mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-27 08:31:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2557 from flatcar/buildbot/monthly-glsa-metadata-updates-2025-01-01

Browse Source 
Monthly GLSA metadata 2025-01-01
This commit is contained in:
Mathieu Tortuyaux 2025-01-02 14:02:31 +01:00 committed by GitHub
commit b6a7d69e43
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
24 changed files with 1324 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
MANIFEST Manifest.files.gz 591718 BLAKE2B cd53ee1575b57b03315f3e2b15f89a06fbc6711259ee7a82e1ca6f8970d8fdd183ea1f95f313b15f9f7f905c2c8641fa9ae9f0d8a12e8fedc6851ee3f7c15bbd SHA512 1cf337d112115a521c08a9fa208a2c60a1ef9651426b5a20b7ff05709eda7e21b384c627f1dedd2abb84476daf5fadea280b479585390abd903daec89814b24f
TIMESTAMP 2024-12-01T06:40:23Z
MANIFEST Manifest.files.gz 594915 BLAKE2B 220d9175cb1796cb5045abb4a1dd895efa478aa604a6eb3dde800553a73ce6b12ecf630b6574e1fc834659bac119417be17231464d8355e60ed5ed18f51b8044 SHA512 db425e75cb49a2ea05358c8e7f4e366d86628930a1e26279cb8287fe250565842ac004358a56986eb2aa4342ed7217cf30c8f78d97a02ed24483cca80fd1b2eb
TIMESTAMP 2025-01-01T06:40:41Z
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmdMBNdfFIAAAAAALgAo
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmd042lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klANZw/+KSWqV2sDOVWslomj90wmI4kWrUE4ZC46YZtvjGz4Faf9D8i9RzkuV9nB
Lt6HhwNbrTFYYyFv0wAYLBUbNzQUDKl0KwOXs7SjRD+hV2lNRakA/dM1FbHsN0wF
qUd+S3Slmis3NGaIQ5UstxqdG5wjZ04q6BnjdrA5Yaqxj+S8bS04D3HUr5jhKU8A
vR9e7h6fkiABZW52mXVcBvqkSTmqrZcxGss3LpTiWU1VDcbFoVXcjsNQKYUEj9dt
IgWaVX/LwVj3yPSI2TPF2PO8lenyiroADclFwXPHHyuDm6qxXb0v0nie3h4PuG5O
yFVWmpLPkgdO2oCnJhh1W2sh+vu5iV4xnfoxT5U0BMp24s2wt2oKzPieJUhslk4s
lINvCPAVF8VFwgvop3rdwvwQWE7yZCAZuKxD0Y6m8WORExR/MB33Qmc0gm7b6ksC
yFG7AjN6y0qUd2yL1vpl9lvy4Rv0izZnVmuhd0+Jsq/8lgzY8+oiiZMzTxEc8Y/e
8BcxWkB64/Sta0U+GYEYypxS2nPtPAb7BvPu1f2dyBEqO+vDRN5M+0LuhfucKDTo
fuNw7Ri6zyv4thIvUJI7f54AHcGvAGmxQ+ObXHoHrBHtKacSXG6VF/P48rAwX165
WblhbkW1T4kqLrUiFl/pt9BHP2zCXFkphVMrw4GJyp6KquSqfFA=
=l52K
klBoyg//VQm7GsyyuffSjKJO3H/YJF558ygX0IxnZPwgQweC9ERRd3NlONm2mlph
TzmZhAC+PnRGN+QTZh3M/kNuxPytaf6bg9vSNs2v221CHcSqErbzbMAiDO8ZRPoj
ToTfCC1jH2AoEAAmCWd120MK7nA1dzKx0DSvWhuTv02ssdS9Plj+SJ0SY6stjE3w
vfyYTvVjsz90UppvVl9zdKPQa5st2ojC9/tJxCFEjTxV1ubGJDI/7TdArgyTTSDg
rx4Bbc5su4ANjXbYHofhar2X0/YYF6l/bglDMhCJIn8OwOyzWqXufgrmhmnCrCgt
V6FLxXqWimOmIiIL1YUwUgc3p0JYNuYAwGt5I6Tf/gX2h/4aHOxUvgDdvRf+hoUl
9USr4sw5qovn+pFdDNwYrZ2+Uat83IYET85Mnlc8sqf3wH8I17lPKOzLtcgtkRND
i062wD9kU6gCen6fM80vuW4k40UphiAkrLhy8nMaWjBBVbRdXpGddGdOuPk0yX+b
g+qjOXnkY/rZPek+u0lpS1MPU661IFJgXQs9wFaV9++VXpcpVCyFoyUNhhaIxEH9
KEQwa8bz2DkoBCeJMYjH3xigcXMavQ9KTrRqkl2lUk1tLf/dBwY3d7Ao8rpCkirO
AF2w3sJ5hbD7PXm4OEDG3EYt1uQftsnV/UcNB26SVu8UT1tfmR0=
=IQdp
-----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-01.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-01">
<title>R: Arbitrary Code Execution</title>
<synopsis>A vulnerability has been discovered in R, which can lead to arbitrary code execution.</synopsis>
<product type="ebuild">R</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>930936</bug>
<access>local</access>
<affected>
<package name="dev-lang/R" auto="yes" arch="*">
<unaffected range="ge">4.4.1</unaffected>
<vulnerable range="lt">4.4.1</vulnerable>
</package>
</affected>
<background>
<p>R is a language and environment for statistical computing and graphics.</p>
</background>
<description>
<p>Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end users system when interacted with.</p>
</description>
<impact type="high">
<p>Arbitrary code may be run when deserializing untrusted data.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All R users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/R-4.4.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-27322">CVE-2024-27322</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T08:53:34.596478Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T08:53:34.602412Z">graaff</metadata>
</glsa>

63
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-02.xml vendored Normal file
View File

@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-02">
<title>Cacti: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.</synopsis>
<product type="ebuild">cacti</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>823788</bug>
<bug>834597</bug>
<bug>884799</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/cacti" auto="yes" arch="*">
<unaffected range="ge">1.2.26</unaffected>
<vulnerable range="lt">1.2.26</vulnerable>
</package>
</affected>
<background>
<p>Cacti is a web-based network graphing and reporting tool.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Cacti users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.26"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14424">CVE-2020-14424</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0730">CVE-2022-0730</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46169">CVE-2022-46169</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48547">CVE-2022-48547</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30534">CVE-2023-30534</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31132">CVE-2023-31132</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39357">CVE-2023-39357</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39358">CVE-2023-39358</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39359">CVE-2023-39359</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39360">CVE-2023-39360</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39361">CVE-2023-39361</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39362">CVE-2023-39362</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39365">CVE-2023-39365</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39510">CVE-2023-39510</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39511">CVE-2023-39511</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39512">CVE-2023-39512</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39513">CVE-2023-39513</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39514">CVE-2023-39514</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39515">CVE-2023-39515</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39516">CVE-2023-39516</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T08:56:20.459772Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T08:56:20.462893Z">graaff</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-03.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-03">
