mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-19 13:31:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #443 from mischief/glsa-sync

Browse Source 
bump(metadata/glsa): sync with upstream
This commit is contained in:
Nick Owens 2016-06-22 14:38:14 -07:00 committed by GitHub
commit b6ac528113
15 changed files with 1146 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-03.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201605-03">
<title>libfpx: Denial of Service</title>
<synopsis>A double free vulnerability has been discovered in libfpx that
allows remote attackers to cause a Denial of Service.
</synopsis>
<product type="ebuild">libfpx</product>
<announced>May 30, 2016</announced>
<revised>May 30, 2016: 1</revised>
<bug>395367</bug>
<access>remote</access>
<affected>
<package name="media-libs/libfpx" auto="yes" arch="*">
<unaffected range="ge">1.3.1_p6</unaffected>
<vulnerable range="lt">1.3.1_p6</vulnerable>
</package>
</affected>
<background>
<p>A library for manipulating FlashPIX images.</p>
</background>
<description>
<p>A double free vulnerability has been discovered in the Free_All_Memory
function in jpeg/dectile.c.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to open a specially crafted FPX
image using an application linked against libfpx, possibly resulting in a
Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libfpx users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/libfpx-1.3.1_p6"
</code>
<p>Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying these packages.
</p>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0025">CVE-2012-0025</uri>
</references>
<metadata tag="requester" timestamp="Wed, 06 Apr 2016 23:28:31 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Mon, 30 May 2016 17:56:49 +0000">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-04.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201605-04">
<title>rsync: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in rsync, the worst of
which could allow remote attackers to write arbitrary files.
</synopsis>
<product type="ebuild"></product>
<announced>May 30, 2016</announced>
<revised>May 30, 2016: 1</revised>
<bug>519108</bug>
<bug>540000</bug>
<bug>569140</bug>
<access>remote</access>
<affected>
<package name="net-misc/rsync" auto="yes" arch="*">
<unaffected range="ge">3.1.2</unaffected>
<vulnerable range="lt">3.1.2</vulnerable>
</package>
</affected>
<background>
<p>File transfer program to keep remote files into sync.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in rsync. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers could write arbitrary files via symlink attacks.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All rsync users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-3.1.2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8242">CVE-2014-8242</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9512">CVE-2014-9512</uri>
</references>
<metadata tag="requester" timestamp="Thu, 25 Feb 2016 07:39:41 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Mon, 30 May 2016 19:55:19 +0000">b-man</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-05.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201605-05">
<title>Linux-PAM: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Linux-PAM, allowing
remote attackers to bypass the auth process and cause Denial of Service.
</synopsis>
<product type="ebuild">pam</product>
<announced>May 31, 2016</announced>
<revised>May 31, 2016: 1</revised>
<bug>493432</bug>
<bug>505604</bug>
<bug>553302</bug>
<access>remote</access>
<affected>
<package name="sys-libs/pam" auto="yes" arch="*">
<unaffected range="ge">1.2.1</unaffected>
<vulnerable range="lt">1.2.1</vulnerable>
</package>
</affected>
<background>
<p>Linux-PAM (Pluggable Authentication Modules) is an architecture allowing
the separation of the development of privilege granting software from the
development of secure and appropriate authentication schemes.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Linux-PAM. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers could cause Denial of Service, conduct brute force
attacks, and conduct username enumeration.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Linux-PAM users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-libs/pam-1.2.1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7041">CVE-2013-7041</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2583">CVE-2014-2583</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238">CVE-2015-3238</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238">CVE-2015-3238</uri>
</references>
<metadata tag="requester" timestamp="Mon, 10 Aug 2015 14:28:31 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Tue, 31 May 2016 04:26:13 +0000">b-man</metadata>
</glsa>

309
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201605-06.xml vendored Normal file
View File

@ -0,0 +1,309 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201605-06">
<title>Mozilla Products: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Firefox, Thunderbird,
Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
the worst of which may allow remote execution of arbitrary code.
