View File

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-14">
<title>LZO: Multiple vulnerabilities</title>
<synopsis>An integer overflow in LZO might allow remote attackers to execute
arbitrary code or cause a Denial of Service condition.
</synopsis>
<product type="ebuild">lzo</product>
<announced>January 02, 2017</announced>
<revised>January 02, 2017: 1</revised>
<bug>515238</bug>
<access>remote</access>
<affected>
<package name="dev-libs/lzo" auto="yes" arch="*">
<unaffected range="ge">2.08</unaffected>
<vulnerable range="lt">2.08</vulnerable>
</package>
</affected>
<background>
<p>LZO is an extremely fast compression and decompression library</p>
</background>
<description>
<p>LZO is vulnerable to an integer overflow condition in the
“lzo1x_decompress_safe” function which could result in a possible
buffer overrun when processing maliciously crafted compressed input data.
</p>
</description>
<impact type="normal">
<p>A remote attacker could send specially crafted compressed input data
possibly resulting in a Denial of Service condition or arbitrary code
execution.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All LZO users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/lzo-2.08"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4607">CVE-2014-4607</uri>
</references>
<metadata tag="requester" timestamp="Thu, 10 Jul 2014 05:18:15 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Mon, 02 Jan 2017 15:16:02 +0000">
BlueKnight
</metadata>
</glsa>

169
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-15.xml vendored Normal file
View File

@ -0,0 +1,169 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-15">
<title>Mozilla Firefox, Thunderbird: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
Thunderbird the worst of which could lead to the execution of arbitrary
code.
</synopsis>
<product type="ebuild">firefox, thunderbird</product>
<announced>January 03, 2017</announced>
<revised>January 04, 2017: 2</revised>
<bug>581326</bug>
<bug>590330</bug>
<bug>594616</bug>
<bug>599924</bug>
<bug>601320</bug>
<bug>602576</bug>
<bug>604024</bug>
<access>remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge">45.6.0</unaffected>
<vulnerable range="lt">45.6.0</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge">45.6.0</unaffected>
<vulnerable range="lt">45.6.0</vulnerable>
</package>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">45.6.0</unaffected>
<vulnerable range="lt">45.6.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">45.6.0</unaffected>
<vulnerable range="lt">45.6.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is a cross-platform web browser from Mozilla. The
Mozilla Thunderbird mail client is a redesign of the Mozilla Mail
component. The goal is to produce a cross-platform stand-alone mail
application using XUL (XML User Interface Language).
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
Thunderbird. Please review the CVE identifiers referenced below for
details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process or cause a Denial of Service condition via
multiple vectors.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-45.6.0"
</code>
<p>All Firefox-bin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-45.6.0"
</code>
<p>All Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-45.6.0"
</code>
<p>All Thunderbird-bin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=mail-client/thunderbird-bin-45.6.0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2804">CVE-2016-2804</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2805">CVE-2016-2805</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2806">CVE-2016-2806</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2807">CVE-2016-2807</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2808">CVE-2016-2808</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2809">CVE-2016-2809</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2810">CVE-2016-2810</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2811">CVE-2016-2811</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2812">CVE-2016-2812</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2813">CVE-2016-2813</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2814">CVE-2016-2814</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2816">CVE-2016-2816</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2817">CVE-2016-2817</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2820">CVE-2016-2820</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2827">CVE-2016-2827</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2830">CVE-2016-2830</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2835">CVE-2016-2835</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2836">CVE-2016-2836</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2837">CVE-2016-2837</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2838">CVE-2016-2838</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2839">CVE-2016-2839</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5250">CVE-2016-5250</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5251">CVE-2016-5251</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5252">CVE-2016-5252</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5253">CVE-2016-5253</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5254">CVE-2016-5254</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5255">CVE-2016-5255</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5256">CVE-2016-5256</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5257">CVE-2016-5257</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5258">CVE-2016-5258</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5259">CVE-2016-5259</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5260">CVE-2016-5260</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5261">CVE-2016-5261</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5262">CVE-2016-5262</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5263">CVE-2016-5263</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5264">CVE-2016-5264</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5265">CVE-2016-5265</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5266">CVE-2016-5266</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5267">CVE-2016-5267</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5268">CVE-2016-5268