mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 01:46:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
Benjamin Gilbert 2020-05-15 14:59:40 +00:00 committed by Kai Lüke
parent 8e6121e55e
commit c98c795dc7
28 changed files with 1321 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
MANIFEST Manifest.files.gz 462212 BLAKE2B 5776c6001abb402454a2b47a7b9bf3bf9047598d1aece9f78d5b9c3c27b9e2beb04358067b23d0aab0fa3a39a6704dbc7989395dc50e173ff19712be407974d6 SHA512 b5ee2fe405b23fa0d01a4455e021e430490898b9d86f37bdd8cdf6f3e1e612bc5782cde9c380e6d19690d6c9d75154b7ece632c229e69202510fa1255c1cb2a6
TIMESTAMP 2020-04-16T05:39:02Z
MANIFEST Manifest.files.gz 465570 BLAKE2B a62e99817e32fd8ff7f82db3f63ecd455d8d078254d12926bca9349cd7d4cb7525d19b5ca213653d7ca3a28e5f51b7e4f978944f6a7c39fec3994650ada13ff2 SHA512 ee24891578ae08c29634185ea42adbf62dff9fd502bd411c413a0b0088f0d305dd4dba72180ac6793f6d434a7cc1a30d883831d3d40443eae468994ac283a7ef
TIMESTAMP 2020-05-15T14:08:26Z
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl6X73ZfFIAAAAAALgAo
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl6+olpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klAwzA/8Dv2dDluNwUU99HrcwRPXsD+VHkUsSIYQz+76O01a+3ypffDSHH8/fTx3
Z+vH4aT5UPTzB5pKfmmo8zdgJwJosj8Squ/YCE90pVyiChQHk1GTMMpl0rK3va81
/higcbCeLg9rAu+9qruPkjLGzbXFEkQLIt8lhPlnh2ddE1R8MTeYKIkNa0g1IFyD
5lPQxDy3D7R5U1Wn3eqnLNzSmZhXum2Ko/pALX9jHTVt3Tfc2pmVqaS0AuTrUpGf
Lxha0BFnig4lMWHzniIz7zgwzo8A2upnFRl+caYxNAQwBvBCoJWBSWoGB4Kecwa2
D+HY/7Y/J1n83//0h+3krFsamRJCwYt4pdFIdv2bBsxWUPlVPLMQWEmN7v06MUCN
mX4bDu/L25m0xeFeGzlU+LiqeVoyIl6I429OfSovMvSn3Xou8kSx31kAgZVThvGK
xPYGokcU0SAyJket82M5O4NyH+1sNeJEnLj4uya35a6w6u1ZLc7xawpiDxB8Rw5u
/bEgf6InZrX2XHD77dmfGOEEujYVnOrR32+8F9lUVzk8HkR+2ZRRM2bA32QeDQVq
4RGhSSYJHP6uMpipCEGE3NN79y4/t1oAhAREBm4LIRBoi2uwxX7nB9c15rXnTGem
XRqZUh1Ady6wN+N1iWrsJTmB9I/kaAfMgCjtmfZpsqcnQL5rub8=
=eM2y
klBInA//UsEYg3X87qjYposFYkbACD9iS4i63RKctLCgMXD3wNQLH2hP6A3CmAQT
rEuWnPDuWyWJ7NX7RlWWO0IsNn6lcy628Aw/h4fpM8t0NvtmnZflyt1tXznmez/i
0Ws4eyP86Kygz+wBfLWeqc+rKY2GHcB+BtY99SxZ9dr9XoK8/DaLbpN7Af1ljkmK
pdLRKW04PMMUVAoLTolqK5C2SoveY/AkjH6MA4+oKuaQtTQVCjnfgB3O8RumrdBK
WdWPyDR2W45Bp0a25pFcBcIb8KQdbKk8Rr3c/7rpae7UUG62aKzHo6Ej1d5Ih81B
FWtN2cKeUKSrI5FY8oZnZGVfhzJjKGkTwYm6SsNJ9Oa01/Lt/Vb5RBRgozhdVUdj
3zihSZ+2h3JJlo/FGLUnqFK8oihZ21wPdztkWre5moVaQ3gg9DIOSl6w5+MT7gqc
X6qkpkAOxxsKz/EiVJHPqtdzEAwLAGK15qoaiKxoHFHqGDrPjTyWA+qcrZmUo9l8
MfJ1KPMT+O9uWaOaA4Pnp2enS13q2XpzcoRcsYBKomFezDBOjuZ/Yrq3Cr21ABp+
rxdlMO1tV0C992S7W9KxEZGHYNaP0kUkIR/jtLWsaTabVqiSJe6IZGsypr8SbEiU
wISVxlE6KbWGSJmaP/F7e7MnBckTOrLB0vx41r/9+kZbR1whfRQ=
=VfoR
-----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

