mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 18:06:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2017-06-16 12:07:50 -07:00
parent f975533673
commit f11d3515b4
18 changed files with 956 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201701-75.xml vendored
View File

@ -7,7 +7,7 @@
</synopsis>
<product type="ebuild">perl</product>
<announced>2017-01-29</announced>
<revised>2017-01-29: 1</revised>
<revised>2017-06-01: 2</revised>
<bug>580612</bug>
<bug>588592</bug>
<bug>589680</bug>
@ -44,6 +44,11 @@
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.22.3_rc4"
</code>
<p>Warning: When you are upgrading to a new major Perl version, the
commands above may not be sufficient. Please visit the Gentoo wiki
referenced below to learn how to upgrade to a new major Perl version.
</p>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8607">CVE-2015-8607</uri>
@ -51,7 +56,10 @@
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1238">CVE-2016-1238</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2381">CVE-2016-2381</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6185">CVE-2016-6185</uri>
<uri link="https://wiki.gentoo.org/wiki/Perl#Upgrading_.28major_version.29">
Gentoo Wiki: How to upgrade Perl
</uri>
</references>
<metadata tag="requester" timestamp="2017-01-21T22:09:19Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-01-29T23:40:34Z">b-man</metadata>
<metadata tag="submitter" timestamp="2017-06-01T01:14:59Z">b-man</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-01.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-01">
<title>MUNGE: Privilege escalation </title>
<synopsis>Gentoo's MUNGE ebuilds are vulnerable to privilege escalation due
to improper permissions.
</synopsis>
<product type="ebuild">munge</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>602596</bug>
<access>local</access>
<affected>
<package name="sys-auth/munge" auto="yes" arch="*">
<unaffected range="ge">0.5.10-r2</unaffected>
<vulnerable range="lt">0.5.10-r2</vulnerable>
</package>
</affected>
<background>
<p>An authentication service for creating and validating credentials.</p>
</background>
<description>
<p>It was discovered that Gentoos default MUNGE installation suffered
from a privilege escalation vulnerability (munge user to root) due to
improper permissions and a runscript which called chown() on a user
controlled file.
</p>
</description>
<impact type="high">
<p>A local attacker, who either is already MUNGEs system user or belongs
to MUNGEs group, could potentially escalate privileges.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All MUNGE users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-auth/munge-0.5.10-r2"
</code>
</resolution>
<references>
</references>
<metadata tag="requester" timestamp="2017-01-08T22:27:29Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-06-06T06:21:40Z">whissi</metadata>
</glsa>

51
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-02.xml vendored Normal file
View File

@ -0,0 +1,51 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-02">
<title>Shadow: Multiple vulnerabilities </title>
<synopsis>Multiple vulnerabilities have been found in Shadow, the worst of
which might allow privilege escalation.
</synopsis>
<product type="ebuild">shadow</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>610804</bug>
<bug>620510</bug>
<access>local</access>
<affected>
<package name="sys-apps/shadow" auto="yes" arch="*">
<unaffected range="ge">4.4-r2</unaffected>
<vulnerable range="lt">4.4-r2</vulnerable>
</package>
</affected>
<background>
<p>Shadow is a set of tools to deal with user accounts.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Shadow. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="high">
<p>A local attacker could possibly cause a Denial of Service condition,
gain privileges via crafted input, or SIGKILL arbitrary processes.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Shadow users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.4-r2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6252">CVE-2016-6252</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2616">CVE-2017-2616</uri>
</references>
<metadata tag="requester" timestamp="2017-03-07T23:12:11Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T06:29:12Z">whissi</metadata>
</glsa>

