diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 92a8f84969..2696b3f48b 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 517807 BLAKE2B 2ecdb63e9cfe1a1b71d23ab4fe58b057928be5a410ab9012b87ec1e7c917af227099229248e5b2c7dc5b25edb96e4adad920259d956349d0ecbb204178f8da2c SHA512 4ca9cc06a8ae7d4eefdd8a435b92f1f4e675295b618afdb11cf1d7f45b49f0fd5137f7f0c81b60933a8b942fe25de9928a9f4ffe0d5968bae8eae39c95a7da50 -TIMESTAMP 2021-09-03T09:39:09Z +MANIFEST Manifest.files.gz 518284 BLAKE2B cb5fac863af3ef8aeec2b30770dcc46b92cbbaa35f883be3558623dd9e5b3307de19f033786959c2acefd089b402b92ae2601f1a2c9fbecd7bfee07eeebbf7b1 SHA512 052cb56c55e024e97ce62af25a94a63d53c61d2136da88877dd492ef68703ac7e8da03f6d57bdbf30b2c7ff7dccedfad2ae627469dda5745354b99d6f6e960d8 +TIMESTAMP 2022-02-14T12:39:14Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmEx7T1fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmIKTXJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDDdg/9E3xzbHQflhxbmbSuYxUQw+5moNxqX0RH7/BlcY/jtIzF4trigK8Sq+eQ -zawPG+Z46e42+9llPtTeJ/S9fThrYfbJ2F8bw3QlQT6bdwOsi+Gm0x2taeLJM42L -5TQUDlSsB9V0Q41nNpqBn4KKrz7KeSd0B6EFOtgyjIivAR6IiDpn6t8XHHQUAcDt -MqeWOU1AuDvR3spVwNIXiC3nX8hn9LnPk2F/N3tmxAT1IctmW0mZtNxhlbEa48Le -h/ESWkPqsPno/OGGby+qsXyS1+29LFq4dYin+zl9qOdFoqJ/FcbpYYajz7Kg4fT+ -Rt71hIBC9e6N4Vruyj4TGp1UyuQ95W8ff0fuuUGV02dsGZCgN1qdW8RD6x+LtAGn -ee5tLam28eFy6n2M3ACaKdgGfUCQs5UozjR9/KjGjf5ZzMt1O0DYOkGK3lOx90jJ -9R04NMl4lN6NqyzqEn0Gr6ljMyjhXP2VYaqQqtu0ybAezVenIV+xXw99WuA0IUYJ -KEzFaKCB/D4tj6IidGvz3/Zk+Asa1+VxlZ3GoT9jkG4E93doQQk7mcWpulADxYwI -1VYd/u/8ud8LLe6Yq61DZRnoAIyQJYhX8Ij2d54uD+G1vz/Oa+o0nk3yCcJl/Pjj -A1vjJG4Be5NsoFJUVQaxiNcfN0KxGx6Z5RPgGMYlGhkSIjsw56U= -=plvA +klCAjA/9HwFYsxuRkPGRrV6K8wLfVbDVy/k1z37D9snjOnQ5b7wG3qlFapO+aD5d +qRiqgJGNRmhF6j7YJ9jfTw3jeCxeIn2lR4S6KCSizAofr5Nzl/DNobfSqjNoDWew +k8MZ/zu5WS7iHeSgXfX03fB/dXiwpxQBT14REa8pCfxnnplPKeu+FxyLRY1CCj8S +xS/boQOaJUYwo7X9ODKjM9D2zQbhuQIn9TkCAZMCVDxaz93ITLZUEM+lNAKKRngo +tHIDi3PQorvgCbrbCog5dLXi90Lziv7kpUJpF/rI70RisP4vbKFGXWA5ySs2lKXD +CJTXEV03p0CZx+FN8l8KsaHG9FM3V1f7jVJdbs+x8cAxM9ycVNZYMU3BHJClW7CE +MSUB9bdH+GB94qtj580+d4xq1A/MsWSvsARlWo2YgWoIetvCLlCp6qNSooKUFHiu +UmlyYPVLWaGBtrBYIEkJCWrsBG6TgYweMXVOpXNv0SLuUiv2PfynzThHeF7KqCtY +G/Rd2hO+awkXUS3DnjSw1Ldduvd/gOrwa6TV5KYdfBI5pfvn1CmbrUJFjcscigX2 +mTy1MQuh0HtqYGlUGmGKF6vf7dJiD7RSxM4EGA6ySepCQYtlj62zC+d/smlU9mmJ +4U+j6d1yk0cI518+9Uxj+xlHX6ItY11h18P5UASSIBFbwxajMhw= +=1Nn+ -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index fb3d67f101..c2498e00e9 100644 Binary files a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz and b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz differ diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-01.xml new file mode 100644 index 0000000000..ddfef3de56 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-01.xml @@ -0,0 +1,44 @@ + + + + Polkit: Local privilege escalation + A vulnerability in polkit could lead to local root privilege escalation. + + polkit + 2022-01-27 + 2022-01-27 + 832057 + local + + + 0.120-r2 + 0.120-r2 + + + +

polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.

