gentoo auto-resync : 26:09:2024 - 01:25:46

author: V3n3RiX <venerix@koprulu.sector> 2024-09-26 01:25:46 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2024-09-26 01:25:46 +0100
commit: 21dea977c89ba487b57c7856a4924950e667f209 (patch)
tree: ea817bd899b4d1759c030d6439f307b28e51588d /metadata/glsa
parent: c25088d4fc442a7d6dc3a8d0498b43024888318d (diff)
5 files changed, 81 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 710d9c4e09a3..07e8d4aedcff 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 589168 BLAKE2B 086b8bdef76746eee9f4b4c09c6ab6fd093f1448693af2c5b6cfb638e2eaba91d1148ff9a4c029d0feb34050cee77e22635c3cf095050a900c530ae39132fa00 SHA512 a4a3488a37b4ed0bdff36d3fd27a0d124e76910a9ba8a6e74c6da1f90de9beedb9bc99ef26e8c121f13928005ebccdd806b2bb53205db62138afa6d78a528a9e
-TIMESTAMP 2024-09-24T23:40:20Z
+MANIFEST Manifest.files.gz 589322 BLAKE2B 6789f452bb091cab1551fd39d1eb24aad056758ab4927e345d12b32324a84240dc49fd5fbc0c8eddd74cdd9181d8eadd04df6c040625d04494a51f9fe347a4f8 SHA512 2ec038957c010fa082d365808e04a0bfd93388a083821ce8a50b3347e2e7bfed61bc8686450f62c8347c91a57ede6dc514c9b54f8164db4e2ad4d04c0268e09c
+TIMESTAMP 2024-09-25T23:40:24Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmbzTeRfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmb0n2hfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDIEhAAixowfYKtd8bYyqCPIXWXmBlrddZHtiwBnFuDMBbCEhVHK2C4lyqy4I/K
-DZHS1LSD4tMInTohwN+71PWp3cV8rWS9SUKO1FmSSNylZKA+oa+tChg7Z7rKtxon
-DvNB+9KBtxBllWf1bx1t89VqKRzAPjUnkhpe1j3UX2bHkk4FxWYMVRivtzsv9V/X
-P8cWTEjPJUfumhcwpmq8Snl4PN0+Q7khLF/LfXNVzaTL2ER8cdoTOAj6E4iTmKfW
-YBj9Oodo2GWTTure5Eb64cFf0EXkQ7Awq4KON/wslBNI0Pn78rC/Vxe2nTV4qpqn
-EpLBHG/oFdlDIMsOBxLPevS96sbkY76wMzVspdTt/G+yXyJp/8E0RY7BkEH27/ZG
-paaaS43JmQ+F/RQh44NPKS/So0HnEhK2AgujHaQCtBUO3zuv1M8lWxHjOJuEF0t8
-5ApEN3wF2PDJV8Jk/SspkRLGyW+SQueIXQB3DO2IAzExTLZfd1OD0Zxpw0pvoZqu
-FrsqwcFLIgPNgjLDdBIWIVbzM968/fVgBsIqCHaApZwtqo3wND5xOOLI6mvXg8NI
-jJxVIMzNIKP+58/hLoDwF5rn0i/VAe6h8R7PgTbRpuvYZWk4QDrX7/doSTtHQWaw
-m1AyLU2yHMJVtM7YDIYKRoyStlghZQ+S6YdytYPsYQJs3o2EZtM=
-=TJyn
+klD0Fw/+Ow3EIdLYUnumVr7rhk/UDlfyDLNuxGGThlm1YXkDoNj+K6HdTNHtsNs1
+I4mxuABL5jP+s/asKEz+OqmUzvQnXypoHsIyN22TwNWbxF+kde0Pkey51yuWb4Fh
+HXE3a6eHMfinQ8+fGHgzcxTC/XsTB7qJZl4WeNIPFBW1/RmJwNmRbg+4RSWPr6qq
+cEX2aeG4DFMqUf6La/bUciUb00I7yjuZKBXr15H5HeR1xRoNA7kQtcCODpKjCuRC
+mZt6p7Donfsdp6zw8x0wJ7tjOz4syj9hoCJj36RWnyNKaU0QLteEwX8+cp35+c1S
+Nhwli6WNnsxD+WoW+1S0XZ/9s5hnl3AIsDLSKVTGWfHcaxqBkEU8ycMBMURxiV0F
+Dv5Qty++EZGnvXvDe+ezDaSq0/HA5GqjnseL9CadLt0fyH1SjRgsDkx0cZV9l5RF
+7DVm1xBE78wiwqU4oPVDgWW6b8T4XupQNq0BkkAX423T1erOXZ2APlIX2JmgsGDd
+UOFXluHmssSPn4MJ7El8xhdr0IxgI4UqDUx5qKvV6jIZFV7QPTAAiaZXSNLQrI91
+t2H2hft387IyqGaWNVge64hJxYyekTGwEIrzro44zfItNCsPl6UCiBRKgZgRpMCF
+0hfPfPPc+ez+LLlLHCZ8cNp3nvtSNYCE7dRoHGaJd4JH2zNH8VE=
+=2eNr
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 74651e1dae00..946bc1adaad4 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202409-25.xml b/metadata/glsa/glsa-202409-25.xml
new file mode 100644
index 000000000000..c9ff68aa9746
--- /dev/null
+++ b/metadata/glsa/glsa-202409-25.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-25">
+    <title>Xpdf: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">xpdf</product>
+    <announced>2024-09-25</announced>
+    <revised count="1">2024-09-25</revised>
+    <bug>845027</bug>
+    <bug>908037</bug>
+    <bug>936407</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-text/xpdf" auto="yes" arch="*">
+            <unaffected range="ge">4.05</unaffected>
+            <vulnerable range="lt">4.05</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Xpdf is an X viewer for PDF files.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Xpdf users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/xpdf-4.05"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7453">CVE-2018-7453</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16369">CVE-2018-16369</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30524">CVE-2022-30524</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30775">CVE-2022-30775</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33108">CVE-2022-33108</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36561">CVE-2022-36561</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38222">CVE-2022-38222</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38334">CVE-2022-38334</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38928">CVE-2022-38928</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41842">CVE-2022-41842</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41843">CVE-2022-41843</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41844">CVE-2022-41844</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43071">CVE-2022-43071</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43295">CVE-2022-43295</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45586">CVE-2022-45586</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45587">CVE-2022-45587</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2662">CVE-2023-2662</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2663">CVE-2023-2663</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2664">CVE-2023-2664</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3044">CVE-2023-3044</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3436">CVE-2023-3436</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-25T06:29:33.984023Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-25T06:29:33.987005Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 0cec23cfdd76..83dc282a9605 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 24 Sep 2024 23:40:16 +0000
+Wed, 25 Sep 2024 23:40:20 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 8182f48f17d0..4f92925ecd18 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-c26479fb378aedb5634d1fae755c460a1b2da823 1727155008 2024-09-24T05:16:48Z
+fe5f44a92c358b6196f8c599e9199edaa35a33ad 1727245785 2024-09-25T06:29:45Z
author	V3n3RiX <venerix@koprulu.sector>	2024-09-26 01:25:46 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2024-09-26 01:25:46 +0100
commit	21dea977c89ba487b57c7856a4924950e667f209 (patch)
tree	ea817bd899b4d1759c030d6439f307b28e51588d /metadata/glsa
parent	c25088d4fc442a7d6dc3a8d0498b43024888318d (diff)