mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 09:56:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(metadata/glsa): sync with upstream

Browse Source
This commit is contained in:
David Michael 2019-03-14 14:35:17 +00:00
parent 248461e9ad
commit fe6e077437
10 changed files with 370 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest vendored
View File

@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
MANIFEST Manifest.files.gz 436466 BLAKE2B 1592f1e1bb1660fe56598a716be2722c8f9b14d74fcc7bf4086935ca129dff18da9e9a7deb43b3b3ab5e34487a04b37269914fde19e2c86f3d80a1165fc058e0 SHA512 814ba1ee894cf6c7438051199c5078a6339901cdea60b6848add142bf264fc54ba915b91229a96a1404f81bdbc5177e162144d5b97ce8351358c43ca91c86df7
TIMESTAMP 2019-03-11T01:38:51Z
MANIFEST Manifest.files.gz 437429 BLAKE2B d71793c37518c554e77bcce22a3ca061890ae72b465c007c31dd2c429c8174741829feddc258347929fc21c74551873bd6be78db810aced844a0e1c497853ff8 SHA512 00d0bfb813b46cc0d061cd7f833014ba841445d5bb2ae0b2ba659c73836487cf7bae990c575667b3cc73306bb0dc54613f22d4fd84afe2cd7cee60f090008f3e
TIMESTAMP 2019-03-14T14:08:54Z
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyFvCtfFIAAAAAALgAo
iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyKYHZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
klAPHA/+P/U8xHLyUo0llv8FWLgjEhNDQzpJYEckpNbjTTLXZueHWKItVRvIgY+O
VVLeZp4MgQih16YB1lIzYwDMcsYdt1kk/5oytqjkpNgLeude+G5Z65cLw0C1//Y2
1+yXTiWs6XpWdVqh3Or7/muHcxpoyxHtVBbbAThx3uv8sgsCEKFxdEC5TTod/i3s
+5syLAHAy/0EAO5H3WUEiuh9PZCEZZ+2j9VKLySNQQa6IoYAweXxBQ7+B+ongJAZ
s5r/34AiXM3bE7OREc/RnbbtRbjY080BHzrUetFPKdFEH1cNYd/L9OwRqz+j9HpN
S9MKO0BMn1Lt/osnAIiPiiRW4/QM9rVSe1yx6gqn4+Z8bubVYEn964Ryo+TRGYOJ
eMpf49JbNFjRfqyhr4F/NZpAyxl6m2d1rnI754hgRvAtq/QFZ6777IBGMKePRoqj
Z8te+9hP8PG8AJsgx5ZSJXRC0qxhLYPSVx6fVsY+eRe/ykLZdpUz7jZP63xSsz7r
sTrA0e10kMp9u9vBzzni8OI8hUratTZLxlTgucNeytXCjCpZh+8XBBTNZD3JwYaG
j/pr8JOXrIJ626TQ3lqfTLXc+fwC38/r6hLm1QWuR2fP57V4aXRmJmn99RROb5cX
tZNVNGO+xhaQzhBq+3P8ycPDtC1I1x4XQEFLtyFJUIFeCkak3Fk=
=J9ze
klBZJQ//ZmGGCLyldR1zfBkQiVyYfY4xs3/AVZH+ZToWmEDYQ2Vx+FADUBloGgz7
7zHL21o5+/KhkHinIaAETPvnUo8iiLpX0uC4HPjwwtmBldzE6no5evgpCHgh1j9+
Kw/tFPRJ9wAavy824jAF8eFoOK6zsZWCL4QPIUTDUZER+fxCCGD35MDti4z9FBsE
jmcrRZWMZGCElNfTwBhI7aaQ01MM9CCw5yeaOZlmHjRbkO003e2Rr8EMWlUZIoHL
9UL+1hdrKNxwLqRtBTX23SBeCfVyG8hHOSGQm6Iy7DJesHSpuGWYQAc7P3Pog5Yz
7x4xanJ33mCDlxyZHRL6Ct35dgIS9+NdgWoQyPepKbxwM/EGliOVoy/5g045SueO
6e3yOSZzSXCQxEEHycKBqOMWMl+VTycN/fi54ArMlo39to5g7JbEF4T+Q2zB2a2J
0Dev4IkKyyJ4fK0JWQPrkhNNB3u//Wlry/g/TYWV1abFftoBrRLU8N4axwq5jJtH
twQAFmVtDAF1lrqVW/VoaKcOL0IM2HVDYHfLPCtRBjVkya/6xotL4+CiQ0AQcK88
zZUPQpNP8PrkAZ8gDElNm+hbIBsY0G2Z0/oJWnOHbchcs6oq0Uf1tT4qOI/NPZgK
nqAytoy5ciJjvqXC1jKuYVpu2XnZlzNeHcyYZE5SilRAvle7i+M=
=nBaS
-----END PGP SIGNATURE-----

BIN
sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz vendored
View File

Binary file not shown.

