From 5291086ac4d4728ecb6ab45e120904381dec5fd7 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 11 Apr 2019 13:12:17 +0000 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../portage-stable/metadata/glsa/Manifest | 30 ++++---- .../metadata/glsa/Manifest.files.gz | Bin 440123 -> 440912 bytes .../metadata/glsa/glsa-201904-09.xml | 70 ++++++++++++++++++ .../metadata/glsa/glsa-201904-10.xml | 49 ++++++++++++ .../metadata/glsa/glsa-201904-11.xml | 59 +++++++++++++++ .../metadata/glsa/glsa-201904-12.xml | 56 ++++++++++++++ .../metadata/glsa/glsa-201904-13.xml | 50 +++++++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 9 files changed, 301 insertions(+), 17 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-13.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index fe1b572b30..d01ebd325e 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 440123 BLAKE2B 47652947d6c26c7bbac6a5c0bd24fb3c439032faa43da521eacb80cffe306ba49152b4848845d3bd677e90481d8a7f19855a790d203085d2cb6d866eca1771b5 SHA512 51daf36dd12ed79db6c4817f04ce4f65259ca3bdd0a5bba3ce51df64b42b9630e4a8a51c1c35db67c1d1be1b6a33e8ba1a2a4597de4a7ffe2b7186f3fd88503a -TIMESTAMP 2019-04-02T14:38:49Z +MANIFEST Manifest.files.gz 440912 BLAKE2B 9ea8574697c29c79c477a36363f4d2c7b47da71f24d32c0c849b43ce85c6195cd38852f18e3e9f5a67f08e2d69d3d9091663b6da7e2de6a6da8181d5e49cc23c SHA512 9cb4038f89f175ad7d3ff9ca55bdb899358687b385a53ef46218971a23729281d566301e32309e2541593a1f08bdac5dd3cd4b48d7044ca634475e0fe0bfcaea +TIMESTAMP 2019-04-11T12:38:47Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyjc/lfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyvNVdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCw7g/9HNNxIMGlCPXL3nWsUvd5f2mbf97RrRtVB8c45y2+92Him54LDRe7Q85d -yWQiYAxjwHyjkAMRAC5iaR6bF9+IG79Su+ncR+AzRNPJu++Y9AHGiMXynqQis5uy -b6FJuiOhc+VsfMIyNvJZT44NVF9dIKnGtL/SpPIbHDzrvqP9qsDtzpNfHTa5IsNC -7Br8ho0ReC8cM9kEATsqg7kCkLx5WokuIlYwsuoQA6xEnkHTcDMZxpNZazgskhlk -SLhr8XpOoau/SvJQz7Xcx4KN1DGg9tEN0CSJ0olpHbsclo/ej3tZMXNtiLnXJf6y -Hti7G3pGDl0xylA8agE0QzDhB++G32DRpZwk7TB2JYBeElPsM7mzAN0L/DI+KYKi -Nz35MYvNjZbchs84VZGaWM+3UoebdX1ZQcVhIsK6HTQ77AVuOs4B9zJtOiCGeh8j -iyNFD9CVooFfg3IzwRz7DHzu/n/mWbpNKPOTT00j/jMEgew5Kq9TsKXZNB3lqFYe -mdSiL6s3eZI24RwZgDXwvUeqOkzb4r/GptdGnpXDwNaPASV8YhpRqtX+L08LJW4Q -AfVvtxELrzXqqvoH/cr8soDDGHLaq8I4ZaDli4/Xqfr4ikHdgHHFkrn5SZhLMham -vrwFYgk5tiGDJ6JBdgL9TPbGgQrL69Iyw2AYwM4ThhcZiwD1nZE= -=ydvg +klA7VBAAmDdXoj2eZ1SsUTbehYwJzWTAauBYVV5tm9KK9h1rLUgeYBQLhnV9f5HQ +cSwhXkE2ldTSCGaCPHEKUQ8MoB4gt20/Rfx1DAyUwfx7gwCvzcyQgdb6nMDPcCsf +5GcNn4533pkSM1xMAZuphqgHNb5Q8uFtKWwfqxiW7qt1a+h1f0MmTO0dKAEv3QUh +RXLe8Z9o5fUpN+NJDabm3ChqDThGmf2RLCj9X8xbvSiSRli/++N7IcOMxtOzpcJM +CIr6FqUXA9aEOvq0lae3T6L7lCjQwbbE6TB4A/iDkRYZZnp37q4KzOQyL6c+88JA +fqzvpBLA4FzQiglosTffBo9Qj1iO5Yet/5Hu1OzaNUytMbpyUKfunoOwO4xcb89X +O3CiwJgQ/QVgqCrZdpcN/FSt2MH8FENsdi3g+ukJGFsdZZdJANozGXrIGxVNKQ99 +4L7PdRkuxz/DWUAoZxr4HRHImtlpeiqXIaydNw5gdwfK48WoPSmDr84LcQRrHsTv +f5S2jtvLp3TlLe0GNRfKxEZDyaNHFk4AtZYpixd8e4Fj7b4HQJMEZ517Hw8flVj6 +zcs5jHWj8fYWEUjMBmALuLdMxx/jbf12V/XEjJRitIWQje/smWl0LLhbtPNb6a9B +C2MKIRNe4w0gUbe+rOUVWQXKG+ke7wToYWIJJ6AV8Iz7Kb85n3I= +=K0i0 -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index 91c7580233b54231bf0a2f2edffe0e9a8e7fe74a..e5ac698b8fe2785af74eda837de0f872deacb2fd 100644 GIT binary patch delta 4048 zcmV;>4=?b$?i$ea8i0fWgaU*Egam{Iv<9`Re`l5>TT%qke^$W?P{fUS0SNH}5<9p< zglM4_Nc8^2IZ;EF=5y)F-^*QM~G;>V93EmMgB ze=T)R1%R7=eE~2URB+)FM6jcSEcwl9eZFFFbzTUfgN}k@+0o|wY*F|GB0gy}W%n5ffCT!TPH2%T)ytzQjG}e8FzAQbT+wc>J z_Hq%awt?^ua@RS_@Z7oxTJ7AzEVkm$f2QkZ3%Y+PFQjzDa#%$NXf5mmq z>$LAE>UjTM->Sf~lrOyvSlcTp6{^FFrp3=>N!SPC-uaYHREE!v+=zm<3VZ{e|bGy)}oV!*yf<({ax3`fwvHL zm;u!zew?0AT?}GSl;ZeCr$G6xSs-Dtm92AH^|i?kk1e+hwi(30w?ED^v418B-41W#LuHD2NWyWRF`eZFG!A1`G2 ze5{^FjS_E7cr(;rebMSK(Z}xGPb2VL`_I5H(}B-zYiCJHO->aflteLf1WhgcTnaK| zeNe1O`I$+N zxvsGoMwAIPvU)?OBR>v&vr6D1%dJqb)}3LQ5w1EsASyv{@Ja)pK#1Q|Y(6_F?VNbU zEv|q??cHVZ;g{`%VXam`hH4o1HalL*X`abBQ)2s;u06J*2IDK^D9^A-2J)sQt%^|o8QH)Zzt2& zYK84Ptx+Az?EVmXdQ71XK-WY_-y)xUPjPM_8%^f96os!>3IrU=*NPAF=|) zx0<6p$`0PDjUCDh!}sumwOk)_`zmSxtXH#LFxw>z^b3x7OdV3Ef}|2ww(9q*_1Q_u zm49J*eILiIe;ylG&XHz`Afxxf( z4Nv^;q|C3JxTdBkeAG#%U`G#c6wDr))}4&>kv_6dNlEmhoT^3}e&A&x-^92lX^Yf{ zLP_?jJ7K|1I|cyodTW%l@tCk~r9Q+ekF3L_^C-(mIq9oDel-1%(y1lFvo9iz;2idh{oTDgrcy zvuL_bcBMdwkc7zlceT^}@_qe*Aa1a8e^f1Z+O#*fbjBmto_3KQg@dn>%*6pal_b>r zvWtj!k?7F};Z$^mP)?NQd=U^pj$j&~Ltc^W^uWh_@@Bz-OK}^HY1Yjy=O5mjc55Ba z%IBpc0LOBwAZj2iwoLeHRJTDdK|+20+oFaxtVMg;*|}3bVn1qS!