From c197f87d63e9f5bccf731a9dddcb7125b5118d87 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 24 Aug 2019 04:04:09 +0000 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../portage-stable/metadata/glsa/Manifest | 30 +-- .../metadata/glsa/Manifest.files.gz | Bin 443284 -> 446941 bytes .../metadata/glsa/glsa-201908-03.xml | 80 +++++++ .../metadata/glsa/glsa-201908-04.xml | 52 +++++ .../metadata/glsa/glsa-201908-05.xml | 56 +++++ .../metadata/glsa/glsa-201908-06.xml | 50 +++++ .../metadata/glsa/glsa-201908-07.xml | 50 +++++ .../metadata/glsa/glsa-201908-08.xml | 51 +++++ .../metadata/glsa/glsa-201908-09.xml | 51 +++++ .../metadata/glsa/glsa-201908-10.xml | 82 +++++++ .../metadata/glsa/glsa-201908-11.xml | 53 +++++ .../metadata/glsa/glsa-201908-12.xml | 97 +++++++++ .../metadata/glsa/glsa-201908-13.xml | 62 ++++++ .../metadata/glsa/glsa-201908-14.xml | 50 +++++ .../metadata/glsa/glsa-201908-15.xml | 47 ++++ .../metadata/glsa/glsa-201908-16.xml | 49 +++++ .../metadata/glsa/glsa-201908-17.xml | 48 ++++ .../metadata/glsa/glsa-201908-18.xml | 206 ++++++++++++++++++ .../metadata/glsa/glsa-201908-19.xml | 48 ++++ .../metadata/glsa/glsa-201908-20.xml | 76 +++++++ .../metadata/glsa/glsa-201908-21.xml | 54 +++++ .../metadata/glsa/glsa-201908-22.xml | 53 +++++ .../metadata/glsa/glsa-201908-23.xml | 50 +++++ .../metadata/glsa/glsa-201908-24.xml | 109 +++++++++ .../metadata/glsa/glsa-201908-25.xml | 64 ++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 27 files changed, 1555 insertions(+), 17 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-04.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-05.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-06.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-07.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-08.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-09.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-10.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-11.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-12.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-13.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-14.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-15.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-16.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-17.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-18.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-19.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-20.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-21.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-22.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-23.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-24.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-25.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 0a6f491c72..ba505977f1 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 443284 BLAKE2B 24919ac10412f9b00a154077aa3622b6287002f3ca6c6ce41b9dc188e5a3fbe6270e9e94c4d7b17f66e6e4d6cad9250e459897ed52412efbc9dcf09ef673d16e SHA512 fa2eb00f68c25c2fbc1cebc5a053e0da1e8a554cb5db4bf38187ca24071873c7fdf6659c6bb2f5a4c74c591043d21a65999f7ff50b5d2e61317903c2e7499822 -TIMESTAMP 2019-08-03T15:09:02Z +MANIFEST Manifest.files.gz 446941 BLAKE2B 27348febfa1e8b0c37a6262b9e1c30afa2668e0702870fc19e3e8e049c8aa3fce3a0a847ecfdfa1843e08f25b1c541365b360bee2789c88b7c7abd1d0af7a0a4 SHA512 b604df11b0bda8c02e03d8c0f183f427ec63dd525e2cbd5b7473a5dbfd7112d964e04f46efec437421b06496482ba2148b26225bcbd4b736cd57023d4aeb1ea7 +TIMESTAMP 2019-08-24T03:38:57Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1Fo45fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1gsVJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAmfw//WiUkJtGO6f70EEkJWmF+jMQG+j1EynZt7Pf7AqyiwiOXiIC8kEG+oJSO -DpE/0uzCgDFiwl2IXcjLVU06Dhsl+FhGr1yi3hvnBBmzealhObW114A6J/3T0Xig -pheXUGPWCbPpTiPb51Xf+ZuAemzMlL40FzNLH/jZWnStBSucmWuBOZXvZgtR6Kvd -39oT/xte46BpJzddJ3npX8aLOI03p42YGlfw3R3zI0KTrYtIWlq+5Ebjxput5H2d -eZb0azrM07TwyLTpwqkKNwfmAFrrFT0B+b1zsiE20hwEmo1+0o3daHcLjEAblwee -DeSKntSg7PDvWE8vwCPNFnmnbBw78gpC0bidRcv+z48vv6+GPGoBaDcBiozAa+x1 -OVENHoztc08j1Lv9FJqTJx0yPLnQsie9R5x4C92rFqOyKPDlUGEw0aQweWoQQBOD -ls4q9XV9P3wc+pilTrzxEo/2Yu1J3AHCI3TsQ4ZZjPgK+WPkRZeyeqEM/Yp4450j -/K/Dc47XXr2NiHxQMkf0Ytm/IatVemhntzdovKTNzoPqKiSsI3NwNvxNRb4pV3SI -xTpM/ildMGEAy2X6KDHk6U8+FQjXIuy2Mn007qkPzGMxAPY9wC1l8/KL/tC7usJ3 -0JsXCUW/zHLdoLR3O99fPKI+u7W+Rrn5zWpUQ9xQQgTJ0p/8uek= -=Omq0 +klDIUQ/8DqVraS5XpijcFx0dQ2wh744XUAv0P/6BYLho0bUpb59ZPZ5HocB9qAny +Po3WeVcUUUyZWtoLSFbRXnk8w+1i4p/ghmcQ3+dH/CIznIC/MzPrQFyVasV+xlIm +OgiVN/OkNKIIyjPghfhrAEqIQa0Bq99jOxo2eO+7yirmuNA4xmytjVuPr+oIbQ1a +R5WvaXYmq58vA9zPVuMdnY4288QqfmBDqfnHDodEsim99/FGCEtI9yiNiIYEOnc+ +RWEAlc0msiHF3swIV1xsgpI9gqYiNm4da8dFoCQAaMJ4izzC7nMXfIDLgAyX8aSr +ebincWbRbGoQndud5UUH7n79Q3H5LV5IKn3pbk0RpEgZbmWSFoZbOZ+xu9L7pyNf +icYYO6zoir36SUUuLpPx3r59nTAoHDuT2Dq+OwDZMWMzbaVusFWu7/weNplSnn4z +n8qhI0yVALYtsHFUBe+U7ISwqDxhffMRz/Os3NfQS+FzQJWB9AmRuglYr6g9NvPl +DCK1Wl898YEXRpr8xapnAAHF0jHqykC3aKfrGl8L/l1aIPJ/eVyB67xj9cwXzx89 +nSR7lCsaBTBZPOqXwtomKtMrAKDFcp2ooZ8JgjYgrnnX48YBgWunDh/fk7jLho3Q +WvXT229nvy12g81L5Lb8Dk2V38fS28jFFyjneSa45guw9QWocIg= +=b+l5 -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index abb8796b4a9f46ee96a06433caeff0b3ee9311de..8dde4ddcf57d231e33e51fbff5ce805b0f029297 100644 GIT binary patch delta 10106 zcmV-=CxzIQha26a8-RoXgaU*Egam{IvwsG@bm1Y8p z=$iO-F=VDo?a- zms67C<5^n7i@PaxXM zMWi|g!e7W;=Pbi>>mq2iYYVeDia(pKf1B;l{Y!Zvr6ZQhDmqB(IuSkMAX)c2;T+cj z><#y{h%NvTnHo>V4QMTsV$mB@mwK}C^XX~*Oj4FtPIOngX^hPETgs)vz@Q3E{{jID zNlgPcM_Hy`(iU%R7r04!Y95^r6^!__00hp~rKGu9qzi88mgxvUZ6CTu!Cfh?e`}7* zxuc-t{cnA%0?$$&dK>U;M^Y+OhZjwYpUETPJrMVsJN3^X8c)8w;E2I?0q;6}F4CD^ z+j_F_f`^-YAi38Z1dtY9Opx!|Y1Im;BiTmX>68}>ht7Gc^1*0k}*rsDQH*7k|h z?S4?=X@xQC;Vz8gjw&3?O8ks!gTOGj;#zi=74-xILk|7{s6`#qo@MOu%he}uq0Xi0TdmI&a00W{?if~T#-8piSer``6``tD+!ZymCH zJyy?yMv1p3ycz1RzG(G_=wo;7)(AY;`7`j#bm4Q`+F6oPlT*bAB~c6=ho%;OE(IB~ zJ}6eC{LG|BausOIfv{T|tPjqs2BCnlYsNgErn?|luDGub;I~N)#mIa1mq z*EJNwh%%u@R&VHZ<;R6@o)Wmoaw`<9o$j#A09WlE5S1V}c%^|)AjBUkHs6z!PENey z7FWQc_MWo%^2>I^uvRM|T{Vn*n;kFZG_T~IDY1P^*T$`=LAtXzq4JuRGJvxI_%6>@ z`2)dq&2SaWe42F(e-7*5J(K!}?ZaOsJT-vHDaW*+r+h&HvE{P2Mn)7|>mmT!I9+WED&ZeGzjB4HJ)i3=1;52|^QXA=>tya- za7)Qeoy_@EIFaif_QNC3a((UXtEd66Ud?gA?36Ij?{LLq>X14WB$cr8s{VXh-;&8Bnl!jr?9r3OS!yL_Sfe-tEICoAQ330=kH*%VK2An+9I7@ zp(JP3-LT-M#SQ@c>b!QRPs#T>cB+E3oqBAQx(xmMv@WaH0JK25mppTG$a17=+cla_ zbJG%Rf6CvHT+ZDx5r<$yf!fdB^Y`M3BzHl?9@irv*qlBtd9ABWNmoP&iIa>17)#OJeOyrP@Nr*`rJt${=fAFJKTRVT%Gx)o&Bfzrw4HxMhz^zFB z5o>Tuq@?WL(NV>lw=yKFTGb6{3pEe@vZN58qpb$UqvQ_qBoC*$KzaP5J(&Ll#ZUZ_ zd|d4nElYknTj?8}o^MafE>8e)>Wj%aE?3aUtc}#&yZ{(*IXM_zTTs2%yOkSVmlluo ze*$XQeLuOJCLDz?QO%nNYYlc-9*$luiexp3$V>;8Y@o}`5 zt6AKAY>dTW%l@h0BXP0qc95u7iH4Swq;)7II3Z}t3JNQ{N(QSWstC~N z?xN{Bc`5}$gd{}Xf7DL%%lGvSLEK>Hf1q0KbZBpG>5NCPJ)I(rg@dn>%;11sN)qaQ zd5Va4k?7F};Zk&kP)?NQd=U^pj$j&~LtcUG^uWh#dGo-5OJN(1Y1YkK&TrnFPHV+y zNe;lNT|<$Th!2owP;T}PwtdW>_@F^xCev|B&A19e~Jz! zEdcFlk;4uaS1A>E5V^M7t)KJ5)B5p!eN+9(Ln=Ouf7(Qo{#x=FLfP>DQauWUQ z$=B)?NFH=Xa{^t#7#oJmd8nkwBZNS|IzVVvS&>L*pPKiog(wtc)m)sUKlp;}x94-J z6sY8jdv@GO7vMRj=h>7RB0xS4e}ijusj{jwBEYA*S2zg*dtyVY?E6+bjlWG(6To$ff4X?iO7|#I z)L-3KjzDodJ4vem+lypIOevsZ-c*Yg+cYLtyF-IWP@L;kT*q^l3PC}D8E$|(=ZBb2 zy`_0*_-V^hYzCqH!umOCCn9YS|~F?%7mv=SkCjO-=D! zOSCA;S0VG=O2nSrC;~l^%zZcQ1h#|iu)NFX{_wPZSao^DErq~Tf3^&|^F;fCA>Ug; zNF^3`k418vq~b)z+`YtXGf0IN^B)oD0G6GOwJgK?p_#3HJ^eKK6_@!3M<4jEJ%uv^ zN4iNERjJ|MicQ(!a{^xO8Td9fN|d_HyHPzJk7Nf(0|+%>Yf6gPwBb1ht+ic14?1Eh zhVk6CrcWJm_J+MOe^6%5)7Q@ePeTP0+PLyxRdie}YY&*Ey_AIl;W$DE2B` z(Ia7QU*j7{4MvSNKPzuE?A*bhRqLwrz!s;0L@-pJ4)gi&w7&Nf&+w+6QG0ckEV<;t zgJ}u~b$3{nQ=7qwEKw$BtgfWAl_HO%YCXr3JGsy0bddCUPv=Fhre;`|BgCDIs!;^s zRwK!