20
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202003-57.xml vendored
View File

@ -7,7 +7,7 @@
</synopsis>
<product type="ebuild">PHP</product>
<announced>2020-03-26</announced>
<revised count="1">2020-03-26</revised>
<revised count="2">2020-04-23</revised>
<bug>671872</bug>
<bug>706168</bug>
<bug>710304</bug>
@ -15,10 +15,12 @@
<access>local, remote</access>
<affected>
<package name="dev-lang/php" auto="yes" arch="*">
<unaffected range="rge">7.2.29</unaffected>
<unaffected range="rge">7.3.16</unaffected>
<unaffected range="rge">7.4.4</unaffected>
<vulnerable range="lt">7.4.4</vulnerable>
<unaffected range="ge" slot="7.2">7.2.29</unaffected>
<unaffected range="ge" slot="7.3">7.3.16</unaffected>
<unaffected range="ge" slot="7.4">7.4.4</unaffected>
<vulnerable range="lt" slot="7.2">7.2.29</vulnerable>
<vulnerable range="lt" slot="7.3">7.3.16</vulnerable>
<vulnerable range="lt" slot="7.4">7.4.4</vulnerable>
</package>
</affected>
<background>
@ -44,21 +46,21 @@
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.2.29"
# emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.2.29:7.2"
</code>
<p>All PHP 7.3.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.3.16"
# emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.3.16:7.3"
</code>
<p>All PHP 7.4.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.4.4"
# emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.4.4:7.4"
</code>
</resolution>
@ -74,5 +76,5 @@
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7066">CVE-2020-7066</uri>
</references>
<metadata tag="requester" timestamp="2020-03-26T13:24:45Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-03-26T13:30:45Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-04-23T15:24:32Z">whissi</metadata>
</glsa>

16
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-02.xml vendored
View File

@ -7,21 +7,17 @@
</synopsis>
<product type="ebuild">virtualbox</product>
<announced>2020-04-01</announced>
<revised count="1">2020-04-01</revised>
<revised count="2">2020-04-26</revised>
<bug>714064</bug>
<access>local, remote</access>
<affected>
<package name="app-emulation/virtualbox" auto="yes" arch="*">
<unaffected range="rge">5.2.36</unaffected>
<unaffected range="rge">6.0.16</unaffected>
<unaffected range="rge">6.1.2</unaffected>
<vulnerable range="lt">6.1.2</vulnerable>
<unaffected range="ge">5.2.36</unaffected>
<vulnerable range="lt">5.2.36</vulnerable>
</package>
<package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
<unaffected range="rge">5.2.36</unaffected>
<unaffected range="rge">6.0.16</unaffected>
<unaffected range="rge">6.1.2</unaffected>
<vulnerable range="lt">6.1.2</vulnerable>
<unaffected range="ge">5.2.36</unaffected>
<vulnerable range="lt">5.2.36</vulnerable>
</package>
</affected>
<background>
@ -118,5 +114,5 @@
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2727">CVE-2020-2727</uri>
</references>
<metadata tag="requester" timestamp="2020-04-01T19:35:27Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-04-01T19:41:08Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-04-26T19:47:03Z">whissi</metadata>
</glsa>

17
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-07.xml vendored
View File

