From b8c4d619a33e892fc5ba0c94bc299699fa8654e3 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 1 Jan 2024 07:15:46 +0000 Subject: [PATCH] portage-stable/metadata: Monthly GLSA metadata updates --- .../portage-stable/metadata/glsa/Manifest | 30 +++--- .../metadata/glsa/Manifest.files.gz | Bin 555493 -> 558197 bytes .../metadata/glsa/glsa-202312-01.xml | 49 ++++++++++ .../metadata/glsa/glsa-202312-02.xml | 42 +++++++++ .../metadata/glsa/glsa-202312-03.xml | 62 +++++++++++++ .../metadata/glsa/glsa-202312-04.xml | 42 +++++++++ .../metadata/glsa/glsa-202312-05.xml | 46 +++++++++ .../metadata/glsa/glsa-202312-06.xml | 69 ++++++++++++++ .../metadata/glsa/glsa-202312-07.xml | 87 ++++++++++++++++++ .../metadata/glsa/glsa-202312-08.xml | 42 +++++++++ .../metadata/glsa/glsa-202312-09.xml | 45 +++++++++ .../metadata/glsa/glsa-202312-10.xml | 42 +++++++++ .../metadata/glsa/glsa-202312-11.xml | 42 +++++++++ .../metadata/glsa/glsa-202312-12.xml | 52 +++++++++++ .../metadata/glsa/glsa-202312-13.xml | 45 +++++++++ .../metadata/glsa/glsa-202312-14.xml | 60 ++++++++++++ .../metadata/glsa/glsa-202312-15.xml | 57 ++++++++++++ .../metadata/glsa/glsa-202312-16.xml | 44 +++++++++ .../metadata/glsa/glsa-202312-17.xml | 45 +++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 21 files changed, 888 insertions(+), 17 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-17.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 6f42c1c615..97017d50f6 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 555493 BLAKE2B 9b9c68f6fcd5aa241244f03965d32d2bee2397eebacb0b4742f3b5eff9058f33cdb8d4c1f96505cd2a1acaed4347077a204862e5674effe944e54b05e7466726 SHA512 bf81aa35acfc8893b8a8ffc0d57915c1a8e6b54e9400f0d03f26dd199de30e2601f7a7c1060d2185e26c3276979665ae687fb8e8a1e2b4d537df4a3270e38d43 -TIMESTAMP 2023-12-01T06:40:02Z +MANIFEST Manifest.files.gz 558197 BLAKE2B dde0fd5bc1749affc0b48b285b7ab9bd0a7216628f650cd3cbf0e6b2a1788ebd2dc667afbfee3491b42c071ba583d8c7e204468384a8f639b22206d6cbf47903 SHA512 6a3cf3862910d3680e54853c513e07b7a7d791fa5a5732653e79584f351498dd0ac5f7c244cf38dd9920afd7da27fd2c1e7a51770500da41d964a2a5ddd6ec92 +TIMESTAMP 2024-01-01T06:39:54Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVpf8JfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWSXjpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAidhAApvskqQHXNDKb23KYww5txqWvEIG7F3zNXzL2khrVh1PxoPhey6mf/bO5 -75lyy0i5D6MZuEUMJW2MEIrcqALpz7mmfPD8v2D/OT053XqP7UuLPBKeeTlQ2w+m -KpCvgMohqFVQjMVlKbYtCAq1Fx3tvafo03JCTseKlZ2sF8xdxIo0sMJGBs2tSc5J -vaxjkT2Wo4CSn0XT8G1g1d6iLIs4eIhKsDWy759WyCU/43g1TzGXqDGhIQSXEX0C -oeJsKK/V1fLPLcP9CnoqRGQ46/L8LdjTDYfb9caKgQ8lCh/hqZce3Lqfyh4KRd2k -uw51if5KABbRAQ4Qc12l1S8JQH4T0yR/BB70ywb50dIfxmQJQrzpr5ybhv5P66jz -EJkpNShtvrZvuYxF71KpTYsuJWNnNuJLRUIrywtyj4f1rmxgqdBRDec+ycrjNGOl -MzCrk3PgEb6lV6qvMicyVYakq6Yl861hVE9kquoh0djsm9velGXnV1l1+jcTLubH -0pPS4luIVhkGuGzoej7UOwhdpUdeZjqPcPPF63+VeIJVZscAizlGnYP/IE7DNyYQ -PBSphTSR5s50IRItmnuDdnzitwmGQM5ngWDFO7Y8T4icxN34GlxpV/LmODnweutd -KNt68X7UTuhNoKV7+ifeunQ3fu7q/VdI5an9REaGKVg/eFoFvtk= -=S+ig +klB20BAAqVFxMgUnpYZN3TY1cE1pYHAycfbddPzAPAx0I3yPolECfSJpH5UP5EEF +r23EVYdedYTG4cj4cXLRRr0cWdI5/2xHN5YzXqMQdAiNekIjeNc/d/bz+fKXbAZv +a2hGFz71burELuaLhtUOgHhxTPZGA7dZ82k2ZkrHdd3zVyxp6rzS1uQOWj6uKib6 +2dGfgRR+sUdAgIFTexJuCRCt861U5LXEeE7kj8tGXE0kc93JXG5QS3b2NmDvY7GZ +COv3ZeAjYVGkfDQtQtzekL+Sd4UyvICHEZ2M1vPVc5RFFjNUuyC2q7P73DoKXKvD +2RQ4SL7/w9EoBtA+8/glaX59LdnOzIQYtwcmBjfhVn1628RwJesKpAFFVag1hYED +uxh2vlcC/PkvqCf/yYExNh6Krm1agmm4ZJ1l56GckCQWgGgRAwkVt3tjlsNdUoxX +55gRtYMLj153y/2Z2ULpMmB6wOvPNwzSbZ5h9+EMt6UnK6QtDVqO5zc5fVPfpNj5 +0mMNdF1XEfcm64fYeu5IRc2B8MIFGr9c9cFKP4hWXXCMEjB78UtICqwDihgD0s4T +T1zRCMhX5gJv77xwNy6OHe9voXkhV5i3XLyW8fpRTIgWx9WooiFCsDPQLDr/4Qv1 +kqUMaIxkUBmAdOh28ouAd4w2gKe1AqeLLr9quaN7LTItxG77BaI= +=4bYj -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index 0ed9dcec42d657c52a5dfd6f72ad42af7a3e93d7..c1be36f2d992534a1dab32b2fdcd1dfd3090b244 100644 GIT binary patch delta 17429 zcmV)uK$gGd^C9(!B7lSegaU*Egam{Iga(8MvH>aMJp@j)leuFq>XZVPhUsmgv10PFVc z2KCr0f7L0nbTQ=I6P2y=O9yiPZQ*>susrV+)Jh?@d*cLrnNAK+Q1N;P7$!FDdWhia zs_;!TYMd9sRLb8+UPM6Y7uXtOYtUuIkYI*XX zR7n1SelF>judA`pL3Zhp@+~`-7?j^r5CW(@GtgAcRK-PQ;opu0NHSBq$@@*UNdL9x zf3sKXSD7V!@F0}xc=lj6kSr4WR0Au9d^Wspdd+*HBEd|vb`_`$IRgyg#fq+WM>`j`{3XaGywZ~H^}BzL@BS;T51V$Xu(Z{5^tBE#U57Db4VLW zNy#MYdwb0_Z&h_Qrcd2EwWvDD?j(Zae;$Xlt-6RYrb|UW2rh$1ZDT!HinHS{?;p%1 zBwvLbzO2?S1N>uVU)!6`YIuv#MSybc9~}tXf)Y=8?V*;Z^DNZQwQ1}yRrt84j!cs< z!Sg#zOkp$W*J|}oaneMwsw0Bsc-&QI1wiW%Hd3;1%wIV%s_vl359s4zl>nN=e`&U7 zP(O8WT!2#L(#M>CkYB^Id%#`M#-MXj6jSP;og&1ja@DDDK-3s>DkAZ0$vCRvu4Sev z(gC5mANiM)_|w_1=f|ASo_f{QEl6N$x~Fb$I_yw`iKnmU{;3BD)ZgSXre z-cN()ygaJT5fFuRQ}9;suw1?!=8OkbAx9C|q5yqp>i=F_kVG|8zLIG^xy~z4%04S; zLFVY*6+p{LDTd?AY8}6R)gOHMv*^s8<2Lc2TG{Np4*CX|NKzaI=10=^e{n7CA5TTc zGKDnZi-&9|0~;UC`%o1D9*Sy7LQ~n}Q`Sr|-BsJjJa@7}W2JevnX2$r`DACs`0SKg zoYS1T(lyJ4!