</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5270">CVE-2016-5270</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5271">CVE-2016-5271</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5272">CVE-2016-5272</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5273">CVE-2016-5273</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5274">CVE-2016-5274</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5275">CVE-2016-5275</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5276">CVE-2016-5276</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5277">CVE-2016-5277</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5278">CVE-2016-5278</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5279">CVE-2016-5279</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5280">CVE-2016-5280</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5281">CVE-2016-5281</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5282">CVE-2016-5282</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5283">CVE-2016-5283</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5284">CVE-2016-5284</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5290">CVE-2016-5290</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5291">CVE-2016-5291</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5293">CVE-2016-5293</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5294">CVE-2016-5294</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5296">CVE-2016-5296</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5297">CVE-2016-5297</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9064">CVE-2016-9064</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9066">CVE-2016-9066</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074">CVE-2016-9074</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9079">CVE-2016-9079</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9893">CVE-2016-9893</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9895">CVE-2016-9895</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9897">CVE-2016-9897</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9898">CVE-2016-9898</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9899">CVE-2016-9899</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9900">CVE-2016-9900</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9901">CVE-2016-9901</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9902">CVE-2016-9902</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9904">CVE-2016-9904</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9905">CVE-2016-9905</uri>
</references>
<metadata tag="requester" timestamp="Mon, 02 Jan 2017 23:32:38 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Wed, 04 Jan 2017 14:37:04 +0000">b-man</metadata>
</glsa>

111
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-16.xml vendored Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-16">
<title>libTIFF: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in libTIFF, the worst of
which may allow execution of arbitrary code.
</synopsis>
<product type="ebuild">tiff</product>
<announced>January 09, 2017</announced>
<revised>January 09, 2017: 2</revised>
<bug>484542</bug>
<bug>534108</bug>
<bug>538318</bug>
<bug>561880</bug>
<bug>572876</bug>
<bug>585274</bug>
<bug>585508</bug>
<bug>599746</bug>
<access>remote</access>
<affected>
<package name="media-libs/tiff" auto="yes" arch="*">
<unaffected range="ge">4.0.7</unaffected>
<vulnerable range="lt">4.0.7</vulnerable>
</package>
</affected>
<background>
<p>The TIFF library contains encoding and decoding routines for the Tag
Image File Format. It is called by numerous programs, including GNOME and
KDE applications, to interpret TIFF images.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libTIFF. Please review
the CVE identifier and bug reports referenced for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to process a specially crafted
image file, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libTIFF users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.0.7"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243">CVE-2013-4243</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127">CVE-2014-8127</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128">CVE-2014-8128</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129">CVE-2014-8129</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130">CVE-2014-8130</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330">CVE-2014-9330</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655">CVE-2014-9655</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547">CVE-2015-1547</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313">CVE-2015-7313</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554">CVE-2015-7554</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665">CVE-2015-8665</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668">CVE-2015-8668</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683">CVE-2015-8683</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781">CVE-2015-8781</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782">CVE-2015-8782</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783">CVE-2015-8783</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784">CVE-2015-8784</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186">CVE-2016-3186</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619">CVE-2016-3619</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620">CVE-2016-3620</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621">CVE-2016-3621</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622">CVE-2016-3622</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623">CVE-2016-3623</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624">CVE-2016-3624</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625">CVE-2016-3625</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631">CVE-2016-3631</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632">CVE-2016-3632</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633">CVE-2016-3633</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634">CVE-2016-3634</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658">CVE-2016-3658</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945">CVE-2016-3945</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990">CVE-2016-