@ -7,14 +7,13 @@
</synopsis>
<product type="ebuild">firefox</product>
<announced>2020-04-04</announced>
<revised count="1">2020-04-04</revised>
<revised count="2">2020-04-17</revised>
<bug>716098</bug>
<access>remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="rge">68.6.1</unaffected>
<unaffected range="rge">74.0.1</unaffected>
<vulnerable range="lt">74.0.1</vulnerable>
<unaffected range="ge">68.6.1</unaffected>
<vulnerable range="lt">68.6.1</vulnerable>
</package>
</affected>
<background>
@ -43,14 +42,6 @@
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.6.1"
</code>
<p>All Mozilla Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-74.0.1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6819">CVE-2020-6819</uri>
@ -60,5 +51,5 @@
</uri>
</references>
<metadata tag="requester" timestamp="2020-04-04T10:59:17Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-04-04T11:03:31Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-04-17T23:06:54Z">whissi</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-10.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202004-10">
<title>OpenSSL: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities were found in OpenSSL, the worst of which
could allow remote attackers to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">openssl</product>
<announced>2020-04-23</announced>
<revised count="1">2020-04-23</revised>
<bug>702176</bug>
<bug>717442</bug>
<access>local, remote</access>
<affected>
<package name="dev-libs/openssl" auto="yes" arch="*">
<unaffected range="ge">1.1.1g</unaffected>
<vulnerable range="lt">1.1.1g</vulnerable>
</package>
</affected>
<background>
<p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well
as a general purpose cryptography library.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could perform a malicious crafted TLS 1.3 handshake
against an application using OpenSSL, possibly resulting in a Denial of
Service condition.
</p>
<p>In addition, its feasible that an attacker might attack DH512.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenSSL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.1.1g"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1551">CVE-2019-1551</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1967">CVE-2020-1967</uri>
</references>
<metadata tag="requester" timestamp="2020-04-23T14:05:13Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-04-23T14:18:55Z">whissi</metadata>
</glsa>

69
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-11.xml vendored Normal file
View File

@ -0,0 +1,69 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202004-11">
<title>Mozilla Firefox: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
worst of which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">firefox</product>
<announced>2020-04-23</announced>
<revised count="1">2020-04-23</revised>
<bug>716644</bug>
<access>local, remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge">68.7.0</unaffected>
<vulnerable range="lt">68.7.0</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge">68.7.0</unaffected>
<vulnerable range="lt">68.7.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is a popular open-source web browser from the Mozilla
Project.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to view a specially crafted web
page, possibly resulting in the execution of arbitrary code with the
privileges of the process, an information leak or a Denial of Service
condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.7.0"
</code>
<p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.7.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6821">CVE-2020-6821</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6822">CVE-2020-6822</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6823">CVE-2020-6823</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6824">CVE-2020-6824</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6825">CVE-2020-6825</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6826">CVE-2020-6826</uri>
</references>
<metadata tag="requester" timestamp="2020-04-16T06:32:49Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2020-04-23T14:28:43Z">whissi</metadata>
</glsa>

75
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-12.xml vendored Normal file
View File

@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202004-12">
<title>Chromium, Google Chrome: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and Google
Chrome, the worst of which could allow remote attackers to execute
arbitrary code.
</synopsis>
<product type="ebuild">chromium,google-chrome</product>
<announced>2020-04-23</announced>
<revised count="1">2020-04-23</revised>
<bug>717652</bug>
<bug>718826</bug>
<access>local, remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">81.0.4044.122</unaffected>
<vulnerable range="lt">81.0.4044.122</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">81.0.4044.122</unaffected>
<vulnerable range="lt">81.0.4044.122</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
</p>
<p>Google Chrome is one fast, simple, and secure browser for all your
devices.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the referenced CVE identifiers for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to open a specially crafted HTML
or multimedia file using Chromium or Google Chrome, possibly resulting in
execution of arbitrary code with the privileges of the process or a
Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/chromium-81.0.4044.122"
</code>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/google-chrome-81.0.4044.122"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6457">CVE-2020-6457</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6458">CVE-2020-6458</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6459">CVE-2020-6459</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6460">CVE-2020-6460</uri>
</references>
<metadata tag="requester" timestamp="2020-04-23T14:33:31Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-04-23T14:36:00Z">whissi</metadata>
</glsa>

78
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-13.xml vendored Normal file
View File