</synopsis>
<product type="ebuild">firefox</product>
<announced>May 31, 2016</announced>
<revised>May 31, 2016: 1</revised>
<bug>549356</bug>
<bug>557590</bug>
<bug>559186</bug>
<bug>561246</bug>
<bug>563230</bug>
<bug>564834</bug>
<bug>573074</bug>
<bug>574596</bug>
<bug>576862</bug>
<access>remote</access>
<affected>
<package name="dev-libs/nspr" auto="yes" arch="*">
<unaffected range="ge">4.12</unaffected>
<vulnerable range="lt">4.12</vulnerable>
</package>
<package name="dev-libs/nss" auto="yes" arch="*">
<unaffected range="ge">3.22.2</unaffected>
<vulnerable range="lt">3.22.2</vulnerable>
</package>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">38.7.0</unaffected>
<vulnerable range="lt">38.7.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">38.7.0</unaffected>
<vulnerable range="lt">38.7.0</vulnerable>
</package>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge">38.7.0</unaffected>
<vulnerable range="lt">38.7.0</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge">38.7.0</unaffected>
<vulnerable range="lt">38.7.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an
open-source email client, and the Network Security Service (NSS) is a
library implementing security features like SSL v.2/v.3, TLS, PKCS #5,
PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as
Mozilla Application Suite.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and
Thunderbird. Please review the CVE identifiers referenced below for
details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to view a specially crafted web
page or email, possibly resulting in execution of arbitrary code or a
Denial of Service condition. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information, spoof
the address bar, conduct clickjacking attacks, bypass security
restrictions and protection mechanisms, or have other unspecified
impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All NSS users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/nss-3.22.2"
</code>
<p>All Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-38.7.0"
</code>
<p>All users of the Thunderbird binary package should upgrade to the latest
version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=mail-client/thunderbird-bin-38.7.0"
</code>
<p>All Firefox 38.7.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-38.7.0"
</code>
<p>All users of the Firefox 38.7.x binary package should upgrade to the
latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-38.7.0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708">CVE-2015-2708</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708">CVE-2015-2708</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709">CVE-2015-2709</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709">CVE-2015-2709</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710">CVE-2015-2710</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710">CVE-2015-2710</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711">CVE-2015-2711</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711">CVE-2015-2711</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712">CVE-2015-2712</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712">CVE-2015-2712</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713">CVE-2015-2713</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713">CVE-2015-2713</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714">CVE-2015-2714</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714">CVE-2015-2714</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715">CVE-2015-2715</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715">CVE-2015-2715</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716">CVE-2015-2716</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716">CVE-2015-2716</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717">CVE-2015-2717</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717">CVE-2015-2717</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718">CVE-2015-2718</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718">CVE-2015-2718</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473">CVE-2015-4473</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473">CVE-2015-4473</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474">CVE-2015-4474</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474">CVE-2015-4474</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475">CVE-2015-4475</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475">CVE-2015-4475</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477">CVE-2015-4477</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477">CVE-2015-4477</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478">CVE-2015-4478</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478">CVE-2015-4478</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479">CVE-2015-4479</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479">CVE-2015-4479</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480">CVE-2015-4480</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480">CVE-2015-4480</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481">CVE-2015-4481</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481">CVE-2015-4481</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482">CVE-2015-4482</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482">CVE-2015-4482</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483">CVE-2015-4483</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483">CVE-2015-4483</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484">CVE-2015-4484</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484">CVE-2015-4484</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485">CVE-2015-4485</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485">CVE-2015-4485</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486">CVE-2015-4486</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486">CVE-2015-4486</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487">CVE-2015-4487</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487">CVE-2015-4487</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488">CVE-2015-4488</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488">CVE-2015-4488</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489">CVE-2015-4489</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489">CVE-2015-4489</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490">CVE-2015-4490</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490">CVE-2015-4490</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491">CVE-2015-4491</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491">CVE-2015-4491</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492">CVE-2015-4492</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492">CVE-2015-4492</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493">CVE-2015-4493</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493">CVE-2015-4493</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181">CVE-2015-7181</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182">CVE-2015-7182</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183">CVE-2015-7183</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523">CVE-2016-1523</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930">CVE-2016-1930</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930">CVE-2016-1930</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931">CVE-2016-1931</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931">CVE-2016-1931</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933">CVE-2016-1933</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933">CVE-2016-1933</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935">CVE-2016-1935</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935">CVE-2016-1935</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937">CVE-2016-1937</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937">CVE-2016-1937</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938">CVE-2016-1938</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