^wzD~4V)K9xU*EP0UF9>lo1 zlch=WF%gu&;-uvjblv%af46>B7Ws*HPP8EKN;o)pO99n2KX|Cqh!o&O9-RZpPCYod zV-HJJQk6&8Tm6q>(#3!M{>Sm$8sE*)LHR=g0Rr8vJ*_5ulCp;_S;DU6Z%PpUk1y#UlUlBML44xqXgHN%xvLXi?g~!1nFu za}GANcBN{GUK)B|e~$L6@HfJCt_PLcE0uL|f?b;eLZ`PbYV>l<*=%ilnEWAf?S>9% zAq`2ofil33(;QmD*+BCqACxo=#^uXuy|Da8uiE)qA?i2@Q2QWQgq|Rpacw)gEzPIp zEEy9Zqu!$iGTI7{LB$#==j?TfqGaN!9W2e!%K!jKh@>Y6e|=`85PpWhQknfO>Gs`E zWFOpWq}cO$bUoBDG^?Lo427zr$&GMEoh6)y+$lg@R}H*NISJAmh`nT}`_ywmSkaZ= zBbF42x=QGu$q}x`k5)hIMG-bZ07w3^T0bmZg)`qAo1Uu<6_gxj)-ovRJg~*#?>ZtY z-rw3=#dW_Rh#!?jfAV~OZ?3jYaUH{Ahuv(UpU7T3u!kDl1q5vb_K9+!8c8my7Pw;m!TNmln+hBBj)iFm3>6F(Y&!$T!cD zY{9_k8mCGj!$B{y!E3dGMw5gu)Ese}r2)CXkNpKwYs&IFdO5OaPnaWiDu; zdOwrK?a-^vZn`Z|6FJBKY)Y?1IPln8SyfBelk9Wt3Zveb7vTEKYW;%w`f(koIR|ko zG{u_u-`)h~(vgV;RG>ts;!f6MYr{(IpA_@crw*t&rQap*XdHjfUVKsfH2xl_^M}Bc ze{QaG6?EhcU`99rtG&p9gq6Ha1|1z+)H~xL*G~&D zt4EG&*^Um6^p!>y;RC7N0c_*j6%M`{?S+b>PtJ#Y^&uv^(+nyX0>YNHm zspo#)#GasaPT10Rs=R_gl4^uo1?sh0NpWQ$?%E`~ERBUztIu<~om?QWdmHVgLv!#r zXxWqWN#s4eGr5*6I?~)$fA_LLM)_28$a&mbJ)~?6H8|GCLy_TqSyF1q_VwSZfAx}C z{FFFQTA$!@DbarA`*0F#`-VSqs4wZ}0J=lxP;IudlTAbp8`LEBL1{}iEq4>TAC8={ zGbQ74qMWQ8<}54g#fc`B$bk%6)Nt;d$asA(;a2vI2Kf~P2F-JjVmXLImf2fRhJAi5<*y?ts)J_P?ux2LyhCRv7XCcvhe^|d= zHNOlL!w29>W$eJKL&H{ll4t>R&q~itcW`41D^N$!j%qZq5^9(^B1G~bdF@9QtTwU= zGn}K$hxg%<0fr2vOSht=73!1crpirVx4Hx`z%{lfxufVOr-Y+_sE4*4e~Kvdl173& z2itOutk0%bFsv%*0s@Z3*-?(R2A9AURZ#fSS|*gOWeW)GWQm6~&{dD%VLOa{IE||F z<(D?buYqFw+*_K(PMvO==1q2PBD=L^wbqtm#v`bdSG8+wa#O0d7^<-GtQ73XYWn4S zpIDNnn&4gr%Evn<-(Ut#f71Y=DUTs1v;oMKDFVFRFEGywP)kKBbrq%UswFBkJaGK*2wir2`U32u>y`hkMX2WV6(>J0+rZzrSlZvm_&joYjaRl}C^6yG#mEj#m}-G+{KyYZ_p zG<9FlqUh=TsawRH%qn~wJ3yio`CQwdv}jg)JEG6d98od9eF1nqrwR^RhW!{@hGVJk zrpCM;HD{-u`*PL%e`}z~33|iRyCe;8a#s_{ly+ZTgG?`p3cK2ScD}*syn4~C)E1&5 z2;@vBl7j}##ykqjzPj9isb9v@62z%^YCom#oqW!KTPis{())QG<*4NyTZRz zssgg)(?UtMe+N#TUmVFBD{zGzS0K4o*yUD1J9ybXkG_@pRX3Cls^_j5Rk<{0iGh*Y z%YY%s^Lya!Odi=3-4kC{>&N~mew@T79!9jH`QJJz!2QskY#D-q*0 zC17OBQ^`bMMcxpB`dKY%m|6R`DE~_v`DiFwv8gVj?9ld|ThUa;cZcek_D*3H`Q9B#7*1AfYJ$+l6T66zAp8o zPL{b%%1)=*WSQNzKU6v=7I1#q&)-(-$Nq>{fBdl4nxX4>qeO;!SCq@PsEeGC>69%g ze|Y5-)P$mV-V?mV2mglJhzMKdSdXZ9Sb8z)*0#pHy**V#1>**+mcGt~I zf15+A2x9%PtImFF(Xs!l2a0>G#Pls8tSS7}zu~PPEDu0`<1LWNvAfJ1|66dXSNEmu zwPcxRSg>+_47~R${gRJ$+kcsyhMH9fIym>&>6}4#2F(&iVPs0;>Wp+?ESK$y3Z4f_)w8N<_>heve>vnJ z(Xjze-3J;6D^gY+M3mk`EMCE?$BJol-?@h8%IN|!EVMSs81WAE}vVQ7ps%kc+tNPiUolZR? zk3r9cr3M7$XL#a$diMbg;~6BNGPORwQqO;D6feL|ttM|Pu5K$F)rn({8{$P2(_nW5sY)KCLB-8e>t=;@+)ONXZZ%XE8xtucd$$NBN;FdQ_r= zkd+-U7dALTp(de<&tNl~9c3iNVlF;Gmz{O9stTI4i^R^yAR1HOmp_JXoB}G*zHb7E z)}mwWPpT5dUvlD)%%X$m@6}R4hV0&L)W}THW{HZ;QHfPgeNYw^LEWXxU8GFSN_ud(%pAm|*1Y2^m-iaeE}8RQV3Vq+ zhBL)o2&9y)e@>lbr!TAZV}AsS{g9M;B(|}!RfE)8psNJ0!tgyD47&jisSF^6l8RTV zG3}AL!4o4fQQF(2W__yMvduMk9PbJu`3&|~NF`JYJ^Q(Q+t8)+Rwr!VB1tNyHT@W7 zvWFTQVO{&`$P>|hf)EOVOmrgAz#}VT&wGF@ zik)c?5fEru+Xlr+ojtbKr%;K?M#uTrz5Ml}=^h_ac&B7h$50nP!H1PUE8EW&LsW|! zJYDp00~6GXl*BLazrvO$)sJ$?Bt0v~Ym52af13U#i4$o7BBZ>?gBg;G0pGK`@y~wL z0fH*;$_JRBjD#|M`6jGruNlg=jgnLi{;b(0z5p&gm> z*jquQ1fIG?rTl7E3x*vt_RWfOvGKHhr9FzV3j|J@Ka?VjURFnr5y~l+2ODR(V8W;17kuYf72)rS9(8UyyLjPtXBLPFZeL@Av*!irNpNEM?kwN|h+Tx**2s2z4uA{T=TV1C!JWsfc(6aUtg!)l zDnn0heW=G5faFo(f|4qS_uc8`OxaU~nj9R}(%IM=#97~0734T!-hAtev&|OQe|FK8 zn8Q;9L&{4h9!O$5biu6>Hctm6iA>E0r}q!3^>SZ1om$8<(vv7xzN}XIwLhvK0$eqC z6QbP9^u!Q5>?8qxR6acqLV-RFmD)y|AT`W*@r~7G{*iv7)3kMLLFpv%>++^1CCx=2 zC%TNJN%i=mh}fka_N}L=<;x45e>$&1bel>?-db-RW}U^N+vyd#irUx(o@I`_8XDaQ zTb09>vql_rR30=&q?=xE7HWf&XLhg|n{(*P2{2db1e^gcBPm|`aP41K>vw4X{J4Wq zNSc#uqb(>bV9S+HwjEaawCg(3pQ&={6`ojCTf_@Aa?h~D22Ke2uFEM$e_}$v*j9<} zM0w7?iRl_z@!aw+eZ9k&C$-E)=K-Ko7e^^AhoF3rjP1uTDY9 zCv!TlC)E!q4(h4998vD9<7^5?fRTm*&-__poKy6=9^T0aqbaOtMO9~K`I>81zpU2z zE8+Pux{{RO0P?ykLujNGe+A=?rV)-M5%ohPMo!%l(Tfa)0JoI^!u>-__mU^^S2 z&{a=Xq*j9m&66)1EP6g(-t!Z3$8#&xl9jDlZ<0;b&;$%GQ)TLcN;ZvEo*N&p*-mD! z+2wLx=uwB4T9xWb(eYJ_JT#@r<`$QaVr>GwWkOxo(CUYe{tXQdCKFp4GYaN znmK)0tzS}ee0TQwx`z#~5@(xzo84@e`r+19=b{)(NSHuG9VQi6&{V;(PElBLoYx8O zI2;!!GKKXxygK#ZlbluYJfGSO`D%nY9>`t99|GLhjZFh(#8Y*qtSTo!n@B~B3UUM< z*?*BrpDI4Fsb}X?e>u??BWGMY7UyWZeH0-$PFhdzoNVvgzI8_(+g{IMliPWdyKF*I z(dihF^kubvNzETaWExoUG#p@+K$)Dw;p1)(Kv$-mD#|}z8SX-_xN}sO+#4YCz#Tb? zo;Di~(r2nXHjOkh;XfO%Z|me$^?>34@Mlz1izXZBXHSwkvXdgN3i8b3OT-cjD_QH%rAvAjRLWvSsu({x!|o2HVc{7!AU z=iiO=wSvqeNR0Zz-I$sBCRd(rGwAeFpWx zsmJHxRNI*@f0lVBsG&KjOYE!Lr9qZM7CE^b48?CnpeEcbit!{J~ z%bOa@0&j)-(DYtb?&v;Mkyp^3N}EFc2`t6h+MZM!HyN6Tdhv-)#~p1iu*03o$id+i z*Lm2Nf7Z7s|9f|Od`hO1(%X3}+Eu__A(DXj2}g9Oe-I{!o)580;yxyUfr1vO^lZ90 zC8S37@@e_ggbI^;b>v_Zo+(VatZ&U7;3)M^4t#MY4$8+Y&W0MX*YS|KxSK@$eWnp8I=mgg-^3Hy%`P5DRL1kFqv&a+g~xGHR`EEMY-(O6INIo*e^=y~66AL1zgg(3Ca6BQ99g2@2~ws= z)KvD-4SOV_j%H{Ie0*80UmnEg@T;OH_f~$7`xG;yjxF(WTqHLc~flzDpkEou0X2j_)Jc(jGN)l%B}^4{%}i{E0pfVAZVo0{z4 ze>*ZeWpbNa(waZCv{`P2Y|?L5vVbpJ2U>B`DA`wW7DB#>bGY52nB}_-9)Ldm55RI7 z-V>y$8dK2dK_BSoE3Rj(Z>#kpHNW>3vDCp`N(xfXb`hnTv-7rfdvy*m7)wx~xRW)a zy6&mZB5&%HrmZgm`m!fL$QYsoq2}s`f0vq4zuRLQJ8d5D(xId^XKecpw=G>=n7p#=4if=*o~dDvH&zaHT_HFj=!rQV zN*!l9bVb?Q(SEa>#?-t)`LbH+cNpW{Po(ta!$_`V7Yyq;`_CWjKI+e}c0) z*L5rGt^sQzv=k|9b%MBupK14JHhXMK&np>y0Nt~qxrd{?l%A|RB|Sx&qwKQU-&PM4 zPFdOSu45M)w=32`TyklEW`UO^G3&W9G^H!b38~6HB%8#82P*50NUCl)c!WU6lV#&6 zROeR;211GMJujyJerE=f5r11 z9K#VbQPzi9*CBRu(j#MoR1FoK0a4)N%WD1bAo9oPik6krNoGBF$}?