$7eX0HK5p!d1XYG#%*QppGPBAnx$XgPOWT?$Wr9@LU0`Le^-i>If84wsh_ynn zOXF1gbAl}AEiad7;{zij!W@p5VYUVof1N+I)3?o)3e-nQQ;WwkFmIweLTKw?S#1+ze@bZ>M5u~R@HzrKRN#Qbe>_{?tQr{pss=iK9PAi6L_zpnRjk0F3Q|bd z{!ZRzKD4%MiOT{RB~?0KO+4>W4Nd(wl?T`BR|}Cg6#+aI)PeAV%)@pGD%fAko<@o)tp z%+7)b)zwT^_0@fKuh*gaOZhrE?d=Cwhrxxl7m!Hf!dv~Imm@tzhGrwgoyZj7ZVH%ESjdhjF4uqID(`GDnrwMO3bc z`O%lpby1x~GWX=YVsosS#Ccg|bQ@%`JY5b8bypywmc986ORzNys6JF zvnE*wch8H$)ph5N?pDioLKtTh>?TtwVdY9u-lOsDho|+U0sf|HfBgVGwcOxm2iT{RnW_vUC2;f3cvz6vtF7HYh{oczH=7MRei>mjR1Jy zrN;EKpCVp7y71+`f23@2Z}Y;^IB&UWnCbdoC3`u!M&KKN*5&hWhpfGI$bfn|9ORLv zYI{1*`!qiuPuVulfE5ykH0!FGzGnq+^SLXv*1S1K>R$7b!0t1VvOusZ*J#i_)p1*@ z8`yaVi-@MkTn=XUpbyWhLq@g|tYspuB9|lI1g~3fv8(W$e~5kCOtYO*DsP#KYZts+ z>MmnYDh5CoRX5FhXrzJtuJUL`QZ20b>&x}D+_s?d(bQxm&G}P5Jgpx`z~im^YSKx9 zfon^`a@1Y5iezkncYf>@<}Gw^sfB3(eL}DlLb5M5?|3&L@LOjgEHJ*kAxp9Ty9XP-_`XqbG)WxUJ=Y? zMhy~AFqV^RS9bwHc>(8=td=+dc zW#C&YLQ~^XPuP4j-QYKH>SPah_T7<+0A7)Ms6INOf6Rg5;;TwoM(YA-(@$gh)|TK|%CmAV*;{of)~m?OFQalxFN3rsyo zWG6uCX&PWE83k5R_1|fJ(%p!Q=gn!l++WUG6Mrp!kvdY}s^KJa0FZx9?e6&DY1JQh z?>8SZf5=4NwandF?3VF3+F@LKC=uX5T+&;pIBIS+ysIt~!rUADTr}7|Pyz7F2XB^L zo}lq-UrsF<@YTRRf!RqpPYCXz;Lg>R(+K5-<*h$xGm^QsWGP$E=W~KNmDBh3P8WAb z(baaO3&a*Z(l+ZptP~I$?Zb6l_NrcNT!iy6e{}8z1%6VuR^9kLIw-n#GxscgA?tp4 zT0eU}Z#PkpExu|y+U)bzzP0*)&z6qr4lp|}VI86CUS4Dg;M<|9R&f=bf#DRyOs^$`|YESLKz(DHefil2AF{=Sr;0c2; z`Qd5(OuHQ~yv6TSE`_`Rcy@J$19R+k0)clIRI?>*UV<(zLRbGj z^1Fhn>qKBpe3vaz4d07h#Z*&NvG!|rf61z`y1`)cU;jj>cLzuaF7r4}qUObOIjVSN zN7Ecd0WGW1f4E0W&eKTiezH%W!&Zn>jy^k5bBwm#*@kM1<8-%7H$sTi9%Ukn*hxE1 zW%FGrOdoIJkJiW=-Xe-BoUgBmVQ}2arDQEzRSxC!EV&GD+98&QjO(B z*m+Z&u4G;IhOq~Yf!%sh{SD?w*s#Ldo!k*96kR>OW@ekZJRCK*{7K7PqFww@F3v@& z+i6X`BF+yLn;)%_@;*sPh(6@@f54KQ4F#9EQ2u<`1Oh@3K8EwQt{*qYbWa83LCjjp zyCD*--l}cOC((=?=Ip&4?-x&8I`OI#r`Pi~w}Cdv z8J#5O7Z20L_V-THNnk#39uJv>jH{$nA#nH0C0!1YGoDM?j>mS4o7q_*e}X_#h2eua z;BJuMGMp^{HsA3BI{ogD{oTf0aKf=|MLE@@!q#jk&52_!BHy=L3OPv5(K+{`B#-!z z!**CN(DTuOTKJZZL(y^^Z+9y1YvXddq;oiKM##`DG9T7X8r-sSf{s^RUN2;|6o+!E znpd17r>@uVB0>bMTB=H&f27}CnK@Qf$Cl3ncXYg{Sh>}2xGFt$oDf*cB}J}Zfd3AW zXo=i2$=-5@(`1Bvr2{|Q#GejXdv}`*+!1?i%l05hmp6K=3@T=}4G+%;vA7O+Y$b*{ zR4jCVrfWD$#w?B-Kp=v|k!;usq5FUMdS9Ye?ZBv-B;C9!Ll16 zG&rHpWhtIOf^fBu6ssu>%$Q4LTqI`jUu8Kc%M~v=2r3j>9UyqzndYHeMg?&cYuD%1 z2(WW%69u;%PJ*jM+|K7iXFvaR$o{@AujH+=r7n%R4++Pz{sg*lHc4%&+O=ZSBJ6;) z+V#Ingpd3k00hjr96O z5YXJht2k9!b*SD{!q*^30Rs6||JzpZ?8FKvpWXmNdBFUTew3Tzi1ppKh7xf3T^|H} zhAlD(D!KyCe{MXZ4@>?~H3F7aj}B~D&39M^9HcJ zbec7=)}1GnwdIDiHUUz(K@NVjzW#vI!T*;Y85)!Ve@yrT@j8cNHsGwOL^w&;*0$yt zYMR*KQ{G*99j7_n1hj(TsHM{}4nvcP(jR!MzPhh(a}XLU$wCNSDLFdZbP(5PnLIZy zva8aujygA&NH`Bow<-V)kW7&Q2kpk4-03C}N4>2y-r;|UExAbLj8hb=UIDj?!=*@s z#cKHWe@nshhVy0jWS#3t8W_NBtiCBE5-&)4zFog88uPlFQy#Sg!8XY!ciD&N6Z4kIw$DH>cC25_4yl+1xXW{_9tYPQb851C2iiK>h z8`lY92rk^IN}9;WYU1&n0V90}RgJ;O<0S2{)K6No)=y9CXPfga%G(3BQ<{JVTHYT}0GOv^7eeJonT$X^R--1mkkCLei2+(bBn)= zb8GI;1;d#Spnk;H=8BdzWC*pn09p55J0tsO^)gka*PK>(aj6Kq4r@cJ_AQ~IVU4z1 ziuFG#KM-8>Xg|yeL5*(0#}Za`dG@rPf47?&H+R2pqwafrcv|06BjC_iKarnM6sWl& z8%ulYv3ty?n=uBfVcT+Px0%4$AOUy1RJr5$JzLO?(A)T`zSiP+#;U|S!dkO^rj5dL zE6J~X{JjF%ZSFxXtvlCmeamd1sG~L{yr?rgdbB&kzsl43IPd~n{p6wPlDwjzf0s)` zMko$;AV7kc7fECU2Mq5A_Ooo#>gmQ^IQWh;bysvkurhdg+?|-KcjzCU)^~l25B`es z>UZ07hQ}>%kbVecZsoqK!lluGq0si@vVhY1zF@wNd%~*gx=2mf3sdzC-B?_-Ci9%+ z1VlUOQD*ym7@c6c0Ix>ITd3|_V-&(rl zDe(TL9hc_2zJ`$?o4 zJ+wN(Tk4>q!^&>x5$Zt}vYyUEg^uoa0_>$pu~lW1X}>MIb(Z8&#emr zF$7}KpOvfe>{<`Caot4`Zco!V7%SH+Saf6#daj{UopwBYU< zB{|pk;c2y>iKI6KaXKIqfs|?Q>>p4cXLLdFHY>C)wbkUJTG^^sYuGE%_BBV6dL^9h z`3@H*i#qA2v1=IdwSar%YSqoyrg{U$YS5{CeC@Ou-dQ?