938">CVE-2016-1938</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939">CVE-2016-1939</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939">CVE-2016-1939</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940">CVE-2016-1940</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940">CVE-2016-1940</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941">CVE-2016-1941</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941">CVE-2016-1941</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942">CVE-2016-1942</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942">CVE-2016-1942</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943">CVE-2016-1943</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943">CVE-2016-1943</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944">CVE-2016-1944</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944">CVE-2016-1944</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945">CVE-2016-1945</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945">CVE-2016-1945</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946">CVE-2016-1946</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946">CVE-2016-1946</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947">CVE-2016-1947</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947">CVE-2016-1947</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948">CVE-2016-1948</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948">CVE-2016-1948</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949">CVE-2016-1949</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949">CVE-2016-1949</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950">CVE-2016-1950</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950">CVE-2016-1950</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952">CVE-2016-1952</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952">CVE-2016-1952</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953">CVE-2016-1953</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953">CVE-2016-1953</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954">CVE-2016-1954</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954">CVE-2016-1954</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955">CVE-2016-1955</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955">CVE-2016-1955</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956">CVE-2016-1956</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956">CVE-2016-1956</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957">CVE-2016-1957</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957">CVE-2016-1957</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958">CVE-2016-1958</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958">CVE-2016-1958</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959">CVE-2016-1959</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959">CVE-2016-1959</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960">CVE-2016-1960</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960">CVE-2016-1960</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961">CVE-2016-1961</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961">CVE-2016-1961</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962">CVE-2016-1962</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962">CVE-2016-1962</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963">CVE-2016-1963</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963">CVE-2016-1963</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964">CVE-2016-1964</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964">CVE-2016-1964</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965">CVE-2016-1965</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965">CVE-2016-1965</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966">CVE-2016-1966</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966">CVE-2016-1966</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967">CVE-2016-1967</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967">CVE-2016-1967</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968">CVE-2016-1968</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968">CVE-2016-1968</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969">CVE-2016-1969</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969">CVE-2016-1969</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970">CVE-2016-1970</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970">CVE-2016-1970</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971">CVE-2016-1971</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971">CVE-2016-1971</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972">CVE-2016-1972</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972">CVE-2016-1972</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973">CVE-2016-1973</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973">CVE-2016-1973</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974">CVE-2016-1974</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974">CVE-2016-1974</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975">CVE-2016-1975</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975">CVE-2016-1975</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976">CVE-2016-1976</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976">CVE-2016-1976</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977">CVE-2016-1977</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977">CVE-2016-1977</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978">CVE-2016-1978</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978">CVE-2016-1978</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979">CVE-2016-1979</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979">CVE-2016-1979</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790">CVE-2016-2790</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790">CVE-2016-2790</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791">CVE-2016-2791</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791">CVE-2016-2791</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792">CVE-2016-2792</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792">CVE-2016-2792</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793">CVE-2016-2793</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793">CVE-2016-2793</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794">CVE-2016-2794</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794">CVE-2016-2794</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795">CVE-2016-2795</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795">CVE-2016-2795</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796">CVE-2016-2796</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796">CVE-2016-2796</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797">CVE-2016-2797</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797">CVE-2016-2797</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798">CVE-2016-2798</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798">CVE-2016-2798</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799">CVE-2016-2799</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799">CVE-2016-2799</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800">CVE-2016-2800</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800">CVE-2016-2800</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801">CVE-2016-2801</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801">CVE-2016-2801</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802">CVE-2016-2802</uri>
</references>
<metadata tag="requester" timestamp="Thu, 31 Dec 2015 02:35:40 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Tue, 31 May 2016 05:43:42 +0000">b-man</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-01.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-01">
<title>PuTTY: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in PuTTY, the worst of
which could lead to arbitrary code execution, or cause a Denial of Service
condition.