=IdgB!+afmmk zazGrZrj%QDa_~??4iIJ#iJV#LJA}agGQHNS>Oj4#eucKO#EnEsL zuRX5gEs_M_4-#xbOVP_kf1Bst#ZyuO(AS8`xp*r<)+eh3D5GgK8-;i3+TKv{umkJu z*H!xk5NCtxCxi-nM152vvQh;YY-R&Z9IKHgb4-cYz@F4mn21t)|eQ^DAs<@(j zj@Q0p>km-}O&|o&2M}D+auBohc56a=+~#A#7-2{e;<~&d(O?8He{J+|pfEVBrz?`!DHaz zAqm-wN}Tzu+|1ULf9ZhCsz#d*5YFvzRAn9+OC>;%h^L)_6|Q^F=2HvJxZTZr#z^l^93y7XG7)Nq~Qp2|Nyr{o)F94Ad zMEIb@=-k4lfW@RFeG973lbg;g4115R5Yh7r+I|bXNb)MxIW)1QUsF?0&e?KpWjZK} zBfG5oDVQAfe*vYmV1V!TZ!cDPPg8f3I{D|&0g$*)uu0y?J(ortQy+Sc&egxH)*l3M z@jTvGzW*`2F{dS!FP60mWdsp66$ko`12CqN90)0|?DGO(^2J1krxLvPx#!Iqg-nfv ztY>sS-|bTcZ7T8Aw*<|(FCJA|UdxhN0f`sK#_rZsf1v85K=(kWHNDX1}abKLjy zWwl*f`pF>^IP<7HW|%ZJnAj`qj67?EOjddF^dkv6l6-c&2w># zs@w6AZ=z-7p4HF|EUU(-nhtNEIruHph*iBTe^nY(bLLTDIjNJ8$6d}qejFcj#!0F6Iq3i8N$jKsRTz!`s zU_!Q9*fR5vTJ03IC&z{Z9kyzg2Q-j6qW69FiRL1UQK_Uey|DZ|fj-e8yTciwTa9K3 zo>z9Bk(1|6sZR43op=CuQMXF4Np$K-f54cp^JZ(eqSz@9R1VMJd`nh&NUNOt>F}}h z?oZrqBUAUc z^BKGDchbCywV5b5nqs7CUXb412;Isj|a zi5+(c?5DT*e4Rv%<`qj-OqbA3f5k@7Ah>Zf<{oD6dTi?5Hs`ac6iKgPZNt1Jdy7&M zu(OIZS0aCP^?3+>nfRv`OPN(quN3R_UQhmtI$*cv%tPZ1;+Gz(3ekZcy}nSrD}dz* zR@NTXfCZRU|NT;&Xl8HrsyP{8G*Z5xO!2dAfM=F9S-b%k!b9q8z|l68+9 z5`BH{SKJDkJ6*h8I=#p5i$|CACCXX=KW!U#A0)L!aSh<9Ua*S_e?aa>)i{+yMG6jc z_GDl`q+B*N1qNx>q-wqld?)Hj<>{S1D@C2Z#njdk&|z!sU`mcg({JUMqh?5xeQ;sK#)z`Mn)aS(S1XE>*n-3$k!U9?x^l{9aZEcOU{^N0Gbugm-jV+res#5eZUf7Qkd0E1EKt)e zv;?(OI4e%4a?q>8e2SDRj^*`yu{bhAdoWc)YFlkcU65?0e>x3T-Vplv`K@T1&Hh?Y z%5Cy<6wggsFIn=ELh)iG5fG{{AVj+z!Om?_2wknLp>PL9Id~w9>0wZ}f>T!Z0R7a( zgU4&PzqHk=X4eZ0*ricWSK6#Nl$+KehMcO%6)`hu^Bis|+V__z|8pCdKD)0$t;!zG?0NB?oS6Po&Ly+6?FG5-8c)U`nv0_Gp&!Kr!zCYf_8C z=~ZGmyLPqgWZtPSvP}5ANIby=FdZ(HuS=S*a-F0;fAGY;8vvwLDysX-YW-sQkLdzC zZif_gML~$rLH=eN;k3NIPjv{D7x5^Pah=wc2S6T?e3PX;3{~bu{gi!5D-)3n!~9m3 z@hzK#qR2w86_52TmElldyn|&wtR8}9WkHL1V8<}^>gdB;s#ksMFUf11j*nj3K=#(J z><0gNe_KP%^N3lc#s=?`N>FNw)o}>4Kg!iQNN=55y@i{$NN<81!0>OmGFR)TvrjI5 zcQFQ!Nm(C-#+3U#K)!uy*Q1V4O1*G^oOMBf;Nz+*jkwRvf<9A z(-h3QPN|-_jSbW%RhRBoM=pWp&x0R)+f63Qe-QTFIQV+wR&h~X!7(&~^QzfN48?GC zcSmy(shw;E?8X-YbHH!R=JEHx)CHEt{4y zi{RO~)qW*zuoZ^GOpjzD)rq5H(T>sc7B7MwJRQ%Z zdORghYy}T{XV+D!YYnV^{iHP4xo`6&IGQZx~Q*YVf`+7!a!Lqg>ga*|KHELG3T^G4FzKzJ{bRhm{@+sv}04G9L zpTBj-0ffs`!{K<=eLPZ`_ts;Ne_Bj}&^2Mz;b2jtE>jD+1e^?LRe|kX0EX6-h%MwF zRr~;GPq-Sjoo&%Ct5v^5`R+EZV3?HUrx9JZ3!N7Ax~(Fq!O#K}^ZzXO6fSY9WwuuZR{=e4&$V;WRUeX9tR zHi~rXwDTIhC*}8~tD5<}GxWy&0s7VEaE4b`3QR0VM1bvh z-e@V9f3R9(8_0SV!Fz{O-WulrIVOyeP7hLeR}p}g<6 zcqI;%(cm6hqbbzxFun}AGm{EQv0C@tYTQvrTNrs$7F2=ce>aMw{3-)bRqEc;blnDA zJdPw%R@pnqdq(t3M1-?yO7>{Yo0^vcUsmgvrJLSy>sAYi@Ji06l9AcJ;k-WGM6pMn zwvIWDLY?-3E^3@f6I{!Jv7E1EYS&<(*iih|n%(soQ6%d&OIL|V-AC_f&}D`4f6j||n^dO)IFCd|o3%GvUT-+S z6Q7yFsz0yFNB>97Yjq>wmqN;{QYvZ#5*oB4xu!x1X*lfdl$r`YN#dHEMHTj|NLiM!CnmarL7JJJ#U{9YF8p%9BjDa=w(`2h9qoM*#pKi~)A6ENbDFAFUumlBsw2tbnG$Qdhi50c6t(9$Inl9M@So4n zc5v!IK~ZxO0Ef0?%ED+)sfhWUTJB75eVk47fAEi*7A4cS)rvoNryo3smh|E2V9`wQ zd91+{#a{g~pYuX~Rp6`|nQW0qEI@feRdjY`TD<-sX`jM_sz`{^AbNkf-zxP$1wrJi zt~7yAKuEIaqu6pceyrCl#-ju1)M|s@rHEwLrt{XnS0I%YwQpX;c@?Ty086=)oI0<; zf3{i#(>R^dpFrBm<0gKBxRjp1bRu-J!@*?@y9l9FbEc)I>E)7CMf|c_zZ{#7`9uwq z_z%%s*N?Kjj`^m|nTM&_s?i5*U^8qe11`H|*e*UzR|P~1^q^Sojs|!i=A2kjljo6v z=AN*D+yMx81ln|h#Z`O+r_(PlbZR{jf7E{>^_?o$WTNR%38iiNGqFX3Ty_u7zyP3J zuWfT?hEvyNaNZ^#}=4tL{80Uz0TB&`}W90Z|JIyfZql-)q;-&QOCas%IW z;u*d0Xm0ttomRR!V*&E^W&si$;I~)YTKbz702@a`uBA6-$K|y=FxP-efVzx%U_xq{ zn1+KMjzjWYf4#3(Ddzx1Qp`Ub_bS&iiyPBaPCZFa%8IaIh2=am$6BVskjM*<^Zl{p~e(Bx?`K7!nSD zvE_k$&CA2km9R@XW;*K0>ls$5fhO5dU&BgF4qhWja%u5(cgoY+L!(ay5S@RTpy;^bVP|V>j-EN8HG-!i@-hO&f>*(SHWRdS++ccwU@XCf@ zuh`I8bXmBo*X~mq+^v!4(iGyPRtnwH*t*s%em+5&6#Zs;lE3%rfB7iPtb3iqCyI0s zmQ)H=`Z~jS zuhOkk>Vn;#+irgFf9mzx#!<>#9y;r=Uq*7)OPQMHaFxwS4GlS-XMQu1IJHalY(>hP z){k2aoY$O&KkBR@K~dp3AhB5VR{Q8CFg@~kqE<0d+`2*|0HRYj?`lbBdJ&E;Mk)Isxf8moaOo36k&udQdbpX&^ zs$K;d+NJSps5HbTB<^yw9Kq04gVU=$S{ipZOFBuDly&j*f`X6kJVG^l_79dW3D5~? zVlY{Oln6dP)F@M%$3#N517B%!yT$a$d-jYejCG|<97-7u_G2ADBi5@g+a%|1KSP2( zn`~0qYOVp^e`V7;$;%5X4HCcXtzW+U@nLdTRGafX)qv#_9pRMmLL@3{?Bj-8vj)3p|x!a2gFHrX!(v2>cJ zyxAN--96;~2R*aHOj}Z9N%B>0sOb+xokTJ0B`oQOe}5_R~e_5@c4p|HzW%acwf7xIn#(Q+3_KxP@G(28>Uc;*6 zkts%i(3bph9yczj{Lk{XzBwJMn)P(ZT%8|91Sww}t{|!Kfs?)cs(3tgh?4)!0<5ez z$%c?9e*|7Y425oOE!Vcc85^!Vj{5P~RCCfUO>TEej|#%4MOxO3OO z*q-dt9nW_xvb=&CWP$wD61X3|`;>}Z{ ze>Bhv*eNAR+l~~~KhtVd$lk=UaqgfQpZYoc)RMCZXw$)&*tJ;W9n{$H#n)6@f$Fiw zEq_J)4{sH47C6`&(?cmwVtNE(I*AW1xV_AKoCuZ2shL$)WR^M zCzP;A*;?gm9F-kj1}<$a9#xl!7|~fge?q+Xn<=j^tMyU={}|fmo9H{Ji!|Sz&#I@E zB3w55uakpMnKMA(fb@%J=tb&L2bETqUT@ozGjnhX>YnFsYIJqEK}$ala)r_~ zTxa`}3CLJUCjlynx9f`DPilbx-J{d%w`|M-z+0nt{!4k^p9Qqi5Rn*2@+Rrpe_D^V zPi@B|DXRP-0;Q7#vwMEUOUQj4*ENN6kh6%=;!xv@cy>M(4_{X6moOhbeMCqqMd-Bb zTjW2=!c@SlQQkIZVO!Qsl6tqvOC5OKn(+`pPMPx>an5{M7LmV`B6#)U+bW@|HJ#LW zMG$0!$|8tccjg3cfcRf6vL;@xNUP)5ntV7$r?aUXKsj50;a^_1t!Qlj6yS{+=-xgW=a9ttv z^$krx_?i;v8Gr0iOD*fYF}V&A^6dzL3O7sZi7iiEh;Kg76(qjRM)ViPe?