mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-17 09:56:59 +02:00
bump(metadata/glsa): sync with upstream
This commit is contained in:
David Michael
parent
28f3b53172
commit
a9239410aa
@ -1,23 +1,23 @@
|
||||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
MANIFEST Manifest.files.gz 434883 BLAKE2B 437fd719358cb224888b8071f01d60b1548cd1a82f20093903aa74e9fe63671e56f03a20ed426aae11e7d6fdd7027beb57804429044781bc9dc3557ccbbcb5a8 SHA512 16828091dc592888ea79b76c0a3e0ec358317e4c345386d11d12983b85a84ed74ba2d650d8af4f0f90a313afdad1a7fd1808666df2dca69ee70f2802b663b733
|
||||
TIMESTAMP 2018-12-21T15:08:37Z
|
||||
MANIFEST Manifest.files.gz 435197 BLAKE2B 5ef1f755677fba588afa252a22622c045d099b3f39fb6b356786170399bb20e8c58212856a5ddc6f59dc6076e3f84a95376a4dc3b4d5154c7d540151a154c88a SHA512 fb541e904c3c6b5ec17c08e76f9ce1dcd0d8f0b31dee092dd3542b9a34a04890e9a1b1e6b0d78d3523fb451deb84b3316ae6b588a29aec6f4741dfb52941ecc9
|
||||
TIMESTAMP 2018-12-31T15:38:40Z
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlwdAfVfFIAAAAAALgAo
|
||||
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlwqOABfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
|
||||
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
|
||||
klCKNg//dCIBDp+4caJgLpkB4vH2SC244vRQmnQiKQREG+3OXgizDV9ZrS/FIREr
|
||||
gTPFzuUvsxuuvvPwVDG04eLyu5LK05v4ngj/QF3le+WWh+q9HNGdf0h2gK8iIQ5d
|
||||
DJvwHNux7ACcW10sdSzdPro6vh2H3iNNrki0zLQKp3c4GkWOOWBaxBIJTrkjB4t0
|
||||
EIBKESKLW/vNB7De8ewXJ2OdKu4gJF84jbeAMxs36rkidirJ3hZRbZ4F7Xbyo4QP
|
||||
KOktgqEKY1SV0r9rr2LIi0KlGTfeEApwzZGoZWt8KoGFzbeEaEaFJ1TokmQJ6Igr
|
||||
ACY+IOrqZw7ItO7U8+oYCj/CydT6OyEQ1LcO7HBN1eDwcazaTYrtmjm5tEypv2Mx
|
||||
1ZN7GTTKa/f0ug04fPHwg8cPLeUjW87qc3x5PMI90fIreIw8gSANQbQJJJB4Cnym
|
||||
hYqGiax+uchoSRiKC+wfJ6ytfn6JFuIWqtKVZAl40/GoS453Qb6+l/+TzwiThbIR
|
||||
gSwiA8w1pQ42UIAHJvTftBdO6kNqtaMdBHV3Cmr0Ty7WDZBqfWORpNyXqzUextlJ
|
||||
1m8hxTbM1e3MrpW9Djn7n3/Ec5XwODhIpdBfLWxDGdYwMWSNHBBwdjgRNtw4uAyR
|
||||
/17jtMxe2dw3ax3SHB/5Q5iRWchgX4E6AGsmJAzQoqfC0hYtA+0=
|
||||
=Ofjz
|
||||
klBxRBAAtUgUnM+koOIrHy98B5Uj8vQ0YUz+hHXxfPZ5I3DjG138tNv+kSSfZtZ1
|
||||
VC9QQSG0svtCjDOUG1CZ6b31Kf1ySFALtcelgTgNp8Y8R1CqoC0UIhd6jhxIEzU3
|
||||
QThllPuldQOr8pOf/3pxDO0gZ/eeXeBF2rnrDq8nDkkqLNTnPBg998fJZGLFTi+S
|
||||
yWYh4Dtyq53TbbQ4tjKwFL8MZnIv9tDt5Xol6socrhWdZvScnpoHgg7W5+LemdYb
|
||||
J/CGgtl9LYn9xvUCCKl5YV/BF3rLH1tJUdZHDrcl1jqSSnmF59uQ17XDOyb47xZH
|
||||
bPU9gxGNvqdDdizqb8mRKILzQqzzBuSiOshuSO29wX4Xh+GcO76JBamw9U6B8O+O
|
||||
G+IjxAN9HaDj0nRzzCqQkhkBpN4dNsySt1bYyqzcTXaLUre6EQAerQE943exCQGX
|
||||
p+UiE4as/EMg6S1EA95K/hshidQHXMbCpqzoK4BCJ9AXgm3WULAJy6JhTEma+4M4
|
||||
7cIKiGtl4G61SxVCt/hVjqKKUZVkjUMo/+PMyclJ1Xrhgomxs1Pv+waX6RQ7ldgs
|
||||
dBALSFUehLiBDCC1HTSUEniPjDmgNNaAclze37jLhjOZUoVaiCDD6wuLHqIFajlC
|
||||
nLejRPqU6qWCOk6ig6UgA68G48Ttf7WXSZ9i/3d1Tw5B5ASWAMM=
|
||||
=qJUW
|
||||
-----END PGP SIGNATURE-----
|
||||
|
||||
Binary file not shown.
