diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-05-30 00:07:18 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-05-30 00:07:18 +0100 |
| commit | 0e2a727aba684f1a44cc0402a3f77d242140681b (patch) | |
| tree | ad462b91afc9d7f8d76e3c51331517fddd6b25c2 /metadata/glsa | |
| parent | 5c4786a868bad6e3f46aecf32ad6c6dc5de98408 (diff) | |
gentoo auto-resync : 30:05:2024 - 00:07:18
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 574732 -> 574731 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202403-04.xml | 12 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 26 insertions, 20 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 97d00e5e1d45..cfa78fd831f2 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 574732 BLAKE2B a9af568292017c04921c94b0421560fe7456a5d38c31f88c289c55cbf154a7f32d7194e92bc4452cfce078c6b4b96bdd84c71c75026bcd85d4c04b0e07c3843c SHA512 fd203e50e5e1207e6138c4a3c7cd9f2a98a93e63a79a365e3c1f7b27118ab820f748267ce6723c39fb2b2b8421c30bbb4801558a32b92c9c5b6aeefdce2d561c -TIMESTAMP 2024-05-28T22:40:18Z +MANIFEST Manifest.files.gz 574731 BLAKE2B 89caa0807b8cb3bb8f1cc5679dbe23ca4398827dd3b841269212eea4c56cfd057c2066dfc5853236e4134ffbd1bf10272359df656c88cc2dda1c7d6317ab1970 SHA512 68081b023a298180abb3d5c6ce33bd36fece32d1d6fe7d38f87edd236b3e70d2dc5c11f8a42561ff66103806af4278e08e0282649c4d9fe95a44f29ea0bc82b8 +TIMESTAMP 2024-05-29T22:40:22Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmZWXVJfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmZXrtZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klC/OBAAsGzqEJaeddOTZtsqbJS8DjGqVBr3T3HBOaFdZAy6VWavNTQPT+7Xz1/j -5OIJ0StJokU6BQKihDNQoBAN8aq69nnZiuNMs4Eqkb9U4kM8z6rFfJT1ms6WNouK -V/qBd0ljZGG4B8rNvNV+qfTVxxKgWuVbBN0to3HzQXuEAtcT1vVkbGVpevowiI2I -GREJ5X2ak/kvBCbQzPM5J5RxFscJD09mvA32vTDfH/qch3/z4L4VjBd2FaLv9OGD -BychAV3P4J5fVySCY8EcrwncvD9+CkkNYtIN+IlGNFadc0XYgNHwCCHsnL589d9O -bKJXQaPMq2mekHnSIHRdIo1k0tj7dWSwfdc+wsBsGMb6RzRIn5OOifO608PCoh1D -lVwPx4ZnlJrs9PwGOMf62y+aiQ4eRc8vXGb55wpPMI2ip1QVobMgGWl67yPnVRnj -1rOlGdd9hAo34GKClJbfN3obZ+ofdO3zXExB8jV7Ts8W1U6pNDhHX2wcZD/OCHXo -cLAWbE2gGL0gZyv27sUxS5HybNP3/nb/Yr1MzI0E6PyL1DxrEnAY88u1xkA7Zwww -mps4LhoMw/FJAVNWYbhcvUG4ZUPH5cHApWr54NB+N0+qXvgTRfiEC75TIAvrRZ7+ -1Cw352rB4aF2a+ZgjsBPjj8HubRl5n55lFUGBYMG8dnbA3DsNeA= -=ghCn +klAq+hAApFllf8/PbIQznxZUjzbe8FVMt2WikTrO+uEHxeA9UxQFcl8rqrgibhg7 +YKW8MZ6IRP3CDlydVZh/VZOjcfhZCCHZRx2KVkJpGMuPVwX2UNiqeE9gkapc3xP5 +C8I/RD16NYzBknk85rjTwtGxvAU/s6bb3AlyIgm+Ids+3Rr08Rd2zenWTrjDjmWw +Q5GLBQ2Tnli4cI1OFaujbEDa3i5RXv4QKPHL0MJQKnT6HZisMqY+NdYgt4ueSK6K +I+TImWoDkU/XopvNUjrve8gC99fIs0hq78Y11sXQYEZlCP+3A9gZUPrJ3d5DNHiZ +Zn2U0xQFdDgrZ18pC8Y+Cz90ddYFKHJ9puBQAja4oKq1gMMbF+WBrgOh96WoTgdL +UfFegnq+i74cg4tK342REzraqkiNfaF7xn0XHSOjEcuCeunyWlL8WFD4ZoTxo5Bj +FqDIi7go6dMetZRmCOYHRuM9SL8Jl86YThQ5TrzgXkiyP/p9AHzesN6ZYZySrdC1 +8LUj1jlYV9WExxzuckhHvoJzMrIHmY6i8LO1Xauphy7TBREWwPS2ia1B3PChcWfH +EkExKcQfyPdsNIfiq6Ly7tkeQsK5p355Hp6FciZtVgrqxIDh0FG6VJSDqtY3Fdef +sRqg4Zm6Y/vHPqiv8M3XQrQGE/bXFMwefycZvcgQZ+i1MNgQsf8= +=qqON -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 20178e449e06..539c52a99f3d 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202403-04.xml b/metadata/glsa/glsa-202403-04.xml index abe207438c3d..51f84120bc7f 100644 --- a/metadata/glsa/glsa-202403-04.xml +++ b/metadata/glsa/glsa-202403-04.xml @@ -5,13 +5,15 @@ <synopsis>A backdoor has been discovered in XZ utils that could lead to remote compromise of systems.</synopsis> <product type="ebuild">xz-utils</product> <announced>2024-03-29</announced> - <revised count="1">2024-03-29</revised> + <revised count="2">2024-05-29</revised> <bug>928134</bug> <access>remote</access> <affected> <package name="app-arch/xz-utils" auto="yes" arch="*"> <unaffected range="lt">5.6.0</unaffected> - <vulnerable range="ge">5.6.0</vulnerable> + <unaffected range="gt">5.6.1</unaffected> + <vulnerable range="eq">5.6.0</vulnerable> + <vulnerable range="eq">5.6.1</vulnerable> </package> </affected> <background> @@ -32,10 +34,14 @@ Analysis is still ongoing, however, and additional vectors may still be identifi <p>There is no known workaround at this time.</p> </workaround> <resolution> - <p>All XZ utils users should downgrade to the latest version before the backdoor was introduced:</p> + <p>All XZ utils users should upgrade to the latest fixed version, or downgrade to the latest version before the backdoor was introduced:</p> <code> # emerge --sync + # emerge --ask --oneshot --verbose ">app-arch/xz-utils-5.6.1" + </code> + <code> + # emerge --sync # emerge --ask --oneshot --verbose "<app-arch/xz-utils-5.6.0" </code> </resolution> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 3730bd6142c2..1f81891d34c5 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 28 May 2024 22:40:15 +0000 +Wed, 29 May 2024 22:40:18 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 717eb7ab54a1..4a7b6a9c71b0 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -7ec9123210ab90f66e0a193a5064f3f36a58faac 1715491587 2024-05-12T05:26:27Z +23f9961964e4ef86fe4fed4e36f8f2cbe2b47dfe 1717006097 2024-05-29T18:08:17Z |