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202004-13">
<title>Git: Information disclosure</title>
<synopsis>Multiple vulnerabilities have been found in Git which might all
allow attackers to access sensitive information.
</synopsis>
<product type="ebuild">git</product>
<announced>2020-04-23</announced>
<revised count="1">2020-04-23</revised>
<bug>717156</bug>
<bug>718710</bug>
<access>remote</access>
<affected>
<package name="dev-vcs/git" auto="yes" arch="*">
<unaffected range="rge">2.23.3</unaffected>
<unaffected range="rge">2.24.3</unaffected>
<unaffected range="rge">2.25.4</unaffected>
<unaffected range="rge">2.26.2</unaffected>
<vulnerable range="lt">2.26.2</vulnerable>
</package>
</affected>
<background>
<p>Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Git. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="low">
<p>A remote attacker, by providing a specially crafted URL, could possibly
trick Git into returning credential information for a wrong host.
</p>
</impact>
<workaround>
<p>Disabling credential helpers will prevent this vulnerability.</p>
</workaround>
<resolution>
<p>All Git 2.23.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.23.3"
</code>
<p>All Git 2.24.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.24.3"
</code>
<p>All Git 2.25.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.25.4"
</code>
<p>All Git 2.26.x users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.26.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11008">CVE-2020-11008</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5260">CVE-2020-5260</uri>
</references>
<metadata tag="requester" timestamp="2020-04-23T14:48:48Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-04-23T15:16:30Z">whissi</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-14.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202004-14">
<title>FontForge: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in FontForge, the worst of
which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">fontforge</product>
<announced>2020-04-30</announced>
<revised count="1">2020-04-30</revised>
<bug>706778</bug>
<bug>715808</bug>
<access>local, remote</access>
<affected>
<package name="media-gfx/fontforge" auto="yes" arch="*">
<unaffected range="ge">20200314</unaffected>
<vulnerable range="lt">20200314</vulnerable>
</package>
</affected>
<background>
<p>FontForge is a PostScript font editor and converter.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in FontForge. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to open a specially crafted font
using FontForge, possibly resulting in execution of arbitrary code with
the privileges of the process or a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All FontForge users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-gfx/fontforge-20200314"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15785">CVE-2019-15785</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5395">CVE-2020-5395</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5496">CVE-2020-5496</uri>
</references>
<metadata tag="requester" timestamp="2020-04-01T20:32:15Z">whissi</metadata>
<metadata tag="submitter" timestamp="2020-04-30T23:00:58Z">whissi</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-15.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202004-15">
<title>libu2f-host: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in libu2f-host, the worst
of which could result in the execution of code.
</synopsis>
<product type="ebuild">libu2f-host</product>
<announced>2020-04-30</announced>
<revised count="1">2020-04-30</revised>
<bug>678580</bug>
<bug>679724</bug>
<access>local, remote</access>
<affected>
<package name="app-crypt/libu2f-host" auto="yes" arch="*">
<unaffected range="ge">1.1.10</unaffected>
<vulnerable range="lt">1.1.10</vulnerable>
</package>
</affected>
<background>
<p>Yubico Universal 2nd Factor (U2F) Host C Library.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libu2f-host. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>A remote attacker could entice a user to plug-in a malicious USB device,
possibly resulting in execution of arbitrary code with the privileges of
the process or a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libu2f-host users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-crypt/libu2f-host-1.1.10"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20340">CVE-2018-20340</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9578">CVE-2019-9578</uri>
</references>
<metadata tag="requester" timestamp="2020-04-16T07:16:39Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2020-04-30T23:12:17Z">b-man</metadata>
</glsa>

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-16.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202004-16">
<title>Cacti: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">cacti</product>
<announced>2020-04-30</announced>
<revised count="1">2020-04-30</revised>
<bug>715166</bug>
<bug>716406</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/cacti" auto="yes" arch="*">
<unaffected range="ge">1.2.11</unaffected>
<vulnerable range="lt">1.2.11</vulnerable>
</package>
</affected>
<background>
<p>Cacti is a complete frontend to rrdtool.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Cacti. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Cacti users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-1.2.11"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8813">CVE-2020-8813</uri>
<uri link="https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11">
Cacti 1.2.11 Release Notes
</uri>
</references>
<metadata tag="requester" timestamp="2020-04-08T05:48:28Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2020-04-30T23:18:03Z">b-man</metadata>
</glsa>