+ + +

Flawed input validation of arguments was discovered in the 'pkexec' program's main() function.

+ + +

A local attacker could achieve root privilege escalation.

+ + +

Run the following command as root: +# chmod 0755 /usr/bin/pkexec

+ + +

Upgrade Polkit to a patched version.

+ + + # emerge --sync + # emerge --ask --verbose ">=sys-auth/polkit-0.120-r2" + + + + CVE-2021-4034 + + sam + sam + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-02.xml new file mode 100644 index 0000000000..f33a7a5685 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-02.xml @@ -0,0 +1,257 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the arbitrary execution of code. + + chromium,google-chrome + 2022-01-31 + 2022-01-31 + 803167 + 806223 + 808715 + 811348 + 813035 + 814221 + 814617 + 815673 + 816984 + 819054 + 820689 + 824274 + 829190 + 830642 + 831624 + remote + + + 97.0.4692.99 + 97.0.4692.99 + + + 97.0.4692.99 + 97.0.4692.99 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one, fast, simple, and secure browser for all + your devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium + and Google Chrome. Please review the CVE identifiers referenced below + for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-97.0.4692.99" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-97.0.4692.99" + + + + CVE-2021-30565 + CVE-2021-30566 + CVE-2021-30567 + CVE-2021-30568 + CVE-2021-30569 + CVE-2021-30571 + CVE-2021-30572 + CVE-2021-30573 + CVE-2021-30574 + CVE-2021-30575 + CVE-2021-30576 + CVE-2021-30577 + CVE-2021-30578 + CVE-2021-30579 + CVE-2021-30580 + CVE-2021-30581 + CVE-2021-30582 + CVE-2021-30583 + CVE-2021-30584 + CVE-2021-30585 + CVE-2021-30586 + CVE-2021-30587 + CVE-2021-30588 + CVE-2021-30589 + CVE-2021-30590 + CVE-2021-30591 + CVE-2021-30592 + CVE-2021-30593 + CVE-2021-30594 + CVE-2021-30596 + CVE-2021-30597 + CVE-2021-30598 + CVE-2021-30599 + CVE-2021-30600 + CVE-2021-30601 + CVE-2021-30602 + CVE-2021-30603 + CVE-2021-30604 + CVE-2021-30606 + CVE-2021-30607 + CVE-2021-30608 + CVE-2021-30609 + CVE-2021-30610 + CVE-2021-30611 + CVE-2021-30612 + CVE-2021-30613 + CVE-2021-30614 + CVE-2021-30615 + CVE-2021-30616 + CVE-2021-30617 + CVE-2021-30618 + CVE-2021-30619 + CVE-2021-30620 + CVE-2021-30621 + CVE-2021-30622 + CVE-2021-30623 + CVE-2021-30624 + CVE-2021-30625 + CVE-2021-30626 + CVE-2021-30627 + CVE-2021-30628 + CVE-2021-30629 + CVE-2021-30630 + CVE-2021-30631 + CVE-2021-30632 + CVE-2021-30633 + CVE-2021-37956 + CVE-2021-37957 + CVE-2021-37958 + CVE-2021-37959 + CVE-2021-37960 + CVE-2021-37961 + CVE-2021-37962 + CVE-2021-37963 + CVE-2021-37965 + CVE-2021-37966 + CVE-2021-37967 + CVE-2021-37968 + CVE-2021-37970 + CVE-2021-37971 + CVE-2021-37973 + CVE-2021-37974 + CVE-2021-37975 + CVE-2021-37976 + CVE-2021-37977 + CVE-2021-37978 + CVE-2021-37979 + CVE-2021-37981 + CVE-2021-37982 + CVE-2021-37983 + CVE-2021-37984 + CVE-2021-37985 + CVE-2021-37986 + CVE-2021-37987 + CVE-2021-37988 + CVE-2021-37989 + CVE-2021-37990 + CVE-2021-37991 + CVE-2021-37992 + CVE-2021-37993 + CVE-2021-37994 + CVE-2021-37995 + CVE-2021-37996 + CVE-2021-37997 + CVE-2021-37998 + CVE-2021-37999 + CVE-2021-38000 + CVE-2021-38001 + CVE-2021-38002 + CVE-2021-38003 + CVE-2021-38005 + CVE-2021-38006 + CVE-2021-38007 + CVE-2021-38008 + CVE-2021-38009 + CVE-2021-38010 + CVE-2021-38011 + CVE-2021-38012 + CVE-2021-38013 + CVE-2021-38014 + CVE-2021-38015 + CVE-2021-38016 + CVE-2021-38017 + CVE-2021-38018 + CVE-2021-38019 + CVE-2021-38020 + CVE-2021-38021 + CVE-2021-38022 + CVE-2021-4098 + CVE-2021-4099 + CVE-2021-4100 + CVE-2021-4101 + CVE-2021-4102 + CVE-2022-0096 + CVE-2022-0097 + CVE-2022-0098 + CVE-2022-0099 + CVE-2022-0100 + CVE-2022-0101 + CVE-2022-0102 + CVE-2022-0103 + CVE-2022-0104 + CVE-2022-0105 + CVE-2022-0106 + CVE-2022-0107 + CVE-2022-0108 + CVE-2022-0109 + CVE-2022-0110 + CVE-2022-0111 + CVE-2022-0112 + CVE-2022-0113 + CVE-2022-0114 + CVE-2022-0115 + CVE-2022-0116 + CVE-2022-0117 + CVE-2022-0118 + CVE-2022-0120 + CVE-2022-0289 + CVE-2022-0290 + CVE-2022-0291 + CVE-2022-0292 + CVE-2022-0293 + CVE-2022-0294 + CVE-2022-0295 + CVE-2022-0296 + CVE-2022-0297 + CVE-2022-0298 + CVE-2022-0300 + CVE-2022-0301 + CVE-2022-0302 + CVE-2022-0303 + CVE-2022-0304 + CVE-2022-0305 + CVE-2022-0306 + CVE-2022-0307 + CVE-2022-0308 + CVE-2022-0309 + CVE-2022-0310 + CVE-2022-0311 + + ajak + ajak + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202202-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202202-01.xml new file mode 100644 index 0000000000..5fef12d043 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202202-01.xml @@ -0,0 +1,111 @@ + + + + WebkitGTK+: Multiple vulnerabilities + Multiple vulnerabilities have been found in WebkitGTK+, the worst of + which could result in the arbitrary execution of code. + + webkit-gtk + 2022-02-01 + 2022-02-01 + 779175 + 801400 + 813489 + 819522 + 820434 + 829723 + 831739 + remote + + + 2.34.4 + 2.34.4 + + + +

WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, + from hybrid HTML/CSS applications to full-fledged web browsers. +

+ + +

Multiple vulnerabilities have been discovered in WebkitGTK+. Please + review the CVE identifiers referenced below for details. +

+ + +

An attacker, by enticing a user to visit maliciously + crafted web content, may be able to execute arbitrary code, violate + iframe sandboxing policy, access restricted ports on arbitrary + servers, cause memory corruption, or could cause a Denial of Service + condition.

+ + +

There is no known workaround at this time.

+ + +

All WebkitGTK+ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4" + + + + CVE-2021-1788 + CVE-2021-1817 + CVE-2021-1820 + CVE-2021-1825 + CVE-2021-1826 + CVE-2021-1844 + CVE-2021-1871 + CVE-2021-21775 + CVE-2021-21779 + CVE-2021-21806 + CVE-2021-30661 + CVE-2021-30663 + CVE-2021-30665 + CVE-2021-30666 + CVE-2021-30682 + CVE-2021-30689 + CVE-2021-30720 + CVE-2021-30734 + CVE-2021-30744 + CVE-2021-30749 + CVE-2021-30758 + CVE-2021-30761 + CVE-2021-30762 + CVE-2021-30795 + CVE-2021-30797 + CVE-2021-30799 + CVE-2021-30809 + CVE-2021-30818 + CVE-2021-30823 + CVE-2021-30836 + CVE-2021-30846 + CVE-2021-30848 + CVE-2021-30849 + CVE-2021-30851 + CVE-2021-30858 + CVE-2021-30884 + CVE-2021-30887 + CVE-2021-30888 + CVE-2021-30889 + CVE-2021-30890 + CVE-2021-30897 + CVE-2021-30934 + CVE-2021-30936 + CVE-2021-30951 + CVE-2021-30952 + CVE-2021-30953 + CVE-2021-30954 + CVE-2021-30984 + CVE-2021-42762 + CVE-2021-45482 + WSA-2021-0004 + WSA-2021-0005 + WSA-2021-0006 + + ajak + ajak + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 7d44a0782c..f83144c1e1 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 03 Sep 2021 09:39:05 +0000 +Mon, 14 Feb 2022 12:39:11 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index bbcaf950a9..1ddda011c9 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -7b9e3c731523fe15934efc37e813384c70ecd7b6 1627096087 2021-07-24T03:08:07+00:00 +d2418b0a913a694a55e21440268b44301931867c 1643686264 2022-02-01T03:31:04+00:00