76
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-03.xml vendored Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-03">
<title>QEMU: Multiple vulnerabilities </title>
<synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
which may allow a remote attacker to cause a Denial of Service or gain
elevated privileges from a guest VM.
</synopsis>
<product type="ebuild">qemu</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>614744</bug>
<bug>615874</bug>
<bug>616460</bug>
<bug>616462</bug>
<bug>616482</bug>
<bug>616484</bug>
<bug>616636</bug>
<bug>616870</bug>
<bug>616872</bug>
<bug>616874</bug>
<bug>618808</bug>
<bug>619018</bug>
<bug>619020</bug>
<bug>620322</bug>
<access>local, remote</access>
<affected>
<package name="app-emulation/qemu" auto="yes" arch="*">
<unaffected range="ge">2.9.0-r2</unaffected>
<vulnerable range="lt">2.9.0-r2</vulnerable>
</package>
</affected>
<background>
<p>QEMU is a generic and open source machine emulator and virtualizer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in QEMU. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker might cause a Denial of Service or gain escalated
privileges from a guest VM.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All QEMU users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.9.0-r2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9603">CVE-2016-9603</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7377">CVE-2017-7377</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7471">CVE-2017-7471</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7493">CVE-2017-7493</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7718">CVE-2017-7718</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7980">CVE-2017-7980</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8086">CVE-2017-8086</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8112">CVE-2017-8112</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8309">CVE-2017-8309</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8379">CVE-2017-8379</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8380">CVE-2017-8380</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9060">CVE-2017-9060</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9310">CVE-2017-9310</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9330">CVE-2017-9330</uri>
</references>
<metadata tag="requester" timestamp="2017-04-19T06:36:34Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T06:41:28Z">whissi</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-04.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-04">
<title>Git: Security bypass</title>
<synopsis>A vulnerability in Git might allow remote attackers to bypass
security restrictions.
</synopsis>
<product type="ebuild">git</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>618126</bug>
<access>remote</access>
<affected>
<package name="dev-vcs/git" auto="yes" arch="*">
<unaffected range="ge">2.13.0</unaffected>
<vulnerable range="lt">2.13.0</vulnerable>
</package>
</affected>
<background>
<p>Git is a free and open source distributed version control system
designed to handle everything from small to very large projects with
speed and efficiency.
</p>
</background>
<description>
<p>Timo Schmid discovered that the Git restricted shell incorrectly
filtered allowed commands.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly bypass security restrictions and access
sensitive information.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Git users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.13.0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8386">CVE-2017-8386</uri>
</references>
<metadata tag="requester" timestamp="2017-05-18T06:04:29Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T08:33:25Z">whissi</metadata>
</glsa>

58
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-05.xml vendored Normal file
View File

@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-05">
<title>D-Bus: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities in D-Bus might allow an attacker to
overwrite files with a fixed filename in arbitrary directories or conduct a
symlink attack.
</synopsis>
<product type="ebuild">dbus</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>611392</bug>
<access>local, remote</access>
<affected>
<package name="sys-apps/dbus" auto="yes" arch="*">
<unaffected range="ge">1.10.18</unaffected>
<vulnerable range="lt">1.10.18</vulnerable>
</package>
</affected>
<background>
<p>D-Bus is a message bus system which processes can use to talk to each
other.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in D-Bus. Please review
the original report referenced below for details.
</p>
</description>
<impact type="normal">
<p>An attacker could possibly overwrite arbitrary files named “once”
with content not controlled by the attacker.
</p>
<p>A local attacker could perform a symlink attack against D-Bus test
suite.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All D-Bus users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.10.18"
</code>
</resolution>
<references>
<uri link="http://www.openwall.com/lists/oss-security/2017/02/16/4">
Original report
</uri>
</references>
<metadata tag="requester" timestamp="2017-05-21T07:09:05Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T08:33:43Z">whissi</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-06.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-06">
<title>ImageWorsener: Multiple vulnerabilities </title>
<synopsis>Multiple vulnerabilities have been found in ImageWorsener, the
worst of which allows remote attackers to cause a Denial of Service
condition or have other unspecified impact.
</synopsis>
<product type="ebuild">ImageWorsener</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>618014</bug>
<access>remote</access>
<affected>
<package name="media-gfx/imageworsener" auto="yes" arch="*">
<unaffected range="ge">1.3.1</unaffected>
<vulnerable range="lt">1.3.1</vulnerable>
</package>
</affected>
<background>
<p>ImageWorsener is a cross-platform command-line utility and library for
image scaling and other image processing.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in ImageWorsener. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to process a specially crafted
image file using ImageWorsener, possibly resulting in a Denial of Service
condition or have other unspecified impacts.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All ImageWorsener users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-gfx/imageworsener-1.3.1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7452">CVE-2017-7452</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7453">CVE-2017-7453</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7454">CVE-2017-7454</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7939">CVE-2017-7939</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7940">CVE-2017-7940</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7962">CVE-2017-7962</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8325">CVE-2017-8325</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8326">CVE-2017-8326</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8327">CVE-2017-8327</uri>
</references>
<metadata tag="requester" timestamp="2017-05-18T06:32:49Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T08:33:56Z">whissi</metadata>
</glsa>

64
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-07.xml vendored Normal file
View File