<title>Asterisk: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.</synopsis>
<product type="ebuild">asterisk</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>771318</bug>
<bug>803440</bug>
<bug>838391</bug>
<bug>884797</bug>
<bug>920026</bug>
<bug>937844</bug>
<bug>939159</bug>
<access>remote</access>
<affected>
<package name="net-misc/asterisk" auto="yes" arch="*">
<unaffected range="ge">18.24.3</unaffected>
<vulnerable range="lt">18.24.3</vulnerable>
</package>
</affected>
<background>
<p>Asterisk is an open source telephony engine and toolkit.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Asterisk users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-18.24.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35776">CVE-2020-35776</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26712">CVE-2021-26712</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26713">CVE-2021-26713</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26714">CVE-2021-26714</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26717">CVE-2021-26717</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26906">CVE-2021-26906</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31878">CVE-2021-31878</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32558">CVE-2021-32558</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26498">CVE-2022-26498</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26499">CVE-2022-26499</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26651">CVE-2022-26651</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37325">CVE-2022-37325</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42705">CVE-2022-42705</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42706">CVE-2022-42706</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37457">CVE-2023-37457</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49294">CVE-2023-49294</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49786">CVE-2023-49786</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T08:58:41.628301Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T08:58:41.632180Z">graaff</metadata>
</glsa>

129
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-04.xml vendored Normal file
View File

@ -0,0 +1,129 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-04">
<title>Mozilla Firefox: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution.</synopsis>
<product type="ebuild">firefox,firefox-bin</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>936215</bug>
<bug>937467</bug>
<bug>941169</bug>
<bug>941174</bug>
<bug>941224</bug>
<access>remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge" slot="rapid">131.0.2</unaffected>
<unaffected range="ge" slot="esr">123.3.1</unaffected>
<vulnerable range="lt" slot="rapid">131.0.2</vulnerable>
<vulnerable range="lt" slot="esr">128.3.1</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge" slot="rapid">131.0.2</unaffected>
<unaffected range="ge" slot="esr">128.3.1</unaffected>
<vulnerable range="lt" slot="rapid">131.0.2</vulnerable>
<vulnerable range="lt" slot="esr">128.3.1</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Firefox users should upgrade to the latest version in their release channel:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-131.0.2:rapid"
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.3.1:esr"
</code>
<p>All Mozilla Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-131.0.2:rapid"
# emerge --ask --oneshot --verbose ">=www-client/firefox-128.3.1:esr"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6601">CVE-2024-6601</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6602">CVE-2024-6602</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6603">CVE-2024-6603</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6604">CVE-2024-6604</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6606">CVE-2024-6606</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6607">CVE-2024-6607</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6608">CVE-2024-6608</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6609">CVE-2024-6609</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6610">CVE-2024-6610</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6611">CVE-2024-6611</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6612">CVE-2024-6612</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6613">CVE-2024-6613</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6614">CVE-2024-6614</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6615">CVE-2024-6615</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7518">CVE-2024-7518</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7519">CVE-2024-7519</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7520">CVE-2024-7520</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7521">CVE-2024-7521</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7522">CVE-2024-7522</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7523">CVE-2024-7523</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7524">CVE-2024-7524</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7525">CVE-2024-7525</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7526">CVE-2024-7526</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7527">CVE-2024-7527</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7528">CVE-2024-7528</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7529">CVE-2024-7529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7530">CVE-2024-7530</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7531">CVE-2024-7531</