From d79bbf0c2871cc82d1ebd1be737b75c17af93486 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Wed, 16 Feb 2022 15:16:37 +0100 Subject: [PATCH] metadata: update GLSA metadata 20220216 --- .../portage-stable/metadata/glsa/Manifest | 30 +- .../metadata/glsa/Manifest.files.gz | Bin 517807 -> 518284 bytes .../metadata/glsa/glsa-202201-01.xml | 44 +++ .../metadata/glsa/glsa-202201-02.xml | 257 ++++++++++++++++++ .../metadata/glsa/glsa-202202-01.xml | 111 ++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 7 files changed, 429 insertions(+), 17 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202202-01.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 92a8f84969..2696b3f48b 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 517807 BLAKE2B 2ecdb63e9cfe1a1b71d23ab4fe58b057928be5a410ab9012b87ec1e7c917af227099229248e5b2c7dc5b25edb96e4adad920259d956349d0ecbb204178f8da2c SHA512 4ca9cc06a8ae7d4eefdd8a435b92f1f4e675295b618afdb11cf1d7f45b49f0fd5137f7f0c81b60933a8b942fe25de9928a9f4ffe0d5968bae8eae39c95a7da50 -TIMESTAMP 2021-09-03T09:39:09Z +MANIFEST Manifest.files.gz 518284 BLAKE2B cb5fac863af3ef8aeec2b30770dcc46b92cbbaa35f883be3558623dd9e5b3307de19f033786959c2acefd089b402b92ae2601f1a2c9fbecd7bfee07eeebbf7b1 SHA512 052cb56c55e024e97ce62af25a94a63d53c61d2136da88877dd492ef68703ac7e8da03f6d57bdbf30b2c7ff7dccedfad2ae627469dda5745354b99d6f6e960d8 +TIMESTAMP 2022-02-14T12:39:14Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmEx7T1fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmIKTXJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDDdg/9E3xzbHQflhxbmbSuYxUQw+5moNxqX0RH7/BlcY/jtIzF4trigK8Sq+eQ -zawPG+Z46e42+9llPtTeJ/S9fThrYfbJ2F8bw3QlQT6bdwOsi+Gm0x2taeLJM42L -5TQUDlSsB9V0Q41nNpqBn4KKrz7KeSd0B6EFOtgyjIivAR6IiDpn6t8XHHQUAcDt -MqeWOU1AuDvR3spVwNIXiC3nX8hn9LnPk2F/N3tmxAT1IctmW0mZtNxhlbEa48Le -h/ESWkPqsPno/OGGby+qsXyS1+29LFq4dYin+zl9qOdFoqJ/FcbpYYajz7Kg4fT+ -Rt71hIBC9e6N4Vruyj4TGp1UyuQ95W8ff0fuuUGV02dsGZCgN1qdW8RD6x+LtAGn -ee5tLam28eFy6n2M3ACaKdgGfUCQs5UozjR9/KjGjf5ZzMt1O0DYOkGK3lOx90jJ -9R04NMl4lN6NqyzqEn0Gr6ljMyjhXP2VYaqQqtu0ybAezVenIV+xXw99WuA0IUYJ -KEzFaKCB/D4tj6IidGvz3/Zk+Asa1+VxlZ3GoT9jkG4E93doQQk7mcWpulADxYwI -1VYd/u/8ud8LLe6Yq61DZRnoAIyQJYhX8Ij2d54uD+G1vz/Oa+o0nk3yCcJl/Pjj -A1vjJG4Be5NsoFJUVQaxiNcfN0KxGx6Z5RPgGMYlGhkSIjsw56U= -=plvA +klCAjA/9HwFYsxuRkPGRrV6K8wLfVbDVy/k1z37D9snjOnQ5b7wG3qlFapO+aD5d +qRiqgJGNRmhF6j7YJ9jfTw3jeCxeIn2lR4S6KCSizAofr5Nzl/DNobfSqjNoDWew +k8MZ/zu5WS7iHeSgXfX03fB/dXiwpxQBT14REa8pCfxnnplPKeu+FxyLRY1CCj8S +xS/boQOaJUYwo7X9ODKjM9D2zQbhuQIn9TkCAZMCVDxaz93ITLZUEM+lNAKKRngo +tHIDi3PQorvgCbrbCog5dLXi90Lziv7kpUJpF/rI70RisP4vbKFGXWA5ySs2lKXD +CJTXEV03p0CZx+FN8l8KsaHG9FM3V1f7jVJdbs+x8cAxM9ycVNZYMU3BHJClW7CE +MSUB9bdH+GB94qtj580+d4xq1A/MsWSvsARlWo2YgWoIetvCLlCp6qNSooKUFHiu +UmlyYPVLWaGBtrBYIEkJCWrsBG6TgYweMXVOpXNv0SLuUiv2PfynzThHeF7KqCtY +G/Rd2hO+awkXUS3DnjSw1Ldduvd/gOrwa6TV5KYdfBI5pfvn1CmbrUJFjcscigX2 +mTy1MQuh0HtqYGlUGmGKF6vf7dJiD7RSxM4EGA6ySepCQYtlj62zC+d/smlU9mmJ +4U+j6d1yk0cI518+9Uxj+xlHX6ItY11h18P5UASSIBFbwxajMhw= +=1Nn+ -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index fb3d67f1010c8ef606c0fc21a712d03a9ef084a7..c2498e00e944188d622167e467e4cba819041dfc 100644 GIT binary patch delta 3176 zcmV-u443n-%^!@>AAp1bgaU*Egam{Iga)(+{o8+RQzglbDEi;4@CuBS`pg9w<3Bcd z2dR`252mrfvwwV!rr)b#T*ENX-P855lv2cv(2aYWX0cZo8i!xb%ctYyt2l#DC5NzT z9@^vO^`Leyh?ts1qw+~863t4F((^@gloBXubi&p}So5xVku(*`CGj>#`wp-1iX75DKn%Vj~orh6RB8_%g4xcJludf=RrmH#=3?>@CU!(+K z&(g8Ry#8UezOeiof*{M5L_*TYl+!Q>o||N`4h|)6*pabu-||=N>yhCbP$L2(<=s$X zE8tEsCwzjpRkbE7Yeb@D$1QF7vONYCC}nFKgiXZ*wUN~Z#rAhMP@$9ImyO*AAb;K? z`NMaeKGcw&Ehs&xhFQ=yW!V3qs@?2B$&^NfOJ7)5kvic+<&(cSHua53sgz@9lin+MvuW6kGzPS)*i z4~VyT`E!tJDVhNgffo9LUpI{<9FPu4k{6&FWFHlk>#~ZI(=uf=?$QzWq^_;wNg@2 zAZQ~(odL>F7f9t1!tmsn>U9@y0d#SMI8%E8_0{kw%67PXQ{MJ&7n^=Roy0G`{PDtD zRiIh5ppI&S9TIAuC4oiW&wr6@b$VkNnubA|fk0SeE>2It7geL20@Up+5Xi5$HTillFIREp2t1+%4V`KL0G7cBK5+CEVN_WPO$Va)C2gBLK93@OHgVLAKbx}F!z;2yI!r03AK*M>2NPt?j@Wb>6Dq?> zmD$*u>`cnFEa#BJbEyQZqdC!vnuR!H_btjnSjT(`*$_*fY=6v25+F6=QrB1t^Q9M6 zQxbiHD>d*O2+MZ=PSr>5d}@<=KMq%CzAd|X)M`gw23N4nRP5=j<(xB5!xK9{OHACF zpyk8uYyQIWZ!BF(;2yoB;5dVD)t?AQPg} zN!6s!Tm8-RVSgVf^#o$N;{=ougH8=u$yLEyvn}=hWa@+Yy;^l&P!0tqc^F`X7v~QV zw)|H0w5%>3C7IxY;<(yfbt#G?H;+2*8hkkg&h{ffq^N62_fvw*A8o#u=Fy9cp>e0I z55BN^>&K`2#Qed7`Lf>+{^nnj^rYnQ7K(a~?AieXJbzfO2ZzQo73_E(!Z3EA++}A; z9(5R_{1s{9AkywQqpDk}JHB`T%?FkFqo22$nip?