mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 01:46:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
Benjamin Gilbert 2019-09-11 01:45:24 +00:00
parent 80d6d5af9e
commit bb17e68802
17 changed files with 718 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512 Hash: SHA512
MANIFEST Manifest.files.gz 446941 BLAKE2B 27348febfa1e8b0c37a6262b9e1c30afa2668e0702870fc19e3e8e049c8aa3fce3a0a847ecfdfa1843e08f25b1c541365b360bee2789c88b7c7abd1d0af7a0a4 SHA512 b604df11b0bda8c02e03d8c0f183f427ec63dd525e2cbd5b7473a5dbfd7112d964e04f46efec437421b06496482ba2148b26225bcbd4b736cd57023d4aeb1ea7 MANIFEST Manifest.files.gz 448845 BLAKE2B 24feded351e2c02762000f35c6c58ac935b2383bf6acdd7450f974e16e15fe0935d3f657233d5cd4ab87639ad5f410b8ea36fd5c019b93bfbfc47983ef01dbdc SHA512 569d13495f7e4953afefd29435d7953d3afa1815ae86459c1f4f84726efaaedc5598835f415738d792d2d1060be50cf8ad9140b7fcf124dd7f9ea681a55957ab
TIMESTAMP 2019-08-24T03:38:57Z TIMESTAMP 2019-09-11T01:08:54Z
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1gsVJfFIAAAAAALgAo iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl14SSZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klDIUQ/8DqVraS5XpijcFx0dQ2wh744XUAv0P/6BYLho0bUpb59ZPZ5HocB9qAny klDZSBAAqoFwooNC4OtE9pVq2cfjdzGkK9W5/lJi+aVvllk3srr5BHd8jakr9IJq
Po3WeVcUUUyZWtoLSFbRXnk8w+1i4p/ghmcQ3+dH/CIznIC/MzPrQFyVasV+xlIm DaXZNkdcNs+ZSU2pW8wF3KG7r6b5Ib0KTTYHuMCSXJHSYNLBW60x1YHOUoQYdPGb
OgiVN/OkNKIIyjPghfhrAEqIQa0Bq99jOxo2eO+7yirmuNA4xmytjVuPr+oIbQ1a K26I7l61X742gFzmeGjXUaqUbN4Z99iYBTLD7VnYQCSMDPLirNF+0Mi35lrXA8OO
R5WvaXYmq58vA9zPVuMdnY4288QqfmBDqfnHDodEsim99/FGCEtI9yiNiIYEOnc+ 9nX63kLgvrmRpArBhjeR41JlfjqC5yqES3KWYYuzMO+V7L7smP9zmgf2NI9lZfCm
RWEAlc0msiHF3swIV1xsgpI9gqYiNm4da8dFoCQAaMJ4izzC7nMXfIDLgAyX8aSr HIh4exi0xmHr0ZgW4wZgvLFuAxHE4BoMO+z5mW1Qb7CkTdEeizWsMxdQiGRgOT12
ebincWbRbGoQndud5UUH7n79Q3H5LV5IKn3pbk0RpEgZbmWSFoZbOZ+xu9L7pyNf WTUV3qW5QfHYTNuDHxhfrfRPQ6/+EhosLRrxWO0EHoYh/GNUJ/TdQATADJa+whLy
icYYO6zoir36SUUuLpPx3r59nTAoHDuT2Dq+OwDZMWMzbaVusFWu7/weNplSnn4z sXm9tuX/LriOlB1bPx6SakW2BNbTmve4XwocNKUh2Th02C9WsTiK4hNARnct+644
n8qhI0yVALYtsHFUBe+U7ISwqDxhffMRz/Os3NfQS+FzQJWB9AmRuglYr6g9NvPl FUuKCiCXK8/r1isozPY0YcnwDuQvBAS3diYo9b641BpCCSlhPqJuZDvl/9CFnqLF
DCK1Wl898YEXRpr8xapnAAHF0jHqykC3aKfrGl8L/l1aIPJ/eVyB67xj9cwXzx89 z4LydlDnarNKWY1HXcrQnlzwwyPxpDHjfp2Mugrc4P0Nyr99/Vboale/rjIlZXFi
nSR7lCsaBTBZPOqXwtomKtMrAKDFcp2ooZ8JgjYgrnnX48YBgWunDh/fk7jLho3Q idIDlJZqTsznd1bM7vdZ4rzEsAbwS2DtWgfDk5xzHP9uYjt7srjrwT8PPHXf3fDn
WvXT229nvy12g81L5Lb8Dk2V38fS28jFFyjneSa45guw9QWocIg= MT6ZGrkgpOHqC/LswBWMNvzRJqTp1Zod08wjwJbr6XLWTK+z+vE=
=b+l5 =OjnX
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