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8381">CVE-2024-8381</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8382">CVE-2024-8382</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8383">CVE-2024-8383</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8384">CVE-2024-8384</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8385">CVE-2024-8385</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8386">CVE-2024-8386</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8387">CVE-2024-8387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8389">CVE-2024-8389</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8394">CVE-2024-8394</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8900">CVE-2024-8900</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9391">CVE-2024-9391</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9392">CVE-2024-9392</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9395">CVE-2024-9395</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9396">CVE-2024-9396</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9397">CVE-2024-9397</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9399">CVE-2024-9399</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9400">CVE-2024-9400</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9401">CVE-2024-9401</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9402">CVE-2024-9402</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9403">CVE-2024-9403</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9680">CVE-2024-9680</uri>
<uri>MFSA2024-29</uri>
<uri>MFSA2024-30</uri>
<uri>MFSA2024-31</uri>
<uri>MFSA2024-33</uri>
<uri>MFSA2024-34</uri>
<uri>MFSA2024-35</uri>
<uri>MFSA2024-38</uri>
<uri>MFSA2024-39</uri>
<uri>MFSA2024-40</uri>
<uri>MFSA2024-41</uri>
<uri>MFSA2024-43</uri>
<uri>MFSA2024-44</uri>
<uri>MFSA2024-46</uri>
<uri>MFSA2024-47</uri>
<uri>MFSA2024-48</uri>
<uri>MFSA2024-49</uri>
<uri>MFSA2024-50</uri>
<uri>MFSA2024-51</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T10:09:25.027501Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T10:09:25.030768Z">graaff</metadata>
</glsa>

121
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-05.xml vendored Normal file
View File

@ -0,0 +1,121 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-05">
<title>Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.</synopsis>
<product type="ebuild">chromium,google-chrome,microsoft-edge,microsoft-edge,opera</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>924450</bug>
<bug>925161</bug>
<bug>925666</bug>
<bug>926230</bug>
<bug>926869</bug>
<bug>927312</bug>
<bug>927928</bug>
<bug>928462</bug>
<bug>929112</bug>
<bug>930124</bug>
<bug>930647</bug>
<bug>930994</bug>
<bug>931548</bug>
<access>remote</access>
<affected>
<package name="ww-client/microsoft-edge" auto="yes" arch="*">
<unaffected range="ge">124.0.2478.97</unaffected>
</package>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">124.0.6367.155</unaffected>
<vulnerable range="lt">124.0.6367.155</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">124.0.6367.155</unaffected>
<vulnerable range="lt">124.0.6367.155</vulnerable>
</package>
<package name="www-client/microsoft-edge" auto="yes" arch="*">
<vulnerable range="lt">124.0.2478.97</vulnerable>
</package>
<package name="www-client/opera" auto="yes" arch="*">
<unaffected range="ge">110.0.5130.35</unaffected>
<vulnerable range="lt">110.0.5130.35</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Opera is a fast and secure web browser.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-124.0.6367.155"
</code>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-124.0.6367.155 "
</code>
<p>All Microsoft Edge users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-124.0.2478.97"
</code>
<p>All Oprea users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-110.0.5130.35"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1669">CVE-2024-1669</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1670">CVE-2024-1670</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1671">CVE-2024-1671</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1672">CVE-2024-1672</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1673">CVE-2024-1673</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1674">CVE-2024-1674</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1675">CVE-2024-1675</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1676">CVE-2024-1676</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2173">CVE-2024-2173</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2174">CVE-2024-2174</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2176">CVE-2024-2176</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2400">CVE-2024-2400</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2625">CVE-2024-2625</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2626">CVE-2024-2626</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2627">CVE-2024-2627</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2628">CVE-2024-2628</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2883">CVE-2024-2883</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2885">CVE-2024-2885</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2886">CVE-2024-2886</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2887">CVE-2024-2887</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3156">CVE-2024-3156</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3158">CVE-2024-3158</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3159">CVE-2024-3159</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3832">CVE-2024-3832</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3833">CVE-2024-3833</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3834">CVE-2024-3834</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4058">CVE-2024-4058</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4059">CVE-2024-4059</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4060">CVE-2024-4060</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4331">CVE-2024-4331</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4368">CVE-2024-4368</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4558">CVE-2024-4558</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4559">CVE-2024-4559</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T10:13:10.835687Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T10:13:10.839877Z">graaff</metadata>
