diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-09-17 11:03:04 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-09-17 11:03:04 +0100 |
commit | 0968caae52d6eae7513e2ce4e0900a2e009780ee (patch) | |
tree | 54218d0d3baaf14b964427f98c4f90f13380ffd3 /metadata/glsa | |
parent | 58018a2c9504435bb719f2d60439ebe22fbeb503 (diff) |
gentoo auto-resync : 17:09:2023 - 11:03:03
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 546444 -> 547551 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-202309-02.xml | 64 | ||||
-rw-r--r-- | metadata/glsa/glsa-202309-03.xml | 45 | ||||
-rw-r--r-- | metadata/glsa/glsa-202309-04.xml | 56 | ||||
-rw-r--r-- | metadata/glsa/glsa-202309-05.xml | 44 | ||||
-rw-r--r-- | metadata/glsa/glsa-202309-06.xml | 86 | ||||
-rw-r--r-- | metadata/glsa/glsa-202309-07.xml | 43 | ||||
-rw-r--r-- | metadata/glsa/glsa-202309-08.xml | 43 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
11 files changed, 398 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index b382341ad7bc..e5b07c761b1c 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 546444 BLAKE2B 427e6ba70311c66f33f8718c9e5205812a06f7180945f95cd2cc13a642ebd00b8ab6bde2ebd1ac16f0013a5d2c65c3729739daaa24b9e4c70888d6626437692d SHA512 666ed25ec3b20188903cb612d27562ec06741fff2c9cc4ee150980ae0801d6b66d3d117a8d3df13d953f8c0975e6b4fd3d287a501bb281b5093186361d8515d8 -TIMESTAMP 2023-09-17T03:39:58Z +MANIFEST Manifest.files.gz 547551 BLAKE2B 1c8a2c44712370196d7063d9129e5418e3dfa4b013e30a5e0a4b9367b2131bb0b45949b8c8d9e8433aa0d483da04220b33d15fca9118364a0fc9d95430b13e46 SHA512 d863cabfd6bbd4b1772db2994615c985318c23ec71f69d65a91382cfdfbf51e724628c09c24586716e946026cf13fc73b968032951be742049f80dc8fa300c06 +TIMESTAMP 2023-09-17T09:40:09Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUGdQ5fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUGyXlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klD3Wg/+MUmlXHuKrZ4bCMcUKi5LyjQqZOxKV6aHqMFdtHlKBAMokfFt8TaQ2IYS -q7fEn7Zi54KSOHTCDn9r991xAk6cN9N+vYQoOtKmLGe1qyanWlfHG1bB7nAFtktU -au4xHCbKriCPyMeEf2rFJXYlY2tzUeFPqqB2mx2KkdP7ChIHc7HnANhWPV4wHbDf -oNVZaE6ATLiwh+KwV9TwmNNfwK+gUCMQ0GHeeIsYl5FcpDk2IHVQtvI2yG7wdl+r -+ygaCOFkDHLniu/gTaQ4dMPn1RHosWzcPSEqSxrQ7psosXA3DD+uEEClUQaL86+i -JGI+FKy3LOtiCeymkdiFGJ8XY/lMlOhLcjkH3sqRJ82f8pvA83RhXYp7O/CBrtd4 -gYQ6itGpMhceAkBfWgjUdMxygPJ1AZNn7ahAF/FCt//At3eKC4iDdzY5q6q6HOWp -DR4JD4OXViBm5dZMEjy2fYFxKW950zbJV1iSJhRDSXZKDdt+eEnLj9tYd+ToOJva -lBpaGLwYmJ0udvau75DbtUYRO9pvhEV18/FOLmWwdYElKZRS74D74Hswh8G9ox48 -Svkd3+hnjTrqTB6pP9+9QcZaMrODIDAW3SAQ+ZKli7gYNugMaumOH/AuX01O8DrL -OS+b0sphsDGMlyWYPkpfBXMP0ZknYqKlVmoug7OxYNVi0ZHzbGY= -=2d00 +klCIRg//TuO3qkaoQkBDt1oaTnq3QGtYuz/CD3kpePFU0DaTaSI9tvjb8jHA2ebA +A5KBngMgmCqspjr+Cb5I9yecEIlsbZZvXoSBY67YqxlGA+Y/lBaDt9YP8WSDL/A/ +7p0f/M9q1Y2HgZ8+RiBKZstgbu4+2Lq/eG7zUgQgla1wyB/Lpv+FynTkE2B68+6T +hHYgWA9tPARyA5IHp0/rVepcH4FozbPGxlPHDiidnR+2Z4Yzp56S/+AujLJ50Nyc +OnWtmgaTHk3SdMFNQGY7r0OWh3lWhknjg3nqQL92L3LOaG9gO3OZCJdhelSXN9U0 +F4L1WF3WIAi8Fs3WDYO7tMTto6+0yUGU2VR7VMTTIZ3zr1MlkD8MLyE7NE0m3iBg +HXRk7GLqOXfl0TPITf10fkbVUisXbDUGblQq21asf2N76WNtBWlSuPA2q2vC34AV +6HP/hvBhqhhxazVpIVoVPE0MkHByFg+tWhc1taqn0sHR1Yvva9KEyAPyPedIEyOb +sOGdMfixQZqj/hc+GV6U8l6wqJV6KV9CZweHpfBak2XL+GIQPyIZ6WUYNbBTdbgg +OXWFk7vy0DN6ZbQ79ubUPRyGG4966ioaSt7GwjqzFWpeEoUtKMLUjWB00sLcgLAA +Z+gqifpf82TiBO83uDLDHYOwaESnyMPGoBvDaLHjTXgGX2drzrk= +=9s0c -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex a1ad35b3aa1f..9895112cb1f9 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202309-02.xml b/metadata/glsa/glsa-202309-02.xml new file mode 100644 index 000000000000..8e65a0ee7f10 --- /dev/null +++ b/metadata/glsa/glsa-202309-02.xml @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-02"> + <title>Wireshark: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of which could result in denial of service.</synopsis> + <product type="ebuild">wireshark</product> + <announced>2023-09-17</announced> + <revised count="1">2023-09-17</revised> + <bug>878421</bug> + <bug>899548</bug> + <bug>904248</bug> + <bug>907133</bug> + <access>remote</access> + <affected> + <package name="net-analyzer/wireshark" auto="yes" arch="*"> + <unaffected range="ge">4.0.6</unaffected> + <vulnerable range="lt">4.0.6</vulnerable> + </package> + </affected> + <background> + <p>Wireshark is a versatile network protocol analyzer.