3990</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991">CVE-2016-3991</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102">CVE-2016-5102</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314">CVE-2016-5314</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315">CVE-2016-5315</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316">CVE-2016-5316</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317">CVE-2016-5317</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318">CVE-2016-5318</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319">CVE-2016-5319</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320">CVE-2016-5320</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321">CVE-2016-5321</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322">CVE-2016-5322</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323">CVE-2016-5323</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652">CVE-2016-5652</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875">CVE-2016-5875</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223">CVE-2016-6223</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331">CVE-2016-8331</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273">CVE-2016-9273</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297">CVE-2016-9297</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448">CVE-2016-9448</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453">CVE-2016-9453</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532">CVE-2016-9532</uri>
</references>
<metadata tag="requester" timestamp="Mon, 11 Jul 2016 05:00:13 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Mon, 09 Jan 2017 20:05:48 +0000">b-man</metadata>
</glsa>

71
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-17.xml vendored Normal file
View File

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-17">
<title>Adobe Flash Player: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which allows remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">adobe-flash</product>
<announced>January 10, 2017</announced>
<revised>January 10, 2017: 1</revised>
<bug>602546</bug>
<access>remote</access>
<affected>
<package name="www-plugins/adobe-flash" auto="yes" arch="*">
<unaffected range="ge">24.0.0.186</unaffected>
<vulnerable range="lt">24.0.0.186</vulnerable>
</package>
</affected>
<background>
<p>The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process or bypass security restrictions.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Adobe Flash Player users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-plugins/adobe-flash-24.0.0.186"
</code>
</resolution>
<references>
<uri link="https://helpx.adobe.com/security/products/flash-player/apsb16-39.html">
APSB16-39
</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7867">CVE-2016-7867</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7868">CVE-2016-7868</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7869">CVE-2016-7869</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7870">CVE-2016-7870</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7871">CVE-2016-7871</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7872">CVE-2016-7872</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7873">CVE-2016-7873</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7874">CVE-2016-7874</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7875">CVE-2016-7875</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7876">CVE-2016-7876</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7877">CVE-2016-7877</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7878">CVE-2016-7878</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7879">CVE-2016-7879</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7880">CVE-2016-7880</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7881">CVE-2016-7881</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7890">CVE-2016-7890</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7892">CVE-2016-7892</uri>
</references>
<metadata tag="requester" timestamp="Sun, 08 Jan 2017 17:46:19 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Tue, 10 Jan 2017 13:49:58 +0000">whissi</metadata>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-18.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-18">
<title>Python: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Python, the worst of
which could lead to arbitrary code execution.
</synopsis>
<product type="ebuild">python</product>
<announced>January 10, 2017</announced>
<revised>January 10, 2017: 1</revised>
<bug>531002</bug>
<bug>585910</bug>
<bug>585946</bug>
<access>remote</access>
<affected>
<package name="dev-lang/python" auto="yes" arch="*">
<unaffected range="rge">2.7.12</unaffected>
<unaffected range="ge">3.4.5</unaffected>
<vulnerable range="lt">3.4.5</vulnerable>
</package>
</affected>
<background>
<p>Python is an interpreted, interactive, object-oriented programming
language.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Python. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to open a specially crafted index
file using Pythons dumbdbm module, possibly resulting in execution of
arbitrary code with the privileges of the process.
</p>
<p>A remote attacker could entice a user to process a specially crafted
input stream using Pythons zipimporter module, possibly allowing
attackers to cause unspecified impact.
</p>
<p>A man in the middle attacker could strip out the STARTTLS command
without generating an exception on the Python SMTP client application,
preventing the establishment of the TLS layer.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Python 2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.12:2.7"
</code>
<p>All Python 3 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.4.5:3.4"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0772">CVE-2016-0772</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5636">CVE-2016-5636</uri>
</references>
<metadata tag="requester" timestamp="Tue, 03 Jan 2017 06:13:03 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Tue, 10 Jan 2017 13:57:50 +0000">whissi</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-19.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-19">
<title>NTFS-3G: Privilege escalation</title>
<synopsis>A vulnerability in NTFS-3G allows local users to gain root
privileges.