</glsa>

133
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-06.xml vendored Normal file
View File

@ -0,0 +1,133 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-06">
<title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">thunderbird,thunderbird-bin</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>935551</bug>
<bug>936216</bug>
<bug>937468</bug>
<bug>941170</bug>
<bug>941175</bug>
<bug>942470</bug>
<access>remote</access>
<affected>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">128.4.0</unaffected>
<vulnerable range="lt">128.4.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">128.4.0</unaffected>
<vulnerable range="lt">128.4.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.4.0"
</code>
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.4.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5693">CVE-2024-5693</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5696">CVE-2024-5696</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5700">CVE-2024-5700</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6601">CVE-2024-6601</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6602">CVE-2024-6602</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6603">CVE-2024-6603</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6604">CVE-2024-6604</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7518">CVE-2024-7518</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7519">CVE-2024-7519</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7520">CVE-2024-7520</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7521">CVE-2024-7521</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7522">CVE-2024-7522</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7523">CVE-2024-7523</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7524">CVE-2024-7524</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7525">CVE-2024-7525</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7526">CVE-2024-7526</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7527">CVE-2024-7527</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7528">CVE-2024-7528</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7529">CVE-2024-7529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7531">CVE-2024-7531</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8381">CVE-2024-8381</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8382">CVE-2024-8382</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8383">CVE-2024-8383</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8384">CVE-2024-8384</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8385">CVE-2024-8385</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8386">CVE-2024-8386</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8387">CVE-2024-8387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8389">CVE-2024-8389</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8394">CVE-2024-8394</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8900">CVE-2024-8900</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9391">CVE-2024-9391</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9392">CVE-2024-9392</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9395">CVE-2024-9395</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9396">CVE-2024-9396</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9397">CVE-2024-9397</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9399">CVE-2024-9399</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9400">CVE-2024-9400</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9401">CVE-2024-9401</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9402">CVE-2024-9402</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9403">CVE-2024-9403</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10458">CVE-2024-10458</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10459">CVE-2024-10459</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10460">CVE-2024-10460</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10461">CVE-2024-10461</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10462">CVE-2024-10462</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10463">CVE-2024-10463</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10464">CVE-2024-10464</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10465">CVE-2024-10465</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10466">CVE-2024-10466</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10467">CVE-2024-10467</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10468">CVE-2024-10468</uri>
<uri>MFSA-2024-25</uri>
<uri>MFSA-2024-26</uri>
<uri>MFSA-2024-28</uri>
<uri>MFSA2024-29</uri>
<uri>MFSA2024-30</uri>
<uri>MFSA2024-31</uri>
<uri>MFSA2024-33</uri>
<uri>MFSA2024-34</uri>
<uri>MFSA2024-35</uri>
<uri>MFSA2024-38</uri>
<uri>MFSA2024-39</uri>
<uri>MFSA2024-40</uri>
<uri>MFSA2024-41</uri>
<uri>MFSA2024-43</uri>
<uri>MFSA2024-44</uri>
<uri>MFSA2024-46</uri>
<uri>MFSA2024-47</uri>
<uri>MFSA2024-48</uri>
<uri>MFSA2024-49</uri>
<uri>MFSA2024-50</uri>
<uri>MFSA2024-55</uri>
<uri>MFSA2024-56</uri>
<uri>MFSA2024-57</uri>
<uri>MFSA2024-58</uri>
<uri>MFSA2024-59</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T10:32:19.630664Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T10:32:19.634875Z">graaff</metadata>
</glsa>

104
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-07.xml vendored Normal file
View File

@ -0,0 +1,104 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-07">
<title>OpenJDK: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">openjdk,openjdk-bin,openjdk-jre-bin</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>912719</bug>
<bug>916211</bug>