~hEJXQz! zReA!2-q)V|T8DjJ2S~`b+Ne{Kyd(|?1%P9Kkmi7@UrL+EO37a;EiRL(UI}9MTpMbRIc&?)m5WlR}^(zni zF}gzDjduB>DwA6jQ86gHe?XiEik-t}m{fysOhyJk;>{`a^bjX!uGu*pDwiGBJW|No zaRPl(U6Qe@@V(i+tttamS#Kbon+&Xr#tU%iBSZCe?nz`BOtztl^f#qWMbLz*#$M52 z_qhc3!6`h&Rf1T|>ln@hpmXM=O97uuEoi6h=2bOTf7%|m0yHV8e+nEp34?pG{u|)> z0rT-gY-CY7sQf97X(*=Ajghk>lPuW-dA2;)ul`erI9E`IcLHum4;ldB>6-vc%AvL zONjWoJWU_OQzfLmcr7xufCKWVn%kwf?I^jOTHEgQl?-5TPA%wAIyHIW*lxCoG|Nl- zSmhrH&~{u-PS&1#jiMals+tbN-%dn+-0d#go6>lZ;*B>bj;gA#6;9>(9G@1`nxRnib? zB0Ep+@GU>2y-B#usdj3k41Qsq@Z{NQp2ynOvjjWPD7*BK5amRrM8!v*8nG&oO*tN_ z`BCYUy}qp0kLwCa;GGi{Z{#nB8@HrX)gqzj;aEdae`-zXQg0lq#)&**FFvXjWFbac z@_|e#SCS^JjhE862r%S5BXt@GhtMO*k1+KZTMW8)@ph5u|JqxITjFWZW;$vJPgMl3p9Ji06@&|7(M%MoE`-YKxW!IY#qqVqld5NtcQ zdwMT)e@}@n=8xsuuzIP;R+M|KV~e)9@hKz$YD?+yO0u`% z?_28)1KiyeE+?gbS*`Q8>GN^b>>bGjauO%<(l&S-$!uXj(6W*1)IEHWyMZ;{Oda|R zJ@L7!+!h;~B`IUe?&iai;S-@oIolzLoHY)E>L*e;1~8E98Gu)iHd01@S3as15%P#I ze?%Ixa=3UhZZ}dam3wu9ygP%jNQ#%om~5qemkvVH=^jGuqfQ5BFis%hrLfNF=xvsB zF%%O}V(-=$3_PP1pPsh*NPJnXAF+|+L&EduNwE>BG3vP-@zMQajeAI5o+KK@RI2?- zs=VF#;XT$;VzSAdA_JGEPi}T~h#7iQf7_TWeb;pwZrgmn09&dg16=!~tcxZ)?=kdL zWy#+;>T2`=O{osOOmwi0oZU+amuhf>+I06g*-S%Dtafj_WhvWcX~_a2@2J$ym*BV- zwVu3Tdz9wjlp0sdzUtxGEhjMyU0+t~58fh@zT=iwne0%i#3KIj_SE5V=U%B+e+UxN zNrs3pC7orKyftayj-W@aXAeWNy~MJd?`O41+FOi410v9=jadczbnv=CT$11Ying2A zdn^j50nqju^45+?rEN9pyR6H_zZ!SfP%)|5!j8WJXEPVaW2qYD*Z@rxA@Z`}sqzr? zh*Qdj3d4j7x}7{sXWj}pBPh{Yf49nNf4;@7*LcB)geM`Q2RUuJ`YFola8V(AX}eUrFMl*dbDRcs_cX#Bl==T^V0*00z|e4j*$Tm>yCm-=a=jK6aB zzU{t2Mb@*b(Hp>aNdsKM-T@k*;8-lwf-=by=qL; zk7YkG*u1RzZl^I)=kQW>-t}GzjCDJ4d2W3;Mdr)}U*gtlyx`*`vW+F=XN{aR52L=J zZqIBajs&2ZU)p>5Xs^kmsOL;aH+a%RYf92KpM1q>ueA$c0 zKaA8s{zvby%BG-He8nwx#*~26+ivC_0{{;!;1lpqZK$v16^EHv+E@--$y0$}!Yze_ zlK2ULzWqWe63$&G=6kF8Qa-TnC=eUv`Xaau?e-{WC8uuc`j^%Er6koi5yI;=;5yGH zI)d5M$#shIQ8d!2f7Ovm_tH117`H;+AO!2|B#*&108nfl!ON2-fPGZzzIe!gys)G{ z#5-oCo1zZUY%9z5>+D|59&bU2TPGZSOgKGc($#HEtMZz*;>I9Wakwr1Ie*(bN-`{! zHc6Xjbne+@ca%B1crbyxGPD8GI-70w7zLd}p=8QX3TYj*f32)%9$!}LhX}!8|BxQ0 z>S{?fN4_M1HeGQ$=%_JqwQa7I5^L25+2LUwL1X7DMHY8U^ zhryphJ);aA>pqRF0jvX4{8ehZWSi4g#%pgWv`22ax;mg*a8OM+Nqfl$)7X;l4&XgZ zWs{SC%EEP|Pu6R-k$(sDoW~aPQ5;2?mwV6kDkzm7Y6p$JpM%vLHf2?L;@R`ODNgg3 zocOvs{qT;jPBz?*)8yKygIh8dsI1CH01PYSl&bfEwgVhERr4ULthxtDgM5DWHmOTW zY4%Ebst(lzruF2LCbr9=)>+WUTrn%NedZ`u4l7E|XRW0Bg1yTV=03u~Z z=}&NiLv%Om98z$(oLF>N4}eM)o*aCV)FiP!dHKx|xb$ZlE@HYs;i`!%&n;U-KW9$< z^_Oj%tMx;KD4#?7M0UP4=_+y%FVh8E=Te0=BWK)b8B z8APou2dW08%wYp|#O7h)u;fU{4C{Y^uqgBr(Z-{*0(CllxKxqjgirY{3 z(mbt&8kN$Wtn*GsJEsH<$K#d!;(OoT2F5e0&@6ztH?kS6X@Pbx^Dyq-HNe*^!}K$`URoLJn>2C}hG=1y+FtcF;P`)7$3d zjXQOgRQ{`X6fS0hByh(zbU-csDC>`a{4S@l@c>EK1OiIm(~ zDR$2kr&nJtLX`6PAWCm3c^Fx@Iyu;v*(Iz?kAJ9Jd>1v!Vt0eJrQ00KW;P#MzJ`vk zk-S2-KXmdNLdhkU@5p?@8PDh2-ufXzgpa#ZU7(kiiqG`Mr%*DqYOmx`EhMUSJWkb1 zdFy-bD^~R@lWIj%gR!g+gs(KuNs)oqRAsL;H?a-xgJE)}uj1>+Qz|l1d9X1W3(Ub>f zl?yCZfk7c`O~X8lQF9NcDF_lGlJal=R delta 14704 zcmV-$IgiHmh$7|lA%KJdgaU*Egam{Iga(8Mv_GU!v&AVO689w6Wm(}{I?0>59 zvsGZv_qOd;Fs<3AyY()!rpUt~R?dSuBlTv>^@BZVp*8ocw7pHBZO;=w&d$RJz`AX_ zK`m>ge>z3xCWah)qOvyr(t(`+H*>yUSe~C0)Jh?@d*cLr8BPvBsQA1C40BfPdWhia zyYL^!0&FrsOg2e)K^o)v@+qHjwNj_NfMz4f$+%-Sn#WMA-&2&DvF zB_v;k9KNj9ZwL6t%)Yiajn(iLp@{(PwO=|AxCL!I<+Hn5p3bwtpG(!)VW{x&3>}#U zVS@K}n3%%uq@S~vKjfr}VpT^3%kjF4&I*9mE^LIdaLivh@l@SGksr{{tHfB>q(POZu4e*;B8&+FeUr$yOul^3CmcJ)2%C#M!j9c6W1+P+b*6XEoKT zbad+OdD{#%y|r%5Fa($vIs3X*f2p{689YV;2~Xp9OgU^SRqFd*rEV^sOtaTTaZLGQ@)aEKDy2`KxNmA zT97%qcL&gNREpvFvRcQlU-d`7e9AhrU*|UQfUWHAyaxIPnAoJ)4b01?fA8a-+CL^m z$1aF8;ft4SC<7ZG&ilZM01sKUB%!I@dD|D>>6P=#Zw&Dmr8YhY31_+H4@PZ#qVwN|LnYtO1!xfBhB9d9FhMgz^E` zs!{Quwu2q0q3DF+%o&HtE1~+NFRS%at4<%R+AdRq-k}Rmw9(d>-8{<(cVr;_gF;-Hx){L{WC)sU2*aqn7~ykZ_Woe;o7~Cq#I4fu%D0&8FLT zJ&}FzsF7mLXX$#VW9X%Rb~Y5Mj%II!GwLkiIP9GQ#5L8xn=L27_6A}v8R|)TE(j}{ z@_WRRY@@Cc`YAfXRr#&OhrJW?TC=_@D++~3P}_ajPJy9HN8%}I(4h6k3+U1KP#{f}o048RW^s1$*N@Di)88*JUmP|EZaD!~ z?g`0&R45dzdRvZmb*J2w8MT>+w;EN!bt*QIM|p!@Pu^+_La7LU?5e}t^}~)Cp#wp_ zdY0@K44kf>R0`=1dXWuYs}*ccNg!+ukCqY&eo2SI3+Btmb)e=P z#H~;jYvR9K6`0$OOe}zb5}mR;S&yv^E46=8%uk;>pysgsE_z4f`1|F>7v!h%_W;lD ze*#m^Vbg@dp#WCUkvD)D;RLMqY7Qi5E)99P?_nuPEkdi|;|)txkw2 z8CSe|GsbmozNbL?_8{aN-@YQI~Fp4%fACCTL=Q7~Bd@IGOp73S0ey*C? z1n+{Pl5Jgcr*_!9*#+%{514Cq?j&7Xe;fMrB2+CK^7!@}b%1L-sp&qqaZ#yza!{y~ z6p~WUJw3#ppmk2z(sru6fp5x=>0)gGzXfGYA zgU3P3o~TbEKf^ndds?C+&29B}FAMA_A8HOckNc>HbjhJQ$NE^14DZXLQbU%nfB#;s zm(1d)#DUWK1eaTh_WODcC$Y9~__Bxkw%r^+cjz3d&DP~)6OqFLHHp1LZONwjsY3U| zku!Ft&A6N>Co8)-OJ+Se(WDZ4AcGb)oO>s-UbGrg5S-0=oT>uSUi)&8kGgsX$q<8* z?#t(Vl!YeTp4zpiFm~sdqo8({e~@&Ps64H90M&Z1)a^{El@OL;j*Ivk_9Q#cLZbKn zuzb5}eisA!CLS5I`t#Sj{tuDa}aP{p;?kIZVlyLM9fA!F|LlHzT zY9z>euq;=}`fPdy!-|3~AmB4QJIc}4;1al^3JPCZ%Y?kOYyp9dEU`!fP4x&~w!_$m z)2KRMeko)88YtG!y`@>~(CMaX-el$GWVhB!t+lC`aStlx73~_Uy(vXo3{}{8R|)#ne|&=xI87adraXo{p%p-`OcCJid4YL806KZ{_qyGar$XOb z{0MRYY=9fs*OisFE4D2f6I<8xDaU;~#w)Y~kTV8k=4g2TOQc1~ z2%WN}_py|gv3;%|NvGYv7c-ElV;6oA4l}rnf+AEZ(ji3E2-eHW!R6t zWjLn#ZfeZyQIi^cf9}gw^RIy-C+H1NpBy#7xtf|trnKj78f1D&l-bqZv-1s-^Xgf* zQcH-6AdoYiNDdk_8}lHPZ8m!YhJG1SOAx2x;eJZrJNbM8ZeenIq_=b*`6&4v2}B3Hsc{2X|5BRPHu)Q-s(>hfMm=jMf3ZpTULh-)GE~7=r-+yU zmJP!Qb{dDnHkc#FYrDJM%+|Lk|J!)