5
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-03.xml vendored
View File

@ -7,7 +7,7 @@
</synopsis> </synopsis>
<product type="ebuild">jasper</product> <product type="ebuild">jasper</product>
<announced>2019-08-09</announced> <announced>2019-08-09</announced>
<revised count="2">2019-08-09</revised> <revised count="3">2019-08-28</revised>
<bug>614028</bug> <bug>614028</bug>
<bug>614032</bug> <bug>614032</bug>
<bug>624988</bug> <bug>624988</bug>
@ -63,7 +63,6 @@
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13753">CVE-2017-13753</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13753">CVE-2017-13753</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14132">CVE-2017-14132</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14132">CVE-2017-14132</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14229">CVE-2017-14229</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14229">CVE-2017-14229</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14232">CVE-2017-14232</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5503">CVE-2017-5503</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5503">CVE-2017-5503</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5504">CVE-2017-5504</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5504">CVE-2017-5504</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5505">CVE-2017-5505</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5505">CVE-2017-5505</uri>
@ -76,5 +75,5 @@
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9154">CVE-2018-9154</uri> <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9154">CVE-2018-9154</uri>
</references> </references>
<metadata tag="requester" timestamp="2019-08-04T18:37:11Z">b-man</metadata> <metadata tag="requester" timestamp="2019-08-04T18:37:11Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-08-09T22:17:32Z">b-man</metadata> <metadata tag="submitter" timestamp="2019-08-28T22:02:05Z">b-man</metadata>
</glsa> </glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-26.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201908-26">
<title>libofx: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in libofx, the worst of
which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">libofx</product>
<announced>2019-08-31</announced>
<revised count="1">2019-08-31</revised>
<bug>631304</bug>
<bug>636062</bug>
<bug>662910</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libofx" auto="yes" arch="*">
<unaffected range="ge">0.9.14</unaffected>
<vulnerable range="lt">0.9.14</vulnerable>
</package>
</affected>
<background>
<p>A library to support the Open Financial eXchange XML format</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libofx. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to process a specially crafted
file using an application linked against libofx, possibly resulting in
execution of arbitrary code with the privileges of the process or a
Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libofx users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/libofx-0.9.14"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14731">CVE-2017-14731</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2816">CVE-2017-2816</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2920">CVE-2017-2920</uri>
</references>
<metadata tag="requester" timestamp="2019-08-18T02:20:40Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-08-31T15:00:19Z">b-man</metadata>
</glsa>

46
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-27.xml vendored Normal file
View File

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201908-27">
<title>Nautilus: Security bypass</title>
<synopsis>A vulnerability in Nautilus may allow attackers to escape the
sandbox.
</synopsis>
<product type="ebuild">nautilus</product>
<announced>2019-08-31</announced>
<revised count="1">2019-08-31</revised>
<bug>692784</bug>
<access>local</access>
<affected>
<package name="gnome-base/nautilus" auto="yes" arch="*">
<unaffected range="ge">3.30.5-r1</unaffected>
<vulnerable range="lt">3.30.5-r1</vulnerable>
</package>
</affected>
<background>
<p>Default file manager for the GNOME desktop</p>
</background>
<description>
<p>A vulnerability was discovered in Nautilus which allows an attacker to
escape the sandbox.
</p>
</description>
<impact type="normal">
<p>A local attacker could possibly bypass sandbox protection.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Nautilus users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=gnome-base/nautilus-3.30.5-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11461">CVE-2019-11461</uri>
</references>
<metadata tag="requester" timestamp="2019-08-26T21:48:06Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-08-31T15:00:33Z">b-man</metadata>
</glsa>

