mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 09:56:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2018-04-04 10:41:00 -04:00
parent 1de030326e
commit b6a4f88c34
20 changed files with 946 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 Hash: SHA512
MANIFEST Manifest.files.gz 417713 BLAKE2B 5f453ee753ccefac1bad76c5778ebd5c3a7b9d23f0d9dda535879657ff3d7c89d4bc4c8048049e852be4cc25e9f91864ed97ae3dd6991c1bc05fc37320c6b805 SHA512 32c698df4a14a8dd6f33822ebc801c8f40da7ae51d5d8d66efb73ac55886769e7465cc82e8e9166c98bba1e2846832e92a392325436d2eca1c487373db893527 MANIFEST Manifest.files.gz 419802 BLAKE2B 77b61430b97be606d07e770dcefecad6df694cb9d174d02e411d0c9124496cc8f3c082d220e88b305fb15b10d7c63b688c68e4484d9efe6cf97b41aabe095755 SHA512 3f233f14b1531babe34f57d6f927c008a3406b144de3e74532b3bf23c806220ffc43906d40c476f43e773cfbdabd98ea035b95415e8a23d7ad3ed93384c13bf7
TIMESTAMP 2018-03-07T23:38:29Z TIMESTAMP 2018-04-04T14:08:23Z
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqgd/VfFIAAAAAALgAo iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrE3FdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klAiuw//WGdZ3ec9ceJ8bd5e/MHh4zkCJXtUPr/HaidSwX0rqjFquNUBMyXL/S7O klCOqw//dq72XGk93uVY1A2zF8LLTGinHAwKLl7Jvv5ueZk+fi+y/J5rcWM34KAp
A1aRq9OqndC8WQMxnz89FZMR1pW3D35SBUipfxw7W0n9wqztAVnle0x92D66tbnN Sup8n8N4M/i5xMhBpag2ZnMIDyy7X9qGMmr/f0uxfI/jFplhLUJIwLj9tjUPs7Ml
AJ4ZztqlMmGb1oLXKdQXXbLEQqRagcpE7S8Li+wglBoQRwlEZcnaSHi1bwnKe7fn tv7Y5x01pQZYGM5w55EXk+basWkFNKS0qza8Gl6gYuHizB90fiWf91vIStgT9sQt
80HbZ5eqsnVSloxH62tokXcL3gme+nRkpYmZL7BCXzkS9lxxSno1rjp8SuHj79/2 qgxlFuhM0cg7/4fCRZgKrLz+/CSfpIz0JKqwuNVx+md0OPkpq1LTbQrwUGeyRsi3
wiD/Xj0saPW+YJTy55vROpInd3I0fmQ0t5ybO4FYM6/vdYwA0PMVSS+mk3SvvYe6 U5+J1ugt2E6vgusR2sc4M0jlGPFqKN03maeQRBztepbuF0r6F7ROYQ4fFqT9hxQe
5tUjjJLUESqlQz+M+NSGvuEkllQs4drBm6N25dvTrJ1pa5bEdLoKUn58TUz3LtDI roprxcAiYqyRV3989+KwjcKu0Bw3eNXuXDZuaqA2FZdhVnfneMjfb8A9RILZz9z8
f2H9NR9Sr1VgW5I6OjjlGPBkY0IqlbV19h/oO4HiyW4GrN1nV2Tu9lIn+/7C1GAs RGCcyrEePJ2kpRoOB5644v0N7iZB1F6Jxm3G8U4GChL97ypxZUcqz/XwJTNYj7YC
Ks6I/RaJog8A0bKroZ6VF4JvFNmKN8XVa2uilhZAw9Dc2EzgimoGUsGQdakVF7iJ bv0pAMfonPLWLWSH96r404aiAHCJzvnx7pfnKveXDV3ZEv83BeJQ82XtHHCIMlUU
xrH84WCktuyljDTUfns5Csw7gRXQ1+p4L03OAub6gpfFZRtsPfp7L9Kzzs2fW04t lh4xaaB810rPMXN7hkS2TY6Jy7yBANRgnRiOgyMcsPupmpcUzXubFTkKt4il3Iea
0pYBD8FJA7E6ZfKa1/Y1UnJsiABdB2Jr/HHcLWg7c6BdGcEsfuJxGx12wazv7gZ8 GK1c9W2y9LZlvn3n21KRcgKr7MdZd50UWqiACcAoI4LYQl0zoIwJXz7Ev7zCYnHo
IVLUetX2QZO81yOpz7olb/aqI+TyqjR7jldOwmi10R5oBa9WwgY= zJ1tIECigaXkxo1M6I9pHSBoKImka2nHe3JJXHuvBoCDgrMpYBM=
=2yKA =KX1n
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

2
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200507-28.xml vendored
View File

@ -12,7 +12,7 @@
<bug>100686</bug> <bug>100686</bug>
<access>remote</access> <access>remote</access>
<affected> <affected>
<package name="app-emulation/emul-linux-x86-baselibs" auto="yes" arch="AMD64"> <package name="app-emulation/emul-linux-x86-baselibs" auto="yes" arch="amd64">
<unaffected range="ge">2.1.2</unaffected> <unaffected range="ge">2.1.2</unaffected>
<vulnerable range="lt">2.1.2</vulnerable> <vulnerable range="lt">2.1.2</vulnerable>
</package> </package>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-200512-16.xml vendored
View File

@ -18,7 +18,7 @@
<unaffected range="rge">2.1.30-r13</unaffected> <unaffected range="rge">2.1.30-r13</unaffected>
<vulnerable range="lt">2.2.3-r8</vulnerable> <vulnerable range="lt">2.2.3-r8</vulnerable>
