gentoo auto-resync : 10:10:2023 - 12:09:13

6 files changed, 103 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index d2cd00580441..b14540d262ad 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 550416 BLAKE2B 8daa7d9fd115f3b8248d5fb12e0f3047ff161fdf5d6ff06f848034f145e6c2f0f1765efe15949bf8eff4a3b2178b4d8b9a1abe65c9694fc27bf198a8004c89a5 SHA512 e812335526c7fc4f64e02c36ba94af59187ddf08798353595dbad095830168de4147fac9000185628bdd4a237896ae327812a50a084262aef0296d0d1f2280d8
-TIMESTAMP 2023-10-10T04:40:27Z
+MANIFEST Manifest.files.gz 550735 BLAKE2B 0ffdf66125d12ddafd79b21352a7848ed151bbaa4f8c797ef790338276b38510c23426e30ee3924d383730dfa4aff331e8e665ad71671a58cdc8dc2ba36724d6 SHA512 29d9cf4a64855f0c558f495d9ba0287f8770ab6d72cdb317acbfc7b3da68122d06491a11d071b3f9fdf2b3e5f7670668f8ebb4c085ef0d18335dd4f217c6f247
+TIMESTAMP 2023-10-10T10:39:48Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUk1btfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUlKfRfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klB+XxAAqS6ci2jD05HZ4Nns+W3hYR+a6ZfNI/cRoGdFmev5n2rB2yO9i3bB1hAN
-MoiE6aF4c8fSs7BQ0+XnzUO+sCpdluKFEWZB4d10VSOj7XMeynpeU8pH88RBQoHB
-vY79oHz4rE3GL3ByrwfKze8m2/e4Y1EwoFf7bHPbgVxsND22TpRjYwJlyQ+kFfuJ
-YT2RllMiQRMWXk00NdtolmVI8bo5QUjq/jw4HJBm9HX8e80E4i4bYHFmBm8NLmKL
-kd1UYj35bdEaH5GS1n+4N8KJwygufXFMHl5sjntX29g/aoNn/cOP+5/uoGcEMhLe
-oIL7mxChYOlWhxynr9CNCiTKN1q8oDnxU201kE5dsOvYA1Fxhyz40WqVk7Zl+WTG
-mMgrThDyCj/t7zT2c/7RED2ybUz3Kb/uhgcsrJq6UfCJVqq1O0ZtYjTwohiDRLXf
-cA783XKwI5X0adGZMltbWVlBN9F983S+uklGh7J/ZlLF1+5/zk7U7eE/d8TlicoP
-MHl2ajqvQWMRgy+FEdXt2aC4V6axeQGK4DprxUn0Kp6S3xDnUw+/jzThyKLv75uH
-dxOpthVsm0qqwvmOmt/S6BF+qLXC5RcqUmtYPOxMlzy6hgdt2EtBer9C8k9sSMwR
-urWKwulmsKUnVv8JeeoSoNr3qHuVTmyyKzZVXUHQbwRVHvoZKdo=
-=ZMV+
+klAPHQ/+JHIVqf2WSL4Y5g+Hrlx++ITzcaIOHIFk+IeFPI+jDdZKhujoGTqNk+05
+LeTPNow4+HtHDmavGu8A/1+GdIiwLTbTCximCGRplbUw5Yv0U+TZlj8bxh5+E427
+BW7suCve7EKwHPs7usy5lnYzkU0gLDQ0Sbw8VxnJUPoG0NvZkgE2T6LQs1qkQVn1
+3Fy2sMTqqOyS60R0zebZ1AvOdlm2/NYn6xa/bPipR0Z8MJTOJL/5q+mjC+Sq1wal
+rJMU0g1Yu8i/V3HlK0QZwA4Kkc9N3iag8tHTJCNjA6Tyt/AymJF3fIelOi+enQti
+Pel7iROmJ4m3MUd0pdM5gQfZrgEcrg3bYOsiIjaimsKPWEtirJFXzyfCbWo7fK6h
+UmPAJCilQ56cShQBdnn5SUodMsm17l+kNPoyElLS751q7N7TFIEVH7LT4lxp6dES
+aKsyd2l4ukR46MLbFfkFACA1keTgbMDXhUaKB62AFLD9ewZL4PIBHoH3pjOe6P9g
+PrATtBLmViJxF7Nn5MN+KqUS0EsavwPC1A2eSdhRFMfAN5gD4vv0zrKoUsnAe8ow
+UkQ57i4oGx1DHTk1/BNOJg/ePBG2FK5HEJS4U4sLYrLABDY6+D9kHJ8bhZGXPZUq
+vfjIntxz9L/UtUeH2HbbchC7Ta3+yuU4xg3X2osQT8EoNW/0KCA=
+=jjx9
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 35a0f4a48909..f82bbccb50b8 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202310-10.xml b/metadata/glsa/glsa-202310-10.xml
new file mode 100644
index 000000000000..5846410c4634
--- /dev/null
+++ b/metadata/glsa/glsa-202310-10.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202310-10">
+    <title>libcue: Arbitrary Code Execution</title>
+    <synopsis>A vulnerability has been discovered in libcue which could allow for arbitrary code execution.</synopsis>
+    <product type="ebuild">libcue</product>
+    <announced>2023-10-10</announced>
+    <revised count="1">2023-10-10</revised>
+    <bug>915500</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/libcue" auto="yes" arch="*">
+            <unaffected range="ge">2.2.1-r1</unaffected>
+            <vulnerable range="lt">2.2.1-r1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libcue is a CUE Sheet Parser Library.</p>
+    </background>
+    <description>
+        <p>libcue does not check bounds in a loop and suffers from an integer overflow flaw which can be exploited to take over the program.</p>
+    </description>
+    <impact type="high">
+        <p>Untrusted CUE sheet files can lead to arbitrary code execution.

