From 917dcedec86c9b9bec67cf3a1bb0d15e30f7aee8 Mon Sep 17 00:00:00 2001 From: David Michael Date: Mon, 8 May 2017 11:42:19 -0700 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../metadata/glsa/glsa-200403-13.xml | 2 +- .../metadata/glsa/glsa-200605-08.xml | 2 +- .../metadata/glsa/glsa-201206-12.xml | 10 +-- .../metadata/glsa/glsa-201606-13.xml | 14 ++-- .../metadata/glsa/glsa-201611-03.xml | 14 ++-- .../metadata/glsa/glsa-201701-60.xml | 6 +- .../metadata/glsa/glsa-201704-02.xml | 22 +++++- .../metadata/glsa/glsa-201704-04.xml | 58 ++++++++++++++ .../metadata/glsa/glsa-201705-01.xml | 59 +++++++++++++++ .../metadata/glsa/glsa-201705-02.xml | 65 ++++++++++++++++ .../metadata/glsa/glsa-201705-03.xml | 75 +++++++++++++++++++ .../metadata/glsa/glsa-201705-04.xml | 55 ++++++++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 1 + 14 files changed, 356 insertions(+), 29 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml index b129d325eb..5e3d203795 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200403-13.xml @@ -13,7 +13,7 @@ 46246 remote - + 0.92-r1 0.92 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-08.xml index fcd579a94d..0f428a335b 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-08.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200605-08.xml @@ -16,7 +16,7 @@ 133524 remote - + 5.1.4 4.4.2-r2 4.4.3-r1 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-12.xml index 8d77909c4f..9fa6cf430a 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-12.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201206-12.xml @@ -6,8 +6,8 @@ execution of arbitrary code. tftp-hpa - June 21, 2012 - June 21, 2012: draft + 2012-06-21 + 2017-04-17: 3 374001 remote @@ -44,8 +44,6 @@ CVE-2011-2199 - - underling - - craig + underling + craig diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-13.xml index 9f5d6f4656..d4c5d26f38 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-13.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-13.xml @@ -6,8 +6,8 @@ attack. - June 26, 2016 - June 26, 2016: 1 + 2016-06-26 + 2017-04-17: 2 564774 local @@ -26,8 +26,8 @@

sudoedit in sudo is vulnerable to the escalation of privileges by local users via a symlink attack. This can be exploited by a file whose full - path is defined using multiple wildcards in /etc/sudoers, as demonstrated - by “/home///file.txt. + path is defined using multiple wildcards in “/etc/sudoers”, as + demonstrated by “/home/*/*/file.txt”.

@@ -49,8 +49,6 @@ CVE-2015-5602 - - BlueKnight - - b-man + BlueKnight + b-man diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-03.xml index eb410aeb50..628df56682 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-03.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201611-03.xml @@ -7,8 +7,8 @@ code. - November 04, 2016 - November 04, 2016: 1 + 2016-11-04 + 2017-04-17: 2 565026 587566 remote @@ -59,14 +59,14 @@ # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.1.4.2" # emerge --ask --oneshot --verbose - ">=app-office/libreoffice-bin-debug-5.1.4.2" + ">=app-office/libreoffice-bin-debug-5.1.4.2"

All OpenOffice users should upgrade to the latest version:

# emerge --sync - # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.2" + # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.2" @@ -84,8 +84,6 @@ CVE-2016-4324 - - BlueKnight - - b-man + BlueKnight + b-man diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-60.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-60.xml index 3174878f5c..6ce4f6c84c 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-60.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-60.xml @@ -7,7 +7,8 @@ libraw 2017-01-24 - 2017-01-24: 1 + 2017-04-30: 2 + 549338 567254 local, remote @@ -43,9 +44,10 @@ + CVE-2015-3885 CVE-2015-8366 CVE-2015-8367 b-man - b-man + b-man diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-02.xml index 81408b303f..345a6f2993 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-02.xml +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-02.xml @@ -8,7 +8,8 @@ chromium 2017-04-10 - 2017-04-10: 1 + 2017-04-14: 2 + 612190 614276 remote @@ -45,6 +46,23 @@ + CVE-2017-5030 + CVE-2017-5031 + CVE-2017-5032 + CVE-2017-5033 + CVE-2017-5034 + CVE-2017-5035 + CVE-2017-5036 + CVE-2017-5037 + CVE-2017-5038 + CVE-2017-5039 + CVE-2017-5040 + CVE-2017-5041 + CVE-2017-5042 + CVE-2017-5043 + CVE-2017-5044 + CVE-2017-5045 + CVE-2017-5046 CVE-2017-5052 CVE-2017-5053 CVE-2017-5054 @@ -52,5 +70,5 @@ CVE-2017-5056 BlueKnight - BlueKnight + BlueKnight diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-04.xml new file mode 100644 index 0000000000..874fbb53e9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-04.xml @@ -0,0 +1,58 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which allows remote attackers to execute arbitrary code. + + adobe-flash + 2017-04-27 + 2017-04-27: 2 + 615244 + remote + + + 25.0.0.148 + 25.0.0.148 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-25.0.0.148" + + + + + CVE-2017-3058 + CVE-2017-3059 + CVE-2017-3060 + CVE-2017-3061 + CVE-2017-3062 + CVE-2017-3063 + CVE-2017-3064 + + whissi + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-01.xml new file mode 100644 index 0000000000..a0e2962bee --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-01.xml @@ -0,0 +1,59 @@ + + + + libevent: Multiple vulnerabilities + Multiple vulnerabilities have been found in libevent, the worst of + which allows remote attackers to execute arbitrary code. + + libevent + 2017-05-07 + 2017-05-07: 1 + 608042 + remote + + + 2.1.7_rc + 2.1.7_rc + + + +