#yB$ASpd+f6`%N z(gM(SiyXdSag|bm2a#)suk~}jS*Lj=gje`auvE>%{wM+Ep(_XsCJV0Ub2m3`l8r}3|8s-g=+ zvJj?Fqtk7yC*Zo;BdT8Q_EZ|2ft<#h)%s-BrTlPui08-nK;@fBPvq5F#}j&_vljs) zIzP>h$mT%-Pd$}&cnlwB>0~~q;yDS{npvy-$6u)RoT#FPRmW~bU=u}x!QwL3J31jRXC#dYkvR0s+J%y0voIS*n! z^_FJX(99;SXK;^A2rSgI8&LJ6vQvity;-dvn8xg?n7)AnSvVhf2WPzikipHrNEqNHZs%2M3-Lt9U&XcC|nwsJ{ zmS|CwuR`X#m5A-!C;~l^%y~EM1h#|iWqFs+{bsekSao^DErq~Tf3}Re^Blel#(ZxD zA(dF1Jr>Dvl8PM}bH62KAA?kAG5-;P0h|^&k1dj-VfE+ctDlj-NerqvYdWs=^l1|Y~LOqXt+-o z3Hv5PtL6syt;I%U?Lut<$kwOG><*q+E6Hn{6cA&$W4rNR+g!Os&Ng(|MWyNufx5GN zSFtbLO2%+@VCC=C;ugc&Teg$tsqn4Csnw|mvy-4}gLtO{f5rhewO=P#nX-d zxS~hG+`h&)kQ$77`1o1b(YSL5e^;%m!GbML1Bu{LeLBwP&1!wlC-(S5J)@3lFIjTP zgN11d2n}agmR+0Cjx13oXRNNIw3Q-{q-s6KlQX%`X?KwHd3Wa>TusfePFsiv8C9bQ zz^z7-&nSd4f0Ep_ClXW{elZ`%_{z*GujINLye(~Orj!X%alZm9d#!h(b^CC$I}mGy zV3)?JzRwA=?6*7}qCFlM84)JfuIpq`6^E&;vYd}L`DkkI-2J<=)xT<|KPFd_6TJYO zOR>q_;$N(9twM?>6gL}2iKks{ti%bhh-6hat+-pfe-xKF?fFUIgT4;pzC0PUBGBUe>1`>RdQq!1vkjGR;m)pNFBp z(pD8Vt6M;Lf*yl69$R!=R6fw%7)J-15QIV{cALxKvQ>R$ zf9ue;DA`Dr2qapO5wM#kna+P~N9#7m6z^$4(H&q7x-pif+#LB8>cOulmo<5k%Ns2J ztu^vPUtS>>pZ}B~QtsnW2iLOO<>U9Q_L4#b*|DFhq5BoJ3v~uK+uC@D{mWqrZLpVa zXNF3iLz=_qA%u_|6eRS%=0{&X$3=A(f63gFpB0<1W)kORmC=15JIXWUuuyjeB5K)_ z->?LqW&zbfHRkhSHHjo#O4piX9i2Td3Rl;iJBCv&+X><7hhR6EN(n1xI^;bX-@aL` zFAeY?s@4zCQ_Bs0N1jz#(3QGCl>15a(CI=yt!d|P(LD~jHbG_|!?x`LOPiX5f1~(o zSLhR2cB)3gqBU!*?zVO!V182P)~F^aIuXse{ANDT%kFT2eO1uQoE^weT?)VgIkR4x zgS9e94c|G7=Bhqp%ZC7X;Hk#+@;ybo7>4lWKBa8Op5}$6ao%#%Fw^nBO7^mIjlg&P zzAm4?U&z{z7c!t;j)6SVRBcbaf8X8w7@o3io&hT)3~AO`HGR(t;O4$7wbr~jN9ta) zNnrPxNLe6Qm1{I;pX#_R)eU@k2aAZN$XqsNkEjpN>xGPLC0NTuTtzOgd=tEGy~WPL zIuZM}nP%%!DsP#CYbU&1>MmnYDh5DzsBW5f(?|pRo#oMtq*_?<&zIwAI=O8@<y;Qr#+|t<*5RE_X_=Q{h9!k8eF% ze})nRTIzHKfDirpHo)knf(uU&z>W^Gqz|k0xW(Y;ybweM9c_+f2g&)#rf>)2k?s_U zu#_iSA6?cYh@$Q_lDL5Q$%epOW=JdnkW1~%LG5BpSg>1Z{GI)Iae$_2ta=T7+IsHG z@DqskauF%gK=^~4b@noKZkYtFqc33=f2sK6&~@|JbpKLbNa={_u!;`Sx=!qFageO@ zozxtC0`^Ylw1_SM5i2!T#tCRGllH7PrY`kl7^}4`G(yDoM+Eg&&X#oiAt*)fGTBMWO(kat30JU9oe~p5h zQe1tUUEWd9@&4K0D!{XtPQ49S+cPQ^s>6$>#rI%Icn`$Ae&^W60{4Hg=+d|0gqf0J^1>jp|- z246iIXhAoUWmnpW-i!RH2SK13PKR<6hct#{e?EY6+(^gC56^qaT2#^yuX$7P{wnip z!`lek&4B6=-%d}cE=FOHmEw4!Q=oj+ERe8xA$VL$tl`}LpY66*>v4-w z-)_iKzwMp}jS??ScoU_+`l7{OqK{o)S0mK9^3T98!-3CbYiCPJO->aflteLfY?@m5 zTnaKIeNgO3`OKt8ausMyLfB;)tPjqs2cdwmW5%q{p}QbQE<3Ldf8h6$BzT*@_b5SD zbELQ^*Ck}bh%%u@R!