_Au#WFVyr`>(OHz42_lu`c$@*sTM05Tab7}Y zOg(v#rkSY4yBE6z$uezb_pnC3_QI$(` zmKYeRy$l$FJiiCtQuN5i(>?KJwSMf6&X1EgWMb;~u(f=NG4t&?InMmTWTKub+I(Lg z&bi0nTH=wjo(=YYuCo%L?gFHCf<#xNQ&s>40umN`f14fpg~Tl|HpCLz?zD-^+wa$E z>4KfobLX~BdFUhvD>5SQ4&rOKXZS64E20r*C9cuUkFUjkI&n`*76jhmK@0i^>dW#1_q z`o7hZN-T37&`zh>>@s^Sf2ed$Ea3dIpTDive~wwwZ-G>fU1jF@KY~-e zx^Hc-ZI)SG!piwE@IEuQ+kULa`pe)nluL!6gL8i;=M0)NXi^x3k)g!J8S6@Fj8K-S z;4i-l#Xh&iuX_1!A)DDQK3c}3h=+zCf4u_L2R!JsqP}cDx(6tqY)WpHf85q31Ehlp zU;_zf(OG3;N^r3bJ$yjf_VchCH3W86@ffg>p?rdK8cu+YFLCQfW-;F9N8H*<0Gq3` zm6ci1X1DW`fnod%Kwi~N94ZFwlR->@{kWY{(ok>O@Zvw_+j2z#&jY1ODykYTf3nd@ z4mn74Y=ETuK;>Ya(5i!ovR-jZf4ZB)P2}UuZZ{eN-+9k@sd44>9hBLzDL{aje4T)C zMMG51%`@qeO`_QiwAyn3u=C1I_3N=+>>;#70-Y)nA^so zG&QT%@TX02DEGvpI)IZak@HXke`YxH-EQ`)wmdTVLj#CDy{iyCgqWv8`s50Sq;z2! zI?(70WI1SZ&K*jK)dnV*`>{#lt!&=A$wuLX`;Ued#C`>v0tsa;>1?WMHq=%9?8Z)q z&)CPH=fYG20{R)&`6TZ?fML8N=V#Atmuju}wk61!y`hF{PCSu1RdbB#e?)ZuYgBlz z)=!g7{Wyu5zC5O1g4RJ=8D7`H<8LcpS1Y!$oXP@j11pl@q2Y-J?zdHQ+h(V>I=oF{ z4)GnV5tR>9gAPPH5@DX`S}I{EYi>X~Wu^5;ALsjGzS$TKRO_}1kQRwwY<8!=MgppU zlp3LW@uE%$P%HZuv^DD8K< zE_7Zl4p_7JR%OcBWVwXi7O_?}lWCt5vT$y&IogvI+_7Ko?{JX2kfjdWGTKkqwf z<-3)GlqCGJT7R&--}~LByS5~Ub&_HE*wXH`G-|uuxet_iO_$Toe6llqFWp<+a|yv} zc;rpJsFdM#ND~{%f412eI$9TfM4j!jx!8+FenR&GOuNXVznG6#^?7=MecB(&qMu51 z5V9@@%!Lh(P^d|$;xpLHVn^;#v6!1DXm)2ktg3=0^(L|N7(`?Eeg0$U#wmb_wtW*o zv=$v}e^Qhv{*n`aWELGff3KDbGGzB=p~lV>ZI)ncj!Mjue~gTT#T2X6@Fo!N`c`*4 zKQ)-jDs3tGOAs?$iX36mkHU6BoT?6vO02qVoVQMydzg$!R8(kxH_VqxE>8L*am25r z=URbPWz|dpyn$8LGpq0x)NOQ-0^X&|-3d*-l=R?mnK_6_wR*>yZ|^mRRWj$jz$Qgc z4QGm*5J)Lof1NtXPG45*$NmTu`ynZ{Y;0p=s|KmHKvM}`h2f_=81?`hV(vf+B^B>j z&bUYBI&X}`1huzF&H5C3%XY89a=a^uV+@7D-Yut?I`x zqBYdB64te^K6xX$PY^*?<@RH4?=9x{e`xv}ZJdY`5Mj%UeK6hTV!-!kZv51a z(m_!9&3u3f%19{FcRhp^?KMN*wox`!gFmfBu9&?GNyMh$U7{|gDs_M}lhSer5x%+x zy!g&hcV<4?bPhU%&MNR$_%`y}s*vj%z{R@}Oa67W>U*_5_SP1lI((;2k6li=N=uV? ze})qS<`P%#h%IXmG&scE)Y0r{!ohW^s@RSTAiv@tBawu^Y9Wp zszl0ZrS&A zFP{TUFmN`qqa?wJ<)^WL2OxG5YHKCi@f-jbu+LJ5OTnFGRy^3BTGm(q zP0G-dTNiwM0!Wq$7f`AzyzfqLXUbL)YI1N?OJ`$i5GTJcD#&rdy!qA_XPYg~f9;}c zV-9Z-3~66F@xUg=Ll@j)!)9_olE_qjaeDudT5tE2)2W#}V|x;G<;!ZtU;Cr-A;49F zHzCTs3{MQP!%7n1N9EIW5DN5ZC~zBXg48hM!#7s9^N;j%I!#;p7L<-Qe%;>G#HhLG za-z#f8dZ>Rn*2V@GNuW)zD~0 z*rFV^J!`~4N993dM7rViW`-Li-r2!stj?iNC%{~#1ULg;o}_r&hfDjiTE9d4>EjMU zA!$ysg|?uufF)O+Y&)#-wDUgVpQ&>A3U92aE#d_lxu;99ffIth`*zBaf0)p2wpHXi zLC^XBuUKpXwNEw$aw$LWa@-E|_KcZdcc<3k)H4cRyHqFlk8~zZt3Rb>^$3a5d^&`Z zCv!TlMb!@=2PNq)N0dvYr>bxS7^y4p%%3I3IYqDQ;S-H8n!<`!RCRWiuexUC%W9=x z3D1wwm8b*f=URL3Ca94bP~_YYu#rtrXQnqHkn{0}PCSZ6wRfaC8WYe?Q=f>kz%gO9D zt6a_tEp>R|s<10X$7jj*p(#x^wz&K$)+W$v1{ANG#{qKfdGOv8fA>vm<>j>v3(YYa zSNyVCzfH~OyRy&MJuGV2{AE z`|pJ5!{Q^GdNiKOe~G^H_;v9{)k0J!eNlWt1$@0GCTX)p4?e!csd7L+S@@`1V zIvoR&zO2@7Q}f3VnFdz84F_0lpp4Gp@VMIp(3QzaMfv5G;U;?7ouj(s-T)Ub+>xWx z(`Mnp_L*WIn?{-!;r}vTKl0>R^nl_3@Mlz1J5>~WOQzd&e`~kbH9ctxcsgvPP(2ZG zdcmN`nG;Q$JhQj5#Tru4)FY=D(fF-{=zZF^dSv6ka4hdn-?FXYN7Zy$Tbrtqrv07T zbdSF)`}HkX_R%%+Y#)haS1l0gnXcXL>Hwcg+BBg}HjWZ)NxV68)=p(>TeO{q1Jp)P z9~?eD4yW2uf4uFS8V%eL?`6ImGnFlPMQExHPL--!={)AE`bxy@+BeF#2z>l08(ZDz zb}aAKSQdCI)Q76~vT{dHQbk@tdzdyveFc_cZf#H4#zThYrQSSIa@^7K0z2HPj4L?2 z;yQQh@@syJ^1pYd$ERdEDZQpg(XI^k3MUDO-{FW3e+*%O=y`}uiCZ581_&)sY3+7% zD5OUA_S5pG2^A*y;>f{nc!roXyS_Ddw7<%-gpfx_n*(Siz9pr!8V15?N)nq*4Yor8 z*}w@_Y#}|5@`(y>*qEi%JkV){TgJ||9Z4staT6m{IDlK#sjI2Y4y>^@m0&Y3>z(O7 zA20Bof50+JXv_5XYW>QUvH0&Of2oe&q8QpDwBFy#lIM01kE2~e#`^G-PP^GB4upQ# zOaW4>2&2u+QPXefzY+&*D~XLsq7huT$UFP3^gk1WdO~Kw^`XYryQx{F-Acp_Y~xOf zW?yQOp)#IV9a&E+Ej*3{t>Sem*;KtuaJ11qf3L_f6y$N}ze@B~6I7qu9$BJa0x3fh zHI-euVfRSX(F{$2k1wnB+XwME{Ho~5vsGY*@6lqWu8`hY#Ltn!Fgd4mbNgDT1s1A-n)Hr@mow6kT#uQQKtM)wm|`MXV-}8 zx=Ei!eyCHLmc9t+)0zMwql*%RnzJ2Ve`?zLU6*C-xch*o4kfiZgL7)f_P#s47Id1# z0AOJU1TP#Ma%T%WuCvEh?D6utai|9SSkl#n$t%m|FcE-f4Gnv|v2v*E4#5dQPt38P zI?iEsc9OI0Z~*%Re`j;< z`%&0k1J+1r$+obS0pjjH)2`3#?y)UBuVnNAbiWkMJsjnQda~|NdPth1>~^)ktsWpw zm$KhY$1XN*Q>=ry&-PG1qI+bx~5Kl$mbppq0E1WP5_ zZ@}@&`KUjB1>KIlfdF*!r7o3zD&OMdy=lHC$DZf)f=w>#Ub7# z<$yR+RVla2$-zSnIY5{}vO3DXh&1877Cx(w7r4xumj8E z*H`08bAo34Om2exCRLd{|J$WC1GMsZ)2D~VpJb~!f1;(*CL8)O&dS2Aux)*@R z2qHWvG5V@uw}72dN%|U8pC>n^OBnVZT_K`hGiduQ@FK~pROisdmVS*@JvnE~wUue0 zERO7y_d}Q*fAs;S)L?*b)^BfCc~4U}lREk5&;gLRPq2yJ$gNu=j-d}dN9S%|R_hOf zxOpFMEZ_bZ-k8&($`@0v0*xTT#_T}faRA0tk^>=K^YVQGF!^F4!=wc7llHt>g~*hX zkhOZ_`5xaYXj6%=wk2rNzIaq=c}^*{0urwt8>?GGe}Sq5LH9t%IlR#4l)*izlUmu6V9M7}9 ztk&x`@IyGzyA!7ffwol*1wLFDXBxE0^C`rM#(N@6th~pb;F4zn!MXv0{bH64U}O&m zS6Nwoe++oRu$-A~=Fan0kZ`FmzeV3hwWE29N4;f#H13HuOFc?KjI6^jgiHyyktWBe zxE+`MCR#@BSqsMy+9kkYb4H>ucj+ZtuhnCAw?tJ#452Efp zdgqKyDpaD6d`r#=uiBne_S;aPQ{OTv1FW ze~;K>#&4_ja~lXj_=xh2CkyP?;88Efx%;jN7`i{hBeIi30H<_ig|4?7At#HNakou1 zz=UkIuw~|#TJ4b9#IfN(hpn3B0S%;%)B8T_L}QZ0U@9@i7nUCh=yN(`cQ_;TsL^bL z=Y2WP$jNi36sP&KPCS6SQ@2X6$?4RSe}M72)5F%TS+P@Is69NL^KG-rBCT@nhr`Ft zyRUP*jSSu2qBqB1R_hl*e8jCD<;=WATfpHWAV7UJ0m^{oCG>Ry=QzOz?6Y!{o7DHt zX?168^z7xO4g#7&Cp=1+*%B@pjV}zHvs~*{IzW&hWIw_I$4xrFsq6I~BC`l=f2-ZC zEbKk`D~HF{BVEB4=-BJZ;E+4nfKXj@SaL>tWlP(`NuV%G(YyGPMVz~)rc6MK09qA+ zypbF1@@SQ`>t9%^b)h=Gtk(V8k@VhMS&60Mba{c+q}=lZB7K|*)kq#XM`Vo20a%Mp z?6^ZqI!3S1d&_T|zsIe~q9)aN}r|*P5?K;)pgi|S`f0360X=VKp zyg%$mO3F@?C)ZLK$%^6RgdK4F_@r))?plAY$kq#fGcde^RWxvUlQ+>V8?RmwCa*bb(gwx??