@ -0,0 +1,64 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-07">
<title>Libtirpc and RPCBind: Denial of Service </title>
<synopsis>A vulnerability has been found in Libtirpc and RPCBind which may
allow a remote attacker to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">RPCBind,Libtirpc</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 2</revised>
<bug>617472</bug>
<access>remote</access>
<affected>
<package name="net-nds/rpcbind" auto="yes" arch="*">
<unaffected range="ge">0.2.4-r1</unaffected>
<vulnerable range="lt">0.2.4-r1</vulnerable>
</package>
<package name="net-libs/libtirpc" auto="yes" arch="*">
<unaffected range="ge">1.0.1-r1</unaffected>
<vulnerable range="lt">1.0.1-r1</vulnerable>
</package>
</affected>
<background>
<p>The RPCBind utility is a server that converts RPC program numbers into
universal addresses.
</p>
<p>Libtirpc is a port of Suns Transport-Independent RPC library to Linux.</p>
</background>
<description>
<p>It was found that due to the way RPCBind uses libtirpc (libntirpc), a
memory leak can occur when parsing specially crafted XDR messages.
</p>
</description>
<impact type="normal">
<p>A remote attacker could send thousands of messages to RPCBind, possibly
resulting in a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All RPCBind users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-nds/rpcbind-0.2.4-r1"
</code>
<p>All Libtirpc users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/libtirpc-1.0.1-r1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8779">CVE-2017-8779</uri>
</references>
<metadata tag="requester" timestamp="2017-05-21T07:26:12Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T11:58:19Z">whissi</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-08.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-08">
<title>MuPDF: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in MuPDF, the worst of
which allows remote attackers to cause a Denial of Service condition or
have other unspecified impact.
</synopsis>
<product type="ebuild">mupdf</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>611444</bug>
<bug>614044</bug>
<bug>614852</bug>
<access>remote</access>
<affected>
<package name="app-text/mupdf" auto="yes" arch="*">
<unaffected range="ge">1.11-r1</unaffected>
<vulnerable range="lt">1.11-r1</vulnerable>
</package>
</affected>
<background>
<p>A lightweight PDF, XPS, and E-book viewer.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in MuPDF. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to process a specially crafted PDF
document or image using MuPDF, possibly resulting in a Denial of Service
condition or have other unspecified impact.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All MuPDF users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=app-text/mupdf-1.11-r1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10221">
CVE-2016-10221
</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5991">CVE-2017-5991</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6060">CVE-2017-6060</uri>
</references>
<metadata tag="requester" timestamp="2017-05-21T07:28:46Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T08:34:32Z">whissi</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-09.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-09">
<title>FileZilla: Buffer overflow</title>
<synopsis>A vulnerability in a bundled copy of PuTTY in FileZilla might allow
remote attackers to execute arbitrary code or cause a denial of service.
</synopsis>
<product type="ebuild">filezilla</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>610554</bug>
<access>remote</access>
<affected>
<package name="net-ftp/filezilla" auto="yes" arch="*">
<unaffected range="ge">3.25.2</unaffected>
<vulnerable range="lt">3.25.2</vulnerable>
</package>
</affected>
<background>
<p>FileZilla is an open source FTP client.</p>
</background>
<description>
<p>FileZilla is affected by the same vulnerability as reported in “GLSA
201703-03” because the package included a vulnerable copy of PuTTY.
Please read the GLSA for PuTTY referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker, utilizing the SSH agent forwarding of an SSH server,
could execute arbitrary code with the privileges of the user running
FileZilla or cause a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All FileZilla users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-ftp/filezilla-3.25.2"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6542">CVE-2017-6542</uri>
<uri link="https://security.gentoo.org/glsa/201703-03">GLSA 201703-03</uri>
</references>
<metadata tag="requester" timestamp="2017-06-04T11:05:52Z">whissi</metadata>
<metadata tag="submitter" timestamp="2017-06-06T08:34:45Z">whissi</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-10.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-10">
<title>Pidgin: Arbitrary code execution</title>
<synopsis>A vulnerability in Pidgin might allow remote attackers to execute
arbitrary code.
</synopsis>
<product type="ebuild">pidgin</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>612188</bug>
<access>remote</access>
<affected>
<package name="net-im/pidgin" auto="yes" arch="*">
<unaffected range="ge">2.12.0</unaffected>
<vulnerable range="lt">2.12.0</vulnerable>
</package>
</affected>
<background>
<p>Pidgin is a GTK Instant Messenger client for a variety of instant
messaging protocols.
</p>
</background>
<description>
<p>Joseph Bisch discovered that Pidgin incorrectly handled certain xml
messages.
</p>
</description>
<impact type="normal">
<p>A remote attacker could send a specially crafted instant message,
possibly resulting in execution of arbitrary code with the privileges of
the Pidgin process.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Pidgin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-im/pidgin-2.12.0"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2640">CVE-2017-2640</uri>
</references>
<metadata tag="requester" timestamp="2017-04-19T06:30:00Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T19:36:09Z">whissi</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-11.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-11">
<title>PCRE library: Denial of Service</title>
<synopsis>A vulnerability in PCRE library allows remote attackers to cause a
Denial of Service condition.
</synopsis>
<product type="ebuild">PCRE</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>609592</bug>
<access>remote</access>
<affected>
<package name="dev-libs/libpcre" auto="yes" arch="*">
<unaffected range="ge">8.40-r1</unaffected>
<vulnerable range="lt">8.40-r1</vulnerable>
</package>
</affected>
<background>
<p>PCRE library is a set of functions that implement regular expression
pattern matching using the same syntax and semantics as Perl 5.
</p>
</background>
<description>
<p>It was found that the compile_bracket_matchingpath function in
pcre_jit_compile.c in PCRE library is vulnerable to an out-of-bounds
read.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly cause a Denial of Service condition via
a special crafted regular expression.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All PCRE library users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/libpcre-8.40-r1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6004">CVE-2017-6004</uri>
</references>
<metadata tag="requester" timestamp="2017-04-26T00:55:28Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T19:43:31Z">whissi</metadata>
</glsa>

