From f1c0fc9283aab5371ab3ba08ff70d10a19725235 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 22 Nov 2019 18:08:50 +0000 Subject: [PATCH] bump(metadata/glsa): sync with upstream --- .../portage-stable/metadata/glsa/Manifest | 30 +++---- .../metadata/glsa/Manifest.files.gz | Bin 448845 -> 449647 bytes .../metadata/glsa/glsa-201910-01.xml | 81 ++++++++++++++++++ .../metadata/glsa/glsa-201911-01.xml | 55 ++++++++++++ .../metadata/glsa/glsa-201911-02.xml | 49 +++++++++++ .../metadata/glsa/glsa-201911-03.xml | 51 +++++++++++ .../metadata/glsa/glsa-201911-04.xml | 50 +++++++++++ .../metadata/glsa/timestamp.chk | 2 +- .../metadata/glsa/timestamp.commit | 2 +- 9 files changed, 303 insertions(+), 17 deletions(-) create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201910-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-01.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-02.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-03.xml create mode 100644 sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-04.xml diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index be0375e73b..61dd37b893 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 448845 BLAKE2B 24feded351e2c02762000f35c6c58ac935b2383bf6acdd7450f974e16e15fe0935d3f657233d5cd4ab87639ad5f410b8ea36fd5c019b93bfbfc47983ef01dbdc SHA512 569d13495f7e4953afefd29435d7953d3afa1815ae86459c1f4f84726efaaedc5598835f415738d792d2d1060be50cf8ad9140b7fcf124dd7f9ea681a55957ab -TIMESTAMP 2019-09-11T01:08:54Z +MANIFEST Manifest.files.gz 449647 BLAKE2B 8803d7d7f47c464cfd8f60beebc66a2a666a58eced0da3542b3aa3258b2801c9603a06ee88dc1b3d88b18763967fd4df415a2267ef2059485f617f508c374276 SHA512 19ad2e1287d270dc62f5d69c91b20e5b243af42fac29e8d0aef1d81bebaee04f64f471f8dadc1f923158b7380eb0face42df28d6a6f48575d0150c58354966e3 +TIMESTAMP 2019-11-22T17:38:48Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl14SSZfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl3YHShfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDZSBAAqoFwooNC4OtE9pVq2cfjdzGkK9W5/lJi+aVvllk3srr5BHd8jakr9IJq -DaXZNkdcNs+ZSU2pW8wF3KG7r6b5Ib0KTTYHuMCSXJHSYNLBW60x1YHOUoQYdPGb -K26I7l61X742gFzmeGjXUaqUbN4Z99iYBTLD7VnYQCSMDPLirNF+0Mi35lrXA8OO -9nX63kLgvrmRpArBhjeR41JlfjqC5yqES3KWYYuzMO+V7L7smP9zmgf2NI9lZfCm -HIh4exi0xmHr0ZgW4wZgvLFuAxHE4BoMO+z5mW1Qb7CkTdEeizWsMxdQiGRgOT12 -WTUV3qW5QfHYTNuDHxhfrfRPQ6/+EhosLRrxWO0EHoYh/GNUJ/TdQATADJa+whLy -sXm9tuX/LriOlB1bPx6SakW2BNbTmve4XwocNKUh2Th02C9WsTiK4hNARnct+644 -FUuKCiCXK8/r1isozPY0YcnwDuQvBAS3diYo9b641BpCCSlhPqJuZDvl/9CFnqLF -z4LydlDnarNKWY1HXcrQnlzwwyPxpDHjfp2Mugrc4P0Nyr99/Vboale/rjIlZXFi -idIDlJZqTsznd1bM7vdZ4rzEsAbwS2DtWgfDk5xzHP9uYjt7srjrwT8PPHXf3fDn -MT6ZGrkgpOHqC/LswBWMNvzRJqTp1Zod08wjwJbr6XLWTK+z+vE= -=OjnX +klB87w//UoGHDGr8v7UijB9Op29ia5ExY66P8cQLQah48TTTzUFJuhW+1cxaxuM8 +8TtUbHf7n6HwmFs35WrsjI3zDMYxz67gKQtu4sCEDBvq0k/7wOmVomxa6Idt+ADC +BfmkdbYLiRDpnBc3l/uLgMCrocUTmrCoH/BjDAlh0tW8ViuQ1ah72dtmhwOPtkkK +mH4PPzOFPujoIGwn7lgQE2MPinExpgQ1x31mMNUvqld2OXMmm1VrjcF7LD6WxjuL +gAFcPnVf8ru/H/gMD14/VZ1Lkf7a7jV3aDOZk7dj+0+G9rDRWMcnLga+N3nnlizk +8I2E3mGM6U858gc7TZkPxycsV35PGCCOWg9HoHRDkjfe5gCR97tVHrREBPnUa8hT +fbSRic6HO0fLb4tX3w7y4GdiUDeQ9IarZngkbWpy8ZDRFhIonYDj8N1drWfSQu15 +lwGu3s7R2HAhGfO3HxhXuHpbmxf3TQlayBASyXofp3zx+hCCUdKXD/O+NwfqNveE +57SQ3lW0kEWL2jQgvocn4LiMzrDuMImAiwubcY5nfXaQZWwjSIV1T+MVcC/kb9Yt +JzKWlTFOl8eaNnjiXA8wMU4cLNFW4v9OQfrqrKUT8kO3nWkB20aiqPJxp0XRRA+B +jR1SxQVNdu2P2JmJOpuS0m5ybAubZ0oIG0Y0VtqRYIboolBXjFQ= +=uGfw -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index e80a943da59dc88f4b045e3c295bf7c3d6f5011a..87a4ce20a9bd798b811e79ed1ad93584301cbc03 100644 GIT binary patch delta 11953 zcmV;iE>6+SvK#NX8-RoXgaU*Egam{IvBgm=W&Ym0lm+ zw{B%dxSNsZ?0p`4J60}nJMQF+tZIuB>a-mJHB8aBjhmMOs|H056GX71i!ABO)B5RR zaCMhes|G79BLH%#ojKty#)J*KmBv3fpAQ#knZ_>L(B0DWy$wHsXm1yh;ur|Okh{)V zm#nJ>Ab-R`vhH`nIqn76>+We0T>v67HJ*$c&{`%PS#L~T>dD6A+td1;q|EP}=&p3t z7@6z0luLzyK^3b01p*Y3ng(u;vP`|CE#BHLaFg`XJURsxjQF$w1kTp2q`6w83vTI_ zX^%i{AG$`tO)0K>_S?CmsN?;szEyx{XX<(z@PBOksZ^*AFPavQ$s^%C5clqpFQPJh zwkyL{}1>=;jTm+Aj!sY6UI~6dit7!!3DD=0R_^Wps zKNJoWRUbnloJb6BU=K`qp^z z<$py-47Lk+)9G`O&h*;WlZ6-D-Q)wwz2_i+wD4kreA7;=6i6M(_RyV9d9fID&U3!a zNinykjXyROx8Je0Pn>S|gHE1S?6U-SVH9^%;b0cx=b<(T41+7KWoKT8zNS&4vC5aH z^)pEsKB|EZFoUmt3TRO`l5JPoh~9hnQ-2SF2pdjSxryo+L$W>}K{+0z+WE_CY*~wo zG{kETD&9Y3{WGQ9WUiH@6$a~V*8e^J+`6->CWPW%4=H60M0t#JCCjM2ZC#w;VPIp zs&xzwYv(Dz~q!LE$Ati$F2r6e_Ww^&*wTz!5^{Q{4H+1oJ`+OD{S9s zjq12A_0+n)>`h)^DLGd`K-Ey%Rx3Rf*R_!43QLi|9Ey6_+H?a(0h;wkRv_D}IqFb$ z@KJ5-P)=EcBo{@J=k>I@6W_XlWOu2clCTkA%)LBaDS($7qFfD?&;mP#w27y{EhRTK ze=_GNa3a?|?1vvb%k^h(Uquao^{S2wCZ~jfe!&%wsYB{ikW|9TtNQzC{Y+AF<=4|>+9F*|f1xC2 z)!ne*rX39c_^0#QoIWMr>)5FZ(st^xRq8VI>uKFquK{S0bT4`4=8)w`)wXLio#v*U zuqpq<>2mIti3oxX1!`k;xO;4)C{R${pwArw$5C$5W?q`CoR24~7vBPJ_0W4&eTFYQ z@n@1!pT9RxB)JPB_P8Da!RBL(&#}s>%fmzZS8ugXYjl45Mf#Tft&OW;8r9*93{FX zlF#JcQ7GcgM;Ve;tm?*d3pIEBvZN58qpb$UqvQ_qB!g33pgjJgJ(&NAe~O>@CHc78 zD_WNPcDBwRbb5U}ExSAs#HlYP=Q!U{AG6xe=H>;!fXm6jXxf76z22eCoQX(iuarJ)I&wG6!EJna%;bl_b>r@)8m6 zBGJ$X;Z}5oP)?NQd=U^pj$j&~Lt2sSG~i>lym{cjrML~pH0$Oqf2R*`PN%hwvC`dj z1mIXs6+{h$*^vpmMr9lH5+u~;e=KTf!URy|FnrF{ngWBa40C{0vvSal9T9XPrg>K zK=Pn7niJ>>#@H}if6haliabIH^s57eCY2S5boQxvuUd#gK~_oGN&3JStgoKWrBa}h zFYeiKCtZN&m|j;^YKQXzj(%DYHi0)7G zMr8A#fKhH`9fslK&KH@_t$0p?^*FszY#X{2!FD?e03(jb(u~I# z{hr@aF<8;Wp{eoIg{Kv+>uOyE^r0C});N`;B@ZK4F4g3dQTJ@BxHHb_zNV<|eL& z<*ShS9wlNgZWMu@Nantqb^_bMwp-ribANf4p0oxW0i2h+v<4srjm!L0Loz06{ctDlD-Nc^`Svo(obPp##wr`IO8tzjkVLxPO)!YETB|C_$U8o}f$@&zT z-No}_C3$U=0%8nzY!Cixn=6+{$$@_kr>IoDAy8jDzMh>6x02D^9a!o0w7A8v_L`ie z83n#|xV1XI3QiD+so1cX@8h7sC z@2YjxcwmduKqBa>PscgFJguMo#4CQNXOvc)B|Ba6;K5V{gqk}n%c;%iM3#RjlQUM< zskD_MkECin$4_^1$L(~G^m$L`9b8S#ux>|)8yQuj2*9mIlA~op8A-11jRaMO-^|A~ zzC4r4E2-=OZ%f;nDJ6nb++AR0uk}u}ZXX`r4#Zj^*rjo*{W(FF^Om~%l&ARkEZtS-G6^OTi0*x^kZ}7bfXu5(-oWCBmUX?*2<)4LUDCqlz4in zjdgMYEFxLeJy+Z#UW&`y&i^?