|Hyg5CdC(ymvZ~DQvR}Bc-u>BjSZHoDlJ>{BzEya0hdeLHW1qtoSrHdUzUf~6}s+nprhkT)-8KT z^!0gOaVu!6mDf839vaVm$36dcBA z(ZGJ#a#__B=%iVbs`)bTo#2zo(>r~ZvpRp1ukrV4{oDo~9KH8yjgwGgyL;U-lwM#a zP7N_dYPxiL4oO?#eA`NQjKd3FnZKck-Slu&&yd*s-j2shm2wp>RlNoavT)fxp6Mv~ zxt)jVHaAryM3vVvTxLm-0rCM2ArH^N`2)%gm|pgXJ@o7nH=%+Ft(~_JU;d$@**R zf5nmUIPYqz1uQU1SW0!iZ<-rG$${I_B5AWEi{X4-0wr4;ObM3M9!)9_6!Q+SM71cK zUL}^ZYiGTj%uD(r+X;V75>GGz42MhY*Covtd!1~3f8dRKHvmX0FskRvYW-sQkLdy{ zZig-Eih>ZKgZ-Peha|mzk~)OSi+B{txK8WZ2S6UN`R20ip{p`4>WB6ztxQBR4D(Bu z9p847K#C-KHG8ZdTNw`Z#T!`m!|EYuRu;6F2X=H*uZ}+aNcE~8{U!N~ol-sLHa1Y7R9(799k~daPY1v8Z8sUAeeQO z$e|0~&7V?Jd}X$y2u9nVHXY`9bW3B;Bw|Ceqk^++Z0C)ELs{!qx&v(*YMR#s313$0 zSFY@%BWbIoDS57?gu|55+hFUt7hN2?Y$@>Oi97fKXkb}Evlm73fCr%Rp+CGcsnQJg ze`nTn$1XBXRw3<+3y4+Az(FNs(kQ z@3S8AqdG}tIFE2XQqIBhIqT{iTB^bcppG(T>sc8hFpFcHYxOE55BB+Ov4k&91}jbYbTZCdV^j zkICkVt>9tp?7j=U*1+o5k4kf;eVcECbJ8LW&~iZtIUm^}DYA(XooHgxwLg<@f25p= zmg{ZXAbjD8$NhH|Bir=iwO^mR9+Fa3eThQ`HCM_P5FruL*LR(8{1apeN_H{;@^C9@ zdu#)BTXRpR-Y$plOFEqeyR-!%G^kFfQM0-&tE+}~-{ji!ZA3PP1Mx?-pVB@G;6%98 z=daCi0O2xhI2>y}$Fh}qZ$0*?e`FGbt_iCS2NRAuO)caSa5A7(1-3K+47Dl|o5??_ z_yN#XxGUVwvgnu9Dqo^}a~l^hOuXz*Bf4%EIxXsTTdOvQTc);vX=&eqB)&^feR0_3 znzc8bWbtKPF+WN*T_h_=V?Q)>^PH?jXnVRxjA5pby5$DfWfw zv0(9)%BaC#f!f2LyAlyiQ_at6oRzwYNZH8dMB@s|b`9 zigfF=@_Kqt%CFh3YUcOO&>Qy!^effj46m*fn3#@;0Od<|O7qgt^imu)%(fM{oB)D< z_rtq{+%6?87m4YtUv2|`6b_u9fAd5TP678khnJ1y65GpoNnOz%f1nm&m+b>gg%~@Y zJav1B8r4M({o_!+ZdMO_w6kcz3E~D7D$C&shuO!G$K4tU7NF=&{ZNBfNuiVfyk}qe zK~ur}gVpNWK-RMe-aDN7zSTyyWwG(&ypxSK;I!R$sMTMac1Jkt->3R-a76u+ialHE z20Ek<&^HN^8}+fWe`T;8-bLJhPp-IHuP)tplpm7!Q zG6}s!p2On|zD&GjYwQliftS9syL6;tiz04dxI=@$LtEfo>%LV8(|8D&;bfs#DDV3% zK8ZtRGwe?oSYUu6JTrS3gd*KNSX zawHL2W$obFGomRH5mM2VY-!CKtCs^`R_nJ*H@@T6qZSh3m7EQev9o`}d40NxV#_{l z9djIoO4fmHa?Q!(O$lGwVo6$F6~cJXxfDjivK+@`y|Y$=-k?stfuiBgKU;t%{CKT@ zg}0;>DaE7Ze@KQN8hsCz=!DB@0i5z=^N&H{A};is%?fedQ^-fRBn9zIH*YjLt(%?l ztK@iitj-V$>Xr@UVsPH1@vWfvyKZyohZDcVt@GCyqrT%7!NbgJNFdYI-KkYeSgLxZ zQ`14a`L@(~S02>tuFr@fS&vz|*of48^_~V@R-kuYf5cm)N($gC8yPLuK5Tit;Q&uO zGsLQ`7xU5oQS(~e2>44OWmYL>wE+nY+L7Etp@i5S_I6551)pf+nmvmu>=%`MoM-HN zBE@TIs7BtG07Xxwd>&Gf&IAcCcj>i! z=%QEQf9-<3Gd#DpIvn(C`;@?4iF9XY!(~S=!*qad$P8~A{FOkQSF_`44*3wl@>1xR z9UDkamlA$QeV;@zIb3BpUNp)ThpN?g94fo&NHTe+#G2;e*@-Tm+Vdn%^jRhRX?1M} zhYl2wnnVEX+Kwp;qdBD_=3{8NGraY2Hqpc1e@mQDrf;it{@k5@^g-094^IP&UId>d z2U8S#w%dHp2l-Wjvub3rMV43qdIBp-O_>(2KS`m$qomXHS8jU!sbj%tLo(vRYm-=TE9IuAM=SCCh;$# zxvn31dmZylt1}NnvsI%H*uY{~R|eefmTtK?nXWR37U%(4ZjJ_cALg7`R+DGhf##mD zfZPBG&k3|?1dBWS3X;<=FLWxO2K^+_tS$P+b+PBrZetQGoJTaYK zcvQFiQ5=Iml&e30qY4KW2>up=Rj!XV=h~f zy*Sl*hp-S*xxGG2pq<_Ro0SAt0IG@uz-_N8#)5$tQsrG?ia>o;v@TtqfqS{!AYpcW zJr1?(t?O4(UDJ8o$la9B7aY^))QSYgX45sgN+=`pJ11e;%*J|}mcH+qmIJeyWl_A$7LKHsn|>xo(>DADio^Hx z`M%Hj*Tmi1-rM)~UafQJP|V@Z&1#8s8ngkSx1OHWI=VRlm&muXZK_cKr^w?vu$7+7?>h<2ne^JU@9y;r=UwU-bOPQMLaFxYK4GlS->3Vl0acZaP*@~1ot$%Jc za6WSw{@_{N21SMEfW%_aNA07Bz_je+Ikk$h#jPnc0w7Add2b_e(sDW3ln{^VG*MPr zOJu_4iO$;V0 zkP^YihZ<#S^O#7;cHk>bZnu~|dC!_L#8_9#$f2~u!FsF%XvBK;Wvk7(+s}}o&n6o% zTg^4VyKGt~e|h;}r9sXwd+WDf{`fGt%c{-!Gu43QiH?x$cyd--Yijc{I1`lYEt?14 za!f52k5x%l8^M^a5SG_8tag@U+O%}8i|@G&RF0jSn$xwCP2n8jQk(1-f|xqZLvMDE zpY9&^{s%p?!-!i_WZLAb+)&jY2%ZEP_7ax#!#`w&e|l5c0uMctaY2yIyri*uCVd3RaIvQvxz zp)L7x9`~HK@~`P_eRVokHS6J!xjH|J2tr>Rt{|!Kz|q=%Q9K?VqU3*-faUpavLPf2 zfhQ0{f1z7T%cbsb#)iwwQ9oXrYEIgv+1nlCQb9OL(k{)oRN1xxP`}^;(u&z$)qX0u z=2(pSAnf_eR#76Dnkr`*0hsxBvHEy7%paeDiv(j|%cZHW{gM`aF6E-P;n%*Eyfw|3 zUU-xCU+pT=W88XE%4f71ntUK%5I8;_$3Q{aEA*^jc8q@-7| z8iKfNHI51aI=uI2XRw`JS1Lw~0vTP`-h-hLsgI-uXVANj?FizF4N7@xQGHH$Y>QUu zj^TA5+;wmq9TE@6At?%^1G1$hMNR&`tky5B{wOHkkA+?ib+kj7Kq_XA{O}l|23i3- zf2Cy8wj)L5&$Jp0*_${v&J#4_Q$L5_HSJjhwCUhX?3%3c4r*-p>}RU20DCOwmcJtY zhqnqi3mmMC>7jHDV)_ZhbP^w2@OYWGoCvj#Q!}eeky)6M_lA#2)NYeUDNaJ2o>0Of zWownMaa6W@8924ISgI}&F-~Xk2=U%;f5vNmS*@1}_{Y#b-$dU*U8MQ$Jgc5sif~!z zzY_-^n$tnxfb^Sp=tb&LI!x=bz234XXXfA(ls(U1)#z&W22K5-Nb(5+a)(?sTxa`} z3CLJcCjpqm+jT|nC$&I;?x)l1kKLFZfH!+<{2O}T)&yEvX zg<-&~(Y0;P!nUj%B=u&I7an*&n(+`plAZG!agOVj7LmWBB6#KI+bW@|HJz>TiXhk# zY8Sz|b!QTA1H}I-kyYD;l!vm|e_jkThgvU7y$s^m1K0OLiv937`N)ztAOU0y@D-17 zsvgKOc8m^;mdWv_5K3pe@kTX!*zww*ETc( z;cH5uXZ*28Ew!xo#^gRk$d4lgD%?!1C$>CwCcgPXXRz^YRHDBy_O#N#e`|G+U!^Bd z=yUJMuX$MKb%2C?tBpF8_Ydo^=iDC&JN&o!1=dv{WHz|nmkI@zK z?rD|pRAq9DA}R)D6^Qcyf7v;Fhfy^M$7JjPi2QJfo*v@l%sCo|L*=qV&SMK%Jrd9- zmT5C~5x!Tew?$>3V%Hmp=OF{@qVWP;`pCfE(w;=NgUK>fw*5`1QxPQcaysRiw{-MEX!>Z|T?D?pQis=$Fne;C}8_1^&3512nc z#6~96LFG@|n7VQbVRxAl%!$#L+e%qNwLERLeaOxwS+7jXI~DSLgG}3I<>ca{#B)_^ zNztX7kT)t|cql}3S5@=wVu_#4w|nY8z2o(`f=S=Y8))4QZmac<3O(xHJ32jeZnnS3 zjwo=aW^rQPVCfMYR^-^xS(_vz>3!wpRhi1PK#fE($~hBOVH);wMVn8=f_J*ozx|K@ y{y+cyKmOZ)`R9NBWB$K?wtxKJ|N8u||NZ3`|Ia`E@t^ + + + Leptonica: Multiple Vulnerabilities + Several vulnerabilities have been found in Leptonice, the worst of which could lead to arbitrary code execution. + leptonica + 2023-12-18 + 2023-12-18 + 649752 + 869416 + remote + + + 1.81.0 + 1.81.0 + + + +