</synopsis>
<product type="ebuild"></product>
<announced>June 05, 2016</announced>
<revised>June 05, 2016: 2</revised>
<bug>565080</bug>
<bug>576524</bug>
<access>remote</access>
<affected>
<package name="net-misc/putty" auto="yes" arch="*">
<unaffected range="ge">0.67</unaffected>
<vulnerable range="lt">0.67</vulnerable>
</package>
</affected>
<background>
<p>PuTTY is a telnet and SSH client.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in PuTTY. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Stack-based buffer overflow in the SCP command-line utility allows
remote servers to execute arbitrary code or cause a denial of service
condition via a crafted SCP-SINK file-size response to an SCP download
request.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PuTTY users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/putty-0.67"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5309">CVE-2015-5309</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2563">CVE-2016-2563</uri>
</references>
<metadata tag="requester" timestamp="Tue, 05 Apr 2016 03:16:59 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Sun, 05 Jun 2016 16:25:06 +0000">b-man</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-02.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-02">
<title>Puppet Server and Agent: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Puppet Server and
Agent, the worst of which could lead to arbitrary code execution.
</synopsis>
<product type="ebuild"></product>
<announced>June 05, 2016</announced>
<revised>June 05, 2016: 3</revised>
<bug>577450</bug>
<bug>581372</bug>
<access>remote</access>
<affected>
<package name="app-admin/puppet-agent" auto="yes" arch="*">
<unaffected range="ge">1.4.2</unaffected>
<vulnerable range="lt">1.4.2</vulnerable>
</package>
<package name="app-admin/puppetserver" auto="yes" arch="*">
<unaffected range="ge">2.3.2</unaffected>
<vulnerable range="lt">2.3.2</vulnerable>
</package>
</affected>
<background>
<p>Puppet Agent contains Puppets main code and all of the dependencies
needed to run it, including Facter, Hiera, and bundled versions of Ruby
and OpenSSL.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Puppet Server and
Agent. Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Remote attackers, impersonating a trusted broker, could potentially
execute arbitrary code.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Puppet Agent users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-admin/puppet-agent-1.4.2"
</code>
<p>All Puppet Server users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-admin/puppetserver-2.3.2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2785">CVE-2016-2785</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2786">CVE-2016-2786</uri>
</references>
<metadata tag="requester" timestamp="Tue, 15 Mar 2016 09:09:16 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Sun, 05 Jun 2016 20:14:52 +0000">b-man</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-03.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-03">
<title>libjpeg-turbo: Multiple vulnerabilities</title>
<synopsis>Two vulnerabilities have been discovered in libjpeg-turbo, the
worse of which could allow remote attackers access to sensitive
information.
</synopsis>
<product type="ebuild">libjpeg-turbo</product>
<announced>June 05, 2016</announced>
<revised>June 05, 2016: 2</revised>
<bug>491150</bug>
<bug>531418</bug>
<access>remote</access>
<affected>
<package name="media-libs/libjpeg-turbo" auto="yes" arch="*">
<unaffected range="ge">1.4.2</unaffected>
<vulnerable range="lt">1.4.2</vulnerable>
</package>
</affected>
<background>
<p>libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library</p>
</background>
<description>
<p>libjpeg-turbo does not check for certain duplications of component data
during the reading of segments that follow Start Of Scan (SOS) JPEG
markers.