$-Ej+|=K7kerv5yWP4mK{UG~$; z?Tl?#2<7xTP*2rdx{Uot3dF-_N78^u`jQ<;T4;|GxsE3DqGMf;%8yGg&!7~j4SX#- zY<0|~{C`zqbBvGZ^e2|@?~+oA4weDpA|mxTyj7m&MxijzLFGW0^Wu7`gntSgsExeV zAG;S-FCNg@geo(S*Sj0@z==pm7{goT;n^oXq{EIFXhka@0bbAF>KO!;IHgCB(Dj2f z1Uq^>rU9KqMlK?}6MBNIq}@7fehSCn*5tmctAD1rTXZ5{&6c4eKZ*KQ+>0%!UdgS@*UXlO*H!e)NI-k_J&%~H(o&=iut)Pg z&Oz&v6zq0kh>mODUG;RQ=ruguy~;L-hJ^Mm7g)Zf1N?o? zBkICA1?^RHcizaS8<@yF`m0eZAV{Oaw4kQ{YjdZPJhq~ z;Y>e70*5d<*`&Okq29`1TCx(BshY`9)VeA^366MXAmn33qOi!}C9_)g>Hu)e!F8{_ z)q*VT;RWnQB>deW735CJAa|S0%a)%%E6E)=y}qE5*7M*x>p1sS8pS=YRkI&4RRc(@ zQv>MRnNpLq=0)16+Uh@4Oq;~i{0pJ-DPJ6$@a8vpIhU&B2Pl6`U;(u~sb)IT@}%un z$no217CbfQCD?7Inzh&fJUHR|-3^?Ls-CKFP$y{o3eu3Zcqy)^Sx4YRKYI6YfGA-G zo4hJi8f;J>7s2e3R(+Ffw{iF_is!L3{R7KH^Zu>K;A6FYsvS2ezbEfJIHLMtwZ5?Y z+vJKP$QR{Pu%dtQdXR{y$)VSyge*>X*Sb`aVlW8UFWN>2_HY!lR08CPswbsA3(p#Z zK;|~Kl_OHK-1bBB*yc!@5{j+e(pagazw5***`YhXqIa{yMrXV!YoZ3{H7!ZMnM47$ zWFd&myd6LXJ6`sm3MZUvs@y1NJWbKe31Rd*o?F|4$k&E^%0uq# zr?~aSmw)310^=m3fe%g-I7vrWi%Lf70L8sO%X#@@cV38F@IA-yEAGC^+ye9*nsv zrItErD#Cy4dE^MxRIL0q2*^Po5FN_jutUexDgq?fZ3M)siY5TaF-wpSIlAzxJCJ?` zr$tkSG=9$w|RynKtSKPA6eepK(GZm9n0k z{5gO$KZo{*Y3T;2VmsfsXp%063FNc1C?ulZ!JB`fum_i@diC^rDI6qG)xM3`dW=Tu za;S8wpwhf-$vn<5E;$Ud7~}{Onj>ycg0(+;q}=pFEqdulDq%~dTNfb0ie+wAyoR!3 zI$oeZjjEgC;`Cv)j&DX%dn2CqvHhG0gPLPcjz`l3caJ~%WZFAjr2p3RfUz^zH0@Py zdwPEg=CLoQHNDg$LJ{6%(A@(gPVO&9CP_iWU?p14+i?%-&z93`Xdeio$=6ICcH(HQ zl7_XWl4Q#^B}>Fwyhc>!igR@V2K7jE#8^FH7D;n5yA~v6Udw0zWOlT}>=qeR#K%^2 zQwF(g-IA`X*}BRRf4^ME*XE)UeU;Tw?zVp;9OTBR4+!VOS?)Z9J0K`tf@-EkJNe2 zL_4V@X^7}ZO3+&=rC7J*dED3jH zQe1Ux;W36wNCVe2BSdDl8gnhNETc$=gBx8^=RzK|J2 zIyg&x4xr1YWN))VXH(N@d4W-Ht&p?&hOF!VuU7ummrrj!h^|ENoK5ix{pYiG^|I1A z%qny$h?KI@VK?bl;X8TahZ+zRA2Ag3^c#;jdocMpDI_cuNtAIt2z@5CK|t=qy%Bl ztz(UO{ljX#u>2c>Aj_6SLej{T(=Z91n`Chx97^7>BV+TrA z!*`uN)sS8-C_Si#SI^jd*lV2R0`o^SG%CWOaFBZtz zZ+*%W|FlyHfKV0aP~yL;!K+_Isw;^6!Y}{XN4E$)-|Ysox%&{tczl=EtLm~+9Fnk| zHq`}42hIuPxg0?JI*B0`nXN>|e-4yNPv3n5Wvj}l6gl03vDkLKoQig=d5p1Gx2ruM z-s0uc8M`L0&PWo@?BNcbFRCtzWTzg1%ml`wC-5p-z;=$Sk_8`D>m`|9(%a2GJLiZR z6CT!Z1DqGfsYA}CxQPgPhe*(SJ$XiLb z=|x#o*T~K$NgSb!H)TmE=^ZL>!