mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-23 06:31:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

portage-stable/metadata: Monthly GLSA metadata updates

Browse Source
This commit is contained in:
Flatcar Buildbot 2024-01-01 07:15:46 +00:00 committed by Dongsu Park
parent a642a4fc55
commit b8c4d619a3
21 changed files with 888 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
MANIFEST Manifest.files.gz 555493 BLAKE2B 9b9c68f6fcd5aa241244f03965d32d2bee2397eebacb0b4742f3b5eff9058f33cdb8d4c1f96505cd2a1acaed4347077a204862e5674effe944e54b05e7466726 SHA512 bf81aa35acfc8893b8a8ffc0d57915c1a8e6b54e9400f0d03f26dd199de30e2601f7a7c1060d2185e26c3276979665ae687fb8e8a1e2b4d537df4a3270e38d43
TIMESTAMP 2023-12-01T06:40:02Z
MANIFEST Manifest.files.gz 558197 BLAKE2B dde0fd5bc1749affc0b48b285b7ab9bd0a7216628f650cd3cbf0e6b2a1788ebd2dc667afbfee3491b42c071ba583d8c7e204468384a8f639b22206d6cbf47903 SHA512 6a3cf3862910d3680e54853c513e07b7a7d791fa5a5732653e79584f351498dd0ac5f7c244cf38dd9920afd7da27fd2c1e7a51770500da41d964a2a5ddd6ec92
TIMESTAMP 2024-01-01T06:39:54Z
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVpf8JfFIAAAAAALgAo
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWSXjpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klAidhAApvskqQHXNDKb23KYww5txqWvEIG7F3zNXzL2khrVh1PxoPhey6mf/bO5
75lyy0i5D6MZuEUMJW2MEIrcqALpz7mmfPD8v2D/OT053XqP7UuLPBKeeTlQ2w+m
KpCvgMohqFVQjMVlKbYtCAq1Fx3tvafo03JCTseKlZ2sF8xdxIo0sMJGBs2tSc5J
vaxjkT2Wo4CSn0XT8G1g1d6iLIs4eIhKsDWy759WyCU/43g1TzGXqDGhIQSXEX0C
oeJsKK/V1fLPLcP9CnoqRGQ46/L8LdjTDYfb9caKgQ8lCh/hqZce3Lqfyh4KRd2k
uw51if5KABbRAQ4Qc12l1S8JQH4T0yR/BB70ywb50dIfxmQJQrzpr5ybhv5P66jz
EJkpNShtvrZvuYxF71KpTYsuJWNnNuJLRUIrywtyj4f1rmxgqdBRDec+ycrjNGOl
MzCrk3PgEb6lV6qvMicyVYakq6Yl861hVE9kquoh0djsm9velGXnV1l1+jcTLubH
0pPS4luIVhkGuGzoej7UOwhdpUdeZjqPcPPF63+VeIJVZscAizlGnYP/IE7DNyYQ
PBSphTSR5s50IRItmnuDdnzitwmGQM5ngWDFO7Y8T4icxN34GlxpV/LmODnweutd
KNt68X7UTuhNoKV7+ifeunQ3fu7q/VdI5an9REaGKVg/eFoFvtk=
=S+ig
klB20BAAqVFxMgUnpYZN3TY1cE1pYHAycfbddPzAPAx0I3yPolECfSJpH5UP5EEF
r23EVYdedYTG4cj4cXLRRr0cWdI5/2xHN5YzXqMQdAiNekIjeNc/d/bz+fKXbAZv
a2hGFz71burELuaLhtUOgHhxTPZGA7dZ82k2ZkrHdd3zVyxp6rzS1uQOWj6uKib6
2dGfgRR+sUdAgIFTexJuCRCt861U5LXEeE7kj8tGXE0kc93JXG5QS3b2NmDvY7GZ
COv3ZeAjYVGkfDQtQtzekL+Sd4UyvICHEZ2M1vPVc5RFFjNUuyC2q7P73DoKXKvD
2RQ4SL7/w9EoBtA+8/glaX59LdnOzIQYtwcmBjfhVn1628RwJesKpAFFVag1hYED
uxh2vlcC/PkvqCf/yYExNh6Krm1agmm4ZJ1l56GckCQWgGgRAwkVt3tjlsNdUoxX
55gRtYMLj153y/2Z2ULpMmB6wOvPNwzSbZ5h9+EMt6UnK6QtDVqO5zc5fVPfpNj5
0mMNdF1XEfcm64fYeu5IRc2B8MIFGr9c9cFKP4hWXXCMEjB78UtICqwDihgD0s4T
T1zRCMhX5gJv77xwNy6OHe9voXkhV5i3XLyW8fpRTIgWx9WooiFCsDPQLDr/4Qv1
kqUMaIxkUBmAdOh28ouAd4w2gKe1AqeLLr9quaN7LTItxG77BaI=
=4bYj
-----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-01.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-01">