</p>
</description>
<impact type="normal">
<p>Remote attackers could obtain sensitive information from uninitialized
memory locations via a crafted JPEG images.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libjpeg-turbo users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/libjpeg-turbo-1.4.2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629">CVE-2013-6629</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6630">CVE-2013-6630</uri>
</references>
<metadata tag="requester" timestamp="Thu, 19 Jun 2014 02:00:52 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Sun, 05 Jun 2016 19:54:52 +0000">mrueg</metadata>
</glsa>

79
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-04.xml vendored Normal file
View File

@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-04">
<title>GnuPG: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in GnuPG and libgcrypt,
the worst of which may allow a local attacker to obtain confidential key
information.
</synopsis>
<product type="ebuild">gnupg</product>
<announced>June 05, 2016</announced>
<revised>June 10, 2016: 2</revised>
<bug>534110</bug>
<bug>541564</bug>
<bug>541568</bug>
<access>local, remote</access>
<affected>
<package name="app-crypt/gnupg" auto="yes" arch="*">
<unaffected range="ge">2.0.26-r3</unaffected>
<unaffected range="rge">1.4.19</unaffected>
<unaffected range="rge">1.4.20</unaffected>
<unaffected range="rge">1.4.21</unaffected>
<unaffected range="rge">1.4.22</unaffected>
<vulnerable range="lt">2.0.26-r3</vulnerable>
</package>
<package name="dev-libs/libgcrypt" auto="yes" arch="*">
<unaffected range="ge">1.6.3-r4</unaffected>
<vulnerable range="lt">1.6.3-r4</vulnerable>
</package>
</affected>
<background>
<p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of
cryptographic software.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in GnuPG and libgcrypt,
please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A local attacker could possibly cause a Denial of Service condition.
Side-channel attacks could be leveraged to obtain key material.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GnuPG 2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-2.0.26-r3"
</code>
<p>All GnuPG 1 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-crypt/gnupg-1.4.19"
</code>
<p>All libgcrypt users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/libgcrypt-1.6.3-r4"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3591">CVE-2014-3591</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0837">CVE-2015-0837</uri>
</references>
<metadata tag="requester" timestamp="Mon, 16 Feb 2015 14:53:59 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Fri, 10 Jun 2016 18:09:58 +0000">stanley</metadata>
</glsa>

60
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-05.xml vendored Normal file
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-05">
<title>spice: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in spice, the worst of
which may result in the remote execution of arbitrary code.
</synopsis>
<product type="ebuild"></product>
<announced>June 16, 2016</announced>
<revised>June 16, 2016: 1</revised>
<bug>560006</bug>
<bug>562890</bug>
<bug>584126</bug>
<access>local, remote</access>
<affected>
<package name="app-emulation/spice" auto="yes" arch="*">
<unaffected range="ge">0.12.7-r1</unaffected>
<vulnerable range="lt">0.12.7-r1</vulnerable>
</package>
</affected>
<background>
<p>Provides a complete open source solution for remote access to virtual
machines in a seamless way so you can play videos, record audio, share
usb devices and share folders without complications.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in spice, please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code. Additionally, a
local attacker could cause a Denial of Service.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All spice users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-emulation/spice-0.12.7-r1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5260">CVE-2015-5260</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5260">CVE-2015-5260</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5261">CVE-2015-5261</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5261">CVE-2015-5261</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0749">CVE-2016-0749</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2150">CVE-2016-2150</uri>
</references>
<metadata tag="requester" timestamp="Wed, 18 Nov 2015 21:15:42 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Thu, 16 Jun 2016 18:45:10 +0000">b-man</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-06.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-06">
<title>nginx: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in nginx, the worst of
which may allow a remote attacker to cause a Denial of Service.