>(bDUS zjW8$wj~JCvzmz}$s}+uttV}5%-}8x@Obm7@z(gbS<2t>b4C=c&_sfS!fi2a0FETJ_ z>ezZ^QZZ7Yo|U%dxERPjDR`H>z}06Bq&hvWnI~o&*ciHP@r!#je=1LU`+Qif*EDB) z^8^GaJSQ8RBO~`^c(H%?e5*?2=zUNmeVe0FeC{roEnUk$m5IDysSnZiiK6-K%BPsj z@=EMcZKIxXG*zq>q2^D|i$q`>T4k#5$(8(M;%}CHMAf9l`czY~=p|ln5}d|+`F=E! zuo%%x@&e&&^=Ge9e<@XQVLkE=OPcPeKnykv!t0xD)t8Nuu=UnK^g5-eORyjL!)pD) z@>*Jb<;1S(K=i((ZIj36QKZi%j=J%qDQi8wBD+b4DFyWdoQLdSf~?sQn@(dwWmu^) z8(Wi|Nx7Eg9CCP0m4J0LCt6Xn5NGVZML7ufvA%_Dh$T-pf950!kQ#BRYb=HN)QhSq ziN3*=8h8$bWxIbv^^q$NZBnnt;p)t{WjD`S?a0gE3bvVwJ)Qe@&Y7p-iJhM%CT>m8 z^5OP1zp(rpOP3P3NAD;&&LCX%CxV@k_UMr7G+papVFgNEm`jr6rHpz9+}yY7QA@)~ z)uhLz{^oete@99^ftaqi0A<9Wp&=`|DtK$QrQV-ReXzb(tL_WRslX%;1B~$E{2{`Y z|5ZILtBXfTCb*zDu69>lisH!4qmH`RQtMlpym*o9|om=$nk8ai^>g zzOZ`h$EW+m{K13ywBHZ@=3kQZqU7)vih7Rh+5rPRe^{;uhsH7$>^Kf#7&}nzva=+Q zI*d{NiZpQ$X?L7a)veSWUp#>3lgj+j&s$B+lQ()_aSNj6`aM@o{W+3N^TMK?_S4Gc zjBQs4Wq2K^r)n-;#{MG(;^DI+X+R`>$_^wgw8x2DN0WKcvEGl$kGEc)K`Brh_*!<@ z>R7k(e^-gkF+ZZyUs%4sOG+s^SSE;zh}7fsR(Y8lg~B`sl>=eUi|bn@{2_3lHu743 z?p{iWUSI!Uo$5I}=hq)Vco6kT(N zt|9s$EzPCRMP*C^(yYJ)&2NLivTCJ8f1mi^^Qm;B&T|f3b}s3gqb{TS4io_Kn+KuB ztu&jWiPku`El*eaXq>P^G24&eNLT`zd+U>5JY)#Y~F5P#equ4cQb>#F=DIO3UskdGCK!Xk&4%xc-I1Hdr{*M0A; z7G!BpFJLz!;qOkVAXicbx!YvEZTb1LlH7se^#zr*o(JcsbL^`$ihEwGWC&BELR(+9dw{iF- zis!L3{R7KH^ZupC;A6Et)Q($}--~x198vwSS}!dBHo4*m@=5s=tZ2L*BqC~Z==CTe zi__h;E|sJh3PczO!n4L8khP6%<%rZQxBbvOwmFifgko!# zG*&9&nEi@lYkLs++LTXu$esNZw_betH*O#>PBI$!V3@#vNjkb( zR5DU0uTEkJTcVAov8=9xi#$jqBV+=2LduZ>Tt;wbV&d5oXULN1&!+<(EM~4g!Jb zQ2vG;I+s=vAi-`UAXZg00YHvFS%Q4X(S`rJ0_kURS~O)y^K8HU<{PFKUUjO*#hhO~Hj~~DP{O!MF@P-Tl{|*3MwN;7$ diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-01.xml new file mode 100644 index 0000000000..ddfef3de56 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-01.xml @@ -0,0 +1,44 @@ + + + + Polkit: Local privilege escalation + A vulnerability in polkit could lead to local root privilege escalation. + + polkit + 2022-01-27 + 2022-01-27 + 832057 + local + + + 0.120-r2 + 0.120-r2 + + + +

polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.

+ + +

Flawed input validation of arguments was discovered in the 'pkexec' program's main() function.

+ + +

A local attacker could achieve root privilege escalation.

+ + +

Run the following command as root: +# chmod 0755 /usr/bin/pkexec

+ + +

Upgrade Polkit to a patched version.

+ + + # emerge --sync + # emerge --ask --verbose ">=sys-auth/polkit-0.120-r2" + + + + CVE-2021-4034 + + sam + sam + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-02.xml new file mode 100644 index 0000000000..f33a7a5685 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202201-02.xml @@ -0,0 +1,257 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the arbitrary execution of code. + + chromium,google-chrome + 2022-01-31 + 2022-01-31 + 803167 + 806223 + 808715 + 811348 + 813035 + 814221 + 814617 + 815673 + 816984 + 819054 + 820689 + 824274 + 829190 + 830642 + 831624 + remote + + + 97.0.4692.99 + 97.0.4692.99 + + + 97.0.4692.99 + 97.0.4692.99 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one, fast, simple, and secure browser for all + your devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium + and Google Chrome. Please review the CVE identifiers referenced below + for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-97.0.4692.99" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-97.0.4692.99" + + + + CVE-2021-30565 + CVE-2021-30566 + CVE-2021-30567 + CVE-2021-30568 + CVE-2021-30569 + CVE-2021-30571 + CVE-2021-30572 + CVE-2021-30573 + CVE-2021-30574 + CVE-2021-30575 + CVE-2021-30576 + CVE-2021-30577 + CVE-2021-30578 + CVE-2021-30579 + CVE-2021-30580 + CVE-2021-30581 + CVE-2021-30582 + CVE-2021-30583 + CVE-2021-30584 + CVE-2021-30585 + CVE-2021-30586 + CVE-2021-30587 + CVE-2021-30588 + CVE-2021-30589 + CVE-2021-30590 + CVE-2021-30591 + CVE-2021-30592 + CVE-2021-30593 + CVE-2021-30594 + CVE-2021-30596 + CVE-2021-30597 + CVE-2021-30598 + CVE-2021-30599 + CVE-2021-30600 + CVE-2021-30601 + CVE-2021-30602 + CVE-2021-30603 + CVE-2021-30604 + CVE-2021-30606 + CVE-2021-30607 + CVE-2021-30608 + CVE-2021-30609 + CVE-2021-30610 + CVE-2021-30611 + CVE-2021-30612 + CVE-2021-30613 + CVE-2021-30614 + CVE-2021-30615 + CVE-2021-30616 + CVE-2021-30617 + CVE-2021-30618 + CVE-2021-30619 + CVE-2021-30620 + CVE-2021-30621 + CVE-2021-30622 + CVE-2021-30623 + CVE-2021-30624 + CVE-2021-30625 + CVE-2021-30626 + CVE-2021-30627 + CVE-2021-30628 + CVE-2021-30629 + CVE-2021-30630 + CVE-2021-30631 + CVE-2021-30632 + CVE-2021-30633 + CVE-2021-37956 + CVE-2021-37957 + CVE-2021-37958 + CVE-2021-37959 + CVE-2021-37960 + CVE-2021-37961 + CVE-2021-37962 + CVE-2021-37963 + CVE-2021-37965 + CVE-2021-37966 + CVE-2021-37967 + CVE-2021-37968 + CVE-2021-37970 + CVE-2021-37971 + CVE-2021-37973 + CVE-2021-37974 + CVE-2021-37975 + CVE-2021-37976 + CVE-2021-37977 + CVE-2021-37978 + CVE-2021-37979 + CVE-2021-37981 + CVE-2021-37982 + CVE-2021-37983 + CVE-2021-37984 + CVE-2021-37985 + CVE-2021-37986 + CVE-2021-37987 + CVE-2021-37988 + CVE-2021-37989 + CVE-2021-37990 + CVE-2021-37991 + CVE-2021-37992 + CVE-2021-37993 + CVE-2021-37994 + CVE-2021-37995 + CVE-2021-37996 + CVE-2021-37997 + CVE-2021-37998 + CVE-2021-37999 + CVE-2021-38000 + CVE-2021-38001 + CVE-2021-38002 + CVE-2021-38003 + CVE-2021-38005 + CVE-2021-38006 + CVE-2021-38007 + CVE-2021-38008 + CVE-2021-38009 + CVE-2021-38010 + CVE-2021-38011 + CVE-2021-38012 + CVE-2021-38013 + CVE-2021-38014 + CVE-2021-38015 + CVE-2021-38016 + CVE-2021-38017 + CVE-2021-38018 + CVE-2021-38019 + CVE-2021-38020 + CVE-2021-38021 + CVE-2021-38022 + CVE-2021-4098 + CVE-2021-4099 + CVE-2021-4100 + CVE-2021-4101 + CVE-2021-4102 + CVE-2022-0096 + CVE-2022-0097 + CVE-2022-0098 + CVE-2022-0099 + CVE-2022-0100 + CVE-2022-0101 + CVE-2022-0102 + CVE-2022-0103 + CVE-2022-0104 + CVE-2022-0105 + CVE-2022-0106 + CVE-2022-0107 + CVE-2022-0108 + CVE-2022-0109 + CVE-2022-0110 + CVE-2022-0111 + CVE-2022-0112 + CVE-2022-0113 + CVE-2022-0114 + CVE-2022-0115 + CVE-2022-0116 + CVE-2022-0117 + CVE-2022-0118 + CVE-2022-0120 + CVE-2022-0289 + CVE-2022-0290 + CVE-2022-0291 + CVE-2022-0292 + CVE-2022-0293 + CVE-2022-0294 + CVE-2022-0295 + CVE-2022-0296 + CVE-2022-0297 + CVE-2022-0298 + CVE-2022-0300 + CVE-2022-0301 + CVE-2022-0302 + CVE-2022-0303 + CVE-2022-0304 + CVE-2022-0305 + CVE-2022-0306 + CVE-2022-0307 + CVE-2022-0308 + CVE-2022-0309 + CVE-2022-0310 + CVE-2022-0311 + + ajak + ajak + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202202-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202202-01.xml new file mode 100644 index 0000000000..5fef12d043 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202202-01.xml @@ -0,0 +1,111 @@ + + + + WebkitGTK+: Multiple vulnerabilities + Multiple vulnerabilities have been found in WebkitGTK+, the worst of + which could result in the arbitrary execution of code. + + webkit-gtk + 2022-02-01 + 2022-02-01 + 779175 + 801400 + 813489 + 819522 + 820434 + 829723 + 831739 + remote + + + 2.34.4 + 2.34.4 + + + +

WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, + from hybrid HTML/CSS applications to full-fledged web browsers. +

+ + +

Multiple vulnerabilities have been discovered in WebkitGTK+. Please + review the CVE identifiers referenced below for details. +

+ + +

An attacker, by enticing a user to visit maliciously + crafted web content, may be able to execute arbitrary code, violate + iframe sandboxing policy, access restricted ports on arbitrary + servers, cause memory corruption, or could cause a Denial of Service + condition.

+ + +

There is no known workaround at this time.

+ + +

All WebkitGTK+ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4" + + + + CVE-2021-1788 + CVE-2021-1817 + CVE-2021-1820 + CVE-2021-1825 + CVE-2021-1826 + CVE-2021-1844 + CVE-2021-1871 + CVE-2021-21775 + CVE-2021-21779 + CVE-2021-21806 + CVE-2021-30661 + CVE-2021-30663 + CVE-2021-30665 + CVE-2021-30666 + CVE-2021-30682 + CVE-2021-30689 + CVE-2021-30720 + CVE-2021-30734 + CVE-2021-30744 + CVE-2021-30749 + CVE-2021-30758 + CVE-2021-30761 + CVE-2021-30762 + CVE-2021-30795 + CVE-2021-30797 + CVE-2021-30799 + CVE-2021-30809 + CVE-2021-30818 + CVE-2021-30823 + CVE-2021-30836 + CVE-2021-30846 + CVE-2021-30848 + CVE-2021-30849 + CVE-2021-30851 + CVE-2021-30858 + CVE-2021-30884 + CVE-2021-30887 + CVE-2021-30888 + CVE-2021-30889 + CVE-2021-30890 + CVE-2021-30897 + CVE-2021-30934 + CVE-2021-30936 + CVE-2021-30951 + CVE-2021-30952 + CVE-2021-30953 + CVE-2021-30954 + CVE-2021-30984 + CVE-2021-42762 + CVE-2021-45482 + WSA-2021-0004 + WSA-2021-0005 + WSA-2021-0006 + + ajak + ajak + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 7d44a0782c..f83144c1e1 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 03 Sep 2021 09:39:05 +0000 +Mon, 14 Feb 2022 12:39:11 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index bbcaf950a9..1ddda011c9 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -7b9e3c731523fe15934efc37e813384c70ecd7b6 1627096087 2021-07-24T03:08:07+00:00 +d2418b0a913a694a55e21440268b44301931867c 1643686264 2022-02-01T03:31:04+00:00