Leptonica is a C library for image processing and analysis.

+ + +

Multiple vulnerabilities have been discovered in Leptonica. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Leptonica users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/leptonica-1.81.0" + + + + CVE-2017-18196 + CVE-2018-7186 + CVE-2018-7247 + CVE-2018-7440 + CVE-2018-7441 + CVE-2018-7442 + CVE-2022-38266 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-02.xml new file mode 100644 index 0000000000..2c69fd4765 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-02.xml @@ -0,0 +1,42 @@ + + + + Minecraft Server: Remote Code Execution + A vulnerability has been found in Minecraft Server which leads to remote code execution. + minecraft-server + 2023-12-20 + 2023-12-20 + 828936 + remote + + + 1.18.1 + 1.18.1 + + + +

Minecraft Server is the official server for the sandbox video game.

+ + +

A vulnerability has been discovered in Minecraft Server. Please review the CVE identifier referenced below for details.

+ + +

Vulnerable Minecraft Server versions include a bundled version of log4j which is vulnerable to remote code execution.

+ + +

There is no known workaround at this time.

+ + +

All Minecraft Server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=games-server/minecraft-server-1.18.1" + + + + CVE-2021-4104 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-03.xml new file mode 100644 index 0000000000..496cadb339 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-03.xml @@ -0,0 +1,62 @@ + + + + Mozilla Thunderbird: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution. + thunderbird,thunderbird-bin + 2023-12-20 + 2023-12-20 + 908246 + remote + + + 102.12 + 102.12 + + + 102.12 + 102.12 + + + +

Mozilla Thunderbird is a popular open-source email client from the Mozilla project.

+ + +

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.12" + + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.12" + + + + CVE-2023-32205 + CVE-2023-32206 + CVE-2023-32207 + CVE-2023-32211 + CVE-2023-32212 + CVE-2023-32213 + CVE-2023-32214 + CVE-2023-32215 + CVE-2023-34414 + CVE-2023-34416 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-04.xml new file mode 100644 index 0000000000..6bd77e7aab --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-04.xml @@ -0,0 +1,42 @@ + + + + Arduino: Remote Code Execution + A vulnerability has been found in Arduino which bundled a vulnerable version of log4j. + arduino + 2023-12-22 + 2023-12-22 + 830716 + remote + + + 1.8.19 + 1.8.19 + + + +

Arduino is an open-source AVR electronics prototyping platform.

+ + +

A vulnerability has been discovered in Arduino. Please review the CVE identifier referenced below for details.

+ + +

Arduino bundles a vulnerable version of log4j that may lead to remote code execution.

+ + +

There is no known workaround at this time.

+ + +

All Arduino users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-embedded/arduino-1.8.19" + + + + CVE-2021-4104 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-05.xml new file mode 100644 index 0000000000..7f286dd03d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-05.xml @@ -0,0 +1,46 @@ + + + + libssh: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to remote code execution. + libssh + 2023-12-22 + 2023-12-22 + 810517 + 905746 + remote + + + 0.10.5 + 0.10.5 + + + +

libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side.