50
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-09.xml vendored Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201903-09">
<title>GNU C Library: Arbitrary descriptor allocation</title>
<synopsis>A vulnerability in the GNU C Library could result in a Denial of
Service condition.
</synopsis>
<product type="ebuild">glibc</product>
<announced>2019-03-14</announced>
<revised count="1">2019-03-14</revised>
<bug>617938</bug>
<access>remote</access>
<affected>
<package name="sys-libs/glibc" auto="yes" arch="*">
<unaffected range="ge">2.26.0</unaffected>
<vulnerable range="lt">2.26.0</vulnerable>
</package>
</affected>
<background>
<p>The GNU C library is the standard C library used by Gentoo Linux
systems.
</p>
</background>
<description>
<p>A vulnerability was discovered in the GNU C Library functions xdr_bytes
and xdr_string.
</p>
</description>
<impact type="normal">
<p>A remote attacker, by sending a crafted UDP packet, could cause a Denial
of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All GNU C Library users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.26.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19591">CVE-2018-19591</uri>
</references>
<metadata tag="requester" timestamp="2018-12-30T15:32:10Z">Zlogene</metadata>
<metadata tag="submitter" timestamp="2019-03-14T01:31:55Z">Zlogene</metadata>
</glsa>

59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-10.xml vendored Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201903-10">
<title>OpenSSL: Multiple vulnerabilities</title>
<synopsis>Multiple Information Disclosure vulnerabilities in OpenSSL allow
attackers to obtain sensitive information.
</synopsis>
<product type="ebuild">openssl</product>
<announced>2019-03-14</announced>
<revised count="1">2019-03-14</revised>
<bug>673056</bug>
<bug>678564</bug>
<access>local, remote</access>
<affected>
<package name="dev-libs/openssl" auto="yes" arch="*">
<unaffected range="ge">1.0.2r</unaffected>
<vulnerable range="lt">1.0.2r</vulnerable>
</package>
</affected>
<background>
<p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
purpose cryptography library.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
the CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>A remote attacker to obtain sensitive information, caused by the failure
to immediately close the TCP connection after the hosts encounter a
zero-length record with valid padding.
</p>
<p>A local attacker could run a malicious process next to legitimate
processes using the architectures parallel thread running capabilities
to leak encrypted data from the CPUs internal processes.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All OpenSSL users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2r"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5407">CVE-2018-5407</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1559">CVE-2019-1559</uri>
</references>
<metadata tag="requester" timestamp="2019-01-07T18:47:40Z">whissi</metadata>
<metadata tag="submitter" timestamp="2019-03-14T01:34:24Z">Zlogene</metadata>
</glsa>

49
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-11.xml vendored Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201903-11">
<title>XRootD: Remote code execution</title>
<synopsis>A vulnerability was discovered in XRootD which could lead to the
remote execution of code.
</synopsis>
<product type="ebuild">xrootd</product>
<announced>2019-03-14</announced>
<revised count="1">2019-03-14</revised>
<bug>638420</bug>
<access>remote</access>
<affected>
<package name="net-libs/xrootd" auto="yes" arch="*">
<unaffected range="ge">4.8.3</unaffected>
<vulnerable range="lt">4.8.3</vulnerable>
</package>
</affected>
<background>
<p>A project that aims at giving high performance, scalable, and fault
tolerant access to data repositories of many kinds.
</p>
</background>
<description>
<p>A shell command injection was discovered in XRootD.</p>
</description>
<impact type="normal">
<p>A remote attacker could execute arbitrary code.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All XRootD users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/xrootd-4.8.3"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000215">
CVE-2017-1000215
</uri>
</references>
<metadata tag="requester" timestamp="2019-03-10T02:02:16Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2019-03-14T01:35:58Z">b-man</metadata>
</glsa>