57
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-12.xml vendored Normal file
View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-12">
<title>Wireshark: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of
which allows remote attackers to cause a Denial of Service condition.
</synopsis>
<product type="ebuild">wireshark</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>609646</bug>
<bug>615462</bug>
<access>remote</access>
<affected>
<package name="net-analyzer/wireshark" auto="yes" arch="*">
<unaffected range="ge">2.2.6</unaffected>
<vulnerable range="lt">2.2.6</vulnerable>
</package>
</affected>
<background>
<p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Wireshark. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to process a specially crafted
network packet using Wireshark, possibly resulting a Denial of Service
condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Wireshark users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-2.2.6"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6014">CVE-2017-6014</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7700">CVE-2017-7700</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7701">CVE-2017-7701</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7702">CVE-2017-7702</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7703">CVE-2017-7703</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7704">CVE-2017-7704</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7705">CVE-2017-7705</uri>
</references>
<metadata tag="requester" timestamp="2017-03-24T05:23:51Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T19:48:46Z">whissi</metadata>
</glsa>

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-13.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-13">
<title>minicom: Remote execution of arbitrary code</title>
<synopsis>An out-of-bounds data access in minicom might allow remote
attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">minicom</product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>615996</bug>
<access>remote</access>
<affected>
<package name="net-dialup/minicom" auto="yes" arch="*">
<unaffected range="ge">2.7.1</unaffected>
<vulnerable range="lt">2.7.1</vulnerable>
</package>
</affected>
<background>
<p>Minicom is a text-based serial port communications program.</p>
</background>
<description>
<p>In minicom before version 2.7.1, the escparms[] buffer in vt100.c is
vulnerable to an overflow.
</p>
</description>
<impact type="normal">
<p>A remote attacker, able to connect to a minicom port, could possibly
execute arbitrary code with the privileges of the process, or cause a
Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All minicom users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-dialup/minicom-2.7.1"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7467">CVE-2017-7467</uri>
</references>
<metadata tag="requester" timestamp="2017-04-30T12:15:55Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T20:02:58Z">whissi</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-14.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-14">
<title>FreeType: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in FreeType, the worst of
which allows remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">freetype </product>
<announced>2017-06-06</announced>
<revised>2017-06-06: 1</revised>
<bug>612192</bug>
<bug>616730</bug>
<access>remote</access>
<affected>
<package name="media-libs/freetype" auto="yes" arch="*">
<unaffected range="ge">2.8</unaffected>
<vulnerable range="lt">2.8</vulnerable>
</package>
</affected>
<background>
<p>FreeType is a high-quality and portable font engine.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in FreeType. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could entice a user to use a specially crafted font
file using FreeType, possibly resulting in execution of arbitrary code
with the privileges of the process or a Denial of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All FreeType users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.8"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10244">
CVE-2016-10244
</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10328">
CVE-2016-10328
</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7857">CVE-2017-7857</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7858">CVE-2017-7858</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7864">CVE-2017-7864</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8105">CVE-2017-8105</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8287">CVE-2017-8287</uri>
</references>
<metadata tag="requester" timestamp="2017-04-11T06:23:01Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-06T20:06:36Z">whissi</metadata>
</glsa>

152
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201706-15.xml vendored Normal file
View File