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Wireshark users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-4.0.6" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3725">CVE-2022-3725</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0666">CVE-2023-0666</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0667">CVE-2023-0667</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0668">CVE-2023-0668</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1161">CVE-2023-1161</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1992">CVE-2023-1992</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1993">CVE-2023-1993</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1994">CVE-2023-1994</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2854">CVE-2023-2854</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2855">CVE-2023-2855</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2856">CVE-2023-2856</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2857">CVE-2023-2857</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2858">CVE-2023-2858</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2879">CVE-2023-2879</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2952">CVE-2023-2952</uri> + <uri>WNPA-SEC-2022-07</uri> + <uri>WNPA-SEC-2023-08</uri> + <uri>WNPA-SEC-2023-09</uri> + <uri>WNPA-SEC-2023-10</uri> + <uri>WNPA-SEC-2023-11</uri> + </references> + <metadata tag="requester" timestamp="2023-09-17T05:24:05.630380Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-09-17T05:24:05.633911Z">sam</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202309-03.xml b/metadata/glsa/glsa-202309-03.xml new file mode 100644 index 000000000000..71c1f8f027a3 --- /dev/null +++ b/metadata/glsa/glsa-202309-03.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-03"> + <title>GPL Ghostscript: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution.</synopsis> + <product type="ebuild">ghostscript-gpl</product> + <announced>2023-09-17</announced> + <revised count="1">2023-09-17</revised> + <bug>904245</bug> + <bug>910294</bug> + <access>remote</access> + <affected> + <package name="app-text/ghostscript-gpl" auto="yes" arch="*"> + <unaffected range="ge">10.01.2</unaffected> + <vulnerable range="lt">10.01.2</vulnerable> + </package> + </affected> + <background> + <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GPL Ghostscript users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-10.01.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2085">CVE-2022-2085</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28879">CVE-2023-28879</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-36664">CVE-2023-36664</uri> + </references> + <metadata tag="requester" timestamp="2023-09-17T05:24:21.503128Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-09-17T05:24:21.506324Z">sam</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202309-04.xml b/metadata/glsa/glsa-202309-04.xml new file mode 100644 index 000000000000..2e5d9dd4cb1c --- /dev/null +++ b/metadata/glsa/glsa-202309-04.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-04"> + <title>RAR, UnRAR: Arbitrary File Overwrite</title> + <synopsis>An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution.</synopsis> + <product type="ebuild">rar,unrar</product> + <announced>2023-09-17</announced> + <revised count="1">2023-09-17</revised> + <bug>843611</bug> + <bug>849686</bug> + <bug>912652</bug> + <access>remote</access> + <affected> + <package name="app-arch/rar" auto="yes" arch="*"> + <unaffected range="ge">6.23</unaffected> + <vulnerable range="lt">6.23</vulnerable> + </package> + <package name="app-arch/unrar" auto="yes" arch="*"> + <unaffected range="ge">6.2.10</unaffected> + <vulnerable range="lt">6.2.10</vulnerable> + </package> + </affected> + <background> + <p>RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.</p> + </background> + <description> + <p>Due to an error in the validation of symbolic links within archives, RAR and UnRAR can potentially write files to a directory which is outside of the intended unpack directory.</p> + </description> + <impact type="normal"> + <p>If the user running RAR or UnRAR extracts a malicious archive, the archive could overwrite a file such as the user's shell initialization scripts, potentially resulting in arbitrary code execution in the context of that user.