>quvHAgu`ftUVIIeVuI2P%h_K*(^Xb|s`|hK?s>i4 zkER+_R(~FM1FA8!Dg6SqKGhCz0@#B>3e-nQQ;T64m^aZJA+&X{thRrNu}=<+F33(V z$IJl;c9{AtB2+~udL02CDsVvJzn-lhRt*e)R|6eCj&=+kq9FXPB39r~MJc3fe;02v z1+6XX$z_3zk}93ACZ4xL4Nd(wl?T`BR|}Ck6#={y)PeAV%;RDCI_?eZ#g_#&5arn#4bw+1ACav5AAQ;mb49}bA(liTwJ zZ^bYBiQs{1&$e*YIwT^Jrn__8?a*EXUhp?bWmqa5m7xL?5c*?pPnq^0d) z=&!U@h0WqCAUr{j!5f1s2w`>>JgTl{vMTTHt9!i;)!)ho`Zn5e0Zj-(p%A;xWpLS| zzOr>_N0c0Yq&f*CT9Fa3t0tN5e{4tV+S(NFX+d$hz#4R8%vHHL@+;JXACbE?d6LT) zEdSCP`OueF$i?=b5=6><9O~d&cI!63AGMbhB1o?N6b;>b)GpK=;N)oIA@lMXngzS zY5i(|f2djypr@7_{EReKHI$G-GIO! zorSoUT)GArf7MpKs=n%5P8cmoId3M|eqO>y!jBa$Hz?HaYWkTuUXv5A2<9>m4H7Rf zmXm9Da{)nl0q2semN)_U=nD(IP@*oVj2#^rzqO{aKm``pF#)34ex@S_!> zsd1?%Y`&Rp@EbUFvWGkS?np%duY-H2K02Yyf#K|{e>#(nNL-i4>fzyHIyCRO7a>s# zT|f$iV-#}6(DR6UaOy8r-+n%jUne)U{w3)ubu|15ryI?lFL!%5}LBb?fRNS>wQEMj z?S5S|;80N!0aYO_zG^#K?emtlwfbLYOGkAFn4Oofj?i>3&$0yYZC6$6aGi|MogX4^ ze`$a)GWlWK{t~%eQlx8@;Yhs1froz<%_Usbp4x+ffz-_dWq^T>qy}7uCv?K(m#6hR z?H1m6i$AGc3V8wW?CJ~$ChT?P1vu37PC#D*+0h+=$h(WG*^)MIK^GUHsega)r=qIs zL|{#Pmn~5Z-?LrCvz&*DwSQ)ptQxBuD-1S&`6oKP+d)Ebnc+Bzniu1CRPj!Zra6iN zT2`Y!xJOIQ(@5(X$*0d@mm0kWB>|h4K)nVR0Xdggy#^+Kzc20`*u$cfLn()wFWS7! zw>Kv-4}PwVz_S!7d8U=n<`z3|iqmykmwjODQDb1YUQ~aBITALkur?=m1PWPKk3TcB zRb3vAnp^&)WiHV!ekd2`BGu!xrd|=(mx|4=)=2)Gq$ETKxjnEXB}2h&E|fptHi3W; zgpcmLt?S2s)iK>m0eKL!mhx_h99D1Dw&jy(Mh^6Lj_Ky%PC|Nn+|#iP?}i}kx18z; zLC&8yPh2|jsuQQz^ES7EHpv;CB5%=0jl1ZCW8I2!sz=4G*^sLf z$6Q3dZ?hBCE|LGFP;7L+addpb$KOkl`VB?%za2W zmh~sljk8H=Qw?@+Gq?3&Y$S;{L+7h?TtWSqyn9x(=BuA_}vkan6TsgigkD0f} zB~wz@krSTA;U*1-lkeTMvu;kITjsIFVy}siKU9ekcGSU>{_?bb{e0^CChp3GOSd;s zI&T5UOr+70;O4q_OKW^h_3KO0$*pXEjiRP)O(dSfDcr3YBt54L;vd-}5*~yp* zSX;)x4)53bB`$UOH=55@T)=r-Tp#jo^1iHjhwQ}F;ts;Ow!Q%Os2Bdpxh>9e?#=KLwT$Sd=>h%EF-a5@1SnJMn=C$R9v^D`!xj_zow7x#T>EQocj|>e;0Ve!~ z=&2{g*eV z)9W8`ON$<}3y(|XHLw&vaj9zKiE+YCC%Mcqp7?vb*i*vb|xnriIDP z0*KJ|pgY!04&d{jE=PHPXgL$S^k+|aSqOg3opzO9!2|gjcB7#=)v}dNuAX$aq6prP zpOP~XfG?}td3MGG2zVZuY_1#E1!9OU+^I@>l8@EI<2eIH+77B3gOSHc+Ht9$v}P&a zp4RU+=SP&c2W+SG1R7|Gt65%iSFb3#<3oA9xORZX5ft>^8g#>3rj+o=2L zU!K;_)X1k_b$3F4@^slDE9js-gOtr+d7g@4X3e{Y>edePsip>_C$H~ieC>lo;e>oa zDxmQIHs~3tdy(zBySr3-Do&}?#iI?xStZAs-JUOWI&^I1466FaPbB`Ufq5O<2k~*P zZia1+1uxnYCZ!(LkHESgCV3AIs}d_1Oe}PCN(lN0m04VYj;4HGn(< zZZ75VgM6{M4chf z4Z;Q9$rU@ay_(9Xfk`;>`dX>Q%XuK*P3OIDWs4PmnT43z{8A?A6}Md5Ikr2POY}T{ zq7k11@<5bc_LE38dT2FHyVOBNhn3vWBh-T|WIc_C3LV|;1lYkOkw1^>&uamXY9;m9 z9dPNM-=y0Ww`IBh@#Sfizt#BFOy#RM=c=P#PFp0?Ovq#8>hvX$9~$oI2CRpn>pwje zagll)2%R(F?NhT&(bOxt8rpi|;qcs+7DmSt-4f>$mx{#(9e-|J5a<^_Y}$w#T3dr# zNQIZO%iK-3rpS7M{LCSKwpN|Cp*ppz=B|n*KY(a)JNEBZ(t^8dl;m9Bm#0;KCz3u8 z#N~j@0i-?yev`;HEpB)S8Da=!>q_;hiM`x;ZI`RWz}DK>V)$?^Rhx1KqoZ z@_l()zkj|MA71FrXW4MR+M3B(%&kDvq;NnAp$@TNM%&lq$GM#~HDgva*6*whP~mX} zH*Kow8l*xUVTe0$qEjA8SS=2wWVcsgCH%sbivm64JqMvaq?%CR@tTU~{Rs}pfKi8) zYvV)R{Ia+Tue1)s~>{2u=*- z@+kRGwq)R=8Obhz*cHqpoC+pr89A$^A>AYuO47qd_>9YGS)K ze@|uKNDWf)FHh^YSN(w?95e?pD@>*7lZOkA9l4ir$Oa~VceC0~T}iZcyYk()B@3il zKB17)3vb!w2J7)qIk?*Y?AqAWmD`dK-zal{hk({E*Tr|9lXSX@F#+(P4``CoIWiy} zm^qDv67p1pOS#es?