</synopsis>
<product type="ebuild">ntfs3g</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>550970</bug>
<access>local</access>
<affected>
<package name="sys-fs/ntfs3g" auto="yes" arch="*">
<unaffected range="ge">2016.2.22</unaffected>
<vulnerable range="lt">2016.2.22</vulnerable>
</package>
</affected>
<background>
<p>NTFS-3G is a stable, full-featured, read-write NTFS driver for various
operating systems.
</p>
</background>
<description>
<p>NTFS-3G is affected by the same vulnerability as reported in “GLSA
201603-04” when the bundled fuse-lite implementation is used.
</p>
</description>
<impact type="normal">
<p>A local user could gain root privileges.</p>
</impact>
<workaround>
<p>There is no known workaround at this time. However, on Gentoo when the
“external-fuse” USE flag is set or the “suid” USE flag is not set
then NTFS-3G is not affected. Both of these cases are the default
configuration.
</p>
</workaround>
<resolution>
<p>All NTFS-3G users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-fs/ntfs3g-2016.2.22"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3202">CVE-2015-3202</uri>
<uri link="https://security.gentoo.org/glsa/201603-04">GLSA 201603-04</uri>
</references>
<metadata tag="requester" timestamp="Wed, 07 Sep 2016 01:46:01 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:04:09 +0000">whissi</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-20.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-20">
<title>D-Bus: Format string vulnerability</title>
<synopsis>A vulnerability has been found in D-Bus possibly resulting in a
local Denial of Service.
</synopsis>
<product type="ebuild">dbus</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>596772</bug>
<access>local</access>
<affected>
<package name="sys-apps/dbus" auto="yes" arch="*">
<unaffected range="ge">1.10.12</unaffected>
<vulnerable range="lt">1.10.12</vulnerable>
</package>
</affected>
<background>
<p>D-Bus is a message bus system, a simple way for applications to talk to
one another.
</p>
</background>
<description>
<p>It was discovered that D-Bus incorrectly handles certain format strings.</p>
<p>The impact of this new vulnerability is believed to not be exploitable
if D-Bus is patched against CVE-2015-0245. The previous vulnerability
(CVE-2015-0245) was addressed in GLSA-201503-02 referenced below.
</p>
</description>
<impact type="normal">
<p>A local attacker could cause a Denial of Service condition or possibly
execute arbitrary code.
</p>
</impact>
<workaround>
<p>The vulnerable D-Bus interface is intended only for use by systemd
running as root.
</p>
<p>The administrator can install a policy which denies sending from
org.freedesktop.systemd1.Activator” to D-Bus. This will prevent
non-root attackers from reaching the interface in order to exercise this
flaw.
</p>
</workaround>
<resolution>
<p>All D-Bus users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.10.12"
</code>
</resolution>
<references>
<uri link="https://security.gentoo.org/glsa/201503-02">GLSA-201503-02</uri>
</references>
<metadata tag="requester" timestamp="Sun, 08 Jan 2017 23:47:24 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:08:23 +0000">whissi</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-21.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-21">
<title>Expat: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Expat, the worst of
which may allow execution of arbitrary code.
</synopsis>
<product type="ebuild">expat</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>458742</bug>
<bug>555642</bug>
<bug>577928</bug>
<bug>583268</bug>
<bug>585510</bug>
<access>remote</access>
<affected>
<package name="dev-libs/expat" auto="yes" arch="*">
<unaffected range="ge">2.2.0-r1</unaffected>
<vulnerable range="lt">2.2.0-r1</vulnerable>
</package>
</affected>
<background>
<p>Expat is a set of XML parsing libraries.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Expat. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing a user to process a specially crafted XML
file, could execute arbitrary code with the privileges of the process or
cause a Denial of Service condition. This attack could also be used
against automated systems that arbitrarily process XML files.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Expat users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/expat-2.2.0-r1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702">CVE-2012-6702</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340">CVE-2013-0340</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283">CVE-2015-1283</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718">CVE-2016-0718</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472">CVE-2016-4472</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300">CVE-2016-5300</uri>
</references>
<metadata tag="requester" timestamp="Thu, 31 Dec 2015 03:24:00 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:13:03 +0000">whissi</metadata>
</glsa>

58
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-22.xml vendored Normal file
View File

@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-22">
<title>NGINX: Privilege escalation</title>
<synopsis>Gentoo's NGINX ebuilds are vulnerable to privilege escalation due
to the way log files are handled.