</package> </package>
<package name="app-emulation/emul-linux-x86-xlibs" auto="yes" arch="AMD64"> <package name="app-emulation/emul-linux-x86-xlibs" auto="yes" arch="amd64">
<unaffected range="ge">2.2.1</unaffected> <unaffected range="ge">2.2.1</unaffected>
<vulnerable range="lt">2.2.1</vulnerable> <vulnerable range="lt">2.2.1</vulnerable>
</package> </package>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201006-18.xml vendored
View File

@ -125,7 +125,7 @@
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850">CVE-2010-0850</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850">CVE-2010-0850</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886">CVE-2010-0886</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886">CVE-2010-0886</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887">CVE-2010-0887</uri> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887">CVE-2010-0887</uri>
<uri link="/doc/en/java.xml#doc_chap4">Gentoo Linux Java documentation</uri> <uri link="https://wiki.gentoo.org/wiki/Java">Gentoo Linux Java documentation</uri>
<uri link="https://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html">Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010</uri> <uri link="https://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html">Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010</uri>
</references> </references>
<metadata tag="requester" timestamp="2010-04-02T09:43:04Z"> <metadata tag="requester" timestamp="2010-04-02T09:43:04Z">

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-04.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-04">
<title>Newsbeuter: User-assisted execution of arbitrary code</title>
<synopsis>A vulnerability in Newsbeuter may allow remote attackers to execute
arbitrary shell commands.
</synopsis>
<product type="ebuild">newsbeuter</product>
<announced>2018-03-11</announced>
<revised count="1">2018-03-11</revised>
<bug>631150</bug>
<access>remote</access>
<affected>
<package name="net-news/newsbeuter" auto="yes" arch="*">
<vulnerable range="le">2.9-r3</vulnerable>
</package>
</affected>
<background>
<p>Newsbeuter is a RSS/Atom feed reader for the text console.</p>
</background>
<description>
<p>Newsbeuter does not properly escape shell meta-characters in an RSS item
with a media enclosure in the podcast playback function of Podbeuter.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing a user to open a feed with a specially
crafted media enclosure, could possibly execute arbitrary shell commands
with the privileges of the user running the application.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo has discontinued support for Newsbeuter and recommends that users
unmerge the package:
</p>
<code>
# emerge --unmerge "net-news/newsbeuter"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14500">CVE-2017-14500</uri>
</references>
<metadata tag="requester" timestamp="2018-02-05T14:58:55Z">chrisadr</metadata>
<metadata tag="submitter" timestamp="2018-03-11T16:29:05Z">chrisadr</metadata>
</glsa>

101
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-05.xml vendored Normal file
View File

@ -0,0 +1,101 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-05">
<title>Chromium, Google Chrome: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and Google
Chrome, the worst of which could result in the execution of arbitrary code.