>7T=LtIDo5 z3IM(7YDJcRiB^O7>S`g9-&JkVN8~uCdqU5p?Bf*Wj@y!YcCM-6WksmpAjcH0m7w!FHh@7ndSJniMPAwQ1+4hTR=^B zpuj7x7|CcJKHn2}%*=*}&i| z50!aN2*d+e2m9I=2bROU`_L_$;Ny5nBh`RfEO_uXH6fdiQU|Brj_}RJm$k|UAAdZp-(K~HGD}l{LFo@*0*IXupimFY zSq1r9R{ywKNA^{(^sp%2gn(61sIW&Cq2Ia*Dq8__jSg~bzTyCy!f*km&nM^#Xy0x( z+Flz6@s8v2f#nNisu`I`QH0iei=p2TuvEtG;V)t#KXqo6Iyrnhd05G?UF))o*F4_3 zRDb!Fq8naUY@9WB>N%F7S3(S^s~`Nw4)L?cB+@r@`rE6n9~B#&QPQ**t*xCFCf(H% zM;0qIk=&;4&#vckuTJtcGz9h%xmM(*L;swzTQ4T$?tEe7gUYsB-p=+<)5fS;KIS1S zfl1cq4uUVk`QGyxw%U%vwTr-cSA>30KNVF1Tq zt?DPAD{1BiVR884vlO2`M5g?d<+VPC*qbZ6G=+dep7G1m`t`Uw>PLMG%BS<-nhFi6 z3Jok!VBv&$^1(EKzGv3SCLL0+?FA?!e7?8dA3lvES||m;-fnw0pul7S$_^X z4u?v4w{!1(9;8~u3En!*uqr*<4k6SE+A$Ijk1eR!4+~b=#+<_kdHb!*sh-5~$2F*I z>&OT)oz?05uF504ae{z(#b5|1Sh$^va8=bcz6HS>`zEQ^ay(z2)=#e**#99MIF3sE z%u7`fM~xKIAxMxYvIBnyX)@>vqko|?cxd#@p#$Wcdh)sMbtq$Sy4pHTNJQ|OomGHH zM@>ig%EQ7S)XgE9y~w3ey!yi91?B+*oL2io60mBAQc*F5_ij?rP!rbitDyZnQJNFv zXFRkPAr$d50V-iD0+V@aJ0E_)x$7y=6W;WYC5`Ej?d?`C!A+?=UMJ9`e}AFXvHd+{ zV^<6wb1A{l&ChyF+MEj8CoZW1cP-Vd~g{bMz-mKFBoI`DQ-O2~~>J?SjR8Q4j zk6*|H%I)S3)P)vwu7Ie_R0SvhAL^lg|O305+@d5%~EaZPk$;FmwT={Qb0k zn$^6F4|v+$S8>xpQ#x*4d3JksSS8^LSwPbYnK#+$u%84xF1!>iMx84p!Ep@%HH4N* zu-GPQflI8dty9D5L}|LJuJfI}+Wd8{(~%{2FEC$qy}nEa);J~@4}W^VwX;`}`CJWv zQ)hS0lXJymRqmMMQmkfhgo=|XhN)Cet&N>r%nsm_0kSlkhkkA)W&Xkq3soFhArrt6 zdHBoIdYRmPtaEn$j@GTBX|hn9U{JlnxHj6P>7PYl?^;Pf!MF?rBoea)huw@nEQ%8{ zg{TV0R8yF!Yf{qCjhATSkbmC<9(DljKIfk~&gjb< z`idrA-|6hQdOQ0Na*b8q2xKvbgg7KiBQ+Z!njl2Yyd_*OqL?|}%SP}Xd`@XhUO<8Z z!X+TvlW^}qjUKMawU!{Q=Jz&o)}y-|DC!~QId85?AEDOy94)l@$ypcFb*L)_UF$Uu z>(brs4FHl`^ndMa{Tfz(6y~EFcEu$prLYO3CtQ>m{AeC}JGi43WLANAIJ9!Ph6KKE z`u}C=OLI@qoy)Anu=&P)SKa*517X92=^C&jg~f`?ouUbz9_ z=Fy7>{-{-*vV3tX*anBu39d>7+TJ}&41e^W`QN8=CV#i8y2=fZ)5G3-U*zAS7+=;J zP|dPBHB|sQsdapQDMI`-tARD|oOlByImcBxSQH3!mf(z9k*kLS>;FAX#i`?)iGb|fP0+F!qZg%*9WT`uzun`~NsGQH%x0$<4rpj!A2pm3_TG0kB z0qB>B(FPx0Jgt{B%g2yS)l&~XaH>ynaq*OeaR1~kt6Sh4)e~fg;Bc%h1UHx*f;zIQ z1WrL|at#aTFhp|VwCZfbY((d2+jXxbc?; z(grd!Rnm)A?{6#i$Fvd+Y7AeV)(@D^AA=BXZ^Kh>+aXhhOf8~`-45N{t{lW<{h8O} z)GhayYtjZD28ZkzWLeIakJ1Je0S=d?(gq*`aQ~Ob(gq-ZPwRK^^h5TiT3O`Fg}7Tb z;{oR=5WH=!wAM_QGk>~+9mZe>LXM?n&E%OmZ0ZOMzpwD!oN758Zz9FZ8H>YyT8Ey! zK#S@w1Cl=o%hBC5$lEK*YdL2P&E;UYox_8fFb}D*y?PPlxSMe5s?p05j94biL=Y9z zi)MvD9_LhlpuSMobsVa)t3=vCvMO=%r-0G-hN;2HVO?!X*LUjMO>Dm-;2+EaLAPbBGI8**r0aZQFGwazN-8Opgm5Fd-$1$9H!L;HCYf8z6P1%zKRww#1M{< zj%^RP`rvYb$-!UTUZ~yaXnz>xZ3(Ds7@V?K&B7pm$3c(^K5jy8x8lyE235Uo)g`ai z4|{2YCp<>$K~or)JubnS+P!U9|4OGNFA!np?i4q-IH+aMMYk+p^tBMx{`G0Kmk4u%=VDD!XY69d!F0MDeBU8-EBiPuR3UOumdt z9Bf^GhjFi|#$eJlQ+W{g+KbJPV3BUU%{hhVV3ArKMuZ=)q~9oyC4&0T4(zp31Dbo> zcp?1{g|n?JSLGn1dRVThSmTZ066#&J7|U7V-QEA_*3MeQR+C**>Pl_ERUQ% z)qZ(ezvwi)1tAm-Vo z@A!b4mG7S%B(IPkpe(>iBblvasR_n#mxb-D9Bz(t4y3UdJTlz41^Hs&q= zwA@K>L52^di^xI7)=@K%V5%fcRSc**066Gl258Ooki8Z6x&j&6q!l>#(S=>LKeor> zrQN&UtZ7HaFHh?aI@Qnm!&KN94l~wE^KcN2bsav644QV`2R#%Xu3s~X=nRPw{ylvZjXhT7dj;`-O!tmc5%#? z)ikH9eA@)+>i$T27#R2@|D{eVApa8UL zXG_Pk6rQeUH9uqUh4pJMQx7@EC;7_AcM2u{AafBsd84*dgRN~`bDQ7l2Xq8rKTd>fJBj1fggl%AT*(09O}eC zNL$r+kJUSVsvm_$Wka(9qorpHLU#;@kRUNZV_Re4X^%*|VmsU}253Z{+zP6$jJ=YQ-ZPW=>Pjz^&(}IJoDg$abv?|Yy zQ^paxK3ZfskI65}&OD_t+_NHPJzRWumItp<^$PelSLb`tCk-9KY*%wYIYX+|i(VmddIqg7PA7%+rbL<2U5ds71hy_W z(PBAn3E3dG>tU*+{bL!