60
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202004-17.xml vendored Normal file
View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202004-17">
<title>Django: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Django, the worst of
which could result in privilege escalation.
</synopsis>
<product type="ebuild">django</product>
<announced>2020-04-30</announced>
<revised count="1">2020-04-30</revised>
<bug>692384</bug>
<bug>701744</bug>
<bug>706204</bug>
<bug>707998</bug>
<bug>711522</bug>
<access>remote</access>
<affected>
<package name="dev-python/django" auto="yes" arch="*">
<unaffected range="ge">2.2.11</unaffected>
<vulnerable range="lt">2.2.11</vulnerable>
</package>
</affected>
<background>
<p>Django is a Python-based web framework.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Django. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by sending specially crafted input, could possibly
cause a Denial of Service condition, or alter the database.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Django users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-python/django-2.2.11"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12308">CVE-2019-12308</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14232">CVE-2019-14232</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14233">CVE-2019-14233</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14234">CVE-2019-14234</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14235">CVE-2019-14235</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19118">CVE-2019-19118</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19844">CVE-2019-19844</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7471">CVE-2020-7471</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9402">CVE-2020-9402</uri>
</references>
<metadata tag="requester" timestamp="2020-04-08T04:55:21Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2020-04-30T23:30:28Z">b-man</metadata>
</glsa>

56
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-01.xml vendored Normal file
View File

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-01">
<title>Long Range ZIP: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Long Range ZIP, the
worst of which could result in a Denial of Service condition.
</synopsis>
<product type="ebuild">lrzip</product>
<announced>2020-05-12</announced>
<revised count="1">2020-05-12</revised>
<bug>617930</bug>
<bug>624462</bug>
<access>local, remote</access>
<affected>
<package name="app-arch/lrzip" auto="yes" arch="*">
<unaffected range="ge">0.631_p20190619</unaffected>
<vulnerable range="lt">0.631_p20190619</vulnerable>
</package>
</affected>
<background>
<p>Optimized for compressing large files</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Long Range ZIP. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="low">
<p>A remote attacker could entice a user to open a specially crafted
archive file possibly resulting in a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Long Range ZIP users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-arch/lrzip-0.631_p20190619"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8842">CVE-2017-8842</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8843">CVE-2017-8843</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8844">CVE-2017-8844</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8845">CVE-2017-8845</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8846">CVE-2017-8846</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8847">CVE-2017-8847</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9928">CVE-2017-9928</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9929">CVE-2017-9929</uri>
</references>
<metadata tag="requester" timestamp="2020-04-05T23:09:43Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2020-05-12T23:29:01Z">b-man</metadata>
</glsa>

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-02.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-02">
<title>QEMU: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">qemu</product>
<announced>2020-05-12</announced>
<revised count="1">2020-05-12</revised>
<bug>716518</bug>
<bug>717154</bug>
<bug>717770</bug>
<access>local</access>
<affected>
<package name="app-emulation/qemu" auto="yes" arch="*">
<unaffected range="ge">4.2.0-r5</unaffected>
<vulnerable range="lt">4.2.0-r5</vulnerable>
</package>
</affected>
<background>
<p>QEMU is a generic and open source machine emulator and virtualizer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in QEMU. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All QEMU users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-4.2.0-r5"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11102">CVE-2020-11102</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1711">CVE-2020-1711</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7039">CVE-2020-7039</uri>
</references>
<metadata tag="requester" timestamp="2020-05-04T02:29:17Z">b-man</metadata>
<metadata tag="submitter" timestamp="2020-05-12T23:31:56Z">b-man</metadata>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-03.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-03">
<title>Mozilla Thunderbird: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
the worst of which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">thunderbird</product>
<announced>2020-05-12</announced>
<revised count="1">2020-05-12</revised>
<bug>721324</bug>
<access>remote</access>
<affected>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">68.8.0</unaffected>
<vulnerable range="lt">68.8.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">68.8.0</unaffected>
<vulnerable range="lt">68.8.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker may be able to execute arbitrary code, cause a Denial
of Service condition or spoof sender email address.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.8.0"
</code>
<p>All Mozilla Thunderbird binary users should upgrade to the latest
version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=mail-client/thunderbird-bin-68.8.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12397">CVE-2020-12397</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri>
<uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/">
MFSA-2020-18
</uri>
</references>
<metadata tag="requester" timestamp="2020-05-06T20:22:31Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-12T23:34:15Z">sam_c</metadata>
</glsa>

72
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-04.xml vendored Normal file
View File