44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201812-10.xml
vendored
Normal file
44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201812-10.xml
vendored
Normal file
@ -0,0 +1,44 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201812-10">
|
||||
<title>GKSu: Arbitrary command execution</title>
|
||||
<synopsis>A vulnerability in GKSu might allow attackers to execute arbitrary
|
||||
commands.
|
||||
</synopsis>
|
||||
<product type="ebuild">gksu</product>
|
||||
<announced>2018-12-30</announced>
|
||||
<revised count="1">2018-12-30</revised>
|
||||
<bug>534540</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="x11-libs/gksu" auto="yes" arch="*">
|
||||
<vulnerable range="le">2.0.2</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>A library that provides a Gtk+ frontend to su and sudo.</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>A vulnerability was discovered in GKSu’s gksu-run-helper.</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>An attacker could execute arbitrary commands.</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>Gentoo has discontinued support for GKSu and recommends that users
|
||||
unmerge the package:
|
||||
</p>
|
||||
|
||||
<code>
|
||||
# emerge --unmerge "x11-libs/gksu"
|
||||
</code>
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-2886">CVE-2014-2886</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2018-12-11T17:31:55Z">b-man</metadata>
|
||||
<metadata tag="submitter" timestamp="2018-12-30T21:10:46Z">b-man</metadata>
|
||||
</glsa>
|
||||
71
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201812-11.xml
vendored
Normal file
71
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201812-11.xml
vendored
Normal file
@ -0,0 +1,71 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201812-11">
|
||||
<title>Rust: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in Rust, the worst which
|
||||
may allow local attackers to execute arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">rust</product>
|
||||
<announced>2018-12-30</announced>
|
||||
<revised count="1">2018-12-30</revised>
|
||||
<bug>662904</bug>
|
||||
<access>local, remote</access>
|
||||
<affected>
|
||||
<package name="dev-lang/rust" auto="yes" arch="*">
|
||||
<unaffected range="ge">1.29.1</unaffected>
|
||||
<vulnerable range="lt">1.29.1</vulnerable>
|
||||
</package>
|
||||
<package name="dev-lang/rust-bin" auto="yes" arch="*">
|
||||
<unaffected range="ge">1.29.1</unaffected>
|
||||
<vulnerable range="lt">1.29.1</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>A systems programming language that runs blazingly fast, prevents
|
||||
segfaults, and guarantees thread safety.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in Rust. Please review the
|
||||
CVE identifiers referenced below for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker able to control the value passed to Rust’s
|
||||
str::repeat function could possibly cause a Denial of Service condition.
|
||||
</p>
|
||||
|
||||
<p>In addition, a local attacker could trick another user into executing
|
||||
arbitrary code when using rustdoc.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All Rust users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=dev-lang/rust-1.29.1"
|
||||
</code>
|
||||
|
||||
<p>All Rust binary users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=dev-lang/rust-bin-1.29.1"
|
||||
</code>
|
||||
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000622">
|
||||
CVE-2018-1000622
|
||||
</uri>
|
||||
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000810">
|
||||
CVE-2018-1000810
|
||||
</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2018-12-02T17:19:53Z">b-man</metadata>
|
||||
<metadata tag="submitter" timestamp="2018-12-30T21:11:02Z">b-man</metadata>
|
||||
</glsa>
|
||||
@ -1 +1 @@
|
||||
Fri, 21 Dec 2018 15:08:33 +0000
|
||||
Mon, 31 Dec 2018 15:38:36 +0000
|
||||
|
||||
@ -1 +1 @@
|
||||
50b59faac05c76419ff9b3a69d1e89f8a5c99678 1545393597 2018-12-21T11:59:57+00:00
|
||||
baa5a86124960e22df1f11ab63da9f282dd4cdd3 1546204642 2018-12-30T21:17:22+00:00
|
||||
|
||||
Loading…
Reference in New Issue
Block a user