>@dEoH{BS)@i->IM!T@`J(7l!40J1o~Jgwumi}A5?w>7Ey z&|<}<(d0skf`?>9sdjWP3{b5|-=%6b*ckvgtb{qJFsyGb$lX5pgfvxo_Dl)iyjm`F zj|R9!7K20D(Tj8Iz}MSz_8!xPowOtP@k#wIpkIwMshlYRN+D>FQXm1IFtm}J@~+B{ z>V3<9apE#|6-0G);i&V! z{b{!w^^iD-U|9jf%*~lj{({~;`H82}VO z*mkT%M<|#t*>-BI5tYSh+MznwF<&>aZHbV78G!F9cot2w^J9r)y1WO5R83gn+hsMw zP6tW1EZ0I8bUz=RP%?{Vn(=ocY1wv z7jET^45yRl?0p`4J60}nJMQF+tZIuB>a-mJHB8aBjhB}Ks|H05H;7Ab-U{vhH`nIqn76>+We0T>v67HBQD2Xf2bDtT(1E^UjUEZx!I#nY!KvoPTXUl?v72MbqLjITF4H;@&;-MO22* zw&g~sBQ0>ydz)NUCyl|HZMq|4{c(}0V4U)mi{MdGxLjRvrvhemHH{!0h5q&ufAvn| zhr)rPY9yyMRM{bUG+o=msnVAPyrTVIC!GY2AcePt{Exec@-?Y;z1yV<{J#?p2UMvQk^PF#U zQp~MsiK61{#FQHz#CN?^Qocl5LsLTF9kislDoX@#zyO*ugy82^Vq}dy z{O4)6eOfHeDK$A& zj8GEA&=EAX@b^-XA?br+Matiq^hmA(jX4nZNQ3pkdDkEmFm}zD^QpQE^5mB+t_B=` zFLb){Dz~q!LE$Ati$F2r6e>|ak&*wTz!5^{Q{4H+1oJ`-R6}IoR zMs+-wdTL!?_9ic|l$@&|plT>>tCgOL>srWig{4Sf4n;j|ZMp%Y0L}U%E0FEg9Cau= z_^38^D5tDJl8YkA`+8d4iErINvb$7JN!SQ5=3Sny6u`?3QLctcXn`F=+QcdFO36)) zf6O@woXB+#`{4&?x&G|!tEd66Ue$5IfbH4z^7!-WB-@+TlmVxD3(laKaxe_)<`<*LfM>!ENuSM_T8aZIP76YNLX4~Wd^ zo;8%UWxk2i$7c~-eY5FYyznGAvs8h|=PqApJ_U)^$x3-$LRU6jjR2)sXEc;ai4 zGQD%+nwp~Ut4=Zn-{|3sg4sjUE;l1>(nr3hQ%UqA->OC%e&A&xJ;bUJmv%G&;GfQGbNZBguVbewNZYB$R;kO-uhY7%UIWk~>0a{8%OT5=s%_V3I?YQv zVN?Ez)8*VP6A=U(3e?8xaQE0oQJ|o@L7zJWj-%Y9&Ac>OIUjFUFMbPrtB2mJ>N9-d zi9eH+`ux3lBFSA4vB&iY2sWp~e=V;fNzNf?J{m*1n+mJ!?w~pZ5p{i-_au>zM>DLl$YubB{)+O1kLgUq#>a=fT+QO1 zurU^wE%|RnkHp2c$3dc2eN*RUS_iJ^)BjpiG2)CjugmR)Z_ltl4as<-=9ny+qrvV?c<;{Tum*O@Y)2y3se>r`4b2_bcjFs-L zBLLTOsvv40%#KXhH7eVnmmr}&|6@@@8`i8n?YwwXHnE3V*>DdC9Y{)#n)7flX#r?2 ziyU^acuHr62a#)=-TFDdoYt@J>xb%3>QeD;{L?0y^jA->!J(j(3vkexOHQJnJ^5O_ z0?C8UXilIj7-Pe5e>o3zD)I;+(60^tBNM}0%Bf3A$ zHzJz{1&nel>o5!-cfQDcZpCvGtjFn%V%yN=deuOR&fZbyM}Az6+oOwfR=P)#qW12- zas{&E*{8G$u)RoT#FPvw=9{XA#WszJ)$Y(B5)|ip70>b7r9w~;V1^gq&Up~?skb!4 zhGq_FjmA4Re<5&CV-KL}N#&#r|L4nT{pvK=Ph}RckP3mSX36~3S-5#gX8F?^G3>xG zC73N?eexb+wa66IpuZhVCu=_3n41p?zHDT!K9v$8(nhI2zbAK(gY9+{07hJqr5TSg z`aQp;Vz8o#LsR3a3r{ON*VVcT=tDD{tZ^z=OCCn9E~?3sQTJ@BxHHb_zNV<|eL& z<)e`K9wlNgUKD|zNantqb^_bMwp-ri_x^I1p0oxW0o<3nv<4sriOc+*tC!%k1{i-n zjg1neF4JyQ_u-Xn0BHcB25ePH5t}xgW7JyP1@x#RreYZ5u{C|^kh3@Jl_`-^JATJK z)F$oB&gMleJfKS7UgA%OES(=(x`&e=+qcIC4ezOwupctCYHonvk{v|WF4Pf#WPOUv z?&5i|lDxJ_0WpR*wg>;U&6P`}vn{=kx?~@0NiRMIa(%^k>vW`NKj??&3s(r z%QLCGlFAb_Tk~%fmka9yEIO-w#oer&FsZuA0hx?+=i#6Mf#TA370D6S5S5>GF+ zu}*G)MI@`b=Zbs8OL3Xo`9Ei9)Z2iCa2d_ei;tmFOi-F(Ir|G}y2`3gRUdf3J+HU> z(Nu%V>d)hDKsAOorC*@dr`iEd0DDnLf%+(EYB4MW^G!5I2yGoKt8IT`?2`+l3$oM8 zF>?We9j1PZ2vyOEK1YCu3LKF5uXpQ*RRhD{)j-FOqa8zsCOgow=5f1(@$&)lL>!gA+)H)g z=r<=my1pEW;&ita3SSQb>DCI_?eZ#g_#&5ar+Jrxw+1AC@)%qqQ;mb49}bA(liTwJ zZ^bYBiQs{1&$jT?IwT^Jrn__8?a*EXUhrFwj4gEt0G5W?&%cvM}@WL4hXSND1ys=t*F^xJ611vDWDg+lB$m%(L= z`pVX!9Z_4DFU$+Jmw_#K832UC>yreR^4YDJTCWnQ(D-cog z-u#9o*qQ}Y2i2JG!D$jnc$A(s$vV1wo)xYxJ9jjwcAqCH3k0ijjRx&g9k->rft`1-h-iw;@MI1)NK=TH*xYqc1G`sjo*2Zpm>f7O|EMB=$TRu2ys)1i6Ky$Fd~ z=mJt89HWpkhMq^fgHwO0`u6jI{5rX*^)E?Rsf(`I|06<$Ig*=)3+CipU}_+dT>z<3 zHNaFd3ap~)ztjAryM8Rro7;4|znrut{Nwk04JVlcfc*E=?moVpR{3@J{_r7# zOtf9gf83qLW*LvG9s9k95&;gxCB22Rqvlq_o9Z$#&b`6ULxb%D6#&ot;?