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-04">
<title>Mozilla Firefox: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
worst of which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">firefox</product>
<announced>2020-05-12</announced>
<revised count="1">2020-05-12</revised>
<bug>721090</bug>
<access>remote</access>
<affected>
<package name="www-client/firefox" auto="yes" arch="*">
<unaffected range="ge">68.8.0</unaffected>
<vulnerable range="lt">68.8.0</vulnerable>
</package>
<package name="www-client/firefox-bin" auto="yes" arch="*">
<unaffected range="ge">68.8.0</unaffected>
<vulnerable range="lt">68.8.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Firefox is a popular open-source web browser from the Mozilla
Project.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to view a specially crafted web
page, possibly resulting in the execution of arbitrary code with the
privileges of the process, an information leak or a Denial of Service
condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Firefox users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.8.0"
</code>
<p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.8.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12394">CVE-2020-12394</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12396">CVE-2020-12396</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri>
<uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/">
MFSA-2020-17
</uri>
</references>
<metadata tag="requester" timestamp="2020-05-06T14:48:10Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-12T23:36:01Z">sam_c</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-05.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-05">
<title>Squid: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Squid, the worst of
which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">squid</product>
<announced>2020-05-12</announced>
<revised count="1">2020-05-12</revised>
<bug>719046</bug>
<access>remote</access>
<affected>
<package name="net-proxy/squid" auto="yes" arch="*">
<unaffected range="ge">4.11</unaffected>
<vulnerable range="lt">4.11</vulnerable>
</package>
</affected>
<background>
<p>Squid is a full-featured Web proxy cache designed to run on Unix
systems. It supports proxying and caching of HTTP, FTP, and other URLs,
as well as SSL support, cache hierarchies, transparent caching, access
control lists and many other features.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Squid. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Squid users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-4.11"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12519">CVE-2019-12519</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12521">CVE-2019-12521</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11945">CVE-2020-11945</uri>
</references>
<metadata tag="requester" timestamp="2020-05-04T11:10:13Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-12T23:40:20Z">sam_c</metadata>
</glsa>

53
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-06.xml vendored Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-06">
<title>LIVE555 Media Server: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in LIVE555 Media Server,
the worst of which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">live555</product>
<announced>2020-05-14</announced>
<revised count="1">2020-05-14</revised>
<bug>669276</bug>
<bug>677276</bug>
<bug>717722</bug>
<access>remote</access>
<affected>
<package name="media-plugins/live" auto="yes" arch="*">
<unaffected range="ge">2020.03.06</unaffected>
<vulnerable range="lt">2020.03.06</vulnerable>
</package>
</affected>
<background>
<p>LIVE555 Media Server is a set of libraries for multimedia streaming.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in LIVE555 Media Server.
Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All LIVE555 Media Server users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-plugins/live-2020.03.06"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4013">CVE-2018-4013</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15232">CVE-2019-15232</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6256">CVE-2019-6256</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7314">CVE-2019-7314</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7733">CVE-2019-7733</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9215">CVE-2019-9215</uri>
</references>
<metadata tag="requester" timestamp="2020-05-04T11:34:40Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-14T22:04:59Z">sam_c</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-07.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-07">
<title>FreeRDP: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in FreeRDP, the worst of
which could result in a Denial of Service condition.
</synopsis>
<product type="ebuild">freerdp</product>
<announced>2020-05-14</announced>
<revised count="1">2020-05-14</revised>
<bug>716830</bug>
<access>remote</access>
<affected>
<package name="net-misc/freerdp" auto="yes" arch="*">
<unaffected range="ge">2.1.0</unaffected>
<vulnerable range="lt">2.1.0</vulnerable>
</package>
</affected>
<background>
<p>FreeRDP is a free implementation of the Remote Desktop Protocol.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in FreeRDP. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker could possibly cause a Denial of Service condition.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All FreeRDP users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-misc/freerdp-2.1.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17177">CVE-2019-17177</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11521">CVE-2020-11521</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11522">CVE-2020-11522</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11523">CVE-2020-11523</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11524">CVE-2020-11524</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11525">CVE-2020-11525</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11526">CVE-2020-11526</uri>
</references>
<metadata tag="requester" timestamp="2020-05-04T02:51:48Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-14T22:10:55Z">sam_c</metadata>
</glsa>

62
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-08.xml vendored Normal file
View File