<title>Leptonica: Multiple Vulnerabilities</title>
<synopsis>Several vulnerabilities have been found in Leptonice, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">leptonica</product>
<announced>2023-12-18</announced>
<revised count="1">2023-12-18</revised>
<bug>649752</bug>
<bug>869416</bug>
<access>remote</access>
<affected>
<package name="media-libs/leptonica" auto="yes" arch="*">
<unaffected range="ge">1.81.0</unaffected>
<vulnerable range="lt">1.81.0</vulnerable>
</package>
</affected>
<background>
<p>Leptonica is a C library for image processing and analysis.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Leptonica. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Leptonica users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/leptonica-1.81.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18196">CVE-2017-18196</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7186">CVE-2018-7186</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7247">CVE-2018-7247</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7440">CVE-2018-7440</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7441">CVE-2018-7441</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7442">CVE-2018-7442</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38266">CVE-2022-38266</uri>
</references>
<metadata tag="requester" timestamp="2023-12-18T07:24:40.079677Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-18T07:24:40.083318Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-02.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-02">
<title>Minecraft Server: Remote Code Execution</title>
<synopsis>A vulnerability has been found in Minecraft Server which leads to remote code execution.</synopsis>
<product type="ebuild">minecraft-server</product>
<announced>2023-12-20</announced>
<revised count="1">2023-12-20</revised>
<bug>828936</bug>
<access>remote</access>
<affected>
<package name="games-server/minecraft-server" auto="yes" arch="*">
<unaffected range="ge">1.18.1</unaffected>
<vulnerable range="lt">1.18.1</vulnerable>
</package>
</affected>
<background>
<p>Minecraft Server is the official server for the sandbox video game.</p>
</background>
<description>
<p>A vulnerability has been discovered in Minecraft Server. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="high">
<p>Vulnerable Minecraft Server versions include a bundled version of log4j which is vulnerable to remote code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Minecraft Server users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-server/minecraft-server-1.18.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4104">CVE-2021-4104</uri>
</references>
<metadata tag="requester" timestamp="2023-12-20T07:18:06.586272Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-20T07:18:06.590850Z">graaff</metadata>
</glsa>