+

+app-misc/tracker-miners[cue] uses libcue to index CUE Sheet files in directories. It is possible that downloading a malicious CUE Sheet file into a directory indexed by tracker-miners could lead to remote code execution.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libcue users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/libcue-2.2.1-r1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43641">CVE-2023-43641</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-10-10T06:13:45.982909Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2023-10-10T06:13:45.985293Z">sam</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202310-11.xml b/metadata/glsa/glsa-202310-11.xml
new file mode 100644
index 000000000000..2a27923059c7
--- /dev/null
+++ b/metadata/glsa/glsa-202310-11.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202310-11">
+    <title>less: Denial of service</title>
+    <synopsis>A filtering bypass in less may allow denial of service.</synopsis>
+    <product type="ebuild">less</product>
+    <announced>2023-10-10</announced>
+    <revised count="1">2023-10-10</revised>
+    <bug>893530</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-apps/less" auto="yes" arch="*">
+            <unaffected range="ge">608-r2</unaffected>
+            <vulnerable range="lt">608-r2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>less is a pager and text file viewer.</p>
+    </background>
+    <description>
+        <p>less suffered from a flaw in its terminal escape sequence handling which made its filtering incomplete.</p>
+    </description>
+    <impact type="normal">
+        <p>Malicious input could clear the terminal output or otherwise manipulate it with faked interactions.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All less users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/less-608-r2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46663">CVE-2022-46663</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-10-10T06:27:21.953151Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2023-10-10T06:27:21.958103Z">sam</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 34ece6d5fb96..4488f0dcef1f 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 10 Oct 2023 04:40:22 +0000
+Tue, 10 Oct 2023 10:39:44 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 8595f147afc5..ed19c04acb3a 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-e13b4705e37d564cf7d1830379f6550fae91f021 1696750201 2023-10-08T07:30:01+00:00
+e4a47f747e38bf26733ce68c8e1a738f3e70725d 1696919294 2023-10-10T06:28:14+00:00