@ -0,0 +1,62 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-08">
<title>Xen: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
could allow privilege escalation.
</synopsis>
<product type="ebuild">xen</product>
<announced>2020-05-14</announced>
<revised count="2">2020-05-15</revised>
<bug>717446</bug>
<access>local</access>
<affected>
<package name="app-emulation/xen" auto="yes" arch="*">
<unaffected range="ge">4.12.2-r2</unaffected>
<vulnerable range="lt">4.12.2-r2</vulnerable>
</package>
<package name="app-emulation/xen-tools" auto="yes" arch="*">
<unaffected range="ge">4.12.2-r1</unaffected>
<vulnerable range="lt">4.12.2-r1</vulnerable>
</package>
</affected>
<background>
<p>Xen is a bare-metal hypervisor.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Xen users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.12.2-r2"
</code>
<p>All Xen Tools users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=app-emulation/xen-tools-4.12.2-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11739">CVE-2020-11739</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11740">CVE-2020-11740</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11741">CVE-2020-11741</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11742">CVE-2020-11742</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11743">CVE-2020-11743</uri>
</references>
<metadata tag="requester" timestamp="2020-05-04T11:20:31Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-15T12:42:31Z">sam_c</metadata>
</glsa>

77
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-09.xml vendored Normal file
View File

@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-09">
<title>Python: Denial of Service</title>
<synopsis>A vulnerability in Python could lead to a Denial of Service
condition.
</synopsis>
<product type="ebuild">python</product>
<announced>2020-05-14</announced>
<revised count="1">2020-05-14</revised>
<bug>707822</bug>
<access>remote</access>
<affected>
<package name="dev-lang/python" auto="yes" arch="*">
<unaffected range="ge" slot="2.7">2.7.18</unaffected>
<unaffected range="ge" slot="3.6">3.6.10-r2</unaffected>
<unaffected range="ge" slot="3.7">3.7.7-r2</unaffected>
<unaffected range="ge" slot="3.8">3.8.2-r2</unaffected>
<vulnerable range="lt" slot="2.7">2.7.18</vulnerable>
<vulnerable range="lt" slot="3.6">3.6.10-r2</vulnerable>
<vulnerable range="lt" slot="3.7">3.7.7-r2</vulnerable>
<vulnerable range="lt" slot="3.8">3.8.2-r2</vulnerable>
</package>
</affected>
<background>
<p>Python is an interpreted, interactive, object-oriented programming
language.
</p>
</background>
<description>
<p>An issue was discovered in urllib.request.AbstractBasicAuthHandler which
allowed a remote attacker to send malicious data causing extensive
regular expression backtracking.
</p>
</description>
<impact type="normal">
<p>An attacker could cause a possible Denial of Service condition.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Python 2.7 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.18:2.7"
</code>
<p>All Python 3.6 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.6.10-r2:3.6"
</code>
<p>All Python 3.7 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.7.7-r2:3.7"
</code>
<p>All Python 3.8 users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.8.2-r2:3.8"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8492">CVE-2020-8492</uri>
</references>
<metadata tag="requester" timestamp="2020-05-07T23:04:03Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-14T22:18:15Z">sam_c</metadata>
</glsa>

58
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-10.xml vendored Normal file
View File

@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-10">
<title>libmicrodns: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in libmicrodns, the worst
of which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">libmicrodns</product>
<announced>2020-05-14</announced>
<revised count="1">2020-05-14</revised>
<bug>714606</bug>
<access>remote</access>
<affected>
<package name="net-libs/libmicrodns" auto="yes" arch="*">
<unaffected range="ge">0.1.2</unaffected>
<vulnerable range="lt">0.1.2</vulnerable>
</package>
</affected>
<background>
<p>libmicrodns is an mDNS library, focused on being simple and
cross-platform.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in libmicrodns. Please
review the CVE identifiers and the upstream advisory referenced below for
details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All libmicrodns users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/libmicrodns-0.1.2"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6071">CVE-2020-6071</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6072">CVE-2020-6072</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6073">CVE-2020-6073</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6077">CVE-2020-6077</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6078">CVE-2020-6078</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6079">CVE-2020-6079</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6080">CVE-2020-6080</uri>
<uri link="https://www.videolan.org/security/sb-vlc309.html">
VideoLAN-SB-VLC-309
</uri>
</references>
<metadata tag="requester" timestamp="2020-05-13T00:35:54Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-14T22:21:44Z">sam_c</metadata>
</glsa>

55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-11.xml vendored Normal file
View File