</synopsis>
<product type="ebuild">chromium, google-chrome</product>
<announced>2018-03-13</announced>
<revised count="2">2018-03-13</revised>
<bug>649800</bug>
<access>local, remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">65.0.3325.146</unaffected>
<vulnerable range="lt">65.0.3325.146</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">65.0.3325.146</unaffected>
<vulnerable range="lt">65.0.3325.146</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
</p>
<p>Google Chrome is one fast, simple, and secure browser for all your
devices.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the referenced CVE identifiers and Google Chrome
Releases for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, bypass
content security controls, or conduct URL spoofing.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/chromium-65.0.3325.146"
</code>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/google-chrome-65.0.3325.146"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6057">CVE-2018-6057</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6058">CVE-2018-6058</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6059">CVE-2018-6059</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6060">CVE-2018-6060</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6061">CVE-2018-6061</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6062">CVE-2018-6062</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6063">CVE-2018-6063</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6064">CVE-2018-6064</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6065">CVE-2018-6065</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6066">CVE-2018-6066</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6067">CVE-2018-6067</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6068">CVE-2018-6068</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6069">CVE-2018-6069</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6070">CVE-2018-6070</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6071">CVE-2018-6071</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6072">CVE-2018-6072</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6073">CVE-2018-6073</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6074">CVE-2018-6074</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6075">CVE-2018-6075</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6076">CVE-2018-6076</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6077">CVE-2018-6077</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6078">CVE-2018-6078</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6079">CVE-2018-6079</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6080">CVE-2018-6080</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6081">CVE-2018-6081</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6082">CVE-2018-6082</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6083">CVE-2018-6083</uri>
<uri link="https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html">
Google Chrome Release 20180306
</uri>
</references>
<metadata tag="requester" timestamp="2018-03-10T18:57:32Z">chrisadr</metadata>
<metadata tag="submitter" timestamp="2018-03-13T20:58:50Z">chrisadr</metadata>
</glsa>

85
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-06.xml vendored Normal file
View File

@ -0,0 +1,85 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-06">
<title>Oracle JDK/JRE: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Oracle's JDK and JRE
software suites, the worst of which may allow execution of arbitrary code.
</synopsis>
<product type="ebuild">oracle-jdk-bin,oracle-jre-bin</product>
<announced>2018-03-19</announced>
<revised count="1">2018-03-19</revised>
<bug>645268</bug>
<access>remote</access>
<affected>
<package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
<unaffected range="ge" slot="1.8">1.8.0.162</unaffected>
<vulnerable range="lt" slot="1.8">1.8.0.162</vulnerable>
</package>
<package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
<unaffected range="ge" slot="1.8">1.8.0.162</unaffected>
<vulnerable range="lt" slot="1.8">1.8.0.162</vulnerable>
</package>
</affected>
<background>
<p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in todays
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that todays
applications require.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Oracles Java SE.