_f5qA3M%ZY35zs1$WQ zdAZ9}SGfcwYVIV*e^8w1Y6QcjSM%T#Rz3mbo3DR8S%pXtwR^zc5Khyh1nNxsla#DA zyQNiK!T#)GoIky4hi6`_+M%eSj1-*i>f7)p^F;_3)m7d^T;?1Z?VXD1CKGaU6dnY4 zAq1Iw=(b<1Nq0hSr`~{SHqEXC0SU|!$)ySnk%FkH5cu?Yf8Fv1EW7+9lr z1nRLR9m#?-mq0eHC><{1>0hVo3ysG;6r=~-45yQN_plxMqN{ay6-j_@P6}dGO)PH^ zzpMXyRo2l!_pYIQAD-5aFUFe}y7O5!oX@^yb{2Ch&~zyrkV2?KESSOeb-K#j&YGGr zs~YQf)&{8Zf4B}eZJO#DHAEd@h&yniB#$JlRtHmx+pDk={=!wN0zJ=b4nloMHKD-c zEmzO`eK;TkMt!VY8z0*CrzHZkyJYc;>Sk^mxJx|^=peu+YlEhzQ?XY(U5{{UJg*LE zy(~DZcjXu&kF2`4%t!t6X?^#q6JY99Y1UZ5fuC0NfBn^|1SbY^d6aypTQcz0jAWNU>AYuO47qd_)}hLWrV#$ zAHY+;hpoS=9|{SM-{*qqaAdA>d+s_MEhjLMk_}4k$8)4AC+E>UHgC7(bAgeyp4HI! zxk+Fge_g&~Q4`y>`D-fsMrx3Xe|TCyz3Mjv;h;HqOJOQapFCV}?7-DKUFV0n%^thH z7m9E884dip#uWW16cKTR;%l9f@Oy6sc31bNceB|}U0Esc%a!l3EmGCJxzZe*E>>d{#F&~lLuvQZJ>Cyb>)RKjyy*r`4GrB#c6^rf&tbV#W!D-7fZlbr zBFhA;L40+!5XtYVw&)`g({xYhK9zl(de}afEoX>^dc*_rS}u(gl%r3V(?Z$K61i); zf5^9&7do`0?Oi{m{tqLA?$k|RYL1dRZw;8!)b%~>;NNGhmmc6Guv^74 z9sMb~75KozORI?^5rTdB0Der6;gu4YC2Bon(r6D*5A z+T*CoJaiRWoS_VUS#HXZVe1xGgqiR@ii)e66vj_C@uye)ri3>^DWW_Z7@Xxte`TK3 zQ@H`_U|;*PuF zfY=EE3iZI8Rgk}A^|z~aWMB14qeby91Z;{z9eZRE)~B1GvK27b;2_85D-NJ340piv z`2<4&?aS>(+iOoG-f>*suzZC~bt4lgiqLv(G4u-pmg}>7_={M`Pn|`je@+hHP99b= zY}dN%;x!MKE>*sz;D*;3I%mzDdXD8W;GtZkG$Q}lA-?yRME-WZ12_h2RX_V&Ni!D+i^CW0rTBCdnetPX*E&67Z?5dp6ao&J!iT5z<8c?;TYU@4 zr}N;N3Js|W4J=S#A;CQPU>ZPQv*=`#qnb6ky>J(|Wyq!QmvwHQe=QWQh-ZqCI1Xnd zfV?Cs%RwHR>j7g!v|&it<0&O zMEr6Ms@pm;fJ|p|I)AA02ydJqU|um80t$9qPDQw?>KfmI;63{$sn-(k4^Qj6R}Jic z6ApZ0BYu{ps)(aTe~Rf4BuEs+fxk$aJamQ8P#HY*jKZM<j;#nx=4n0M{D8FUDbN$%^dn1pf2KpWms`CAH>L7;oj{ZE zfmVn9=a7wEF?h_W1j8^t>oI9_>exPUSrs7PPFD9c*)${t=(Kebc|mxPrE4e@Xp8+U zx<$l$OXv1SE2ZOd-^*PIvv0{)OOdce2}kR zQEg52RP9ARe^K!=t>ZcLxBPE%C3J#K!@>V}0;ub@d*)8w5j+8GR^Q{`=YzCWN4mk# z6_E1h)B0{!^D^Gx>2P1gO$SZsxOMg3?bXLB313L78m*9dlf6CmlYqySm!id}bA=>0 zu3@u`2#mSnHc>mc#M;_AHLOmQrmN~YU&X7(gXljbnoGpa)z# zdnJX>)d4td4%a+6S3FkbjyW#XY6eHBI+@HFG7ykR%oZGW zGd@}reHlzsrjc_-QOCDZkB7H#FyUue`hH(Gl=}n$tO}8FVV&!e-n7v0kkX4 zuQ|@(%X{<{&Ah(k?6`V6`w()CRo*zrVh#y$NR~!wHb68%2%33IxPFOZ;dn0_!F%vI z=V$T)G87Ol0ok5}dk1RtaLul@9MWq3-cHWCb(aH0-K0F{%~k0m)HXMUE*o4sp7bOPYnulHv?x+P>R3LsF zS~*=q0^fK2|BCdbyC>+*Wzk~TeB-{WZhrX&GgrPfS*@oi)OYq)4-WM#Kp3y2xHeYs zkn6-NHvrt+dhx&?wW?E=FKh+d!(nuSf2&e~ws%tv$Cv&y|9?7Xa;d7T+yFWK*n97b z{96^{D_R4pS=Oee3P2~dj?;%C#CNkASo6w>7eJD8+@yn5fk0;oQqYQAJrrQ)Q99>F z({|VAAc#e2@7%9ZmA~KXN07)yC?bwlUs+m&aU!pk2={-_JvlxIEPAMAg;|MWe@>&k zO3ep^T0e=U*0UvfoqPuQO1aVy#!!`pPqLeF%3OkVJWOgX=&Y>`t}7`QAGJPfOLT}KRm7P!u-2|qSn$5K_9VHS%C@yx_AUgROCwO zvsYDYVo8tDda77vo6>D~P+ozeHJF*30+Pu^I)0MsIBwF6Zfk*~121{h z8y!z@P$%@Q7=7k4yR~_Z9wqv^Qe~x29kELHtMft-4RjP-%Z`%svrXX(j7PdtB*Idj zXnkI?CP5VKXoJ% zw3mxWl?K8;$X(|wQ|H!2&^oUz%pw(kf1bK-oI#)z}(OzPu>KV7q{Kojw=o zOs{P{S$M(2O+Jv^iw6Our7kAOckQ%lrKls>9=g*hFBXH&dGgz2in%py{Bfwb{f@PL z;&i(olz3Wk%o^Nct=@MU6myQNHCyGd4%9;E3w8A{y*DoKdtX6Mthr( zHmDK$A&j8GEA&=EAX@N+51 zko7^aBjsl%J(8HvO+eBHuRJ)D9uE+9bckUcXP_N8UhcH zSjZLAxEb_XP0?}Nxr!r~y)`lp!L=>|ppE8gTT}@@=={nRx;8&oE(L$YcJrsW_3LE% zdRk%oPHR-hbvcvP^>uIZ0!zuc3IeKz(zjY^Qe4+YmMbjPe*)%E)WgxH8!!sctS?!C z;;iO4A7uw`)y59xlr>0lQ6zg_lii*8(hVfLTM8-(8v(}L%j8M{b-5wR)ldssV8>(G z#8cpwlAAi2^QqKCu6sBSKX{hwYj0mg4S@AJr3+?R!a%>^ipSI;bt*_|!OE-p^V9lf zQgY>ASYF@9e}1dS#?=_I&NKP#Xu@bdia3%uBE|Ddi;f&cWRZJgdqEEwJq1TUE*>2h zfSQC9sxkwBspjFD2$%cjz<^Wv6BJ8go@zIful90ap1g8ZW!?2qIGv-~x_%r}Hgu-? zQTBsECb?%#$=VBVB6<02f~#*f<;4q6f}Eujh@5u&e?s#qifEmzl-DJ66_e+wc=`zf zANPkk@s~-NUpaA2O;Px$lT5)IJ-ks=_LOPO%}9szk@u98L_f-0|37!uU+;j`Ci9PRgkt*kE2qTp?{y&W%n9@7D@LO&)gic9I4uI zji%Gwf3!q3<)26{=WdyZAlOi#HlC8ZpKTNc3OYCFbB91W%0=2NOOus!d$LCLE$~(k zy;s#|_)sT)Gb#1?d)0{~cR|Fa>k$wfPKV37*43t@D2pDZ6(Rs(ABOhGbQ{x-o5`=AmDfB?RbbtAX(-xr02(Agc?M$A8*``CnB0 z#4pLm)n3uIB=-svPd1N`i>GKFn*9$e&v?th&f%0EY1! zhqGMG;_k397KbhSx1x{4#kN}_QLh#nT27MIDJj7TQBzh>Sm9OjxyW`=rE97l{fQ|R z0UF(1G+if~QXoV~Lgf9Y-f4dMzP=%de;e!