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-11">
<title>VLC: Buffer overflow</title>
<synopsis>A buffer overflow in VLC might allow local or remote attacker(s) to
execute arbitrary code.
</synopsis>
<product type="ebuild">vlc</product>
<announced>2020-05-14</announced>
<revised count="1">2020-05-14</revised>
<bug>721940</bug>
<access>local, remote</access>
<affected>
<package name="media-video/vlc" auto="yes" arch="*">
<unaffected range="ge">3.0.10</unaffected>
<vulnerable range="lt">3.0.10</vulnerable>
</package>
</affected>
<background>
<p>VLC is a cross-platform media player and streaming server.</p>
</background>
<description>
<p>A buffer overflow in DecodeBlock in sdl_image.c was discovered.</p>
</description>
<impact type="normal">
<p>A remote user could craft a specifically crafted image file that could
execute arbitrary code or cause denial of service.
</p>
</impact>
<workaround>
<p>The user should refrain from opening files from untrusted third parties
or accessing untrusted remote sites (or disable the VLC browser plugins),
until they upgrade.
</p>
</workaround>
<resolution>
<p>All VLC users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.10"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19721">CVE-2019-19721</uri>
<uri link="https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b">
Upstream patch
</uri>
<uri link="https://www.videolan.org/security/sb-vlc309.html">
VideoLAN-SB-VLC-309
</uri>
</references>
<metadata tag="requester" timestamp="2020-05-12T16:12:42Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-14T22:24:24Z">sam_c</metadata>
</glsa>

56
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-12.xml vendored Normal file
View File

@ -0,0 +1,56 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-12">
<title>OpenSLP: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in OpenSLP, the worst of
which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">openslp</product>
<announced>2020-05-14</announced>
<revised count="2">2020-05-14</revised>
<bug>662878</bug>
<access>remote</access>
<affected>
<package name="net-misc/openslp" auto="yes" arch="*">
<vulnerable range="le">2.0.0-r5</vulnerable>
</package>
</affected>
<background>
<p>OpenSLP is an open-source implementation of Service Location Protocol
(SLP).
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenSLP. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>Gentoo has discontinued support for OpenSLP. We recommend that users
unmerge OpenSLP:
<code>
# emerge --unmerge "net-libs/openslp"
</code>
<p>NOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued
support at this time. It may be possible that a new Gentoo developer
will update OpenSLP at a later date. No known alternatives to OpenSLP
are in the tree at this time.
</p>
</p>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17833">
CVE-2017-17833
</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5544">CVE-2019-5544</uri>
</references>
<metadata tag="requester" timestamp="2020-05-13T01:13:11Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-14T22:31:01Z">sam_c</metadata>
</glsa>

74
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202005-13.xml vendored Normal file
View File

@ -0,0 +1,74 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202005-13">
<title>Chromium, Google Chrome: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Chromium and Google
Chrome, the worst of which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild"></product>
<announced>2020-05-14</announced>
<revised count="1">2020-05-14</revised>
<bug>719902</bug>
<bug>721310</bug>
<access>remote</access>
<affected>
<package name="www-client/chromium" auto="yes" arch="*">
<unaffected range="ge">81.0.4044.138</unaffected>
<vulnerable range="lt">81.0.4044.138</vulnerable>
</package>
<package name="www-client/google-chrome" auto="yes" arch="*">
<unaffected range="ge">81.0.4044.138</unaffected>
<vulnerable range="lt">81.0.4044.138</vulnerable>
</package>
</affected>
<background>
<p>Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
</p>
<p>Google Chrome is one fast, simple, and secure browser for all your
devices.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Chromium users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/chromium-81.0.4044.138"
</code>
<p>All Google Chrome users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=www-client/google-chrome-81.0.4044.138"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6461">CVE-2020-6461</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6462">CVE-2020-6462</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6464">CVE-2020-6464</uri>
<uri link="https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html">
Release notes (81.0.4044.129)
</uri>
<uri link="https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html">
Release notes (81.0.4044.138)
</uri>
</references>
<metadata tag="requester" timestamp="2020-05-13T00:58:25Z">sam_c</metadata>
<metadata tag="submitter" timestamp="2020-05-14T22:35:22Z">sam_c</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Thu, 16 Apr 2020 05:38:59 +0000
Fri, 15 May 2020 14:08:23 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
f2cb9b0eb0e16fd065838568dbe36727be807027 1586556154 2020-04-10T22:02:34+00:00
8f997a18382e6fd1fe9722aff738fb088141123c 1589546660 2020-05-15T12:44:20+00:00