<bug>925020</bug>
<bug>941689</bug>
<access>local and remote</access>
<affected>
<package name="dev-java/openjdk" auto="yes" arch="*">
<unaffected range="ge" slot="8">8.422_p05</unaffected>
<unaffected range="ge" slot="11">11.0.24_p8</unaffected>
<unaffected range="ge" slot="17">17.0.12_p7</unaffected>
<vulnerable range="lt" slot="8">8.422_p05</vulnerable>
<vulnerable range="lt" slot="11">11.0.24_p8</vulnerable>
<vulnerable range="lt" slot="17">17.0.12_p7</vulnerable>
</package>
<package name="dev-java/openjdk-bin" auto="yes" arch="*">
<unaffected range="ge" slot="8">8.422_p05</unaffected>
<unaffected range="ge" slot="11">11.0.24_p8</unaffected>
<unaffected range="ge" slot="17">17.0.12_p7</unaffected>
<vulnerable range="lt" slot="8">8.422_p05</vulnerable>
<vulnerable range="lt" slot="11">11.0.24_p8</vulnerable>
<vulnerable range="lt" slot="17">17.0.12_p7</vulnerable>
</package>
<package name="dev-java/openjdk-jre-bin" auto="yes" arch="*">
<unaffected range="ge" slot="8">8.422_p05</unaffected>
<unaffected range="ge" slot="11">11.0.24_p8</unaffected>
<unaffected range="ge" slot="17">17.0.12_p7</unaffected>
<vulnerable range="lt" slot="8">8.422_p05</vulnerable>
<vulnerable range="lt" slot="11">11.0.24_p8</vulnerable>
<vulnerable range="lt" slot="17">17.0.12_p7</vulnerable>
</package>
</affected>
<background>
<p>OpenJDK is an open source implementation of the Java programming language.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenJDK users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.422_p05:8"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.24_p8:11"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.12_p7:17"
</code>
<p>All OpenJDK users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.442_p05:8"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.24_p8:11"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.12_p7:17"
</code>
<p>All OpenJDK users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.442_p05:8"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.24_p8:11"
# emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.12_p7:17"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22006">CVE-2023-22006</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22025">CVE-2023-22025</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22036">CVE-2023-22036</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22041">CVE-2023-22041</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22044">CVE-2023-22044</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22045">CVE-2023-22045</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22049">CVE-2023-22049</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22067">CVE-2023-22067</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22081">CVE-2023-22081</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20918">CVE-2024-20918</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20919">CVE-2024-20919</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20921">CVE-2024-20921</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20926">CVE-2024-20926</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20932">CVE-2024-20932</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20945">CVE-2024-20945</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20952">CVE-2024-20952</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21208">CVE-2024-21208</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21210">CVE-2024-21210</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21217">CVE-2024-21217</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21235">CVE-2024-21235</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T10:36:00.689590Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T10:36:00.694327Z">graaff</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-08.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-08">
<title>icinga2: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Icinga2, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">icinga2</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>760660</bug>
<bug>943329</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/icinga2" auto="yes" arch="*">
<unaffected range="ge">2.14.3</unaffected>
<vulnerable range="lt">2.14.3</vulnerable>
</package>
</affected>
<background>
<p>Icinga2 is a distributed, general purpose, network monitoring engine.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Icinga2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/icinga2-2.14.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29663">CVE-2020-29663</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32739">CVE-2021-32739</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32743">CVE-2021-32743</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37698">CVE-2021-37698</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-49369">CVE-2024-49369</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T10:38:13.796029Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T10:38:13.799855Z">graaff</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-09.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-09">
<title>Salt: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Salt, the worst of which can lead to arbitrary code execution.</synopsis>
<product type="ebuild">salt</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>916512</bug>
<bug>925021</bug>
<access>remote</access>
<affected>
<package name="app-admin/salt" auto="yes" arch="*">
<unaffected range="ge">3006.6</unaffected>
<vulnerable range="lt">3006.6</vulnerable>
</package>
</affected>
<background>
<p>Salt is a fast, intelligent and scalable automation engine.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Salt users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/salt-3006.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-20897">CVE-2023-20897</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-20898">CVE-2023-20898</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34049">CVE-2023-34049</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-22231">CVE-2024-22231</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-22232">CVE-2024-22232</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T11:25:36.905520Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T11:25:36.909137Z">graaff</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-10.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-10">