Please review the referenced CVE identifiers for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, gain access to information, or cause a Denial
of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Oracle JDK users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=dev-java/oracle-jdk-bin-1.8.0.162:1.8"
</code>
<p>All Oracle JRE users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=dev-java/oracle-jre-bin-1.8.0.162:1.8"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2579">CVE-2018-2579</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2581">CVE-2018-2581</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2582">CVE-2018-2582</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2588">CVE-2018-2588</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2599">CVE-2018-2599</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2602">CVE-2018-2602</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2603">CVE-2018-2603</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2618">CVE-2018-2618</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2627">CVE-2018-2627</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2629">CVE-2018-2629</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2633">CVE-2018-2633</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2634">CVE-2018-2634</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2637">CVE-2018-2637</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2638">CVE-2018-2638</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2639">CVE-2018-2639</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2641">CVE-2018-2641</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2663">CVE-2018-2663</uri>
</references>
<metadata tag="requester" timestamp="2018-03-15T22:00:47Z">chrisadr</metadata>
<metadata tag="submitter" timestamp="2018-03-19T00:51:13Z">chrisadr</metadata>
</glsa>

60
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-07.xml vendored Normal file
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-07">
<title>JabberD 2.x: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Gentoo's JabberD 2.x
ebuild, the worst of which allows local attackers to escalate privileges.
</synopsis>
<product type="ebuild">jabberd2</product>
<announced>2018-03-19</announced>
<revised count="1">2018-03-19</revised>
<bug>623806</bug>
<bug>629412</bug>
<bug>631068</bug>
<access>local, remote</access>
<affected>
<package name="net-im/jabberd2" auto="yes" arch="*">
<vulnerable range="le">2.6.1</vulnerable>
</package>
</affected>
<background>
<p>JabberD 2.x is an open source Jabber server written in C.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Gentoos JabberD 2.x
ebuild. Please review the referenced CVE identifiers for details.
</p>
</description>
<impact type="high">
<p>An attacker could possibly escalate privileges by owning system binaries
in trusted locations, cause a Denial of Service condition by manipulating
the PID file from jabberd2 services, bypass security via SASL ANONYMOUS
connections or have other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo has discontinued support for JabberD 2.x and recommends that
users unmerge the package:
</p>
<code>
# emerge --unmerge "net-im/jabberd2"
</code>
<p>As an alternative, users may want to upgrade their systems to use
net-im/prosody instead of net-im/jabberd2.
</p>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10807">CVE-2017-10807</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18225">CVE-2017-18225</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18226">CVE-2017-18226</uri>
</references>
<metadata tag="requester" timestamp="2018-03-03T17:23:32Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-03-19T00:59:10Z">chrisadr</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-08.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-08">
<title>Adobe Flash Player: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which allows remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">flash</product>
<announced>2018-03-19</announced>
<revised count="1">2018-03-19</revised>
<bug>646724</bug>
<bug>650424</bug>
<access>remote</access>
<affected>
<package name="www-plugins/adobe-flash" auto="yes" arch="*">
<unaffected range="ge">29.0.0.113</unaffected>
<vulnerable range="lt">29.0.0.113</vulnerable>
</package>
</affected>
<background>
<p>The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process or bypass security restrictions.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Adobe Flash Player users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-plugins/adobe-flash-29.0.0.113"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4871">CVE-2018-4871</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4877">CVE-2018-4877</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4878">CVE-2018-4878</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4919">CVE-2018-4919</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4920">CVE-2018-4920</uri>
</references>
<metadata tag="requester" timestamp="2018-03-13T18:13:28Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-03-19T01:08:30Z">whissi</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-09.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-09">
<title>KDE Plasma Workspaces: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in KDE Plasma Workspaces,
the worst of which allows local attackers to execute arbitrary commands.
</synopsis>
<product type="ebuild">plasma-workspace</product>
<announced>2018-03-19</announced>
<revised count="1">2018-03-19</revised>
<bug>647106</bug>
<access>local, remote</access>
<affected>
<package name="kde-plasma/plasma-workspace" auto="yes" arch="*">
<unaffected range="ge">5.11.5-r1</unaffected>
<vulnerable range="lt">5.11.5-r1</vulnerable>
</package>
</affected>
<background>
<p>KDE Plasma workspace is a widget based desktop environment designed to
be fast and efficient.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.