=Uth#J4P z<+|Kpy=Ms+_UtVto!A(e)oJn zUZPAvy=kQ~MgTC^lN_kqw^Id>GMMN(6&cIi?>x^vwQd%v%BE|3sDrRm0YX|k)UFv7 zxBGR?fI~$^1XP8z_^Rz_wa;7H*6M%VEgjVzV0K=@IzrREJj)Wmw_R1O!*w!3cYcVx zf29G!$mEA@`%C0@Ns+Eqh9mJ32M+%%noGEGQ)8aH7~~PsN$U*O>-0l zw5&#daF3Rpr;*k(lBdsQmm0kWB>|V0K)nVR0lAl0y#^+Ke_z}?u!lt{hf)qVU$l9d zZ*NXw9{gMzfoCaF@=PnC%`JAmDQ?$kUG{;oM~#8qdQtri=1ADE!rGkN5h!F`J^swh zR&{x}YHs`}@TFSd2a#+1p+m_!%GjgD}b4)jfI|=FSaZkrGyc>eB-*T!a z1UY}+JaOs7t4^F=&)eJv+9YRmlAM1SOc&eV`Kyp5ubI(fhh!44J!Fqw7j}Fwrw{#pjEXVQfPUU@VTuzsCg5zd{4BaAA zuy#`6mW3M>-gSAskkwM`%BgBzarJaIy@nSNB5KuARO%%C?#fJ9MIBpyAGo9AMcK-& ze#1q7>8Wr*U@ezqxqb%zJ4B)-a!Vw8%Nx9m=Wt3+I{@ujn$emi9Uu`aLVt+J&qjkymA z$Flwex^Xs1ZK~3=V$&ilKw544Yq_(WD-J6r9bMI+aW4dj0q6(Q*k3ynspHo0Mo89w zZS8YUx5Z~rlT|s9{?Q zcw|cIIk9B$HZIr-d8JL~2Yx@8_)EcTiR`9qZ$VMiUD^q156_4BFkm$)kzF5TWl z>AVFXGm%D1f}7{wEv@k})vqr}C%3YHHHw5|K?)GaKlQ)c3Z9Kv0p-&hpeqlU z2I)t+Ij&gSeQPKIkKgq{&}ZBtgP@{2a&~?6)-Cx%)d*NxJvy+Fzu~PT|6Q?v$xg;h zz}hkfc6h(eFL9~MztMcQ;sVaw;`)$xllNuKJ7g!W7H<&Fwea*?XAupWGST@L-YW0z>&F~~ z#!9jfLf3gZI$L!R*JqhLH*d15(y@*@SC>e*4^_7+01c2#kpTzo`g6L|O(H(@w$gZq z|3PfYL(11NMX~A?@T$06ibPnfhHt+WJRdk;a!=N|o>Kz@xQ*2}g+z{j8`nH=JW)^{>s%@JS#6$keznjZ&!ABy%t5_v}$hX8bWx}PFA(EM4b7nv;Xqu zbb9?GZfVhDcHy{GUIR<<6PKzsPM$Y6@^6^R1jRTCr?#U{k3-=mlih7cm+cLsH7!hT z7C?ly2i>u5asa>o>2j2RmzF!hm;UStFAKr1xzn!lD|jG3!)`P*r&_ks$<>?gRusYe z@weno1mMf+cAlLv0Ro;!CY$TVb%7Y73wNrLp5$XS@i=F|NZUbGV=(eKNjom}lh!Qd z+iCr7bACj5d%$)|PoRO8xSHiPm&F`N+K>Lx)JPW*H4|-(k|(c!J@rl6A_h6ZxLhpJ zL4Yq&Z}Dy0keo)p39hTU#oxraCAD$GaOMEi_v5{}qGb&kLTxTU*0a~n$Ua)VOqJ<1 zrxjk@D#ET{ZD^IYB{Vdw(RNF*{-N>%!9|buU`~i?bQ3<7u&T+kr}ezu)OdLNZ5wqz z{mW_nOpSc{Rd*+UBu|$evVsoUGf3GCmglJ$X4brWsBY~rpK59_dh+^S#@9Yb6i&z& zqyicbV1u5Kx)<55ySq!Zr{a`KT|C-AoKSoyHIF76W=QQ-Q7sA_8mRb8njt1JS#Y&yS`B=UVRi90N;KXwve^hC+8Fs6yT?5D? z;O0>tUry_%zQx!6j`Hev+jEA;EpU*22xM;MzKg=8hXF&O?cuV3()xbEl|NX_Y17xh z4Rm!NxV+@H#2Lvv7dgSvMKwv(R3+o_TBp)~Hs0+EuJE2nBCr6!LFv5g!|1H+1*BP- zU_};_b0!vl`&$CX`r5n5YkM^xPVZPe3n{kk7YwjItig*MMs;^nJ%IR_daM8d#K7a* zekmmWw(I_KT0dI4wY*~mweh+R@_O1S+O&mXSDwJ}=JRmj7PTd?XC+ZA= zZV)c;PM+AI?bTF94NSt7*VjrdUhV_=ZaVLMD_g98$SlOv=9e-_uejyf&avIWT%zav ziAMY$kO!jlvY$k%(L<|o+ocXFI;`Y|9-$s&A?s-zDs*(W6JQ6EME*RgKd%Kms+H7Z zcfh54{wCe7crDBIk1wZH{#N5xGnJ3xoU4v{Icmnbk?Z94+fc zd@bOHyqw3(F@I{>($sHK)8^z7Kn`9naXMwY_9&WC0M}Mx;TM&nu923zOl9R;P@?9} z=@^PLUG;o8wbLLqNm5B|8$SL$k_wR^YWIMBA>5{+1nNBXC&@``c1x?eg8kjaxPE)p z4$r(%}GJ5qKV}L;&=6bugW?a=-xGy z@5^cZ`hQ}4c%eI=WyASuYbIwgw*pO*!T~9SI>dq*ZC{fg=XTcAj9JxKKeIMKh2sit z+EmpwNQFAW5O?52r#zCdS{zKtZm+^h_zPDq3iOQk9EAFiYC?g>YbxINCpaJjMjckJ zjSqGE(-HwlbxHi9x|!Ps?ov+!ItXwiZP4^|%76BXr|S`JjVF@qh_?l2^{yO4}Fa#l-2x=AXOq=$|0C%@Io2zx;vz)Qb}t-q=t3JH!s z=TCxZcVw>cdY;l9EhjLMk_}4k$8)6$H)rS`o3`8XwZO<)&uVBq9ugQ=m(Q5h#CC1| zp31(F8l>W1PV2W<{ed7HGzT#&Or`0QmkW*^d6#m?1}1-Rv)WEwNwjsl^4+&33#3{; zp^(!HZ`tJr>v5=DT0C>;`G)d_k8ITUl z+(tqPc`CxCTxpI@7ppM}dONExLuvQRJ>D;;_2Y|?KXe19hKBAVJ3dSL=d#?YvTKb3 zKySKQk!63P)gV5)T8QL#Ra^8CInL>x&~qvKI7PYRw&e`bP>&dBscs;zMmhTPc3LRe zSt56B7y0`3LI)1lz3Zpce=suWPF?k-<|>JeD=??3>wDS3f38x<7xmn=axuESj;L)Y~<(yPOPxo!K|LAdx|9Og@xesXoVYAv0FVENnZ9+5`RXAB(X zdUPbe+>8x*z31hD+RhayFwZ}q19F|*Y2s{clMs7!qzwvNskEqm=0QSS)r$BS`557%J$mXNe!KpVn5dC_HEHEjq)?W7J zS9Y5y`I!ZSQKwUz^W)z*dvS3Z`}lyt$?