^Rm+`{_U4w(cm&&17U@wq_$tW^4%nq6 zq28BGM7*0sk3I;OqAP@QqBQ4=fBv&eahK>Ln%c+8>fv`xKaB5VyK`%iIX^tDAK%wE)t@{p#fR}vn`qMCnLGxEf>JKPQO-1L z68-GS*Xk8mJm`!j16{!w2Zl>NR8r)Tfd%`8u>tF?|N^jOXg z0!DOynm1xK4+?ndrL4na__#_V^SKqzNw6QMH;Q9Jm+MsnsXBW{ogeveehmot!?2}RVY^u2Pr0Kq< zrg*L;+7#uhkoj&UVjDM#Ku;ud-%UG#?O;1>@AA1nJguLqy1e3+e?nj?TSnb^4(Ea~ z-&;XQB^Gy&MRJ^^A|qq&Sz>k=q(Y1Nj|dciWldVkGQ0=PY@O@rr^)ZQ%s)8#z<2E_ zAYQT0XDdNzE=NPrtb^$%= zh^ZLHb32-DI^^sPe|u$0tf{5naSpXfOGR#8)WU;O>C;X8o{;7Arlotx{Mf!d4rsVf zgM@vPp;dDO{MI57S-Vgv0NMT&nccGft7!s7PpwH{me3Ho=UxSxV1X`~}>eF#PAD-6teqxJn>KV0Hxn#*D z4<5{^fKYdbWy#u%GO|ROoUyu+(pHK*lB)F_PwwPCm+TiU~?HEV;jcrdHQ^pXviY z)Sm6-el*pfviozp8*my!yV5U|)=BLE8NePCQlLIcnp!-zfq4^M3ZbKeWw%X?oqsqm zx**G5j)emdoG^_`M5u~R^g04ORN$b9|9G~(t7>5Qs~af&I65(uL_zpnRjk0Fik6VB z{WacZ4q98DiOWJUN~)A!O+4?18k+iVDi5yLuNETbR0Oaos6)XEGLPFOjGqsXC*r8| zb^!;M_VndW{bZQ8-WWEO{uVG-emTb->$ zNpzE90vJTLR$Tq+cAS*V08(-pTq0AAgP$J`3dOth`vcyJANCW$1E(|F%2gW_5s@@K zRzv;`b+sh-$p+g(1aiqDzV#KMlD;_SGEr=MM)x6B9LfBM!-Hb z$#nl?J6fN;Pw}1>6wL+Jpc`X3m762KQhM+s%CIL-a`}Mef3-&5^yL+Dar~zQk#Zl0 zI=HsohQse$?Inc>vTHw8Lx1-XwF`9zI7@9j#Qxt@}YRuQe(*(%zQMkJ9+|k`?*-i+f9fI9tDkZF3>9Fq6`1Zro`q2P?Q-8I7fSy`z@H6tP z%7U)c1ftweqK8fw`e{v>zeV>r%C!kH`&za=2UyzF99+d;yF;JIvQsq@9@=S-)wivk z2$-MLxizXuif%-6E`KW@%FE_*fxIfp%bZ=vP+bbZLUCrlGzWWS6g7P3ESjtOj4cNN z)Pa{8)602^crkS0%YS`YvK@Pymnx0(mQM{cUH_|OFPUouzVYY2eEyw~oo^E|pk9uF zJaVeqo?5$``7u0Y+dKnSNEnt`SJm`AD}bBZ?$p}z<{YVe%}WBi&qT@s!Kz%NLHkt4 zZK-bH1dTTnTiYO<2%{HY(F){i4#c$>bO zbdq4;+LEvwbyuwpGB&_FKh6sC7CN}p!Zd(BG1>|t*%ya*yc-bst+NmppsPbE1wti( zJG!r>kTB)2+JBasqy{;pTy52>&for)45MXH&YKC2pO^5F@MDL|4GQ(Ux_)NTYf9!7 zQMt@RgTw~LlDT$u7Z8*eke6h)L?mdY(wfQ!6g ze$}>tZ>kn%m!A*Cugp!Ye@VJZT@1zkZxJe$Bf0r;!JM26 zObsNm29SDA4KS6A0;{O{FPooqH;%>g<}_XIFK4ZZzZSnp9jR~CaFRIy$iJs{_wnIr z)gO27H-8^8iiy5^nR~L>ZR2sYcz%IXn&8Pb1x|Hle)d?lRu+_qI)-UbLk6N z_rufr+4Fh3iB<~gO)Hi01OW4y$bq_j%POEKqY_<7k+H)0E;DV`x>@8@HeK689fV~C z2x*;AyJl3~?$#VP@OJ5<#= zTz@AcbeEgRTRR|(Onx}FZz8v5iPTnoq{Le|@bFXBT*6iDsXZ7NNZmY81{mnbYQPoh zgh816@U(u|ZsCQu_>;<|kQV^YuFh~^!d_QifJ0611oSnK9o-R#yt}BHEot)-ba4^7 z`u7KaDyq6p1lGiNITF?Iy*O1&H61F}et&V7>>8^Z3^xDuPn5koKtj|qk8~0>FP=-P z;+3VQNksuItI;3aqb28Qq;)^pr_W(4#3`xIQfk6Dw>#TVZE-Yr%XA~8klIuxvWSzk z(3H)0r7(TGi9cE+Z+MF+s&Kx(CWgUrE0>bBY*jgw)3dB)fYXv#9x|?MbG?@NiGM22 zP0_Jqm$tKX&?{DdlkUMVpuT^5!JwQJ-rga4$tl?rA5q zyT#6%;&dhZvNsib)EL;U7uDaW90?nCSi8&}fkM&M{PsbIYH!%q7~*59Q)q zq`GBm>J`yGbZmaKM#?*rk`NuN?SFwKIU5QtbD{O~W~vBRP5a9H(ZsT3XKBRc1f|;FTj6E zBw8Z(OtQD#A)AbluXNytoA@&!JKxP0}6;};YhabS#1F^^w`}DlCD+@j@0#Q*rIWpD}PY(Yxh<4RIuzu z2q!h6&t)l|K!R|!j})sZ4V5vM$hb(%;8$fyl;w&S9Rw8$tr7?xccyvhwoySG#ol$h zP6F(l+C))X4w>L85ufe(Fxk&P6S9Bo%PV=SY^h6Q?n6>z*?$7v$W2n4s&=i|v0Q$i+&eu{VbzBBF8&W9)c;c5N&`JAttxH}gv-CjiLvVR323z0@kf{W`uY_0J% z)vvEvC%3vain_Knk$6r`;cm@C(vxKnzhsL@_=LbN)X|~TCZMh+>O@LHxkb@uXuRq{)@c*Sph6beo6Mz1~akU}M2AnmO2q)<}+SVLH zO%n%v%DXGCBb(DrKsy*xEoH|@h9(oGKjE$Vn!djAAT(C83L$i*Bz5-GL0q3@^4z@0 zu1d#Bbv|7p;XItWRRL&#WQq((v>SJFr<+84=xwF(4*!SPl8aQ@F-5WJ6>zIKT#7{4 ztft<6DSvq0)O^`JS$RE40|ROsyKf4K92Z4;zFog88uPlFQy#Sg!8XY!81^eyV=pLdi8iHoMf`Q25_4yl+1xXCeS!)^PGH#{>wNjzTuq zjjMqeq6>Gbk|y%8ns_{Cz)0UgRbw#nI7vG$^^?}D_0!Y(+2(wU^3H&rlqR5ombjYb zb$^$|BqZ%ie`{)_i-?+ujz-CoZL_{fTf`t4jLXFm9RzrZdW&z{hAbQXBDk*8E&eXf zt+_uJ70!GB_2YPLu4q|9hESUekah31GqR6XFH>cD&1r=fmx{0}*c)24ZwUHJJ|Msu{{vZGOFaPxSzy2}* i_V??L|NZCtzyABfZ~o68fBg0DfB8QSC?-F*)eHbJZkT2O diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-03.xml new file mode 100644 index 0000000000..2b768c68c8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-03.xml @@ -0,0 +1,80 @@ + + + + JasPer: Multiple vulnerabilities + Multiple vulnerabilities have been found in JasPer, the worst of + which could result in a Denial of Service condition. + + jasper + 2019-08-09 + 2019-08-09 + 614028 + 614032 + 624988 + 629286 + 635552 + 662160 + 674154 + 674214 + remote + + + 2.0.16 + + + +