<title>Dnsmasq: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service.</synopsis>
<product type="ebuild">dnsmasq</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>867322</bug>
<bug>905321</bug>
<bug>924448</bug>
<access>remote</access>
<affected>
<package name="net-dns/dnsmasq" auto="yes" arch="*">
<unaffected range="ge">2.90</unaffected>
<vulnerable range="lt">2.90</vulnerable>
</package>
</affected>
<background>
<p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Dnsmasq. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Dnsmasq users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.90"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0934">CVE-2022-0934</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28450">CVE-2023-28450</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50387">CVE-2023-50387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50868">CVE-2023-50868</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T11:27:15.261272Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T11:27:15.263698Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-11.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-11">
<title>OATH Toolkit: Privilege Escalation</title>
<synopsis>A vulnerability has been discovered in OATH Toolkit, which could lead to local root privilege escalation.</synopsis>
<product type="ebuild">oath-toolkit</product>
<announced>2024-12-07</announced>
<revised count="1">2024-12-07</revised>
<bug>940778</bug>
<access>local</access>
<affected>
<package name="sys-auth/oath-toolkit" auto="yes" arch="*">
<unaffected range="ge">2.6.12</unaffected>
<vulnerable range="lt">2.6.12</vulnerable>
</package>
</affected>
<background>
<p>OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key data. OATH stands for Open AuTHentication, which is the organization that specify the algorithms.</p>
</background>
<description>
<p>A vulnerability has been discovered in OATH Toolkit. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifier for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OATH Toolkit users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/oath-toolkit-2.6.12"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-47191">CVE-2024-47191</uri>
</references>
<metadata tag="requester" timestamp="2024-12-07T11:29:36.174751Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-07T11:29:36.177979Z">graaff</metadata>
</glsa>

60
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-12.xml vendored Normal file
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-12">
<title>PostgreSQL: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in PostgreSQL, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">postgresql</product>
<announced>2024-12-08</announced>
<revised count="1">2024-12-08</revised>
<bug>943512</bug>
<access>remote</access>
<affected>
<package name="dev-db/postgresql" auto="yes" arch="*">
<unaffected range="ge" slot="12">12.21</unaffected>
<unaffected range="ge" slot="13">13.17</unaffected>
<unaffected range="ge" slot="14">14.14</unaffected>
<unaffected range="ge" slot="15">15.9</unaffected>
<unaffected range="ge" slot="16">16.5</unaffected>
<unaffected range="ge" slot="17">17.1</unaffected>
<vulnerable range="lt" slot="12">12.21</vulnerable>
<vulnerable range="lt" slot="13">13.17</vulnerable>
<vulnerable range="lt" slot="14">14.14</vulnerable>
<vulnerable range="lt" slot="15">15.9</vulnerable>
<vulnerable range="lt" slot="16">16.5</vulnerable>
<vulnerable range="lt" slot="17">17.1</vulnerable>
</package>
</affected>
<background>
<p>PostgreSQL is an open source object-relational database management system.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PostgreSQL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.21:12"
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-13.17:13"
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-14.14:14"
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-15.9:15"
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-16.5:16"
# emerge --ask --oneshot --verbose ">=dev-db/postgresql-17.1:17"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10976">CVE-2024-10976</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10977">CVE-2024-10977</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10978">CVE-2024-10978</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10979">CVE-2024-10979</uri>
</references>
<metadata tag="requester" timestamp="2024-12-08T08:29:04.506280Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-08T08:29:04.508614Z">graaff</metadata>
</glsa>

88
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-13.xml vendored Normal file
View File

@ -0,0 +1,88 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-13">
<title>Spidermonkey: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">spidermonkey</product>
<announced>2024-12-08</announced>
<revised count="1">2024-12-08</revised>
<bug>935552</bug>
<bug>936217</bug>
<bug>937469</bug>
<bug>941176</bug>
<access>local and remote</access>
<affected>
<package name="dev-lang/spidermonkey" auto="yes" arch="*">
<unaffected range="ge" slot="115">115.15.0</unaffected>
<vulnerable range="lt" slot="115">115.15.0</vulnerable>
</package>
</affected>
<background>