Please review the referenced CVE identifiers for details.
</p>
</description>
<impact type="normal">
<p>An attacker could execute arbitrary commands via specially crafted thumb
drives volume labels or obtain sensitive information via specially
crafted notifications.
</p>
</impact>
<workaround>
<p>Users should mount removable devices with Dolphin instead of the device
notifier.
</p>
<p>Users should disable notifications.</p>
</workaround>
<resolution>
<p>All KDE Plasma Workspace users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=kde-plasma/plasma-workspace-5.11.5-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6790">CVE-2018-6790</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6791">CVE-2018-6791</uri>
</references>
<metadata tag="requester" timestamp="2018-02-18T16:21:26Z">chrisadr</metadata>
<metadata tag="submitter" timestamp="2018-03-19T01:13:47Z">chrisadr</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-10.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-10">
<title>collectd: Multiple vulnerabilities</title>
<synopsis>Gentoo's collectd package contains multiple vulnerabilities, the
worst of which may allow local attackers to escalate privileges.
</synopsis>
<product type="ebuild">collectd</product>
<announced>2018-03-22</announced>
<revised count="1">2018-03-22</revised>
<bug>628540</bug>
<bug>637538</bug>
<access>local, remote</access>
<affected>
<package name="app-admin/collectd" auto="yes" arch="*">
<unaffected range="ge">5.7.2-r1</unaffected>
<vulnerable range="lt">5.7.2-r1</vulnerable>
</package>
</affected>
<background>
<p>collectd is a daemon which collects system and application performance
metrics periodically and provides mechanisms to store the values in a
variety of ways, for example in RRD files.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been found in Gentoos collectd package.
Please review the referenced CVE identifiers and bug entries for details.
</p>
</description>
<impact type="high">
<p>A local attacker, who either is already collectds system user or
belongs to collectds group, could potentially gain root privileges and
cause a Denial of Service condition.
</p>
<p>Remote attackers could cause a Denial of Service condition via specially
crafted SNMP responses.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All collectd users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-admin/collectd-5.7.2-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16820">
CVE-2017-16820
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18240">
CVE-2017-18240
</uri>
</references>
<metadata tag="requester" timestamp="2018-03-03T16:45:48Z">whissi</metadata>
<metadata tag="submitter" timestamp="2018-03-22T00:14:20Z">whissi</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-11.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-11">
<title>WebKitGTK+: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
of which may lead to arbitrary code execution.
</synopsis>
<product type="ebuild">WebKitGTK+</product>
<announced>2018-03-22</announced>
<revised count="1">2018-03-22</revised>
<bug>645686</bug>
<access>remote</access>
<affected>
<package name="net-libs/webkit-gtk" auto="yes" arch="*">
<unaffected range="ge">2.18.6</unaffected>
<vulnerable range="lt">2.18.6</vulnerable>
</package>
</affected>
<background>
<p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
</p>
</description>
<impact type="normal">
<p>An attacker could execute arbitrary commands via maliciously crafted web
content.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All WebKitGTK+ users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.18.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13884">CVE-2017-13884</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13885">CVE-2017-13885</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7153">CVE-2017-7153</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7160">CVE-2017-7160</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7161">CVE-2017-7161</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7165">CVE-2017-7165</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4088">CVE-2018-4088</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4089">CVE-2018-4089</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4096">CVE-2018-4096</uri>
</references>
<metadata tag="requester" timestamp="2018-03-19T02:23:57Z">jmbailey</metadata>
<metadata tag="submitter" timestamp="2018-03-22T00:24:32Z">jmbailey</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-12.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-12">
<title>BusyBox: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in BusyBox, the worst of
which could allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">busybox</product>
<announced>2018-03-26</announced>
<revised count="1">2018-03-26</revised>
<bug>563756</bug>
<bug>635392</bug>
<bug>638258</bug>
<access>remote</access>
<affected>
<package name="sys-apps/busybox" auto="yes" arch="*">
<unaffected range="ge">1.28.0</unaffected>
<vulnerable range="lt">1.28.0</vulnerable>
</package>
</affected>
<background>
<p>BusyBox is a set of tools for embedded systems and is a replacement for
GNU Coreutils.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in BusyBox. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or have
other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All BusyBox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/busybox-1.28.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15873">CVE-2017-15873</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15874">CVE-2017-15874</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16544">CVE-2017-16544</uri>
</references>
<metadata tag="requester" timestamp="2018-03-13T17:58:35Z">chrisadr</metadata>
<metadata tag="submitter" timestamp="2018-03-26T16:24:01Z">b-man</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-13.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-13">
<title>PLIB: User-assisted execution of arbitrary code</title>
<synopsis>A vulnerability in PLIB may allow remote attackers to execute
arbitrary code.