{k2RSxhaR5zWxB%1VH|Ppz-)=YB zUK#~c_Jl?ug`7K2^ysp@|Ywpx@Ekmz_7*JO~_>Udp zXOBswZ|L;5S6x3UHaerEX)jt^J1tDQt0j&sR%jx*P2Hbe&*fd6?QK7$V-R* zIc2wAOvv5&!pJWw+irO~+doYkqiXq>LskNltj`++UxxF4z2`G*wH=3R7lHe(2(8XJ z)fa3Ce7M4#!V#KM9QrtvG-HEVQx;Vo{< zkXzv|>)f1wEfg+`XR?v_=*~z0c}Y~3gO0Of4on}~-o^6K^Y6a~W ziHFA)RP2WZt88P=;e)*WR_0Vs;`rklRJL_w1ewn2bbeRm5#BgKzEmUry_%R}Jj{5DpwiC4T0ms)(b1MvCbWBuEt5fxm+^8FYowP#HWl zdgjsra!x(@T=zPZF*sdqohBqAc+Ji#K%}FlBYfmxVG!!(5Y1lX(kNbi;qe0VfB|l+ z{UHfhwL__>n8JHEsc5JP>-bgBex4}J4f1z9v=$*0@iPG`VJiZYd1^Z!e!#iwDbN$X z=^;yh8q*=$+pS)Ln^Jjvoj{ZRg;vM*_mGWUF?h_S1VcAJ>oI9_Dr}#)qzaJVPEz;u zv}s5R&}r);@`CUnOLtc&&=&iZb&EKjEuGtjR!ZS^-^*Nx0o*|%y&{7E&+e9t!h_$tKYFM2pO;^=*zOzr8f1T%l zbY#ih3(QwtuP>8>~&d$H1b*pHaEEFdgRIf0e zjW%ieXA#)DRuWJ!9s>c1#B9M~H{%a~i{gY#A*#YL)f6Tw+a1uT9k}!1z34)@M7t^& z^LF_l(BfC|6j&s$KeFahaq*2g6A&YJzdSn23T&WRvpZlEfB@4T-c`76&{-?rTwm~m zS|7lLpk2YGp9El0`zZ~n8C zndwCS>f{qCjW5y0A%7Ei*a5WroPXvxqhH?8S2XeUoz9M{x3e!H&sgP+Ko)aIh)c3G zQnLY~2}0D&Tf+4sika)ZYy|JY=ak0e3rJ8vxCCT-67C(S(Ze;l))J)E{Jo8w_2@1K zih4+S&YP>!N2ql^M+%2^S>>KbnW$4(_N0nN=Vj4y|0SA%X9k{(o8e(%cht=Q3+CY`$^dRX4x%fSC)Q znyl8&L#XfUtsWfeS%5I!NpWqg;3e0IS8f2fdGz9eKWbH{EMMFTw!vY4bb_l=fwp(g z62l+;Xa4u;oXM@Ku5tt9^sx8d7x}j+#+S7QRI{v3O%;GnY8{_niV#1|YGBPfC*A-_ z?s1h476k&GB{-v2q9OqJOJ5jZ@TSZu1GIMt`P zczDV}xPNk&)h%$2>J73(a5&Z$f*VW@K^<9D0;ixfxrT*v86r7xT6MNzHllOb%N;Ps zjW0Fdh-T|4dY&jX_%=gNd{%w1^g6OG-1wIT(grd!Q__o8?{6#i$Fvd+Y7Ada>j%u| zk3k5xx8bR`?U1QLrWVn}ZijAeR}Nyb{><0o)GhCqYSIQC9GC1EWLfSO`8`=AaM(-{ z`RBdPS?+su^QL8fE|;Xz1|S0P{+Gtm1|WZ@^*ea_A^TIUEb`$(+%22&fO8ZG-ZocS zYo^PYKi$C&W3U4u$I`N9a%K*jIs(JrSNLpBwVaMOk>cfy#bH0KL(g8IMRk_}$sdH} z=x!S1?G@#Gb&vqB(`b1HvO zU#ROk4prGzBJChql{ooR!03C!)ZpZ>t~RCXJN4})w%-x(59X6j`wRsByc~Eqo8gG_N>MGF{W2vutHzBuMac5G4s$RG1l2_}8y|lpzkI{P2 z6vkzbOK_%kZyVOX(rL*HMA&&d#my})YT0wqEz1}ET8L`@`Lxa}E$$%O$F$gfs%HMgu0MosECn8|#Xx%?dU_UlF&=IO zi8RU{T@dsuokR})a-JN#BoO<aB|G|H1zns=DIt_0@ z2t@2L0xOJL+m1Hto9)d^lj` zlD=CBl^|Ssk6*h*$jP=qy97H4ei3SN1m&72!##|s)1~!MRrHGty&!zMDmR1MNc?@pG z)eW)wF6NU&bOe9?KT#H%Zjoi$**??lobi#{V`1inPRUC*^d_WT9P`U+np0LjZGv=m z1$TyBG3N}58-M8u({l8%wy3+Gb8Wx{^$kHF&ea2fm&+}A?v&9xcZ&dX!y>05C5nOTROckY`we%4vR%U~mHR4$1}{gBJ25ha;NqihwgOmGIqS5U+G`0RQzBx11YL09v)PrQ=x&PuH`W zpE3Br`n4Bw2deouUd9Nr>V3H*|biSnNRB~St z>JD)uoli1;-5Ui;<->uRO-MpkbKJ$MAy=$QdczhzT`KbwB8p>tZ*;2jBLocms4{3s zdQ)GIbzD+j0|&U`YJ^UXc|qGb{-rx8@2>CBr6GUyap_|fo(s8fJ=>sObpXq9a7qU< zxC_pIX8WEhXCpBai3u9p8VgT*MA{YG;dU`VBl6@{P<3VOeOlVEB()?|XCfhU zB*SvKNhcG7#Ta#Zpuij+sP)jcNSo8H6=hvuk|SCyCo?&_&Z+XbJn!zdU&(53FTKGC zg(vXRsiE!k=%Or%b^Oc!`0xMoU;pjD{g;3K`# + + + PHP: Arbitrary code execution + A vulnerability in PHP might allow an attacker to execute arbitrary + code. + + php + 2019-10-25 + 2019-11-19 + 698452 + remote + + + 7.1.33 + 7.2.24 + 7.3.11 + 5.6.40-r7 + 7.1.33 + 7.2.24 + 7.3.11 + 5.6.40-r7 + + + +