61
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-12.xml vendored Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201903-12">
<title>WebkitGTK+: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
of which could result in the arbitrary execution of code.
</synopsis>
<product type="ebuild">webkit-gtk</product>
<announced>2019-03-14</announced>
<revised count="1">2019-03-14</revised>
<bug>672108</bug>
<bug>674702</bug>
<bug>678334</bug>
<access>remote</access>
<affected>
<package name="net-libs/webkit-gtk" auto="yes" arch="*">
<unaffected range="ge">2.22.6</unaffected>
<vulnerable range="lt">2.22.6</vulnerable>
</package>
</affected>
<background>
<p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.
</p>
</description>
<impact type="normal">
<p>An attacker could execute arbitrary code or conduct cross-site
scripting.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All WebkitGTK+ users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.22.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6212">CVE-2019-6212</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6215">CVE-2019-6215</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6216">CVE-2019-6216</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6217">CVE-2019-6217</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6226">CVE-2019-6226</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6227">CVE-2019-6227</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6229">CVE-2019-6229</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6233">CVE-2019-6233</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6234">CVE-2019-6234</uri>
</references>
<metadata tag="requester" timestamp="2019-03-07T21:59:07Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2019-03-14T01:37:23Z">b-man</metadata>
</glsa>

52
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-13.xml vendored Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201903-13">
<title>BIND: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in BIND, the worst of
which could result in a Denial of Service condition.
</synopsis>
<product type="ebuild">bind</product>
<announced>2019-03-14</announced>
<revised count="1">2019-03-14</revised>
<bug>657654</bug>
<bug>666946</bug>
<access>remote</access>
<affected>
<package name="net-dns/bind" auto="yes" arch="*">
<unaffected range="ge">9.12.1_p2-r1</unaffected>
<vulnerable range="lt">9.12.1_p2-r1</vulnerable>
</package>
</affected>
<background>
<p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in BIND. Please review the
CVE identifiers referenced below for details.
</p>
</description>
<impact type="normal">
<p>BIND can improperly permit recursive query service to unauthorized
clients possibly resulting in a Denial of Service condition or to be used
in DNS reflection attacks.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All bind users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.12.1_p2-r1"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5738">CVE-2018-5738</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5740">CVE-2018-5740</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5741">CVE-2018-5741</uri>
</references>
<metadata tag="requester" timestamp="2019-03-10T00:30:31Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2019-03-14T01:41:21Z">BlueKnight</metadata>
</glsa>

82
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201903-14.xml vendored Normal file
View File

@ -0,0 +1,82 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201903-14">
<title>Oracle JDK/JRE: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Oracles JDK and JRE
software suites.
</synopsis>
<product type="ebuild">oracle-jdk-bin,oracle-jre-bin</product>
<announced>2019-03-14</announced>
<revised count="1">2019-03-14</revised>
<bug>653560</bug>
<bug>661456</bug>
<bug>676134</bug>
<access>remote</access>
<affected>
<package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
<unaffected range="ge">1.8.0.202</unaffected>
<vulnerable range="lt">1.8.0.202</vulnerable>
</package>
<package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
<unaffected range="ge">1.8.0.202</unaffected>
<vulnerable range="lt">1.8.0.202</vulnerable>
</package>
</affected>
<background>
<p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as in todays
demanding embedded environments. Java offers the rich user interface,
performance, versatility, portability, and security that todays
applications require.
</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Oracles JDK and JRE
software suites. Please review the CVE identifiers referenced below for
details.
</p>
</description>
<impact type="normal">
<p>A remote attacker could possibly execute arbitrary code with the
privileges of the process, gain access to information, or cause a Denial
of Service condition.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Oracle JDK bin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=dev-java/oracle-jdk-bin-1.8.0.202"
</code>
<p>All Oracle JRE bin users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
"&gt;=dev-java/oracle-jre-bin-1.8.0.202"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2790">CVE-2018-2790</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2794">CVE-2018-2794</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2795">CVE-2018-2795</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2796">CVE-2018-2796</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2797">CVE-2018-2797</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2798">CVE-2018-2798</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2799">CVE-2018-2799</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2800">CVE-2018-2800</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2811">CVE-2018-2811</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2814">CVE-2018-2814</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2815">CVE-2018-2815</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2422">CVE-2019-2422</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2426">CVE-2019-2426</uri>
</references>
<metadata tag="requester" timestamp="2019-03-10T05:01:22Z">BlueKnight</metadata>
<metadata tag="submitter" timestamp="2019-03-14T01:44:42Z">BlueKnight</metadata>
</glsa>

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk vendored
View File

@ -1 +1 @@
Mon, 11 Mar 2019 01:38:48 +0000
Thu, 14 Mar 2019 14:08:50 +0000

2
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit vendored
View File

@ -1 +1 @@
579d79ed98752445ffce6122ab66094d1cb0110e 1552251022 2019-03-10T20:50:22+00:00
17152e28d973dd918d88b38fdcc6e83f34c921f2 1552527902 2019-03-14T01:45:02+00:00