62
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-03.xml vendored Normal file
View File

@ -0,0 +1,62 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-03">
<title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">thunderbird,thunderbird-bin</product>
<announced>2023-12-20</announced>
<revised count="1">2023-12-20</revised>
<bug>908246</bug>
<access>remote</access>
<affected>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">102.12</unaffected>
<vulnerable range="lt">102.12</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">102.12</unaffected>
<vulnerable range="lt">102.12</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.12"
</code>
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.12"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32205">CVE-2023-32205</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32206">CVE-2023-32206</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32207">CVE-2023-32207</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32211">CVE-2023-32211</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32212">CVE-2023-32212</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32213">CVE-2023-32213</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32214">CVE-2023-32214</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32215">CVE-2023-32215</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34414">CVE-2023-34414</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34416">CVE-2023-34416</uri>
</references>
<metadata tag="requester" timestamp="2023-12-20T07:27:59.348197Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-20T07:27:59.350682Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-04.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-04">
<title>Arduino: Remote Code Execution</title>
<synopsis>A vulnerability has been found in Arduino which bundled a vulnerable version of log4j.</synopsis>
<product type="ebuild">arduino</product>
<announced>2023-12-22</announced>
<revised count="1">2023-12-22</revised>
<bug>830716</bug>
<access>remote</access>
<affected>
<package name="dev-embedded/arduino" auto="yes" arch="*">
<unaffected range="ge">1.8.19</unaffected>
<vulnerable range="lt">1.8.19</vulnerable>
</package>
</affected>
<background>
<p>Arduino is an open-source AVR electronics prototyping platform.</p>
</background>
<description>
<p>A vulnerability has been discovered in Arduino. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="normal">
<p>Arduino bundles a vulnerable version of log4j that may lead to remote code execution.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Arduino users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-embedded/arduino-1.8.19"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4104">CVE-2021-4104</uri>
</references>
<metadata tag="requester" timestamp="2023-12-22T08:21:08.710033Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-22T08:21:08.712552Z">graaff</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-05.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-05">
<title>libssh: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">libssh</product>
<announced>2023-12-22</announced>
<revised count="1">2023-12-22</revised>
<bug>810517</bug>
<bug>905746</bug>
<access>remote</access>
<affected>
<package name="net-libs/libssh" auto="yes" arch="*">
<unaffected range="ge">0.10.5</unaffected>
<vulnerable range="lt">0.10.5</vulnerable>
</package>
</affected>
<background>
<p>libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libssh users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libssh-0.10.5"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3634">CVE-2021-3634</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1667">CVE-2023-1667</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2283">CVE-2023-2283</uri>
<uri>GHSL-2023-085</uri>
</references>
<metadata tag="requester" timestamp="2023-12-22T09:05:35.565422Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-22T09:05:35.568851Z">graaff</metadata>
</glsa>

69
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-06.xml vendored Normal file
View File

@ -0,0 +1,69 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-06">
<title>Exiv2: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution.</synopsis>
<product type="ebuild">exiv2</product>
<announced>2023-12-22</announced>
<revised count="1">2023-12-22</revised>
<bug>785646</bug>
<bug>807346</bug>
<bug>917650</bug>
<access>local and remote</access>
<affected>
<package name="media-gfx/exiv2" auto="yes" arch="*">
<unaffected range="ge">0.28.1</unaffected>
<vulnerable range="lt">0.28.1</vulnerable>
</package>
</affected>
<background>
<p>Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Exiv2. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Exiv2 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-18771">CVE-2020-18771</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-18773">CVE-2020-18773</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-18774">CVE-2020-18774</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-18899">CVE-2020-18899</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29457">CVE-2021-29457</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29458">CVE-2021-29458</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29463">CVE-2021-29463</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29464">CVE-2021-29464</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29470">CVE-2021-29470</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29473">CVE-2021-29473</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29623">CVE-2021-29623</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31291">CVE-2021-31291</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31292">CVE-2021-31292</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32617">CVE-2021-32617</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32815">CVE-2021-32815</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34334">CVE-2021-34334</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34335">CVE-2021-34335</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37615">CVE-2021-37615</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37616">CVE-2021-37616</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37618">CVE-2021-37618</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37619">CVE-2021-37619</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37620">CVE-2021-37620</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37621">CVE-2021-37621</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37622">CVE-2021-37622</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37623">CVE-2021-37623</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44398">CVE-2023-44398</uri>
</references>
<metadata tag="requester" timestamp="2023-12-22T09:22:44.942530Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-22T09:22:44.945110Z">graaff</metadata>
</glsa>

87
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-07.xml vendored Normal file
View File