`_~?5>HIXgHmmt;MoU*Kj zzyl-}a>X!iZhEc8;C0(EvsW%_YUJDn*SZLRHmaj-K_&c6=U0wUU;JFT6nu;A=1+0! z>16s^t!?>EYgET^Iil9}Wliz|OUbzk0;-16mRf04T-QdHedgvU=*O4 zU$O$(yPEyDl^wiP8{3sr)*#72k>q}jc6Y){H<0XZDX1iD02p&Fqay{><%TFnLoH~5 z9k*o@tH3EGH#IWnU8sp1_wYV^XD#Q~+`ft$0PA^37fiB*fqt7K9z%!Jp&+RRE3fL$ ztMy<~a^zoFe_r3mcB#k4(KuzDC-U1~h0#2UIFdLb#q&#xjvPf~k$Yo%K@S-{1<$s3 zmW~5JO+pG)nE}95(&?B8hx=l~fK&MniX|~mv75<9dpR%x-*ZCvE1b$x6K3S!eMr z@K$%dSJh|uP$xc^l=}R=>O_*eAY#$=2nb$IZ{51q(Wa;?A_a*|Mgfei=;l1Gqr#N& z7u%Gw{3dNRhb+cCWiIJwo>JgwC}glp^COcGf0HzNP|kYeSF5&GpXwR>?Y;%7EWV+W z-T~Z-n@UxAI)f?+BIx=s`XG_tmu6UHlFa}N=QGL^K8Boz zg^zdday5&)wuQ0SY{{PrE{TI}mqemgEHt#7B&}0Yf)j$Kte~*WtK_-Jc0r|UsviA` zDHQ=4%~>>EC#zB*L`Xv9^{3uxdilP-e<6qq>>O0f9g_COlFqmV+d~%Vp4s>+$((Gk zt|Xz}msLc(nnbrg2wl+?LOD^I{Y5|kIf7|`4rvCm(@j0*l{X6xTnfu@OtWs@a(eUT zl&!VjGxbwP0Jh~&LDWE)rA&BhRF*+6K|+20%ch1ltXX^7Q8`myV&7_IQ+rU*e}Sa* zsEND8qzRy{HaWb(;wZ&T9Yn5e-qw%tVYR+}U*A-J(rGDv8vnG3CjA}JZLljSAa`ry=oy!2{KE{GU+!y z;PJfksVW63`Qn@%XVL+9wrQ=0e^NsP$XhbFMwcq9$`JuRl{Lai5Lk>2t+KC6?KJ+H zrYgEHL>plWH9FnKdIGMC98vXZm#0!=52V;Wtk$Ed&iT#hA@r~Dfx;)VJh86UI-byD zIeQW?g7ee75vzGnz+Jks4!7Z>=St>tDxRHSKTdBHuMHipR}G}->>YG|f8^KYusph0 zXQg`-DQd6VSGGWwo*gZ#0NayfMoh_|V&2rT+icUASnUoCB0+JES8*KcY88Tl05hBb zXU;b&UW#zBVLgyrz z<)b}fssm|CRJMfm!FdRWe@&)M4f-xIoveAWV>%xaeA&oc=TJ(BNEUOwD+V(J%g%iouE|-kKT@U3gmIxXyN}fPQO+lQm9dYgvbptB&N#sCzb4+_~d$ zUQ<&%#}aLd@=?fqmlCm+6GfmWk~#0DoxpOiJ#Fvu+#go!yQif5=%A_R5r4Q%k>NA8L~pv)sI(g$Je5r<3@&AxrU1OLv#~v3z^H zpy527B<*q6JIQmI6cA%LV~hB&ZLYOMN)kF`QK@=E zpsp<6ndODs$!N|F%=BC>PBB&ckz~@`g?ejuYIW$r>?G)1e<0rJfVP88(%h&hSe5Jzg@f? z3TuU6r^cz?&k3^RTXu(N_nV502(wAob+V|4!&Fw8&PSVkG_`l`{?p#7-@Vhf$(86t zF97FMY;sZjv;D1^NzsJjL&7NWw5p92*#S0@?CQoDe-_0{ahWdvPY#WG8&n}|MlzyJD=fBx&2 nzyAE~AIJFb&;H|&zg_?S&xil~{l|~re*WcuR?wk3AHEC#7tvRk diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-09.xml new file mode 100644 index 0000000000..1f133aea4a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-09.xml @@ -0,0 +1,70 @@ + + + + Xen: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Xen, the worst of which + could result in privilege escalation. + + xen + 2019-04-04 + 2019-04-04 + 679580 + remote + + + 4.10.3-r1 + 4.10.3-r1 + + + 4.10.3 + 4.10.3 + + + 4.10.3-r2 + 4.10.3-r2 + + + +