</synopsis>
<product type="ebuild"></product>
<announced>June 17, 2016</announced>
<revised>June 17, 2016: 1</revised>
<bug>560854</bug>
<bug>573046</bug>
<bug>584744</bug>
<access>remote</access>
<affected>
<package name="www-servers/nginx" auto="yes" arch="*">
<unaffected range="ge">1.10.1</unaffected>
<vulnerable range="lt">1.10.1</vulnerable>
</package>
</affected>
<background>
<p>nginx is a robust, small, and high performance HTTP and reverse proxy
server.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in nginx. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly cause a Denial of Service condition via
a crafted packet.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All nginx users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-servers/nginx-1.10.1"
</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587">
CVE-2013-3587
</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742">CVE-2016-0742</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746">CVE-2016-0746</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747">CVE-2016-0747</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450">CVE-2016-4450</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450">CVE-2016-4450</uri>
</references>
<metadata tag="requester" timestamp="Tue, 14 Jun 2016 08:44:21 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Fri, 17 Jun 2016 18:26:31 +0000">b-man</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-07.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-07">
<title>dhcpcd: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in dhcpcd allowing remote
attackers to possibly execute arbitrary code or cause a Denial of Service.
</synopsis>
<product type="ebuild"></product>
<announced>June 18, 2016</announced>
<revised>June 18, 2016: 2</revised>
<bug>571152</bug>
<access>remote</access>
<affected>
<package name="net-misc/dhcpcd" auto="yes" arch="*">
<unaffected range="ge">6.10.0</unaffected>
<vulnerable range="lt">6.10.0</vulnerable>
</package>
</affected>
<background>
<p>A fully featured, yet light weight RFC2131 compliant DHCP client</p>
</background>
<description>
<p>A heap overflow can be triggered via malformed DHCP responses in the
print_option (via dhcp_envoption1) due to incorrect option length values.
These vulnerabilities could also allow remote attackers to trigger an
invalid read/crash via malformed DHCP responses.
</p>
</description>
<impact type="normal">
<p>Remote attackers could possibly execute arbitrary code with the
privileges of the process or cause Denial of Service.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All dhcpcd users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/dhcpcd-6.10.0”
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1503">CVE-2016-1503</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1504">CVE-2016-1504</uri>
</references>
<metadata tag="requester" timestamp="Mon, 08 Feb 2016 20:32:46 +0000">K_F</metadata>
<metadata tag="submitter" timestamp="Sat, 18 Jun 2016 19:11:50 +0000">b-man</metadata>
</glsa>

68
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-08.xml vendored Normal file
View File

@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-08">
<title>Adobe Flash Player: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which allows remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild"></product>
<announced>June 18, 2016</announced>
<revised>June 18, 2016: 1</revised>
<bug>579166</bug>
<bug>582670</bug>
<bug>586044</bug>
<access>remote</access>
<affected>
<package name="www-plugins/adobe-flash" auto="yes" arch="*">
<unaffected range="ge">11.2.202.626</unaffected>
<vulnerable range="lt">11.2.202.626</vulnerable>
</package>
</affected>
<background>
<p>The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Adobe Flash Player users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "www-plugins/adobe-flash-11.2.202.626"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019">CVE-2016-1019</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019">CVE-2016-1019</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1019">CVE-2016-1019</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117">CVE-2016-4117</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4117">CVE-2016-4117</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120">CVE-2016-4120</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120">CVE-2016-4120</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4120">CVE-2016-4120</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4121">CVE-2016-4121</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4160">CVE-2016-4160</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4161">CVE-2016-4161</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4162">CVE-2016-4162</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4163">CVE-2016-4163</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171">CVE-2016-4171</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171">CVE-2016-4171</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4171">CVE-2016-4171</uri>
</references>
<metadata tag="requester" timestamp="Fri, 17 Jun 2016 23:30:46 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Sat, 18 Jun 2016 23:47:05 +0000">b-man</metadata>
</glsa>

62
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-09.xml vendored Normal file
View File

@ -0,0 +1,62 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-09">
<title>FFmpeg: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of
which could lead to arbitrary code execution or Denial of Service
condition.