@ -0,0 +1,87 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-07">
<title>QtWebEngine: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilitiies have been discovered in QtWebEngine, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">qtwebengine</product>
<announced>2023-12-22</announced>
<revised count="1">2023-12-22</revised>
<bug>913050</bug>
<bug>915465</bug>
<access>remote</access>
<affected>
<package name="dev-qt/qtwebengine" auto="yes" arch="*">
<unaffected range="ge">5.15.11_p20231120</unaffected>
<vulnerable range="lt">5.15.11_p20231120</vulnerable>
</package>
</affected>
<background>
<p>QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All QtWebEngine users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.11_p20231120"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4068">CVE-2023-4068</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4069">CVE-2023-4069</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4070">CVE-2023-4070</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4071">CVE-2023-4071</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4072">CVE-2023-4072</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4073">CVE-2023-4073</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4074">CVE-2023-4074</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4075">CVE-2023-4075</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4076">CVE-2023-4076</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4077">CVE-2023-4077</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4078">CVE-2023-4078</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4761">CVE-2023-4761</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4762">CVE-2023-4762</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4763">CVE-2023-4763</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4764">CVE-2023-4764</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5218">CVE-2023-5218</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5473">CVE-2023-5473</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5474">CVE-2023-5474</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5475">CVE-2023-5475</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5476">CVE-2023-5476</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5477">CVE-2023-5477</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5478">CVE-2023-5478</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5479">CVE-2023-5479</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5480">CVE-2023-5480</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5481">CVE-2023-5481</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5482">CVE-2023-5482</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5483">CVE-2023-5483</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5484">CVE-2023-5484</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5485">CVE-2023-5485</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5486">CVE-2023-5486</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5487">CVE-2023-5487</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5849">CVE-2023-5849</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5850">CVE-2023-5850</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5851">CVE-2023-5851</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5852">CVE-2023-5852</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5853">CVE-2023-5853</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5854">CVE-2023-5854</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5855">CVE-2023-5855</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5856">CVE-2023-5856</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5857">CVE-2023-5857</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5858">CVE-2023-5858</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5859">CVE-2023-5859</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5996">CVE-2023-5996</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5997">CVE-2023-5997</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6112">CVE-2023-6112</uri>
</references>
<metadata tag="requester" timestamp="2023-12-22T10:51:22.348762Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-22T10:51:22.351823Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-08.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-08">
<title>LibRaw: Heap Buffer Overflow</title>
<synopsis>A vulnerability has been found in LibRaw where a heap buffer overflow may lead to an application crash.</synopsis>
<product type="ebuild">libraw</product>
<announced>2023-12-22</announced>
<revised count="1">2023-12-22</revised>
<bug>908041</bug>
<access>remote</access>
<affected>
<package name="media-libs/libraw" auto="yes" arch="*">
<unaffected range="ge">0.21.1-r1</unaffected>
<vulnerable range="lt">0.21.1-r1</vulnerable>
</package>
</affected>
<background>
<p>LibRaw is a library for reading RAW files obtained from digital photo cameras.</p>
</background>
<description>
<p>A vulnerability has been discovered in LibRaw. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="high">
<p>A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All LibRaw users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libraw-0.21.1-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1729">CVE-2023-1729</uri>
</references>
<metadata tag="requester" timestamp="2023-12-22T11:43:10.877313Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-22T11:43:10.880686Z">graaff</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-09.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-09">
<title>NASM: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in NASM, the worst of which could lead to arbitrary code execution.</synopsis>
<product type="ebuild">nasm</product>
<announced>2023-12-22</announced>
<revised count="1">2023-12-22</revised>
<bug>686720</bug>
<bug>903755</bug>
<access>local and remote</access>
<affected>
<package name="dev-lang/nasm" auto="yes" arch="*">
<unaffected range="ge">2.16.01</unaffected>
<vulnerable range="lt">2.16.01</vulnerable>
</package>
</affected>
<background>
<p>NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats (ELF, a.out, COFF, etc), and has its own disassembler.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in NASM. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All NASM users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/nasm-2.16.01"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8343">CVE-2019-8343</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21528">CVE-2020-21528</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44370">CVE-2022-44370</uri>
</references>
<metadata tag="requester" timestamp="2023-12-22T12:11:31.423926Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-22T12:11:31.426302Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-10.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-10">
<title>Ceph: Root Privilege Escalation</title>
<synopsis>A vulnerability has been found in Ceph which can lead to root privilege escalation.</synopsis>
<product type="ebuild">ceph</product>
<announced>2023-12-23</announced>
<revised count="1">2023-12-23</revised>
<bug>878277</bug>
<access>local</access>
<affected>
<package name="sys-cluster/ceph" auto="yes" arch="*">
<unaffected range="ge">17.2.6</unaffected>
<vulnerable range="lt">17.2.6</vulnerable>
</package>
</affected>
<background>
<p>Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability.</p>
</background>
<description>
<p>A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="high">
<p>The ceph-crash.service runs the ceph-crash Python script as root. The script is operating in the directory /var/lib/ceph/crash which is controlled by the unprivileged ceph user (ceph:ceph mode 0750). The script periodically scans for new crash directories and forwards the content via `ceph crash post`.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Ceph users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-cluster/ceph-17.2.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3650">CVE-2022-3650</uri>
</references>
<metadata tag="requester" timestamp="2023-12-23T08:04:29.237847Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-23T08:04:29.240199Z">graaff</metadata>
</glsa>