Xen is a bare-metal hypervisor.

+ + +

Multiple vulnerabilities have been discovered in Xen. Please review the + referenced XSA security advisories. +

+ + +

Please review the referenced XSA security advisories for details.

+ + +

There is no known workaround at this time.

+ + +

All Xen users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.3-r2" + + +

All Xen pvgrub users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/xen-pvgrub-4.10.3-r2" + + +

All Xen tools users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/xen-tools-4.10.3-r2" + + + + XSA Security Advisory + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-10.xml new file mode 100644 index 0000000000..52942963da --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-10.xml @@ -0,0 +1,49 @@ + + + + Mailman: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mailman, the worst of + which could result in the arbitrary execution of code. + + mailman + 2019-04-08 + 2019-04-08 + 662902 + remote + + + 2.1.29 + 2.1.29 + + + +

Mailman is a Python based mailing list server with an extensive web + interface. +

+ + +

Multiple vulnerabilities have been discovered in Mailman. Please review + the referenced CVE identifier for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mailman users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.29" + + + + CVE-2018-0618 + CVE-2018-13796 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-11.xml new file mode 100644 index 0000000000..f6fd170bf7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-11.xml @@ -0,0 +1,59 @@ + + + + Portage: Man-in-the-middle + A vulnerability in emerge-delta-webrsync and Portage could result + in a man-in-the-middle attack. + + portage + 2019-04-08 + 2019-04-08 + 646212 + remote + + + 3.7.4 + 3.7.4 + + + 2.3.22 + 2.3.22 + + + +

Portage is the package management and distribution system for Gentoo.

+ + +

A vulnerability was discovered in emerge-delta-webrsync and Portage that + did not properly validate the revocation status of GPG keys. +

+ + +

A remote attacker could conduct a man-in-the-middle attack. Please + review the referenced bug for specific details. +

+ + +

There is no known workaround at this time.

+ + +

All emerge-delta-webrsync users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-portage/emerge-delta-webrsync-3.7.4" + + +

All Portage users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.3.22" + + + + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-12.xml new file mode 100644 index 0000000000..35d006de1a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-12.xml @@ -0,0 +1,56 @@ + + + + ClamAV: Multiple vulnerabilities + Multiple vulnerabilities have been found in ClamAV, the worst of + which could result in a Denial of Service condition. + + clamav + 2019-04-08 + 2019-04-08 + 660820 + 667900 + 681840 + remote + + + 0.101.2 + 0.101.2 + + + +

ClamAV is a GPL virus scanner.

+ + +

Multiple vulnerabilities have been discovered in ClamAV. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All ClamAV users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.101.2" + + + + CVE-2018-0360 + CVE-2018-0361 + CVE-2018-15378 + CVE-2019-1785 + CVE-2019-1786 + CVE-2019-1787 + CVE-2019-1788 + CVE-2019-1789 + CVE-2019-1798 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-13.xml new file mode 100644 index 0000000000..3c6f7e5af6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201904-13.xml @@ -0,0 +1,50 @@ + + + + Git: Multiple vulnerabilities + Multiple vulnerabilities have been found in Git, the worst of which + could result in the arbitrary execution of code. + + git + 2019-04-11 + 2019-04-11 + 671988 + 676262 + remote + + + 2.20.1 + 2.20.1 + + + +

Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +

+ + +

Multiple vulnerabilities have been discovered in Git. Please review the + referenced CVE identifiers for details +

+ + +

Please review the referenced CVE identifier and bugs for details.

+ + +

There is no known workaround at this time.

+ + +

All Git users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.19.2" + + + + CVE-2018-19486 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 26ed3b258b..684a1135f2 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 02 Apr 2019 14:38:45 +0000 +Thu, 11 Apr 2019 12:38:43 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index c5e0ca87f2..66703a083e 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -30de0bf9ee6986a07eef489491b435e55fc9cafe 1554179778 2019-04-02T04:36:18+00:00 +f968e3b69dbac09ac866bb6aa6abb70acbd31a8b 1554945337 2019-04-11T01:15:37+00:00