</synopsis>
<product type="ebuild">nginx</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>605008</bug>
<access>local</access>
<affected>
<package name="www-servers/nginx" auto="yes" arch="*">
<unaffected range="ge">1.10.2-r3</unaffected>
<vulnerable range="lt">1.10.2-r3</vulnerable>
</package>
</affected>
<background>
<p>nginx is a robust, small, and high performance HTTP and reverse proxy
server.
</p>
</background>
<description>
<p>It was discovered that Gentoos default NGINX installation applied
similar problematic permissions on “/var/log/nginx” as Debian
(DSA-3701) and is therefore vulnerable to the same attack described in
CVE-2016-1247.
</p>
</description>
<impact type="normal">
<p>A local attacker, who either is already NGINXs system user or belongs
to NGINXs group, could potentially escalate privileges.
</p>
</impact>
<workaround>
<p>Ensure that no untrusted user can create files in directories which are
used by NGINX (or an NGINX vhost) to store log files.
</p>
</workaround>
<resolution>
<p>All NGINX users should upgrade to the latest ebuild revision:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.10.2-r3"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1247">CVE-2016-1247</uri>
<uri link="https://www.debian.org/security/2016/dsa-3701">DSA-3701</uri>
<uri link="https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html">
Technical analysis
</uri>
</references>
<metadata tag="requester" timestamp="Tue, 10 Jan 2017 15:37:19 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:18:42 +0000">whissi</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-23.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-23">
<title>Botan: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Botan, the worst of
which might allow remote attackers to obtain ECDSA secret keys.
</synopsis>
<product type="ebuild">botan</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>581324</bug>
<access>remote</access>
<affected>
<package name="dev-libs/botan" auto="yes" arch="*">
<unaffected range="ge">1.10.13</unaffected>
<vulnerable range="lt">1.10.13</vulnerable>
</package>
</affected>
<background>
<p>Botan (Japanese for peony) is a cryptography library written in C++11.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Botan. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker might obtain ECDSA secret keys via a timing
side-channel attack or could possibly bypass TLS policy.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Botan users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/botan-1.10.13"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2849">CVE-2016-2849</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2850">CVE-2016-2850</uri>
</references>
<metadata tag="requester" timestamp="Mon, 09 Jan 2017 17:45:34 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:23:40 +0000">whissi</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-24.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-24">
<title>PgBouncer: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in PgBouncer, the worst of
which may allow an attacker to bypass authentication.
</synopsis>
<product type="ebuild">pgbouncer</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>550124</bug>
<bug>600184</bug>
<access>remote</access>
<affected>
<package name="dev-db/pgbouncer" auto="yes" arch="*">
<unaffected range="ge">1.7.2</unaffected>
<vulnerable range="lt">1.7.2</vulnerable>
</package>
</affected>
<background>
<p>PgBouncer is a lightweight connection pooler for PostgreSQL.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in PgBouncer. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker might send a specially crafted package possibly
resulting in a Denial of Service condition. Furthermore, a remote
attacker might bypass authentication in configurations using the
“auth_user” feature.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PgBouncer users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/pgbouncer-1.7.2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4054">CVE-2015-4054</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6817">CVE-2015-6817</uri>
</references>
<metadata tag="requester" timestamp="Mon, 09 Jan 2017 13:32:34 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:24:51 +0000">whissi</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-25.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-25">
<title>phpBB: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in phpBB, the worst of
which may allow remote attackers to inject arbitrary web script or HTML.