47
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-28.xml vendored Normal file
View File

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201908-28">
<title>GNOME desktop library: Security bypass</title>
<synopsis>A vulnerability in the GNOME desktop library may allow attackers to
escape the sandbox.
</synopsis>
<product type="ebuild">gnome-desktop</product>
<announced>2019-08-31</announced>
<revised count="1">2019-08-31</revised>
<bug>692782</bug>
<access>local</access>
<affected>
<package name="gnome-base/gnome-desktop" auto="yes" arch="*">
<unaffected range="ge">3.30.2.3</unaffected>
<vulnerable range="lt">3.30.2.3</vulnerable>
</package>
</affected>
<background>
<p>Library with common API for various GNOME modules.</p>
</background>
<description>
<p>A vulnerability was discovered in the GNOME desktop library which allows
an attacker to escape the sandbox.
</p>
</description>
<impact type="normal">
<p>A local attacker could possibly bypass sandbox protection.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GNOME desktop library users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=gnome-base/gnome-desktop-3.30.2.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11460">CVE-2019-11460</uri>
</references>
<metadata tag="requester" timestamp="2019-08-31T14:55:07Z">whissi</metadata>
<metadata tag="submitter" timestamp="2019-08-31T21:05:16Z">whissi</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-29.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201908-29">
<title>Dovecot: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of
which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">dovecot</product>
<announced>2019-08-31</announced>
<revised count="1">2019-08-31</revised>
<bug>683732</bug>
<bug>692572</bug>
<access>local, remote</access>
<affected>
<package name="net-mail/dovecot" auto="yes" arch="*">
<unaffected range="ge">2.3.7.2</unaffected>
<vulnerable range="lt">2.3.7.2</vulnerable>
</package>
</affected>
<background>
<p>Dovecot is an open source IMAP and POP3 email server.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Dovecot. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An unauthenticated remote attacker could send a specially crafted mail
or use crafted IMAP commands possibly resulting in the execution of
arbitrary code with the privileges of the process or a Denial of Service
condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Dovecot users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.3.7.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10691">CVE-2019-10691</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11500">CVE-2019-11500</uri>
</references>
<metadata tag="requester" timestamp="2019-08-31T14:29:36Z">whissi</metadata>
<metadata tag="submitter" timestamp="2019-08-31T21:05:29Z">whissi</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-01.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201909-01">
<title>Perl: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Perl, the worst of
which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">perl</product>
<announced>2019-09-06</announced>
<revised count="1">2019-09-06</revised>
<bug>653432</bug>
<bug>670190</bug>
<access>remote</access>
<affected>
<package name="dev-lang/perl" auto="yes" arch="*">
<unaffected range="ge">5.28.2</unaffected>
<vulnerable range="lt">5.28.2</vulnerable>
</package>
</affected>
<background>
<p>Perl is a highly capable, feature-rich programming language.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Perl. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Perl users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.28.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18311">CVE-2018-18311</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18312">CVE-2018-18312</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18313">CVE-2018-18313</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18314">CVE-2018-18314</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6797">CVE-2018-6797</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6798">CVE-2018-6798</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6913">CVE-2018-6913</uri>
</references>
<metadata tag="requester" timestamp="2019-09-01T00:43:08Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-09-06T16:00:53Z">b-man</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-02.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201909-02">
<title>VLC: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in VLC, the worst of which
could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">vlc</product>
<announced>2019-09-06</announced>
<revised count="1">2019-09-06</revised>
<bug>689974</bug>
<access>remote</access>
<affected>
<package name="media-video/vlc" auto="yes" arch="*">
<unaffected range="ge">3.0.8</unaffected>
<vulnerable range="lt">3.0.8</vulnerable>
</package>
</affected>
<background>
<p>VLC is a cross-platform media player and streaming server.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in VLC. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All VLC users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.8"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13602">CVE-2019-13602</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13962">CVE-2019-13962</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14437">CVE-2019-14437</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14438">CVE-2019-14438</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14498">CVE-2019-14498</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14533">CVE-2019-14533</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14534">CVE-2019-14534</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14535">CVE-2019-14535</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14776">CVE-2019-14776</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14777">CVE-2019-14777</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14778">CVE-2019-14778</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14970">CVE-2019-14970</uri>
</references>
<metadata tag="requester" timestamp="2019-09-02T22:22:22Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-09-06T16:01:08Z">b-man</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-03.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201909-03">
<title>Pango: Buffer overflow</title>
<synopsis>A buffer overflow in Pango might allow an attacker to execute
arbitrary code.
</synopsis>
<product type="ebuild">pango</product>
<announced>2019-09-06</announced>
<revised count="1">2019-09-06</revised>
<bug>692110</bug>
<access>remote</access>
<affected>
<package name="x11-libs/pango" auto="yes" arch="*">
<unaffected range="ge">1.42.4-r2</unaffected>
<vulnerable range="lt">1.42.4-r2</vulnerable>
</package>
</affected>
<background>
<p>Pango is a library for layout and rendering of internationalized text.</p>
</background>
<description>
<p>A buffer overflow has been discovered in Pangos
pango_log2vis_get_embedding_levels function.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to process a specially crafted
string with functions like pango_itemize, possibly resulting in execution
of arbitrary code with the privileges of the process or a Denial of
Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Pango users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=x11-libs/pango-1.42.4-r2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1010238">
CVE-2019-1010238
</uri>
</references>
<metadata tag="requester" timestamp="2019-09-02T22:32:20Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-09-06T16:01:18Z">b-man</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-04.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201909-04">
<title>Apache: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Apache, the worst of
which could result in a Denial of Service condition.
</synopsis>
<product type="ebuild">apache</product>
<announced>2019-09-06</announced>
<revised count="1">2019-09-06</revised>
<bug>692172</bug>
<access>remote</access>
<affected>
<package name="www-servers/apache" auto="yes" arch="*">
<unaffected range="ge">2.4.41</unaffected>
<vulnerable range="lt">2.4.41</vulnerable>
</package>
</affected>
<background>
<p>The Apache HTTP server is one of the most popular web servers on the
Internet.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Apache. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Apache users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.41"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10081">CVE-2019-10081</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10082">CVE-2019-10082</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10092">CVE-2019-10092</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10097">CVE-2019-10097</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10098">CVE-2019-10098</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9517">CVE-2019-9517</uri>
</references>
<metadata tag="requester" timestamp="2019-09-02T22:39:09Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-09-06T16:01:34Z">b-man</metadata>
</glsa>