@ -0,0 +1,152 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201706-15">
<title>WebKitGTK+: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
of which allows remote attackers to execute arbitrary code.
</synopsis>
<product type="ebuild">webkit-gtk</product>
<announced>2017-06-07</announced>
<revised>2017-06-07: 1</revised>
<bug>543650</bug>
<bug>573656</bug>
<bug>577068</bug>
<bug>608958</bug>
<bug>614876</bug>
<bug>619788</bug>
<access>remote</access>
<affected>
<package name="net-libs/webkit-gtk" auto="yes" arch="*">
<unaffected range="ge">2.16.3</unaffected>
<vulnerable range="lt">2.16.3</vulnerable>
</package>
</affected>
<background>
<p>WebKitGTK+ is a full-featured port of the WebKit rendering engine.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attack can use multiple vectors to execute arbitrary code or
cause a denial of service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All WebKitGTK+ users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.16.3:4"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330">CVE-2015-2330</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096">CVE-2015-7096</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098">CVE-2015-7098</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723">CVE-2016-1723</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724">CVE-2016-1724</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725">CVE-2016-1725</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726">CVE-2016-1726</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727">CVE-2016-1727</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728">CVE-2016-1728</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692">CVE-2016-4692</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743">CVE-2016-4743</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586">CVE-2016-7586</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587">CVE-2016-7587</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589">CVE-2016-7589</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592">CVE-2016-7592</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598">CVE-2016-7598</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599">CVE-2016-7599</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610">CVE-2016-7610</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611">CVE-2016-7611</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623">CVE-2016-7623</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632">CVE-2016-7632</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635">CVE-2016-7635</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639">CVE-2016-7639</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640">CVE-2016-7640</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641">CVE-2016-7641</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642">CVE-2016-7642</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645">CVE-2016-7645</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646">CVE-2016-7646</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648">CVE-2016-7648</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649">CVE-2016-7649</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652">CVE-2016-7652</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654">CVE-2016-7654</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656">CVE-2016-7656</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642">CVE-2016-9642</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643">CVE-2016-9643</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350">CVE-2017-2350</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354">CVE-2017-2354</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355">CVE-2017-2355</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356">CVE-2017-2356</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362">CVE-2017-2362</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363">CVE-2017-2363</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364">CVE-2017-2364</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365">CVE-2017-2365</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366">CVE-2017-2366</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367">CVE-2017-2367</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369">CVE-2017-2369</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371">CVE-2017-2371</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373">CVE-2017-2373</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376">CVE-2017-2376</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377">CVE-2017-2377</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386">CVE-2017-2386</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392">CVE-2017-2392</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394">CVE-2017-2394</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395">CVE-2017-2395</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396">CVE-2017-2396</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405">CVE-2017-2405</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415">CVE-2017-2415</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419">CVE-2017-2419</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433">CVE-2017-2433</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442">CVE-2017-2442</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445">CVE-2017-2445</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446">CVE-2017-2446</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447">CVE-2017-2447</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454">CVE-2017-2454</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455">CVE-2017-2455</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457">CVE-2017-2457</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459">CVE-2017-2459</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460">CVE-2017-2460</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464">CVE-2017-2464</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465">CVE-2017-2465</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466">CVE-2017-2466</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468">CVE-2017-2468</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469">CVE-2017-2469</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470">CVE-2017-2470</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471">CVE-2017-2471</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475">CVE-2017-2475</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476">CVE-2017-2476</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481">CVE-2017-2481</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496">CVE-2017-2496</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504">CVE-2017-2504</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505">CVE-2017-2505</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506">CVE-2017-2506</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508">CVE-2017-2508</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510">CVE-2017-2510</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514">CVE-2017-2514</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515">CVE-2017-2515</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521">CVE-2017-2521</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525">CVE-2017-2525</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526">CVE-2017-2526</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528">CVE-2017-2528</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530">CVE-2017-2530</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531">CVE-2017-2531</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536">CVE-2017-2536</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539">CVE-2017-2539</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544">CVE-2017-2544</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547">CVE-2017-2547</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549">CVE-2017-2549</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980">CVE-2017-6980</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984">CVE-2017-6984</uri>
</references>
<metadata tag="requester" timestamp="2017-04-19T06:44:45Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2017-06-07T11:52:15Z">whissi</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Wed, 31 May 2017 20:08:57 +0000
Fri, 16 Jun 2017 18:39:35 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
742dfe25646ca49d62bb5f6452a3600f934c798d 1496157625 2017-05-30T15:20:25+00:00
c2f911fc13b81dd715a1b756f739b077f8718170 1496836599 2017-06-07T11:56:39+00:00