diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 7ad3d4e290..fc9db89f9a 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 437590 BLAKE2B 89b5299a2ae5909a2f126e7d079e486a46a84b314ae3fd8e955c116ff1469671110300e3034ae816a3f8d7760ff951864b0f6a2ea8e63f69093f03e040aaa3f5 SHA512 af2b9c5421b1ff957533cc161bb0347cbaa2e3e90c9069b5b7e6141ce2a943b1cc971aacd34224e34915a04db19e7b1d06ff5519de5e8c67f4753e7fc7157bf3 -TIMESTAMP 2019-03-19T13:08:41Z +MANIFEST Manifest.files.gz 437750 BLAKE2B e4c6b7d5ec709b50478a92e61fd043c3784eb62915f4d39921a1c91a36627c315752406124b99ad4af39a3380f0f1c4b9ccabb34323d36427251a04d374298bd SHA512 31716069b15e65375ed6e961b9459069e7ce8ef8e807f89b733a3fd83d7d24cc1a5166f4e9df1134d130ee61e231e8958fee715eba64b4e57349f5a4b6f22879 +TIMESTAMP 2019-03-20T14:08:40Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyQ6dlfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlySSWhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCiIxAAtD8h+ihAUDvqNvCC9SdERlHiKbmJk96TjCAugmmp8BSF9AMOa7YktfUR -yfNqRUI2kG5hBz9OxV3ll1NyIB8knAoBnYEZsCSqCuCM1UXdiolduYy+bWrXeN57 -f5VtmkPXhCJEfDbURbCMBkraAVOYbBjV5f3P80zmmKgRawMOiQLAtDGSBgfDDWue -83ILR2ZANa+GCluDVEe9Y5+50D5ydKCdWFDD7YOC5gpM/98Yj4idOguQV1IBA0dv -9VPtH1amWCmmuYuPgkHAzyQpYAKFeWGZaCbaHVkhDPv15/BS05zKMqWbTCYcC14C -nn3JBR8tPPR135NG1n9skFg/ycTcfaJfkqZ1Mweh5NrJzsass9qEGMIK7sNsclcF -90SONSRWPzwasHtLoTs5uYp4Vtv04BdPOQDutoGenOrA+p83Phef3Qydn6TgVSfg -hwQTV8LyT7U7elU77+t4QiwMX090K++Ey4/zTZW/cdafiGRT+pMfY5/8SD0gb7lm -VRoyEz2IQxsHg84jRfC72jkpiDwRlJgFacbdy+Rzx5kRgJvA63c0GtQZNwTI4dQt -pK+Hnubpv+AP9BW89D3rpbdEYBr7mXS2Lx8ZW6zl0deBYUL77V3KBPDqC0au9usz -uQOXjuOvugjnJd9bnHS/ArJ30VJ01wVhqIktgyLzq1A7/jvOmK8= -=9XkB +klAGHBAAie17TMYJuUaFIcborhrkjUGykwyzXp3d/RBt9kjIZFoqDAHjYD5+Wlet +xi0aBUzYmWx2HGuW0DpKGr6Wa4vDktJKY+hNI4rocY1WdNxXtQiw7eKLlbKgYXFy +f/9ylhxNKUeh72Cak1yNUDarC5B8MJGyNp5vrU4TUPs6mJNd/fbbXyhISOwvbRmU +zHwgtFrVRVYuGlT/BC3ZNp2tAp8aiTOa9su63eFJF3Mk4Qm9wgYaT+2+wXuMxt8y +CWy3yazdUQnsKOEJ2Uk1r71Khb/k/4uFgTgQli/QBFIgNAXOk6kozHuQE1DLvoue +nHFuf32luDHqZ1k6uhRjQC8QHXCXSeooBvoph+J/ppRB9KmBs0mLGzIMOa3iJ8ti +um4W2huqGWhwakx0zTS3Hj+udcGIHKmq7ynSD2JCclAX0Y1L4feGLr6Q5XuTEnTN +KlCmYKL4UQOHKhgZMhz9LqteWjQc40kZbC2dXldFg/xMMEeIdFMVVz/QgQxUHX9b +vyXkluS7I8GnzBf2BhhJdUIu9gCuILL/c+sk7YYvNZp4mmTe6/JzYxlBJHVQsq9+ +rDUwCLFNftc+u5tDDjLprrJXJK2Fq25wGTISLIs+nvrJsx+h5mcydHq/e40dN6UM +syOsTDuxkNwClqxLKgBjWeHO0AM6orLLN2mA61rR9z3mkWHwhoE= +=dL/y -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index 01756e23b6..952fa66fd1 100644 Binary files a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz and b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz differ diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-16.xml new file mode 100644 index 0000000000..7e9889dc28 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-16.xml @@ -0,0 +1,54 @@ + + + + OpenSSH: Multiple vulnerabilities + Multiple vulnerabilities have been found in OpenSSH, the worst of + which could allow a remote attacker to gain unauthorized access. + + openssh + 2019-03-20 + 2019-03-20 + 675520 + 675522 + remote + + + 7.9_p1-r4 + 7.9_p1-r4 + + + +

OpenSSH is a complete SSH protocol implementation that includes SFTP + client and server support. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSH. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could overwrite arbitrary files, transfer malicious + files, or gain unauthorized access. +

+ + +

There is no known workaround at this time.

+ + +

All OpenSSH users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.9_p1-r4" + + + + CVE-2018-20685 + CVE-2019-6109 + CVE-2019-6110 + CVE-2019-6111 + + BlueKnight + b-man + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 234ab236bd..a905cc5ceb 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 19 Mar 2019 13:08:37 +0000 +Wed, 20 Mar 2019 14:08:36 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index 98bcf26d91..2d8b2954e1 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -0a72c299702ffceee8f32f22b9d7b2c33e5140a0 1552965642 2019-03-19T03:20:42+00:00 +30f2fef098951e797cb4c22b80fbeb640fff7f3f 1553088963 2019-03-20T13:36:03+00:00