</synopsis>
<product type="ebuild">phpBB</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>538360</bug>
<access>remote</access>
<affected>
<package name="www-apps/phpBB" auto="yes" arch="*">
<vulnerable range="lt">3.1.10</vulnerable>
</package>
</affected>
<background>
<p>phpBB is an Open Source bulletin board package.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in phpBB. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker may be able to change settings, inject arbitrary web
script or HTML, or conduct cross-site request forgery (CSRF) attacks.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo Security support has been discontinued due to phpBB being dropped
to unstable. As such, we recommend that users unmerge phpBB:
</p>
<code>
# emerge --unmerge "www-apps/phpBB"
</code>
<p>NOTE: Users could alternatively upgrade to
&gt;=www-apps/phpBB-3.1.10”, however, these packages are not
currently marked stable.
</p>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1431">CVE-2015-1431</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1432">CVE-2015-1432</uri>
</references>
<metadata tag="requester" timestamp="Sun, 08 Jan 2017 20:58:16 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:26:07 +0000">whissi</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-26.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-26">
<title>BIND: Denial of Service</title>
<synopsis>A vulnerability in BIND might allow remote attackers to cause a
Denial of Service condition.
</synopsis>
<product type="ebuild">bind</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>598750</bug>
<access>remote</access>
<affected>
<package name="net-dns/bind" auto="yes" arch="*">
<unaffected range="ge">9.10.4_p4</unaffected>
<vulnerable range="lt">9.10.4_p4</vulnerable>
</package>
</affected>
<background>
<p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
</background>
<description>
<p>A defect in BINDs handling of responses containing a DNAME answer can
cause a resolver to exit after encountering an assertion failure in db.c
or resolver.c.
</p>
</description>
<impact type="normal">
<p>A remote attacker could send a specially crafted DNS request to the BIND
resolver possibly resulting in a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All BIND users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.10.4_p4"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8864">CVE-2016-8864</uri>
</references>
<metadata tag="requester" timestamp="Wed, 04 Jan 2017 02:59:06 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:27:02 +0000">whissi</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-27.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-27">
<title>7-Zip: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in 7-Zip, the worst of
which may allow execution of arbitrary code.
</synopsis>
<product type="ebuild">7zip</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>582832</bug>
<access>remote</access>
<affected>
<package name="app-arch/p7zip" auto="yes" arch="*">
<unaffected range="ge">16.02-r1</unaffected>
<vulnerable range="lt">16.02-r1</vulnerable>
</package>
</affected>
<background>
<p>7-Zip is an open-source file archiver, an application used primarily to
compress files. 7-Zip uses its own 7z archive format, but can read and
write several other archive formats.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in 7-Zip. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to open a specially crafted
archive file possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All 7-Zip users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-arch/p7zip-16.02-r1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2334">CVE-2016-2334</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2335">CVE-2016-2335</uri>
</references>
<metadata tag="requester" timestamp="Mon, 09 Jan 2017 17:11:43 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:28:26 +0000">whissi</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-28.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-28">
<title>c-ares: Heap-based buffer overflow</title>
<synopsis>A heap-based buffer overflow in c-ares might allow remote attackers
to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">c-ares</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>595536</bug>
<access>remote</access>
<affected>
<package name="net-dns/c-ares" auto="yes" arch="*">
<unaffected range="ge">1.12.0</unaffected>
<vulnerable range="lt">1.12.0</vulnerable>
</package>
</affected>
<background>
<p>c-ares is a C library for asynchronous DNS requests (including name
resolves).
</p>
</background>
<description>
<p>A hostname with an escaped trailing dot (such as “hello\.”) would
have its size calculated incorrectly leading to a single byte written
beyond the end of a buffer on the heap.
</p>
</description>
<impact type="normal">
<p>A remote attacker, able to provide a specially crafted hostname to an
application using c-ares, could potentially cause a Denial of Service
condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All c-ares users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-dns/c-ares-1.12.0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5180">CVE-2016-5180</uri>
</references>
<metadata tag="requester" timestamp="Mon, 09 Jan 2017 14:14:23 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:29:54 +0000">whissi</metadata>
</glsa>

65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-29.xml vendored Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-29">
<title>Vim, gVim: Remote execution of arbitrary code</title>
<synopsis>A vulnerability has been found in Vim and gVim concerning how
certain modeline options are treated.