118
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-05.xml vendored Normal file
View File

@ -0,0 +1,118 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201909-05">
<title>WebkitGTK+: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
of which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">webkitgtk+</product>
<announced>2019-09-06</announced>
<revised count="1">2019-09-06</revised>
<bug>683234</bug>
<bug>686216</bug>
<bug>693122</bug>
<access>remote</access>
<affected>
<package name="net-libs/webkit-gtk" auto="yes" arch="*">
<unaffected range="ge">2.24.4</unaffected>
<vulnerable range="lt">2.24.4</vulnerable>
</package>
</affected>
<background>
<p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker, by enticing a user to visit maliciously crafted web
content, may be able to execute arbitrary code or cause memory
corruption.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All WebkitGTK+ users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.24.4"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11070">CVE-2019-11070</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6201">CVE-2019-6201</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6251">CVE-2019-6251</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7285">CVE-2019-7285</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7292">CVE-2019-7292</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8503">CVE-2019-8503</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8506">CVE-2019-8506</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8515">CVE-2019-8515</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8518">CVE-2019-8518</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8523">CVE-2019-8523</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8524">CVE-2019-8524</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8535">CVE-2019-8535</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8536">CVE-2019-8536</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8544">CVE-2019-8544</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8551">CVE-2019-8551</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8558">CVE-2019-8558</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8559">CVE-2019-8559</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8563">CVE-2019-8563</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8595">CVE-2019-8595</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8607">CVE-2019-8607</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8615">CVE-2019-8615</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri>
<uri link="https://webkitgtk.org/security/WSA-2019-0002.html">WSA-2019-0002</uri>
<uri link="https://webkitgtk.org/security/WSA-2019-0004.html">WSA-2019-0004</uri>
</references>
<metadata tag="requester" timestamp="2019-09-02T22:15:30Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-09-06T16:01:55Z">b-man</metadata>
</glsa>