</synopsis>
<product type="ebuild">plib</product>
<announced>2018-03-26</announced>
<revised count="1">2018-03-26</revised>
<bug>440762</bug>
<access>remote</access>
<affected>
<package name="media-libs/plib" auto="yes" arch="*">
<unaffected range="ge">1.8.5-r1</unaffected>
<vulnerable range="lt">1.8.5-r1</vulnerable>
</package>
</affected>
<background>
<p>PLIB includes sound effects, music, a complete 3D engine, font
rendering, a simple Windowing library, a game scripting language, a GUI,
networking, 3D math library and a collection of handy utility functions.
</p>
</background>
<description>
<p>A stack-based buffer overflow within the error function of
ssg/ssgParser.cxx was discovered in PLIB.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by enticing a user to open a specially crafted 3d
model file, could possibly execute arbitrary code with the privileges of
the process.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PLIB users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/plib-1.8.5-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-4552">CVE-2012-4552</uri>
</references>
<metadata tag="requester" timestamp="2018-03-25T20:13:40Z">b-man</metadata>
<metadata tag="submitter" timestamp="2018-03-26T16:27:43Z">b-man</metadata>
</glsa>

169
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201803-14.xml vendored Normal file
View File

@ -0,0 +1,169 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201803-14">
<title>Mozilla Thunderbird: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
the worst of which could lead to the execution of arbitrary code.
</synopsis>
<product type="ebuild">thunderbird,thunderbird-bin</product>
<announced>2018-03-28</announced>
<revised count="1">2018-03-28</revised>
<bug>627376</bug>
<bug>639048</bug>
<bug>643842</bug>
<bug>645812</bug>
<bug>645820</bug>
<access>remote</access>
<affected>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">52.6.0</unaffected>
<vulnerable range="lt">52.6.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">52.6.0</unaffected>
<vulnerable range="lt">52.6.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the referenced Mozilla Foundation Security Advisories and
CVE identifiers below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker may be able to execute arbitrary code, cause a Denial
of Service condition, obtain sensitive information, conduct URL
hijacking, or conduct cross-site scripting (XSS).