42
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-11.xml vendored Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-11">
<title>SABnzbd: Remote Code Execution</title>
<synopsis>A vulnerability has been found in SABnzbd which allows for remote code execution.</synopsis>
<product type="ebuild">sabnzbd</product>
<announced>2023-12-23</announced>
<revised count="1">2023-12-23</revised>
<bug>908032</bug>
<access>remote</access>
<affected>
<package name="net-nntp/sabnzbd" auto="yes" arch="*">
<unaffected range="ge">4.0.2</unaffected>
<vulnerable range="lt">4.0.2</vulnerable>
</package>
</affected>
<background>
<p>Free and easy binary newsreader with web interface.</p>
</background>
<description>
<p>A vulnerability has been discovered in SABnzbd. Please review the CVE identifier referenced below for details.</p>
</description>
<impact type="high">
<p>A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All SABnzbd users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nntp/sabnzbd-4.0.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34237">CVE-2023-34237</uri>
</references>
<metadata tag="requester" timestamp="2023-12-23T08:21:16.397965Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-23T08:21:16.402529Z">graaff</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-12.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-12">
<title>Flatpak: Multiple Vulnerabilities</title>
<synopsis>Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape.</synopsis>
<product type="ebuild">flatpak</product>
<announced>2023-12-23</announced>
<revised count="1">2023-12-23</revised>
<bug>775365</bug>
<bug>816951</bug>
<bug>831087</bug>
<bug>901507</bug>
<access>remote</access>
<affected>
<package name="sys-apps/flatpak" auto="yes" arch="*">
<unaffected range="ge">1.14.4</unaffected>
<vulnerable range="lt">1.14.4</vulnerable>
</package>
</affected>
<background>
<p>Flatpak is a Linux application sandboxing and distribution framework.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Flatpak. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Flatpak users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/flatpak-1.14.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21381">CVE-2021-21381</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41133">CVE-2021-41133</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43860">CVE-2021-43860</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21682">CVE-2022-21682</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28100">CVE-2023-28100</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28101">CVE-2023-28101</uri>
<uri>GHSA-67h7-w3jq-vh4q</uri>
<uri>GHSA-xgh4-387p-hqpp</uri>
</references>
<metadata tag="requester" timestamp="2023-12-23T09:05:21.412904Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-23T09:05:21.415262Z">graaff</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-13.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-13">
<title>Gitea: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in Gitea, the worst of which could result in information leakage.</synopsis>
<product type="ebuild">gitea</product>
<announced>2023-12-23</announced>
<revised count="1">2023-12-23</revised>
<bug>887825</bug>
<bug>891983</bug>
<bug>905886</bug>
<bug>918674</bug>
<access>remote</access>
<affected>
<package name="www-apps/gitea" auto="yes" arch="*">
<unaffected range="ge">1.20.6</unaffected>
<vulnerable range="lt">1.20.6</vulnerable>
</package>
</affected>
<background>
<p>Gitea is a painless self-hosted Git service.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="low">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Gitea users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gitea-1.20.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3515">CVE-2023-3515</uri>
</references>
<metadata tag="requester" timestamp="2023-12-23T09:39:06.392845Z">ajak</metadata>
<metadata tag="submitter" timestamp="2023-12-23T09:39:06.395056Z">graaff</metadata>
</glsa>