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All RAR users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/rar-6.23" + </code> + + <p>All UnRAR users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/unrar-6.2.10" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30333">CVE-2022-30333</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40477">CVE-2023-40477</uri> + </references> + <metadata tag="requester" timestamp="2023-09-17T05:24:38.613653Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-09-17T05:24:38.615853Z">sam</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202309-05.xml b/metadata/glsa/glsa-202309-05.xml new file mode 100644 index 000000000000..db6582797f2a --- /dev/null +++ b/metadata/glsa/glsa-202309-05.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-05"> + <title>WebP: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in WebP, the worst of which could result in remote code execution.</synopsis> + <product type="ebuild">libwebp</product> + <announced>2023-09-17</announced> + <revised count="1">2023-09-17</revised> + <bug>909369</bug> + <bug>914010</bug> + <access>remote</access> + <affected> + <package name="media-libs/libwebp" auto="yes" arch="*"> + <unaffected range="ge">1.3.1_p20230908</unaffected> + <vulnerable range="lt">1.3.1_p20230908</vulnerable> + </package> + </affected> + <background> + <p>WebP is an image format employing both lossy and lossless compression.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in WebP. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the CVE identifiers referenced below for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All WebP users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libwebp-1.3.1_p20230908" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1999">CVE-2023-1999</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4863">CVE-2023-4863</uri> + </references> + <metadata tag="requester" timestamp="2023-09-17T05:52:57.540704Z">sam</metadata> + <metadata tag="submitter" timestamp="2023-09-17T05:52:57.543709Z">sam</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202309-06.xml b/metadata/glsa/glsa-202309-06.xml new file mode 100644 index 000000000000..0451d2193b50 --- /dev/null +++ b/metadata/glsa/glsa-202309-06.xml @@ -0,0 +1,86 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-06"> + <title>Samba: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution.</synopsis> + <product type="ebuild">samba</product> + <announced>2023-09-17</announced> + <revised count="1">2023-09-17</revised> + <bug>820566</bug> + <bug>821688</bug> + <bug>830983</bug> + <bug>832433</bug> + <bug>861512</bug> + <bug>866225</bug> + <bug>869122</bug> + <bug>878273</bug> + <bug>880437</bug> + <bug>886153</bug> + <bug>903621</bug> + <bug>905320</bug> + <bug>910334</bug> + <access>remote</access> + <affected> + <package name="net-fs/samba" auto="yes" arch="*"> + <unaffected range="ge">4.18.4</unaffected> + <vulnerable range="lt">4.18.4</vulnerable> + </package> + </affected> + <background> + <p>Samba is a suite of SMB and CIFS client/server programs.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Samba users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-4.18.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2007-4559">CVE-2007-4559</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-2124">CVE-2016-2124</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17049">CVE-2020-17049</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25717">CVE-2020-25717</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25718">CVE-2020-25718</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25719">CVE-2020-25719</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25721">CVE-2020-25721</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25722">CVE-2020-25722</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3670">CVE-2021-3670</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3738">CVE-2021-3738</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20251">CVE-2021-20251</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20316">CVE-2021-20316</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23192">CVE-2021-23192</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44141">CVE-2021-44141</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44142">CVE-2021-44142</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0336">CVE-2022-0336</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1615">CVE-2022-1615</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2031">CVE-2022-2031</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3437">CVE-2022-3437</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3592">CVE-2022-3592</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