JasPer is a software-based implementation of the codec specified in the + JPEG-2000 Part-1 standard. +

+ + +

Multiple vulnerabilities have been discovered in JasPer. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

JasPer is no longer maintained upstream and contains many + vulnerabilities which remain unaddressed. Gentoo users are advised to + unmerge this package. +

+ + + # emerge --unmerge media-libs/jasper + + + + + CVE-2017-1000050 + + CVE-2017-13745 + CVE-2017-13746 + CVE-2017-13747 + CVE-2017-13748 + CVE-2017-13749 + CVE-2017-13750 + CVE-2017-13751 + CVE-2017-13752 + CVE-2017-13753 + CVE-2017-14132 + CVE-2017-14229 + CVE-2017-14232 + CVE-2017-5503 + CVE-2017-5504 + CVE-2017-5505 + CVE-2017-6851 + CVE-2017-6852 + CVE-2017-9782 + CVE-2018-18873 + CVE-2018-20584 + CVE-2018-9055 + CVE-2018-9154 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-04.xml new file mode 100644 index 0000000000..bc5160a929 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-04.xml @@ -0,0 +1,52 @@ + + + + Redis: Multiple vulnerabilities + Multiple vulnerabilities have been found in Redis, the worst of + which may allow execution of arbitrary code. + + redis + 2019-08-09 + 2019-08-09 + 658066 + 689700 + remote + + + 4.0.14 + 4.0.14 + + + +

Redis is an open source (BSD licensed), in-memory data structure store, + used as a database, cache and message broker. +

+ + +

Multiple vulnerabilities have been discovered in Redis. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Redis users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/redis-4.0.14" + + + + CVE-2018-11218 + CVE-2018-11219 + CVE-2019-10192 + CVE-2019-10193 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-05.xml new file mode 100644 index 0000000000..42d9037a08 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-05.xml @@ -0,0 +1,56 @@ + + + + LibVNCServer: Multiple vulnerabilities + Multiple vulnerabilities have been found in LibVNCServer, the worst + of which could result in the arbitrary execution of code. + + libvncserver + 2019-08-09 + 2019-08-09 + 659560 + 673508 + remote + + + 0.9.12 + 0.9.12 + + + +

LibVNCServer/LibVNCClient are cross-platform C libraries that allow you + to easily implement VNC server or client functionality in your program. +

+ + +

Multiple vulnerabilities have been discovered in LibVNCServer. Please + review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All LibVNCServer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.9.12" + + + + CVE-2018-20019 + CVE-2018-20020 + CVE-2018-20021 + CVE-2018-20022 + CVE-2018-20023 + CVE-2018-20024 + CVE-2018-7225 + CVE-2018-7226 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-06.xml new file mode 100644 index 0000000000..03379fb8e9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-06.xml @@ -0,0 +1,50 @@ + + + + glibc: Multiple vulnerabilities + Multiple vulnerabilities have been found in glibc, the worst of + which could result in a Denial of Service condition. + + glibc + 2019-08-15 + 2019-08-15 + 609386 + 635012 + 672228 + local, remote + + + 2.28-r4 + 2.28-r4 + + + +

glibc is a package that contains the GNU C library.

+ + +

Multiple vulnerabilities have been discovered in glibc. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All glibc users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.28-r4" + + + + CVE-2015-8985 + CVE-2016-6263 + CVE-2018-19591 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-07.xml new file mode 100644 index 0000000000..93df38d655 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-07.xml @@ -0,0 +1,50 @@ + + + + KDE KConfig: User-assisted execution of arbitrary code + A vulnerablity has been found in KDE KConfig that could allow a + remote attacker to execute arbitrary code. + + kconfig + 2019-08-15 + 2019-08-15 + 691858 + remote + + + 5.60.0-r1 + 5.60.0-r1 + + + +

Provides an advanced configuration system.

+ + +

A vulnerability was discovered in KDE KConfig’s handling of .desktop + and .directory files. +

+ + +

An attacker could entice a user to execute a specially crafted .desktop + or .directory file possibly resulting in execution of arbitrary code with + the privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All KConfig users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=kde-frameworks/kconfig-5.60.0-r1" + + + + CVE-2019-14744 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-08.xml new file mode 100644 index 0000000000..29ebf5011b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-08.xml @@ -0,0 +1,51 @@ + + + + CUPS: Multiple vulnerabilities + Multiple vulnerabilities have been found in CUPS, the worst of + which could result in the arbitrary execution of code. + + cups + 2019-08-15 + 2019-08-15 + 660954 + remote + + + 2.2.8 + 2.2.8 + + + +

CUPS, the Common Unix Printing System, is a full-featured print server.

+ + +

Multiple vulnerabilities have been discovered in CUPS. Please review the + CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All CUPS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-2.2.8" + + + + CVE-2017-15400 + CVE-2018-4180 + CVE-2018-4181 + CVE-2018-4182 + CVE-2018-4183 + CVE-2018-6553 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-09.xml new file mode 100644 index 0000000000..3ac338fad0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-09.xml @@ -0,0 +1,51 @@ + + + + SQLite: Multiple vulnerabilities + Multiple vulnerabilities have been found in SQLite, the worst of + which could result in the arbitrary execution of code. + + sqlite + 2019-08-15 + 2019-08-15 + 684840 + 685838 + remote + + + 3.28.0 + 3.28.0 + + + +

SQLite is a C library that implements an SQL database engine.

+ + +

Multiple vulnerabilities have been discovered in SQLite. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could, by executing arbitrary SQL statements against a + vulnerable host, execute arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All SQLite users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.28.0" + + + + CVE-2019-5018 + CVE-2019-9936 + CVE-2019-9937 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-10.xml new file mode 100644 index 0000000000..c5246faff1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-10.xml @@ -0,0 +1,82 @@ + + + + Oracle JDK/JRE: Multiple vulnerabilities + Multiple vulnerabilities have been found in Oracle’s JDK and JRE + software suites. + + oracle,jre,jdk + 2019-08-15 + 2019-08-15 + 668948 + 691336 + remote + + + 1.8.0.202 + 1.8.0.202 + + + 1.8.0.202 + 1.8.0.202 + + + +

Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +

+ + +

Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE + software suites. Please review the CVE identifiers referenced below for + details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Oracle JDK bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jdk-bin-1.8.0.202:1.8" + + +

All Oracle JRE bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jre-bin-1.8.0.202:1.8" + + + + CVE-2018-13785 + CVE-2018-3136 + CVE-2018-3139 + CVE-2018-3149 + CVE-2018-3150 + CVE-2018-3157 + CVE-2018-3169 + CVE-2018-3180 + CVE-2018-3183 + CVE-2018-3209 + CVE-2018-3211 + CVE-2018-3214 + CVE-2019-2602 + CVE-2019-2684 + CVE-2019-2697 + CVE-2019-2698 + CVE-2019-2699 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-11.xml new file mode 100644 index 0000000000..53a2922c96 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-11.xml @@ -0,0 +1,53 @@ + + + + libarchive: Multiple vulnerabilities + Multiple vulnerabilities have been found in libarchive, the worst + of which could result in the arbitrary execution of code. + + libarchive + 2019-08-15 + 2019-08-15 + 631294 + 636070 + remote + + + 3.3.3 + 3.3.3 + + + +

libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +

+ + +

Multiple vulnerabilities have been discovered in libarchive. Please + review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All libarchive users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.3.3" + + + + CVE-2017-14166 + CVE-2017-14501 + CVE-2017-14502 + CVE-2017-14503 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-12.xml new file mode 100644 index 0000000000..83d7758ea7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-12.xml @@ -0,0 +1,97 @@ + + + + Mozilla Firefox: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox, the + worst of which could result in the arbitrary execution of code. + + firefox + 2019-08-15 + 2019-08-15 + 688332 + 690626 + remote + + + 60.8.0 + 60.8.0 + + + 60.8.0 + 60.8.0 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-60.8.0" + + +