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-52.6.0"
</code>
<p>All Thunderbird binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=mail-client/thunderbird-bin-52.6.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7753">
CVE-2017-7753
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7779">
CVE-2017-7779
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7784">
CVE-2017-7784
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7785">
CVE-2017-7785
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7786">
CVE-2017-7786
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7787">
CVE-2017-7787
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7791">
CVE-2017-7791
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7792">
CVE-2017-7792
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7793">
CVE-2017-7793
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7800">
CVE-2017-7800
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7801">
CVE-2017-7801
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7802">
CVE-2017-7802
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7803">
CVE-2017-7803
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7805">
CVE-2017-7805
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7807">
CVE-2017-7807
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7809">
CVE-2017-7809
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7810">
CVE-2017-7810
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7814">
CVE-2017-7814
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7818">
CVE-2017-7818
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7819">
CVE-2017-7819
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7823">
CVE-2017-7823
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7824">
CVE-2017-7824
</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7825">
CVE-2017-7825
</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7826">CVE-2017-7826</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7828">CVE-2017-7828</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7829">CVE-2017-7829</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7830">CVE-2017-7830</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7846">CVE-2017-7846</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7847">CVE-2017-7847</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7848">CVE-2017-7848</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5089">CVE-2018-5089</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5095">CVE-2018-5095</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5096">CVE-2018-5096</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5097">CVE-2018-5097</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5098">CVE-2018-5098</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5099">CVE-2018-5099</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5102">CVE-2018-5102</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5103">CVE-2018-5103</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5104">CVE-2018-5104</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5117">CVE-2018-5117</uri>
<uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/">
Mozilla Foundation Security Advisory 2017-20
</uri>
<uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/">
Mozilla Foundation Security Advisory 2017-23
</uri>
<uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/">
Mozilla Foundation Security Advisory 2017-26
</uri>
<uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/">
Mozilla Foundation Security Advisory 2017-30
</uri>
<uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/">
Mozilla Foundation Security Advisory 2018-04
</uri>
</references>
<metadata tag="requester" timestamp="2017-10-05T15:42:10Z">chrisadr</metadata>
<metadata tag="submitter" timestamp="2018-03-28T18:24:10Z">chrisadr</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-01.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201804-01">
<title>libxslt: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities were discovered in libxslt, the worst of
which may allow a remote attacker to execute arbitrary code.
</synopsis>
<product type="ebuild">libxslt</product>
<announced>2018-04-04</announced>
<revised count="1">2018-04-04</revised>
<bug>598204</bug>
<bug>612194</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libxslt" auto="yes" arch="*">
<unaffected range="ge">1.1.30</unaffected>
<vulnerable range="lt">1.1.30</vulnerable>
</package>
</affected>
<background>
<p>libxslt is the XSLT C library developed for the GNOME project. XSLT is
an XML language to define transformations for XML.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libxslt. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, via a crafted HTML page, could possibly execute
arbitrary code, cause a Denial of Service condition or leak information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libxslt users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/libxslt-1.1.30"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-4738">CVE-2016-4738</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5029">CVE-2017-5029</uri>
</references>
<metadata tag="requester" timestamp="2017-04-19T05:20:01Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2018-04-04T01:51:21Z">b-man</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201804-02.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201804-02">
<title>glibc: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in glibc, the worst of
which could allow remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">glibc</product>
<announced>2018-04-04</announced>
<revised count="1">2018-04-04</revised>
<bug>632556</bug>
<bug>634920</bug>
<bug>635118</bug>
<bug>641644</bug>
<bug>644278</bug>
<bug>646490</bug>
<bug>646492</bug>
<access>local, remote</access>
<affected>
<package name="sys-libs/glibc" auto="yes" arch="*">
<unaffected range="ge">2.25-r11</unaffected>
<vulnerable range="lt">2.25-r11</vulnerable>
</package>
</affected>
<background>
<p>glibc is a package that contains the GNU C library.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in glibc. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker could possibly execute arbitrary code, escalate privileges,
cause a Denial of Service condition, or have other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All glibc users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.25-r11"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14062">CVE-2017-14062</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15670">CVE-2017-15670</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15671">CVE-2017-15671</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15804">CVE-2017-15804</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16997">CVE-2017-16997</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000001">
CVE-2018-1000001
</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6485">CVE-2018-6485</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6551">CVE-2018-6551</uri>
</references>
<metadata tag="requester" timestamp="2018-03-12T23:08:50Z">chrisadr</metadata>
<metadata tag="submitter" timestamp="2018-04-04T01:53:52Z">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Wed, 07 Mar 2018 23:38:25 +0000 Wed, 04 Apr 2018 14:08:19 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
de3c19ca944a942c4db36136bf5abc8983cd6a6c 1520449520 2018-03-07T19:05:20+00:00 e07af6df7a81524d31084c5565441abb9e572281 1522807580 2018-04-04T02:06:20+00:00