</synopsis>
<product type="ebuild"></product>
<announced>June 18, 2016</announced>
<revised>June 18, 2016: 1</revised>
<bug>528554</bug>
<bug>553732</bug>
<bug>571868</bug>
<bug>577458</bug>
<access>remote</access>
<affected>
<package name="media-video/ffmpeg" auto="yes" arch="*">
<unaffected range="ge">2.8.6</unaffected>
<vulnerable range="lt">2.8.6</vulnerable>
</package>
</affected>
<background>
<p>FFmpeg is a complete, cross-platform solution to record, convert and
stream audio and video.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in FFmpeg. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code or cause a
Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All FFmpeg users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-video/ffmpeg-2.8.6"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9676">CVE-2014-9676</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1897">CVE-2016-1897</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1898">CVE-2016-1898</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2213">CVE-2016-2213</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2326">CVE-2016-2326</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2327">CVE-2016-2327</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2328">CVE-2016-2328</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2329">CVE-2016-2329</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2330">CVE-2016-2330</uri>
</references>
<metadata tag="requester" timestamp="Sun, 20 Mar 2016 12:22:08 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Sat, 18 Jun 2016 23:58:49 +0000">b-man</metadata>
</glsa>

120
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201606-10.xml vendored Normal file
View File

@ -0,0 +1,120 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201606-10">
<title>PHP: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
could lead to arbitrary code execution, or cause a Denial of Service
condition.
</synopsis>
<product type="ebuild">php</product>
<announced>June 19, 2016</announced>
<revised>June 19, 2016: 2</revised>
<bug>537586</bug>
<bug>541098</bug>
<bug>544186</bug>
<bug>544330</bug>
<bug>546872</bug>
<bug>549538</bug>
<bug>552408</bug>
<bug>555576</bug>
<bug>555830</bug>
<bug>556952</bug>
<bug>559612</bug>
<bug>562882</bug>
<bug>571254</bug>
<bug>573892</bug>
<bug>577376</bug>
<access>remote</access>
<affected>
<package name="dev-lang/php" auto="yes" arch="*">
<unaffected range="ge">5.6.19</unaffected>
<unaffected range="rge">5.5.33</unaffected>
<unaffected range="rge">5.5.34</unaffected>
<unaffected range="rge">5.5.35</unaffected>
<unaffected range="rge">5.5.36</unaffected>
<unaffected range="rge">5.5.37</unaffected>
<unaffected range="rge">5.5.38</unaffected>
<vulnerable range="lt">5.6.19</vulnerable>
</package>
</affected>
<background>
<p>PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker can possibly execute arbitrary code or create a Denial of
Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as PHP
5.4 is now masked in Portage:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.5.33"
</code>
<p>All PHP 5.5 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.5.33"
</code>
<p>All PHP 5.6 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev=lang/php-5.6.19"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501">CVE-2013-6501</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705">CVE-2014-9705</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709">CVE-2014-9709</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231">CVE-2015-0231</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273">CVE-2015-0273</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351">CVE-2015-1351</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352">CVE-2015-1352</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301">CVE-2015-2301</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348">CVE-2015-2348</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783">CVE-2015-2783</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787">CVE-2015-2787</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329">CVE-2015-3329</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330">CVE-2015-3330</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021">CVE-2015-4021</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022">CVE-2015-4022</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025">CVE-2015-4025</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026">CVE-2015-4026</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147">CVE-2015-4147</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148">CVE-2015-4148</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642">CVE-2015-4642</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643">CVE-2015-4643</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644">CVE-2015-4644</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831">CVE-2015-6831</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832">CVE-2015-6832</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833">CVE-2015-6833</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834">CVE-2015-6834</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835">CVE-2015-6835</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836">CVE-2015-6836</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837">CVE-2015-6837</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838">CVE-2015-6838</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803">CVE-2015-7803</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804">CVE-2015-7804</uri>
</references>
<metadata tag="requester" timestamp="Sat, 18 Apr 2015 22:36:42 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Sun, 19 Jun 2016 21:29:10 +0000">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Tue, 17 May 2016 17:40:45 +0000 Wed, 22 Jun 2016 17:40:47 +0000