</synopsis>
<product type="ebuild">vim, gvim</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>600650</bug>
<access>remote</access>
<affected>
<package name="app-editors/vim" auto="yes" arch="*">
<unaffected range="ge">8.0.0106</unaffected>
<vulnerable range="lt">8.0.0106</vulnerable>
</package>
<package name="app-editors/gvim" auto="yes" arch="*">
<unaffected range="ge">8.0.0106</unaffected>
<vulnerable range="lt">8.0.0106</vulnerable>
</package>
</affected>
<background>
<p>Vim is an efficient, highly configurable improved version of the classic
vi text editor. gVim is the GUI version of Vim.
</p>
</background>
<description>
<p>Vim and gVim do not properly validate values for the filetype,
syntax, and keymap options.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to open a specially crafted file
using Vim/gVim with certain modeline options enabled possibly resulting
in execution of arbitrary code with the privileges of the process.
</p>
</impact>
<workaround>
<p>Disabling modeline support in .vimrc by adding “set nomodeline” will
prevent exploitation of this flaw. By default, modeline is enabled for
ordinary users but disabled for root.
</p>
</workaround>
<resolution>
<p>All Vim users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-editors/vim-8.0.0106"
</code>
<p>All gVim users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-editors/gvim-8.0.0106"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1248">CVE-2016-1248</uri>
</references>
<metadata tag="requester" timestamp="Mon, 09 Jan 2017 17:07:43 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:33:33 +0000">whissi</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-30.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-30">
<title>vzctl: Security bypass</title>
<synopsis>A vulnerability in vzctl might allow attackers to gain control over
ploop containers.
</synopsis>
<product type="ebuild">vzctl</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>560522</bug>
<access>local, remote</access>
<affected>
<package name="sys-cluster/vzctl" auto="yes" arch="*">
<unaffected range="ge">4.9.4</unaffected>
<vulnerable range="lt">4.9.4</vulnerable>
</package>
</affected>
<background>
<p>vzctl is a set of control tools for the OpenVZ server virtualization
solution.
</p>
</background>
<description>
<p>It was discovered that vzctl determined the virtual environment (VE)
layout based on the presence of root.hdd/DiskDescriptor.xml in the VE
private directory. This allows local simfs container (CT) root users to
change the root password for arbitrary ploop containers. This is
demonstrated by a symlink attack on the ploop container root.hdd file
which can then be used to access a control panel.
</p>
</description>
<impact type="normal">
<p>An attacker with root privileges, in a simfs-based container, could gain
control over ploop-based containers.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All vzctl users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-cluster/vzctl-4.9.4"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6927">CVE-2015-6927</uri>
</references>
<metadata tag="requester" timestamp="Tue, 10 Jan 2017 16:32:14 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:39:20 +0000">whissi</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-31.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-31">
<title>flex: Potential insecure code generation</title>
<synopsis>Flex might generate code with a buffer overflow making applications
using such scanners vulnerable to the execution of arbitrary code.
</synopsis>
<product type="ebuild">flex</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>589820</bug>
<access>remote</access>
<affected>
<package name="sys-devel/flex" auto="yes" arch="*">
<unaffected range="ge">2.6.1</unaffected>
<vulnerable range="lt">2.6.1</vulnerable>
</package>
</affected>
<background>
<p>flex is a programming tool used to generate scanners (programs which
recognize lexical patterns in text).
</p>
</background>
<description>
<p>A heap-based buffer overflow in the yy_get_next_buffer function in Flex
might allow context-dependent attackers to cause a denial of service or
possibly execute arbitrary code via vectors involving num_to_read.