<p>SpiderMonkey is Mozillas JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Spidermonkey. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Spidermonkey users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/spidermonkey-115.15.0:115"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5693">CVE-2024-5693</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5696">CVE-2024-5696</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5700">CVE-2024-5700</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6601">CVE-2024-6601</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6602">CVE-2024-6602</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6603">CVE-2024-6603</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6604">CVE-2024-6604</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7518">CVE-2024-7518</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7519">CVE-2024-7519</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7520">CVE-2024-7520</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7521">CVE-2024-7521</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7522">CVE-2024-7522</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7523">CVE-2024-7523</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7524">CVE-2024-7524</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7525">CVE-2024-7525</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7526">CVE-2024-7526</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7527">CVE-2024-7527</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7528">CVE-2024-7528</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7529">CVE-2024-7529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7531">CVE-2024-7531</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8381">CVE-2024-8381</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8382">CVE-2024-8382</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8383">CVE-2024-8383</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8384">CVE-2024-8384</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8385">CVE-2024-8385</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8386">CVE-2024-8386</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8387">CVE-2024-8387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8389">CVE-2024-8389</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8394">CVE-2024-8394</uri>
<uri>MFSA-2024-25</uri>
<uri>MFSA-2024-26</uri>
<uri>MFSA-2024-28</uri>
<uri>MFSA2024-29</uri>
<uri>MFSA2024-30</uri>
<uri>MFSA2024-31</uri>
<uri>MFSA2024-33</uri>
<uri>MFSA2024-34</uri>
<uri>MFSA2024-35</uri>
<uri>MFSA2024-38</uri>
<uri>MFSA2024-39</uri>
<uri>MFSA2024-40</uri>
<uri>MFSA2024-41</uri>
<uri>MFSA2024-43</uri>
<uri>MFSA2024-44</uri>
</references>
<metadata tag="requester" timestamp="2024-12-08T08:30:35.080391Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-08T08:30:35.086284Z">graaff</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-14.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-14">
<title>HashiCorp Consul: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.</synopsis>
<product type="ebuild">consul</product>
<announced>2024-12-08</announced>
<revised count="1">2024-12-08</revised>
<bug>907925</bug>
<bug>917614</bug>
<bug>925030</bug>
<access>remote</access>
<affected>
<package name="app-admin/consul" auto="yes" arch="*">
<unaffected range="ge">1.15.10</unaffected>
<vulnerable range="lt">1.15.10</vulnerable>
</package>
</affected>
<background>
<p>HashiCorp Consul is a tool for service discovery, monitoring and configuration.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All HashiCorp Consul users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/consul-1.15.10"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1297">CVE-2023-1297</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2816">CVE-2023-2816</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44487">CVE-2023-44487</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23322">CVE-2024-23322</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23323">CVE-2024-23323</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23324">CVE-2024-23324</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23325">CVE-2024-23325</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23327">CVE-2024-23327</uri>
</references>
<metadata tag="requester" timestamp="2024-12-08T08:38:34.763660Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-08T08:38:34.766478Z">graaff</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-15.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-15">
<title>OpenSC: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in OpenSC, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">opensc</product>
<announced>2024-12-11</announced>
<revised count="1">2024-12-11</revised>
<bug>907930</bug>
<bug>917651</bug>
<access>local</access>
<affected>
<package name="dev-libs/opensc" auto="yes" arch="*">
<unaffected range="ge">0.24.0</unaffected>
<vulnerable range="lt">0.24.0</vulnerable>
</package>
</affected>
<background>
<p>OpenSC contains tools and libraries for smart cards.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenSC users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.24.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2977">CVE-2023-2977</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4535">CVE-2023-4535</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40660">CVE-2023-40660</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40661">CVE-2023-40661</uri>
</references>
<metadata tag="requester" timestamp="2024-12-11T08:39:14.588601Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-11T08:39:14.593519Z">graaff</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-16.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-16">
<title>libvirt: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in libvirt, the worst of which could lead to a denial of service.</synopsis>
<product type="ebuild">libvirt</product>
<announced>2024-12-11</announced>
<revised count="1">2024-12-11</revised>
<bug>908042</bug>
<bug>916497</bug>
<bug>929966</bug>
<access>remote</access>
<affected>
<package name="app-emulation/libvirt" auto="yes" arch="*">
<unaffected range="ge">10.2.0</unaffected>
<vulnerable range="lt">10.2.0</vulnerable>
</package>
</affected>
<background>