60
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-14.xml vendored Normal file
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-14">
<title>FFmpeg: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution</synopsis>
<product type="ebuild">ffmpeg</product>
<announced>2023-12-23</announced>
<revised count="1">2023-12-23</revised>
<bug>795696</bug>
<bug>842267</bug>
<bug>881523</bug>
<bug>903805</bug>
<access>local and remote</access>
<affected>
<package name="media-video/ffmpeg" auto="yes" arch="*">
<unaffected range="ge">6.0</unaffected>
<unaffected range="ge">4.4.3</unaffected>
<vulnerable range="lt">6.0</vulnerable>
<vulnerable range="lt">4.4.3</vulnerable>
</package>
</affected>
<background>
<p>FFmpeg is a complete solution to record, convert and stream audio and video.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All FFmpeg 4 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/ffmpeg-4.4.3"
</code>
<p>All FFmpeg 6 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/ffmpeg-6.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33815">CVE-2021-33815</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38171">CVE-2021-38171</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38291">CVE-2021-38291</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1475">CVE-2022-1475</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3964">CVE-2022-3964</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3965">CVE-2022-3965</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48434">CVE-2022-48434</uri>
</references>
<metadata tag="requester" timestamp="2023-12-23T11:07:01.789201Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-23T11:07:01.791705Z">graaff</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-15.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-15">
<title>Git: Multiple Vulnerabilities</title>
<synopsis>Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.</synopsis>
<product type="ebuild">git</product>
<announced>2023-12-27</announced>
<revised count="1">2023-12-27</revised>
<bug>838127</bug>
<bug>857831</bug>
<bug>877565</bug>
<bug>891221</bug>
<bug>894472</bug>
<bug>905088</bug>
<access>remote</access>
<affected>
<package name="dev-vcs/git" auto="yes" arch="*">
<unaffected range="ge">2.39.3</unaffected>
<vulnerable range="lt">2.39.3</vulnerable>
</package>
</affected>
<background>
<p>Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Git users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23521">CVE-2022-23521</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24765">CVE-2022-24765</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29187">CVE-2022-29187</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39253">CVE-2022-39253</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39260">CVE-2022-39260</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41903">CVE-2022-41903</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22490">CVE-2023-22490</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23946">CVE-2023-23946</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25652">CVE-2023-25652</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25815">CVE-2023-25815</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29007">CVE-2023-29007</uri>
</references>
<metadata tag="requester" timestamp="2023-12-27T07:49:08.497466Z">graaff</metadata>
<metadata tag="submitter" timestamp="2023-12-27T07:49:08.502279Z">graaff</metadata>
</glsa>

44
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-16.xml vendored Normal file
View File

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-16">
<title>libssh: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to code execution.</synopsis>
<product type="ebuild">libssh</product>
<announced>2023-12-28</announced>
<revised count="1">2023-12-28</revised>
<bug>920291</bug>
<bug>920724</bug>
<access>remote</access>
<affected>
<package name="net-libs/libssh" auto="yes" arch="*">
<unaffected range="ge">0.10.6</unaffected>
<vulnerable range="lt">0.10.6</vulnerable>
</package>
</affected>
<background>
<p>libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libssh users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libssh-0.10.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6004">CVE-2023-6004</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-48795">CVE-2023-48795</uri>
</references>
<metadata tag="requester" timestamp="2023-12-28T02:21:10.983119Z">sam</metadata>
<metadata tag="submitter" timestamp="2023-12-28T02:21:10.985632Z">sam</metadata>
</glsa>

45
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-17.xml vendored Normal file
View File

@ -0,0 +1,45 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202312-17">
<title>OpenSSH: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could lead to code execution.</synopsis>
<product type="ebuild">openssh</product>
<announced>2023-12-28</announced>
<revised count="1">2023-12-28</revised>
<bug>920292</bug>
<bug>920722</bug>
<access>remote</access>
<affected>
<package name="net-misc/openssh" auto="yes" arch="*">
<unaffected range="ge">9.6_p1</unaffected>
<vulnerable range="lt">9.6_p1</vulnerable>
</package>
</affected>
<background>
<p>OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenSSH users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-9.6_p1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-48795">CVE-2023-48795</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-51385">CVE-2023-51385</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-51385,CVE-2023-48795">CVE-2023-51385,CVE-2023-48795</uri>
</references>
<metadata tag="requester" timestamp="2023-12-28T02:21:28.668404Z">sam</metadata>
<metadata tag="submitter" timestamp="2023-12-28T02:21:28.672567Z">sam</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Fri, 01 Dec 2023 06:39:59 +0000
Mon, 01 Jan 2024 06:39:51 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
e8cae5eafb887bc451b4344e6de2d99b8d6e75de 1701088111 2023-11-27T12:28:31+00:00
3dfe782899716a3480c9481c69bca8c231c663a7 1703730129 2023-12-28T02:22:09+00:00