54
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-06.xml vendored Normal file
View File

@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201909-06">
<title>Exim: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Exim, the worst of
which allows remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">exim</product>
<announced>2019-09-07</announced>
<revised count="1">2019-09-07</revised>
<bug>692394</bug>
<bug>693494</bug>
<access>remote</access>
<affected>
<package name="mail-mta/exim" auto="yes" arch="*">
<unaffected range="ge">4.92.2</unaffected>
<vulnerable range="lt">4.92.2</vulnerable>
</package>
</affected>
<background>
<p>Exim is a message transfer agent (MTA) designed to be a a highly
configurable, drop-in replacement for sendmail.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Exim. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>A remote attacker, by connecting to the SMTP listener daemon, could
possibly execute arbitrary code with the privileges of the process or
cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Exim users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.92.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13917">CVE-2019-13917</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15846">CVE-2019-15846</uri>
</references>
<metadata tag="requester" timestamp="2019-09-06T15:35:36Z">whissi</metadata>
<metadata tag="submitter" timestamp="2019-09-07T00:22:35Z">whissi</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-07.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201909-07">
<title>Simple DirectMedia Layer: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Simple DirectMedia
Layer, the worst of which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">libsdl2</product>
<announced>2019-09-08</announced>
<revised count="1">2019-09-08</revised>
<bug>690064</bug>
<bug>692392</bug>
<access>remote</access>
<affected>
<package name="media-libs/libsdl2" auto="yes" arch="*">
<unaffected range="ge">2.0.10</unaffected>
<vulnerable range="lt">2.0.10</vulnerable>
</package>
</affected>
<background>
<p>Simple DirectMedia Layer is a cross-platform development library
designed to provide low level access to audio, keyboard, mouse, joystick,
and graphics hardware via OpenGL and Direct3D.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Simple DirectMedia
Layer. Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to process a specially crafted
audio or video, possibly resulting in execution of arbitrary code with
the privileges of the process or a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Simple DirectMedia Layer users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/libsdl2-2.0.10"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13626">CVE-2019-13626</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7572">CVE-2019-7572</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7573">CVE-2019-7573</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7574">CVE-2019-7574</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7575">CVE-2019-7575</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7576">CVE-2019-7576</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7577">CVE-2019-7577</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7578">CVE-2019-7578</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7635">CVE-2019-7635</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7636">CVE-2019-7636</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7638">CVE-2019-7638</uri>
</references>
<metadata tag="requester" timestamp="2019-09-07T00:08:23Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-09-08T17:40:28Z">b-man</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201909-08.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201909-08">
<title>D-Bus: Authentication bypass</title>
<synopsis>An authentication bypass was discovered in D-Bus.</synopsis>
<product type="ebuild">dbus</product>
<announced>2019-09-08</announced>
<revised count="1">2019-09-08</revised>
<bug>687900</bug>
<access>local</access>
<affected>
<package name="sys-apps/dbus" auto="yes" arch="*">
<unaffected range="ge">1.12.16</unaffected>
<vulnerable range="lt">1.12.16</vulnerable>
</package>
</affected>
<background>
<p>D-Bus is a message bus system which processes can use to talk to each
other.
</p>
</background>
<description>
<p>It was discovered that a local attacker could manipulate symbolic links
in their own home directory to bypass authentication and connect to a
DBusServer with elevated privileges.
</p>
</description>
<impact type="normal">
<p>A local attacker can bypass authentication mechanisms and elevate
privileges.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All D-Bus users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.12.16"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12749">CVE-2019-12749</uri>
</references>
<metadata tag="requester" timestamp="2019-09-07T17:12:55Z">b-man</metadata>
<metadata tag="submitter" timestamp="2019-09-08T17:40:45Z">b-man</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Sat, 24 Aug 2019 03:38:54 +0000 Wed, 11 Sep 2019 01:08:51 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
55b0fff2f98b275d6a6bcaf8e12164157936324c 1566095478 2019-08-18T02:31:18+00:00 0d8b041795d355b2f8da9b84725a62150a91dc13 1567964538 2019-09-08T17:42:18+00:00