libevent is a library to execute a function when a specific event occurs + on a file descriptor. +

+ + +

Multiple vulnerabilities have been discovered in libevent. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libevent users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libevent-2.1.7_rc" + + + + + + CVE-2016-10195 + + + CVE-2016-10196 + + + CVE-2016-10197 + + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-02.xml new file mode 100644 index 0000000000..2816380e43 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-02.xml @@ -0,0 +1,65 @@ + + + + Chromium: Multiple vulnerabilities + Multiple vulnerabilities have been found in the Chromium web + browser, the worst of which allows remote attackers to execute arbitrary + code. + + chromium + 2017-05-07 + 2017-05-07: 1 + 616048 + remote + + + 58.0.3029.81 + 58.0.3029.81 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ + +

Multiple vulnerabilities have been discovered in the Chromium web + browser. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, obtain + sensitive information, bypass security restrictions or spoof content. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-58.0.3029.81" + + + + + CVE-2017-5057 + CVE-2017-5058 + CVE-2017-5059 + CVE-2017-5060 + CVE-2017-5061 + CVE-2017-5062 + CVE-2017-5063 + CVE-2017-5064 + CVE-2017-5065 + CVE-2017-5066 + CVE-2017-5067 + CVE-2017-5069 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-03.xml new file mode 100644 index 0000000000..34124fe984 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-03.xml @@ -0,0 +1,75 @@ + + + + Oracle JDK/JRE: Multiple vulnerabilities + Multiple vulnerabilities have been found in Oracle's JRE and JDK + software suites, the worst of which may allow execution of arbitrary code. + + jre,jdk,oracle + 2017-05-07 + 2017-05-07: 1 + 616050 + remote + + + 1.8.0.131 + 1.8.0.131 + + + 1.8.0.131 + 1.8.0.131 + + + +

Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +

+ + +

Multiple vulnerabilities have been discovered in in Oracle’s JRE and + JDK. Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, gain access to information, or cause a Denial + of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Oracle JRE users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jre-bin-1.8.0.131" + + +

All Oracle JDK users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jdk-bin-1.8.0.131" + + + + + CVE-2017-3509 + CVE-2017-3511 + CVE-2017-3512 + CVE-2017-3514 + CVE-2017-3526 + CVE-2017-3533 + CVE-2017-3539 + CVE-2017-3544 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-04.xml new file mode 100644 index 0000000000..d924eb640b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-04.xml @@ -0,0 +1,55 @@ + + + + Mozilla Network Security Service (NSS): Multiple vulnerabilities + Multiple vulnerabilities have been found in NSS, the worst of which + may allow execution of arbitrary code. + + nss + 2017-05-07 + 2017-05-07: 1 + 616032 + 616036 + remote + + + 3.29.5 + 3.29.5 + + + +

The Mozilla Network Security Service (NSS) is a library implementing + security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS + #12, S/MIME and X.509 certificates. +

+ + +

Multiple vulnerabilities have been discovered in NSS. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or view + sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All NSS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.29.5" + + + + + CVE-2017-5461 + CVE-2017-5462 + + BlueKnight + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 44d6e6ad8b..cc7b2c5fee 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 11 Apr 2017 18:09:39 +0000 +Mon, 08 May 2017 18:09:03 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit new file mode 100644 index 0000000000..5f6cee49ca --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -0,0 +1 @@ +897a88bc971653dc30260f5432ee7d29adee1c07 1494188470 2017-05-07T20:21:10+00:00