All Mozilla Firefox binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.8.0" + + + + CVE-2019-11707 + CVE-2019-11708 + CVE-2019-11709 + CVE-2019-11710 + CVE-2019-11711 + CVE-2019-11712 + CVE-2019-11713 + CVE-2019-11714 + CVE-2019-11715 + CVE-2019-11716 + CVE-2019-11717 + CVE-2019-11718 + CVE-2019-11719 + CVE-2019-11720 + CVE-2019-11721 + CVE-2019-11723 + CVE-2019-11724 + CVE-2019-11725 + CVE-2019-11727 + CVE-2019-11728 + CVE-2019-11729 + CVE-2019-11730 + CVE-2019-9811 + + MFSA2019-18 + + + MFSA2019-19 + + + MFSA2019-21 + + + MFSA2019-22 + + + whissi + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-13.xml new file mode 100644 index 0000000000..c709f4ce79 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-13.xml @@ -0,0 +1,62 @@ + + + + LibreOffice: Multiple vulnerabilities + Multiple vulnerabilities have been found in LibreOffice, the worst + of which could result in the arbitrary execution of code. + + libreoffice + 2019-08-15 + 2019-08-15 + 690354 + local, remote + + + 6.2.5.2 + 6.2.5.2 + + + 6.2.5.2 + 6.2.5.2 + + + +

LibreOffice is a powerful office suite; its clean interface and powerful + tools let you unleash your creativity and grow your productivity. +

+ + +

Multiple vulnerabilities have been discovered in LibreOffice. Please + review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All LibreOffice users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-6.2.5.2" + + +

All LibreOffice binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-office/libreoffice-bin-6.2.5.2" + + + + + CVE-2019-9848 + CVE-2019-9849 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-14.xml new file mode 100644 index 0000000000..bdd1c2c60e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-14.xml @@ -0,0 +1,50 @@ + + + + polkit: Multiple vulnerabilities + Multiple vulnerabilities have been found in polkit, the worst of + which could result in privilege escalation. + + polkit + 2019-08-15 + 2019-08-15 + 661470 + 672578 + remote + + + 0.115-r2 + 0.115-r2 + + + +

polkit is a toolkit for managing policies relating to unprivileged + processes communicating with privileged processes. +

+ + +

Multiple vulnerabilities have been discovered in polkit. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All polkit users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.115-r2" + + + + CVE-2018-1116 + CVE-2018-19788 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-15.xml new file mode 100644 index 0000000000..56293af7dc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-15.xml @@ -0,0 +1,47 @@ + + + + ZNC: Privilege escalation + A vulnerability in ZNC allows users to escalate privileges. + znc + 2019-08-15 + 2019-08-15 + 688152 + remote + + + 1.7.4_rc1 + 1.7.4_rc1 + + + +

ZNC is an advanced IRC bouncer.

+ + +

It was discovered that ZNC’s “Modules.cpp” allows remote + authenticated non-admin users to escalate privileges. +

+ + +

A remote authenticated attacker could escalate privileges and + subsequently execute arbitrary code or conduct a Denial of Service + attack. +

+ + +

There is no known workaround at this time.

+ + +

All ZNC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/znc-1.7.4_rc1" + + + + CVE-2019-12816 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-16.xml new file mode 100644 index 0000000000..e52f228449 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-16.xml @@ -0,0 +1,49 @@ + + + + ProFTPD: Remote code execution + A vulnerability in ProFTPD could result in the arbitrary execution + of code. + + proftpd + 2019-08-15 + 2019-08-15 + 690528 + remote + + + 1.3.6-r5 + 1.3.6-r5 + + + +

ProFTPD is an advanced and very configurable FTP server.

+ + +

It was discovered that ProFTPD’s “mod_copy” module does not + properly restrict privileges for anonymous users. +

+ + +

A remote attacker, by anonymously uploading a malicious file, could + possibly execute arbitrary code with the privileges of the process, cause + a Denial of Service condition or disclose information. +

+ + +

There is no known workaround at this time.

+ + +

All ProFTPD users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.6-r5" + + + + CVE-2019-12815 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-17.xml new file mode 100644 index 0000000000..24e15836d9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-17.xml @@ -0,0 +1,48 @@ + + + + ZeroMQ: Arbitrary code execution + A vulnerability in ZeroMQ might allow an attacker to execute + arbitrary code. + + zeromq + 2019-08-15 + 2019-08-15 + 689426 + remote + + + 4.3.2 + 4.3.2 + + + +

Looks like an embeddable networking library but acts like a concurrency + framework. +

+ + +

A buffer overflow was discovered in ZeroMQ.

+ + +

An attacker could possibly execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ZeroMQ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/zeromq-4.3.2" + + + + CVE-2019-13132 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-18.xml new file mode 100644 index 0000000000..28f8eb0cc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-18.xml @@ -0,0 +1,206 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could allow remote attackers to execute + arbitrary code. + + chorme,chromium + 2019-08-15 + 2019-08-16 + 672606 + 684238 + 684272 + 687732 + 688072 + 689944 + 691098 + 691682 + remote + + + 76.0.3809.100 + 76.0.3809.100 + + + 76.0.3809.100 + 76.0.3809.100 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one fast, simple, and secure browser for all your + devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-76.0.3809.100" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-76.0.3809.100" + + + + CVE-2019-5805 + CVE-2019-5806 + CVE-2019-5807 + CVE-2019-5808 + CVE-2019-5809 + CVE-2019-5810 + CVE-2019-5811 + CVE-2019-5812 + CVE-2019-5813 + CVE-2019-5814 + CVE-2019-5815 + CVE-2019-5816 + CVE-2019-5817 + CVE-2019-5818 + CVE-2019-5819 + CVE-2019-5820 + CVE-2019-5821 + CVE-2019-5822 + CVE-2019-5823 + CVE-2019-5828 + CVE-2019-5829 + CVE-2019-5830 + CVE-2019-5831 + CVE-2019-5832 + CVE-2019-5833 + CVE-2019-5834 + CVE-2019-5835 + CVE-2019-5836 + CVE-2019-5837 + CVE-2019-5838 + CVE-2019-5839 + CVE-2019-5840 + CVE-2019-5842 + CVE-2019-5847 + CVE-2019-5848 + CVE-2019-5850 + CVE-2019-5851 + CVE-2019-5852 + CVE-2019-5853 + CVE-2019-5854 + CVE-2019-5855 + CVE-2019-5856 + CVE-2019-5857 + CVE-2019-5858 + CVE-2019-5859 + CVE-2019-5860 + CVE-2019-5861 + CVE-2019-5862 + CVE-2019-5863 + CVE-2019-5864 + CVE-2019-5865 + CVE-2019-5867 + CVE-2019-5868 + CVE-2018-17480 + CVE-2018-17481 + CVE-2018-18335 + CVE-2018-18336 + CVE-2018-18337 + CVE-2018-18338 + CVE-2018-18339 + CVE-2018-18340 + CVE-2018-18341 + CVE-2018-18342 + CVE-2018-18343 + CVE-2018-18344 + CVE-2018-18345 + CVE-2018-18346 + CVE-2018-18347 + CVE-2018-18348 + CVE-2018-18349 + CVE-2018-18350 + CVE-2018-18351 + CVE-2018-18352 + CVE-2018-18353 + CVE-2018-18354 + CVE-2018-18355 + CVE-2018-18356 + CVE-2018-18357 + CVE-2018-18358 + CVE-2018-18359 + CVE-2019-5805 + CVE-2019-5806 + CVE-2019-5807 + CVE-2019-5808 + CVE-2019-5809 + CVE-2019-5810 + CVE-2019-5811 + CVE-2019-5812 + CVE-2019-5813 + CVE-2019-5814 + CVE-2019-5815 + CVE-2019-5816 + CVE-2019-5817 + CVE-2019-5818 + CVE-2019-5819 + CVE-2019-5820 + CVE-2019-5821 + CVE-2019-5822 + CVE-2019-5823 + CVE-2019-5828 + CVE-2019-5829 + CVE-2019-5830 + CVE-2019-5831 + CVE-2019-5832 + CVE-2019-5833 + CVE-2019-5834 + CVE-2019-5835 + CVE-2019-5836 + CVE-2019-5837 + CVE-2019-5838 + CVE-2019-5839 + CVE-2019-5840 + CVE-2019-5842 + CVE-2019-5847 + CVE-2019-5848 + CVE-2019-5850 + CVE-2019-5851 + CVE-2019-5852 + CVE-2019-5853 + CVE-2019-5854 + CVE-2019-5855 + CVE-2019-5856 + CVE-2019-5857 + CVE-2019-5858 + CVE-2019-5859 + CVE-2019-5860 + CVE-2019-5861 + CVE-2019-5862 + CVE-2019-5863 + CVE-2019-5864 + CVE-2019-5865 + CVE-2019-5867 + CVE-2019-5868 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-19.xml new file mode 100644 index 0000000000..e6a77881ce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-19.xml @@ -0,0 +1,48 @@ + + + + GNU Wget: Arbitrary code execution + A vulnerability in GNU Wget might allow an attacker to execute + arbitrary code. + + wget + 2019-08-15 + 2019-08-15 + 682994 + remote + + + 1.20.3 + 1.20.3 + + + +

GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +

+ + +

A buffer overflow was discovered in GNU’s Wget.

+ + +

An attacker could possibly execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Wget users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/wget-1.20.3" + + + + CVE-2019-5953 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-20.xml new file mode 100644 index 0000000000..05b2ac48e8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-20.xml @@ -0,0 +1,76 @@ + + + + Mozilla Thunderbird: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Thunderbird, + the worst of which could result in the arbitrary execution of code. + + thunderbird + 2019-08-16 + 2019-08-16 + 688032 + 690664 + remote + + + 60.8.0 + 60.8.0 + + + 60.8.0 + 60.8.0 + + + +

Mozilla Thunderbird is a popular open-source email client from the + Mozilla project +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-60.8.0" + + +

All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-60.8.0" + + + + CVE-2019-11703 + CVE-2019-11704 + CVE-2019-11705 + CVE-2019-11706 + CVE-2019-11709 + CVE-2019-11711 + CVE-2019-11712 + CVE-2019-11713 + CVE-2019-11715 + CVE-2019-11717 + CVE-2019-11719 + CVE-2019-11729 + CVE-2019-11730 + CVE-2019-9811 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-21.xml new file mode 100644 index 0000000000..ec87cbf19c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-21.xml @@ -0,0 +1,54 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which could result in the arbitrary execution of code. + + flash + 2019-08-18 + 2019-08-18 + 683006 + 687894 + remote + + + 32.0.0.207 + 32.0.0.207 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-32.0.0.207" + + + + CVE-2019-7096 + CVE-2019-7108 + CVE-2019-7845 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-22.xml new file mode 100644 index 0000000000..c4264b73b4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-22.xml @@ -0,0 +1,53 @@ + + + + Patch: Multiple vulnerabilities + Multiple vulnerabilities have been found in Patch, the worst of + which could result in the arbitrary execution of code. + + patch + 2019-08-18 + 2019-08-18 + 690136 + local + + + 2.7.6-r4 + 2.7.6-r4 + + + +

Patch takes a patch file containing a difference listing produced by the + diff program and applies those differences to one or more original files, + producing patched versions. +

+ + +

Multiple vulnerabilities have been discovered in Patch. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could pass a specially crafted diff file to Patch, + possibly resulting in a Denial of Service condition or arbitrary code + execution. +

+ + +

There is no known workaround at this time.

+ + +

All Patch users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/patch-2.7.6-r4" + + + + CVE-2019-13636 + CVE-2019-13638 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-23.xml new file mode 100644 index 0000000000..c62336f32c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-23.xml @@ -0,0 +1,50 @@ + + + + VLC: Multiple vulnerabilities + Multiple vulnerabilities have been found in VLC, the worst of which + could result in the arbitrary execution of code. + + vlc + 2019-08-18 + 2019-08-18 + 688642 + local, remote + + + 3.0.7 + 3.0.7 + + + +

VLC is a cross-platform media player and streaming server.

+ + +

Multiple vulnerabilities have been discovered in VLC. Please review the + CVE identifiers referenced below for details. +

+ + +

Remote attackers, by enticing a user to execute a specially crafted + media file, could cause a Denial of Service condition or possibly execute + arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All VLC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-3.0.7" + + + + CVE-2019-12874 + CVE-2019-5439 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-24.xml new file mode 100644 index 0000000000..f6add259ef --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-24.xml @@ -0,0 +1,109 @@ + + + + MariaDB, MySQL: Multiple vulnerabilities + Multiple vulnerabilities have been found in MariaDB and MySQL, the + worst of which could result in privilege escalation. + + mariadb,mysql + 2019-08-18 + 2019-08-18 + 661500 + 670388 + 679024 + local, remote + + + 10.1.38-r1 + 10.2.22 + 10.1.38-r1 + 10.2.22 + + + 5.6.42 + 5.7.24 + 5.6.42 + 5.7.24 + + + +

MariaDB is an enhanced, drop-in replacement for MySQL. MySQL is a + popular multi-threaded, multi-user SQL server. MySQL is a popular + multi-threaded, multi-user SQL server +

+ + +

Multiple vulnerabilities have been discovered in MariaDB and MySQL. + Please review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All MariaDB 10.1.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.1.38-r1" + + +

All MariaDB 10.2.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.2.22" + + +

All MySQL 5.6.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.42" + + +

All MySQL 5.7.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.7.24" + + + + CVE-2018-2755 + CVE-2018-2759 + CVE-2018-2761 + CVE-2018-2766 + CVE-2018-2771 + CVE-2018-2777 + CVE-2018-2781 + CVE-2018-2782 + CVE-2018-2784 + CVE-2018-2786 + CVE-2018-2787 + CVE-2018-2810 + CVE-2018-2813 + CVE-2018-2817 + CVE-2018-2819 + CVE-2018-3143 + CVE-2018-3156 + CVE-2018-3162 + CVE-2018-3173 + CVE-2018-3174 + CVE-2018-3185 + CVE-2018-3200 + CVE-2018-3251 + CVE-2018-3252 + CVE-2018-3277 + CVE-2018-3282 + CVE-2018-3284 + CVE-2019-2510 + CVE-2019-2529 + CVE-2019-2537 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-25.xml new file mode 100644 index 0000000000..7f2c146a92 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201908-25.xml @@ -0,0 +1,64 @@ + + + + hostapd and wpa_supplicant: Denial of Service + A vulnerability in hostapd and wpa_supplicant could lead to a + Denial of Service condition. + + wpa_supplicant + 2019-08-18 + 2019-08-18 + 685860 + 688588 + remote + + + 2.8 + 2.8 + + + 2.8 + 2.8 + + + +

wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE + 802.11i / RSN). +

+ +

hostapd is a user space daemon for access point and authentication + servers. +

+ + +

A vulnerability was discovered in hostapd’s and wpa_supplicant’s + eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c files. +

+ + +

An attacker could cause a possible Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All hostapd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.8" + + +

All wpa_supplicant users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-2.8" + + + + CVE-2019-11555 + + b-man + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 90b0d14f41..3dd5bc60c7 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 03 Aug 2019 15:08:59 +0000 +Sat, 24 Aug 2019 03:38:54 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index c3813a24eb..a0dca6b119 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -0228c86b4f0e69207e66dbe5822dd7411fb99b01 1564831599 2019-08-03T11:26:39+00:00 +55b0fff2f98b275d6a6bcaf8e12164157936324c 1566095478 2019-08-18T02:31:18+00:00