PHP is an open source general-purpose scripting language that is + especially suited for web development. +

+ + +

A underflow in env_path_info in PHP-FPM under certain configurations can + be exploited to gain remote code execution. +

+ + +

A remote attacker, by sending special crafted HTTP requests, could + possibly execute arbitrary code with the privileges of the process, or + cause a Denial of Service condition. +

+ + +

If patching is not feasible, the suggested workaround is to include + checks to verify whether or not a file exists before passing to PHP. +

+ + +

All PHP 5.6 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-5.6.40-r7" + + +

All PHP 7.1 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.1.33" + + +

All PHP 7.2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.24" + + +

All PHP 7.3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.11" + + + + + CVE-2019-11043 + + whissi + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-01.xml new file mode 100644 index 0000000000..e87f7485d7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-01.xml @@ -0,0 +1,55 @@ + + + + OpenSSH: Integer overflow + An integer overflow in OpenSSH might allow an attacker to execute + arbitrary code. + + openssh + 2019-11-07 + 2019-11-07 + 697046 + remote + + + 8.0_p1-r4 + 8.0_p1-r2 + + + +

OpenSSH is a complete SSH protocol implementation that includes SFTP + client and server support. +

+ + +

OpenSSH, when built with “xmss” USE flag enabled, has a + pre-authentication integer overflow if a client or server is configured + to use a crafted XMSS key. +

+ +

NOTE: This USE flag is disabled by default!

+ + +

A remote attacker could connect to a vulnerable OpenSSH server using a + special crafted XMSS key possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +

+ + +

Disable XMSS key type.

+ + +

All OpenSSH users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-misc/openssh/openssh-8.0_p1-r4" + + + + CVE-2019-16905 + + whissi + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-02.xml new file mode 100644 index 0000000000..8d4d4b4254 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-02.xml @@ -0,0 +1,49 @@ + + + + pump: User-assisted execution of arbitrary code + A buffer overflow in pump might allow remote attacker to execute + arbitrary code. + + pump + 2019-11-07 + 2019-11-07 + 694314 + remote + + + 0.8.24-r4 + + + +

BOOTP and DHCP client for automatic IP configuration.

+ + +

It was discovered that there was an arbitrary code execution + vulnerability in the pump DHCP/BOOTP client. +

+ + +

A remote attacker, by enticing a user to connect to a malicious server, + could cause the execution of arbitrary code with the privileges of the + user running pump DHCP/BOOTP client. +

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for pump. We recommend that users + unmerge pump: +

+ + + # emerge --unmerge "net-misc/pump" + + + + Debian Bug Report 933674 + + whissi + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-03.xml new file mode 100644 index 0000000000..0d7dff81e1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-03.xml @@ -0,0 +1,51 @@ + + + + Oniguruma: Multiple vulnerabilities + Multiple vulnerabilities have been found in Oniguruma, the worst of + which could result in the arbitrary execution of code. + + oniguruma + 2019-11-07 + 2019-11-07 + 691832 + local, remote + + + 6.9.3 + 6.9.3 + + + +

Oniguruma is a regular expression library.

+ + +

Multiple vulnerabilities have been discovered in Oniguruma. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker, by enticing a user to process a specially crafted + string using an application linked against Oniguruma, could possibly + execute arbitrary code with the privileges of the process or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Oniguruma users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/oniguruma-6.9.3" + + + + CVE-2019-13224 + CVE-2019-13225 + + whissi + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-04.xml new file mode 100644 index 0000000000..8793df1008 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201911-04.xml @@ -0,0 +1,50 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple information disclosure vulnerabilities in OpenSSL allow + attackers to obtain sensitive information. + + openssl + 2019-11-07 + 2019-11-07 + 694162 + local, remote + + + 1.0.2t + 1.0.2t + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2t" + + + + CVE-2019-1547 + CVE-2019-1563 + + whissi + whissi + diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index ce53b3ac10..caca29ca0b 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 11 Sep 2019 01:08:51 +0000 +Fri, 22 Nov 2019 17:38:45 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index 933a7041a4..3d9c875b21 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -0d8b041795d355b2f8da9b84725a62150a91dc13 1567964538 2019-09-08T17:42:18+00:00 +435541275775881e78e6acc96aca7536a5955224 1574160598 2019-11-19T10:49:58+00:00