<p>libvirt is a C toolkit for manipulating virtual machines.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libvirt users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/libvirt-10.2.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2700">CVE-2023-2700</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3750">CVE-2023-3750</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2494">CVE-2024-2494</uri>
</references>
<metadata tag="requester" timestamp="2024-12-11T08:41:12.324140Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-11T08:41:12.327199Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-17.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-17">
<title>idna: Denial of Service</title>
<synopsis>A vulnerability has been discovered in idna, which can lead to a denial of service.</synopsis>
<product type="ebuild">idna</product>
<announced>2024-12-11</announced>
<revised count="1">2024-12-11</revised>
<bug>929208</bug>
<access>local</access>
<affected>
<package name="dev-python/idna" auto="yes" arch="*">
<unaffected range="ge">3.7</unaffected>
<vulnerable range="lt">3.7</vulnerable>
</package>
</affected>
<background>
<p>Internationalized Domain Names for Python (IDNA 2008 and UTS #46)</p>
</background>
<description>
<p>A vulnerability has been discovered in idna. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifier for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All idna users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/idna-3.7"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3651">CVE-2024-3651</uri>
</references>
<metadata tag="requester" timestamp="2024-12-11T09:59:38.412294Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-11T09:59:38.415710Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-18.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-18">
<title>Distrobox: Arbitrary Code Execution</title>
<synopsis>A vulnerability has been discovered in Distrobox, which can lead to arbitrary code execution.</synopsis>
<product type="ebuild">distrobox</product>
<announced>2024-12-11</announced>
<revised count="1">2024-12-11</revised>
<bug>927742</bug>
<access>local</access>
<affected>
<package name="app-containers/distrobox" auto="yes" arch="*">
<unaffected range="ge">1.7.0.1</unaffected>
<vulnerable range="lt">1.7.0.1</vulnerable>
</package>
</affected>
<background>
<p>Use any Linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution youre more comfortable with. Distrobox uses podman, docker or lilipod to create containers using the Linux distribution of your choice. The created container will be tightly integrated with the host, allowing sharing of the HOME directory of the user, external storage, external USB devices and graphical apps (X11/Wayland), and audio.</p>
</background>
<description>
<p>A vulnerability has been discovered in Distrobox. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifier for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Distrobox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-containers/distrobox-1.7.0.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-29864">CVE-2024-29864</uri>
</references>
<metadata tag="requester" timestamp="2024-12-11T11:59:52.896177Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-11T11:59:52.901538Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-19.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-19">
<title>eza: Arbitrary Code Execution</title>
<synopsis>A vulnerability has been discovered in eza, which can lead to arbitrary code execution.</synopsis>
<product type="ebuild">eza</product>
<announced>2024-12-11</announced>
<revised count="1">2024-12-11</revised>
<bug>926532</bug>
<access>local</access>
<affected>
<package name="sys-apps/eza" auto="yes" arch="*">
<unaffected range="ge">0.18.6</unaffected>
<vulnerable range="lt">0.18.6</vulnerable>
</package>
</affected>
<background>
<p>eza is a modern, maintained replacement for ls, written in rust.</p>
</background>
<description>
<p>A vulnerability has been discovered in eza. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="normal">
<p>A buffer overflow vulnerability in eza allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All eza users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/eza-0.18.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-25817">CVE-2024-25817</uri>
</references>
<metadata tag="requester" timestamp="2024-12-11T12:01:47.731410Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-11T12:01:47.734155Z">graaff</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202412-20.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202412-20">
<title>NVIDIA Drivers: Privilege Escalation</title>
<synopsis>Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in privilege escalation.</synopsis>
<product type="ebuild">nvidia-drivers</product>
<announced>2024-12-14</announced>
<revised count="1">2024-12-14</revised>
<bug>942031</bug>
<access>local</access>
<affected>
<package name="x11-drivers/nvidia-drivers" auto="yes" arch="*">
<unaffected range="ge">535.216.01</unaffected>
<unaffected range="ge">550.127.05</unaffected>
<vulnerable range="lt">535.216.01</vulnerable>
<vulnerable range="lt">550.127.05</vulnerable>
</package>
</affected>
<background>
<p>NVIDIA Drivers are NVIDIA&#39;s accelerated graphics driver.</p>
</background>
<description>
<p>A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifier for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All NVIDIA Drivers 535 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.216.01:0/535"
</code>
<p>All NVIDIA Drivers 550 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-550.127.05:0/550"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0126">CVE-2024-0126</uri>
</references>
<metadata tag="requester" timestamp="2024-12-14T11:01:53.093210Z">graaff</metadata>
<metadata tag="submitter" timestamp="2024-12-14T11:01:53.097240Z">graaff</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Sun, 01 Dec 2024 06:40:21 +0000
Wed, 01 Jan 2025 06:40:39 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
06b1665a387d4d7cb73b9b91b99b6ed644d013ed 1731837118 2024-11-17T09:51:58Z
75999cf3645e45cf60bdeaf1621c235c071cf08b 1734174153 2024-12-14T11:02:33Z