</p>
</description>
<impact type="normal">
<p>Context-dependent attackers could cause a Denial of Service condition or
possibly execute arbitrary code with the privileges of the process.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All flex users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-devel/flex-2.6.1"
</code>
<p>Packages which depend on flex may need to be recompiled. Tools such as
qdepends (included in app-portage/portage-utils) may assist in
identifying these packages:
</p>
<code>
# emerge --oneshot --ask --verbose $(qdepends -CQ sys-devel/flex | sed
's/^/=/')
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6354">CVE-2016-6354</uri>
</references>
<metadata tag="requester" timestamp="Mon, 09 Jan 2017 14:07:40 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 12:41:44 +0000">whissi</metadata>
</glsa>

117
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-32.xml vendored Normal file
View File

@ -0,0 +1,117 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201701-32">
<title>phpMyAdmin: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in phpMyAdmin, the worst
of which could lead to arbitrary code execution.
</synopsis>
<product type="ebuild">phpMyAdmin</product>
<announced>January 11, 2017</announced>
<revised>January 11, 2017: 1</revised>
<bug>586964</bug>
<bug>593582</bug>
<bug>600814</bug>
<access>remote</access>
<affected>
<package name="dev-db/phpmyadmin" auto="yes" arch="*">
<unaffected range="ge">4.6.5.1</unaffected>
<vulnerable range="lt">4.6.5.1</vulnerable>
</package>
</affected>
<background>
<p>phpMyAdmin is a web-based management tool for MySQL databases.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in phpMyAdmin. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A authenticated remote attacker could exploit these vulnerabilities to
execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site
Scripting attacks.
</p>
<p>In certain configurations, an unauthenticated remote attacker could
cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All phpMyAdmin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.6.5.1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4412">CVE-2016-4412</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5097">CVE-2016-5097</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5098">CVE-2016-5098</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5099">CVE-2016-5099</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5701">CVE-2016-5701</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5702">CVE-2016-5702</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5703">CVE-2016-5703</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5704">CVE-2016-5704</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5705">CVE-2016-5705</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5706">CVE-2016-5706</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5730">CVE-2016-5730</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5731">CVE-2016-5731</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5732">CVE-2016-5732</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5733">CVE-2016-5733</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5734">CVE-2016-5734</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5739">CVE-2016-5739</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6606">CVE-2016-6606</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6607">CVE-2016-6607</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6608">CVE-2016-6608</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6609">CVE-2016-6609</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6610">CVE-2016-6610</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6611">CVE-2016-6611</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6612">CVE-2016-6612</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6613">CVE-2016-6613</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6614">CVE-2016-6614</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6615">CVE-2016-6615</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6616">CVE-2016-6616</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6617">CVE-2016-6617</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6618">CVE-2016-6618</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6619">CVE-2016-6619</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6620">CVE-2016-6620</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6622">CVE-2016-6622</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6623">CVE-2016-6623</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6624">CVE-2016-6624</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6625">CVE-2016-6625</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6626">CVE-2016-6626</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6627">CVE-2016-6627</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6628">CVE-2016-6628</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6629">CVE-2016-6629</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6630">CVE-2016-6630</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6631">CVE-2016-6631</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6632">CVE-2016-6632</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6633">CVE-2016-6633</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9847">CVE-2016-9847</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9848">CVE-2016-9848</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9849">CVE-2016-9849</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9850">CVE-2016-9850</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9851">CVE-2016-9851</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9852">CVE-2016-9852</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9853">CVE-2016-9853</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9854">CVE-2016-9854</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9855">CVE-2016-9855</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9856">CVE-2016-9856</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9857">CVE-2016-9857</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9858">CVE-2016-9858</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9859">CVE-2016-9859</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9860">CVE-2016-9860</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9861">CVE-2016-9861</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9862">CVE-2016-9862</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9863">CVE-2016-9863</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9864">CVE-2016-9864</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9865">CVE-2016-9865</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9866">CVE-2016-9866</uri>
</references>
<metadata tag="requester" timestamp="Tue, 10 Jan 2017 14:45:51 +0000">whissi</metadata>
<metadata tag="submitter" timestamp="Wed, 11 Jan 2017 13:05:16 +0000">whissi</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Mon, 02 Jan 2017 15:13:23 +0000 Wed, 11 Jan 2017 22:43:24 +0000