+ + +

Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All libssh users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.10.5" + + + + CVE-2021-3634 + CVE-2023-1667 + CVE-2023-2283 + GHSL-2023-085 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-06.xml new file mode 100644 index 0000000000..9943781b29 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-06.xml @@ -0,0 +1,69 @@ + + + + Exiv2: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution. + exiv2 + 2023-12-22 + 2023-12-22 + 785646 + 807346 + 917650 + local and remote + + + 0.28.1 + 0.28.1 + + + +

Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files.

+ + +

Multiple vulnerabilities have been discovered in Exiv2. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Exiv2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.1" + + + + CVE-2020-18771 + CVE-2020-18773 + CVE-2020-18774 + CVE-2020-18899 + CVE-2021-29457 + CVE-2021-29458 + CVE-2021-29463 + CVE-2021-29464 + CVE-2021-29470 + CVE-2021-29473 + CVE-2021-29623 + CVE-2021-31291 + CVE-2021-31292 + CVE-2021-32617 + CVE-2021-32815 + CVE-2021-34334 + CVE-2021-34335 + CVE-2021-37615 + CVE-2021-37616 + CVE-2021-37618 + CVE-2021-37619 + CVE-2021-37620 + CVE-2021-37621 + CVE-2021-37622 + CVE-2021-37623 + CVE-2023-44398 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-07.xml new file mode 100644 index 0000000000..66081cf21c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-07.xml @@ -0,0 +1,87 @@ + + + + QtWebEngine: Multiple Vulnerabilities + Multiple vulnerabilitiies have been discovered in QtWebEngine, the worst of which could lead to remote code execution. + qtwebengine + 2023-12-22 + 2023-12-22 + 913050 + 915465 + remote + + + 5.15.11_p20231120 + 5.15.11_p20231120 + + + +

QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.

+ + +

Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All QtWebEngine users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.11_p20231120" + + + + CVE-2023-4068 + CVE-2023-4069 + CVE-2023-4070 + CVE-2023-4071 + CVE-2023-4072 + CVE-2023-4073 + CVE-2023-4074 + CVE-2023-4075 + CVE-2023-4076 + CVE-2023-4077 + CVE-2023-4078 + CVE-2023-4761 + CVE-2023-4762 + CVE-2023-4763 + CVE-2023-4764 + CVE-2023-5218 + CVE-2023-5473 + CVE-2023-5474 + CVE-2023-5475 + CVE-2023-5476 + CVE-2023-5477 + CVE-2023-5478 + CVE-2023-5479 + CVE-2023-5480 + CVE-2023-5481 + CVE-2023-5482 + CVE-2023-5483 + CVE-2023-5484 + CVE-2023-5485 + CVE-2023-5486 + CVE-2023-5487 + CVE-2023-5849 + CVE-2023-5850 + CVE-2023-5851 + CVE-2023-5852 + CVE-2023-5853 + CVE-2023-5854 + CVE-2023-5855 + CVE-2023-5856 + CVE-2023-5857 + CVE-2023-5858 + CVE-2023-5859 + CVE-2023-5996 + CVE-2023-5997 + CVE-2023-6112 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-08.xml new file mode 100644 index 0000000000..ef351a71a4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-08.xml @@ -0,0 +1,42 @@ + + + + LibRaw: Heap Buffer Overflow + A vulnerability has been found in LibRaw where a heap buffer overflow may lead to an application crash. + libraw + 2023-12-22 + 2023-12-22 + 908041 + remote + + + 0.21.1-r1 + 0.21.1-r1 + + + +

LibRaw is a library for reading RAW files obtained from digital photo cameras.

+ + +

A vulnerability has been discovered in LibRaw. Please review the CVE identifier referenced below for details.

+ + +

A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.

+ + +

There is no known workaround at this time.

+ + +

All LibRaw users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.21.1-r1" + + + + CVE-2023-1729 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-09.xml new file mode 100644 index 0000000000..2073312aa8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-09.xml @@ -0,0 +1,45 @@ + + + + NASM: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in NASM, the worst of which could lead to arbitrary code execution. + nasm + 2023-12-22 + 2023-12-22 + 686720 + 903755 + local and remote + + + 2.16.01 + 2.16.01 + + + +

NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats (ELF, a.out, COFF, etc), and has its own disassembler.

+ + +

Multiple vulnerabilities have been discovered in NASM. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All NASM users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/nasm-2.16.01" + + + + CVE-2019-8343 + CVE-2020-21528 + CVE-2022-44370 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-10.xml new file mode 100644 index 0000000000..2f3185e353 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-10.xml @@ -0,0 +1,42 @@ + + + + Ceph: Root Privilege Escalation + A vulnerability has been found in Ceph which can lead to root privilege escalation. + ceph + 2023-12-23 + 2023-12-23 + 878277 + local + + + 17.2.6 + 17.2.6 + + + +

Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability.

+ + +

A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details.

+ + +

The ceph-crash.service runs the ceph-crash Python script as root. The script is operating in the directory /var/lib/ceph/crash which is controlled by the unprivileged ceph user (ceph:ceph mode 0750). The script periodically scans for new crash directories and forwards the content via `ceph crash post`.

+ + +

There is no known workaround at this time.

+ + +

All Ceph users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/ceph-17.2.6" + + + + CVE-2022-3650 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-11.xml new file mode 100644 index 0000000000..8a76344d53 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-11.xml @@ -0,0 +1,42 @@ + + + + SABnzbd: Remote Code Execution + A vulnerability has been found in SABnzbd which allows for remote code execution. + sabnzbd + 2023-12-23 + 2023-12-23 + 908032 + remote + + + 4.0.2 + 4.0.2 + + + +

Free and easy binary newsreader with web interface.

+ + +

A vulnerability has been discovered in SABnzbd. Please review the CVE identifier referenced below for details.

+ + +

A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface.

+ + +

There is no known workaround at this time.

+ + +

All SABnzbd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-nntp/sabnzbd-4.0.2" + + + + CVE-2023-34237 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-12.xml new file mode 100644 index 0000000000..2cf088a783 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-12.xml @@ -0,0 +1,52 @@ + + + + Flatpak: Multiple Vulnerabilities + Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape. + flatpak + 2023-12-23 + 2023-12-23 + 775365 + 816951 + 831087 + 901507 + remote + + + 1.14.4 + 1.14.4 + + + +

Flatpak is a Linux application sandboxing and distribution framework.

+ + +

Multiple vulnerabilities have been discovered in Flatpak. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Flatpak users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/flatpak-1.14.4" + + + + CVE-2021-21381 + CVE-2021-41133 + CVE-2021-43860 + CVE-2022-21682 + CVE-2023-28100 + CVE-2023-28101 + GHSA-67h7-w3jq-vh4q + GHSA-xgh4-387p-hqpp + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-13.xml new file mode 100644 index 0000000000..b7e051ae5f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-13.xml @@ -0,0 +1,45 @@ + + + + Gitea: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Gitea, the worst of which could result in information leakage. + gitea + 2023-12-23 + 2023-12-23 + 887825 + 891983 + 905886 + 918674 + remote + + + 1.20.6 + 1.20.6 + + + +

Gitea is a painless self-hosted Git service.

+ + +

Multiple vulnerabilities have been discovered in Gitea. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Gitea users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/gitea-1.20.6" + + + + CVE-2023-3515 + + ajak + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-14.xml new file mode 100644 index 0000000000..d3f9f79b93 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-14.xml @@ -0,0 +1,60 @@ + + + + FFmpeg: Multiple Vulnerabilities + Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution + ffmpeg + 2023-12-23 + 2023-12-23 + 795696 + 842267 + 881523 + 903805 + local and remote + + + 6.0 + 4.4.3 + 6.0 + 4.4.3 + + + +

FFmpeg is a complete solution to record, convert and stream audio and video.

+ + +

Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All FFmpeg 4 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-4.4.3" + + +

All FFmpeg 6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-6.0" + + + + CVE-2021-33815 + CVE-2021-38171 + CVE-2021-38291 + CVE-2022-1475 + CVE-2022-3964 + CVE-2022-3965 + CVE-2022-48434 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-15.xml new file mode 100644 index 0000000000..0dea689016 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-15.xml @@ -0,0 +1,57 @@ + + + + Git: Multiple Vulnerabilities + Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution. + git + 2023-12-27 + 2023-12-27 + 838127 + 857831 + 877565 + 891221 + 894472 + 905088 + remote + + + 2.39.3 + 2.39.3 + + + +

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

+ + +

Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Git users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3" + + + + CVE-2022-23521 + CVE-2022-24765 + CVE-2022-29187 + CVE-2022-39253 + CVE-2022-39260 + CVE-2022-41903 + CVE-2023-22490 + CVE-2023-23946 + CVE-2023-25652 + CVE-2023-25815 + CVE-2023-29007 + + graaff + graaff + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-16.xml new file mode 100644 index 0000000000..9b577f4d40 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-16.xml @@ -0,0 +1,44 @@ + + + + libssh: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to code execution. + libssh + 2023-12-28 + 2023-12-28 + 920291 + 920724 + remote + + + 0.10.6 + 0.10.6 + + + +

libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side.

+ + +

Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All libssh users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.10.6" + + + + CVE-2023-6004 + CVE-2023-48795 + + sam + sam + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-17.xml new file mode 100644 index 0000000000..a6dcf89015 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202312-17.xml @@ -0,0 +1,45 @@ + + + + OpenSSH: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could lead to code execution. + openssh + 2023-12-28 + 2023-12-28 + 920292 + 920722 + remote + + + 9.6_p1 + 9.6_p1 + + + +

OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.

+ + +

Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All OpenSSH users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.6_p1" + + + + CVE-2023-48795 + CVE-2023-51385 + CVE-2023-51385,CVE-2023-48795 + + sam + sam + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index bc8f331575..0634b94f03 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 01 Dec 2023 06:39:59 +0000 +Mon, 01 Jan 2024 06:39:51 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index 313f325014..3525270838 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -e8cae5eafb887bc451b4344e6de2d99b8d6e75de 1701088111 2023-11-27T12:28:31+00:00 +3dfe782899716a3480c9481c69bca8c231c663a7 1703730129 2023-12-28T02:22:09+00:00