32742">CVE-2022-32742</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32743">CVE-2022-32743</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32744">CVE-2022-32744</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32745">CVE-2022-32745</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32746">CVE-2022-32746</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37966">CVE-2022-37966</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37967">CVE-2022-37967</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38023">CVE-2022-38023</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42898">CVE-2022-42898</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45141">CVE-2022-45141</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0225">CVE-2023-0225</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0614">CVE-2023-0614</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0922">CVE-2023-0922</uri> + </references> + <metadata tag="requester" timestamp="2023-09-17T05:56:23.727556Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-09-17T05:56:23.731410Z">sam</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202309-07.xml b/metadata/glsa/glsa-202309-07.xml new file mode 100644 index 000000000000..86b977373702 --- /dev/null +++ b/metadata/glsa/glsa-202309-07.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-07"> + <title>Binwalk: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Binwalk, the worst of which could result in remote code execution.</synopsis> + <product type="ebuild">binwalk</product> + <announced>2023-09-17</announced> + <revised count="1">2023-09-17</revised> + <bug>820614</bug> + <bug>903652</bug> + <access>remote</access> + <affected> + <package name="app-misc/binwalk" auto="yes" arch="*"> + <unaffected range="ge">2.3.4</unaffected> + <vulnerable range="lt">2.3.4</vulnerable> + </package> + </affected> + <background> + <p>Binwalk is a tool for identifying files embedded inside firmware images.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Binwalk. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Binwalk users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/binwalk-2.3.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4510">CVE-2022-4510</uri> + </references> + <metadata tag="requester" timestamp="2023-09-17T06:32:11.831863Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-09-17T06:32:11.834505Z">sam</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202309-08.xml b/metadata/glsa/glsa-202309-08.xml new file mode 100644 index 000000000000..0b12314c2221 --- /dev/null +++ b/metadata/glsa/glsa-202309-08.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202309-08"> + <title>Requests: Information Leak</title> + <synopsis>A vulnerability has been discovered in Requests which could result in the disclosure of plaintext secrets.</synopsis> + <product type="ebuild">requests</product> + <announced>2023-09-17</announced> + <revised count="1">2023-09-17</revised> + <bug>906970</bug> + <access>remote</access> + <affected> + <package name="dev-python/requests" auto="yes" arch="*"> + <unaffected range="ge">2.31.0</unaffected> + <vulnerable range="lt">2.31.0</vulnerable> + </package> + </affected> + <background> + <p>Requests is an HTTP library for human beings.</p> + </background> + <description> + <p>Requests is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin with authentication credentials encoded into the URL.</p> + </description> + <impact type="low"> + <p>Users' proxy authentication secrets could be disclosed to parties beyond the used HTTP proxy server.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Requests users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/requests-2.31.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</uri> + <uri>GHSA-j8r2-6x86-q33q</uri> + </references> + <metadata tag="requester" timestamp="2023-09-17T06:32:25.550438Z">ajak</metadata> + <metadata tag="submitter" timestamp="2023-09-17T06:32:25.553604Z">sam</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index fbd8348470a2..80fd1cc6356a 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 17 Sep 2023 03:39:55 +0000 +Sun, 17 Sep 2023 09:40:07 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 00b1e1be74c7..8c507dfb8ce9 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -c436d88493a5c8eec9b1f8a63799d35dd75d3372 1694200711 2023-09-08T19:18:31+00:00 +350089607fb03a112b8ef41490ac5428b2edf828 1694932402 2023-09-17T06:33:22+00:00 |