gentoo auto-resync : 19:02:2025 - 00:15:15

5 files changed, 60 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 8458b7a0326e..63436b1c4dcc 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 596663 BLAKE2B d03f77688298f7e2b1c117787c6f899250317779b0320cb4d08119535bbb454be5ff75faf4d4f6b88394f22fc5ce722770f4e51f537acca0853947165902a3ab SHA512 ca731da057a6d173058e289dcfa3c1e06f0e35cc32aa1f85102f6637f27eb4a9f2444a9eb532f9df30535ce50e36fc4a7976c85eb02dcc7f7b80b4a213ec6d2d
-TIMESTAMP 2025-02-17T23:40:28Z
+MANIFEST Manifest.files.gz 596825 BLAKE2B abfc0ba2347425ddecf563c49a062adf9b6d284af095aac317a2f1e5cfb166fd8df05fd53ef6539f92951b0dd6aad9038b03176278aa67b365ac76641ce66789 SHA512 9a90f71c0fbfc34191ee79c7449f4f0d05880d6e4796a9d714e7fa29164db4bb84164d2766d9c8da59de717d008e4ff93b67abef93bd22310c21450972bc521c
+TIMESTAMP 2025-02-18T23:40:35Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmezyOxfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAme1GnNfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCp+Q//eBds8k3z4xj28zH2nLgik7bl/E+0vj83ssoyElL0ZuxS0oOLckRzJVwX
-sq1QBm3MBq7Sakc59aPpAaz90I4s+hHt7s6hI/SkWRQaVw2fQZFfnKyp3ABMsr+w
-PWnZ2oDoFy3XIz4shzISBOcbtIWxRZ9VdX2xHokNmkxEjKSZNy0PAYHxIvLcFexB
-6DRj8ZLqrSAqRjHO83kf5PbxK/lmPEtI+ZeOZLAmHqnSX1G9aSXZUmwEWVFt+8I7
-+K2YMNgv5PkfocgYxtvgbbiMsTlo3zWAIoYbwpgq9qhmjYLzLY1d0ztEsC52Sn03
-+WQ5E5cgtsG709poyi67kyK/zqZqmgO88C6nJeKBXtWL4SV8usSSoTgtBt/oFtgd
-LazGzkgXRX0HllKQZBiodoxHni0FgWCzkVXEDczAV5kTXzQmDnv0zpyNGWGq22kz
-jiw9ihh6sj3zYC+ZRtGmRsw/vGnGXflS1I9aJWknWZ1IZauvlhDRMq8SPhmdotOQ
-QOzPxRLgJomB4cO1luBnN6nyMIAa9HY/382J0cr09Zpa9dI//PqyECtPsO30Siq4
-2euOJoqqw/YYrn5SsuqRITmBHt/7z2MOvD1DPW3EuMUjcNz5ZSOB6Oz5Dv10Iiiz
-g8GgoYEO/YvzK50bQ6Fg5KPRqkxn6LSbgYfhfdach9QHQxAX9Hc=
-=yiOQ
+klA59g/+MquY70sIHR3AY/uVGxPgt2g7OR8k97oR248pDwun+zYHL7+B9X4Um28o
+KKi2cbiyoZEggRoLKLloZvrOVBN1L8e1BoisSAC1dBGZrum66AESukS625jYetDf
+m6qdFjIyc0E/quWjz0cIOrWQiksPXgcFEju+iRgARVHE6vybmC2kepUGolsLM3vu
+47M1XCoo3XRBWQmEX0nZg3770qdskpyGtvT2P0GsQnhLkP5OphuF9+RJJ3nqtP/y
+R96/khEEW2Omq3hfjLv7+8gV8KPndPhuK6nlUIDj0xOEXLKAtwz0TRrGsiUbYVHL
+OTihrxZjHu+ijCovKx5WMerrZqGq99GYKAm8oqEBXwcuNA2HvXXOH4sKFPCJZRd5
+QBXUH6fBTaZib6CJGbaEb9EKxilXKAF8k3vjPwvDdmDV58Z2iw4TmVC5dUMOYJO7
+HmB1LRfPzECpm9sUHRaNYMsl/SmJGGRva0G0YFJlqhfc21+ZXRCwXQY/FK2JXSXS
+TtQt2NceO5JBP31YDvlm/mCM6WCiPDRawAmOKsAN0PJsgZ2EdJRcXejr51sK3Kb5
+qmTNvhjR8dz2rBh6bkVBondvFGRbd0V1diIpOferaZND33UsYl5ER1vxZEaj82Ws
+wlhwlrYI6rJ3RgcQv3/C9gh65T0x+yPm9MR05ByjVlZ75vS/EOA=
+=1GKM
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 94b3bc076ff3..adf4c31f40e1 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202502-01.xml b/metadata/glsa/glsa-202502-01.xml
new file mode 100644
index 000000000000..080d9f151fd9
--- /dev/null
+++ b/metadata/glsa/glsa-202502-01.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202502-01">
+    <title>OpenSSH: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access.</synopsis>
+    <product type="ebuild">openssh</product>
+    <announced>2025-02-18</announced>
+    <revised count="1">2025-02-18</revised>
+    <bug>949904</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/openssh" auto="yes" arch="*">
+            <unaffected range="ge">9.9_p2</unaffected>
+            <vulnerable range="lt">9.9_p2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All OpenSSH users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.9_p2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-26465">CVE-2025-26465</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-26466">CVE-2025-26466</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-02-18T23:20:42.579856Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2025-02-18T23:20:42.581904Z">sam</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 29adaf4c106f..49b708eb1af1 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 17 Feb 2025 23:40:24 +0000
+Tue, 18 Feb 2025 23:40:32 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 9342cfcc57f2..8c72aaad73f4 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-681de9cd0cd49ec8f318f71af0c5917f69f302d8 1737617238 2025-01-23T07:27:18Z
+63a2f7c864a9645cc635ef4b997fae8953742475 1739920861 2025-02-18T23:21:01Z