gentoo auto-resync : 22:05:2023 - 02:55:39

author: V3n3RiX <venerix@koprulu.sector> 2023-05-22 02:55:39 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2023-05-22 02:55:39 +0100
commit: 470949042cc90856adb62f2671e04e3165fc8063 (patch)
tree: e577a02af2278fdc686930a13421f68abe332fd6 /metadata/glsa
parent: eb509e1a15f595f667e8d177ddb73311084af6c0 (diff)
9 files changed, 268 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index d709f38a2cbd..ab810007351f 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 543888 BLAKE2B da15fb010da91c403608af1847df77a89c9a8a24b2f5c1999256191c31d7755cd7667c19867e75c2bbdd07063f4ce4dd641cf53415eb08b83e35cbb3d2cd35e2 SHA512 ac5e51b2bf8075889870e4eedfe469274eaf28945ed1e974bc76ae0576dc1aa0db2a5fdacfc15e8cfb28486195fad65b487cf50896a207c5fcad4ffae850adbc
-TIMESTAMP 2023-05-21T19:09:43Z
+MANIFEST Manifest.files.gz 544682 BLAKE2B 2d0195da8b9f8632be280cc22c673ff7fff3535caf55f11ce63010364ef05ef7046249f9222279107c9617f265297192eb396cd21903e1dcb3e6ce4f77059f40 SHA512 7482d2b9d4ad2b3bc6be2d636ba5864a63efe64768afe0aa8677c75c00552d068f221e24a390f8603d699f8934e71923805ce16fb9e6169e56e7803c3a048e5f
+TIMESTAMP 2023-05-22T01:09:45Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmRqbHdfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmRqwNlfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDnEBAAh3tmGT2qeq//wyazGujQ+IDZ2X6spbarspxHbTSGkJFGvYWtKjUgQf3i
-F3zrIgyDXjcxh3A+pBe5EzEPx/1xhAZMkigIXTcegkvQxr/pYEcvtlSM+NTbRbxM
-LKc9dyP3ZmIm1LREmCSZQ/vuMoUJOx+WWrmeVsBPwHZN3ZFM1xPYJTBWrLuXBAbe
-Uwau86UVvwEsp2/OjEpgcrysnuq1zNakmQGyKmsW17EYpRuf3kQ9HgC3Vs7WB/Qq
-NXAeimrAsZyANpyuOFjyczyI4jYLerq5uxnxYIzSYoc+Myz+6NSclsCREzBTCJOF
-3i6oRF9MihrRuIDu+iWYW0HkHmUZzp6RLJicnRu4QIS2QYPNV4FKoHv/VAAOiAzo
-D3Dm4P5leMzY/lIn1bDOu+a1+3NweHALuC444KLE+efib9XJOSFH3ilUBNvXHb00
-1C8k+C/q9dvrYXNVsuWlpdyR+ElrwGF/S9qMOUmFrYh3+icBvwIuZ5CwjfoGUg8K
-qgkKFeLM3dCNHrCKDVW3xKeCByq1WYMZppfTft1a2uUoJtjQvoNZIWCuEwY/AcvN
-zV9t0C4FaUpwUt3hynF9vY/pzgBYLlRNWhJu1BsvoaSJRu3p3H3AspfkeTqyLF2X
-IRrzlPIXdYyfrmxM+X/E4s2tRffWMT/5RXOQVqeNuISU4FOy+PU=
-=121W
+klDjZA//f5oyspgs66+lIYbwiAHsP561e9SkDQrKwRZGOmh3YOn45gw6xETDVJGT
+FOB+Wdq8FXduR0meDVYUTgwVa9QMlOxxgOlKfq1PqxO7tL7oSYuQvDqjNWdmRI2/
+jbf0tf/j0kYdicB50lD+wBBaU64Z2aX4QjrNXKsDUgR9blc0Bo2MP+zAf5o8HnCL
+UseTZCVamfENlmVG5GtG8NaUMvsPTH3vFKD4YlQQclTm1zGW/3oJW7+qa7S6UiCF
+O+6BBXNCF+DVpxpzDOhts0uKTDBV+gUhAa8OJG0iiNAU2M7TiiJGuKt0Y3yqio/c
+Tsm2d6QbcE9GUEnekNShZwam8VJB9LTfUPB+pyeKtf43HlxektCWITurWK+nsMVl
+J6v1GEPLx+eUHUaGZeHXVu0vYHRZIqevkRsM5l49aD4tBhfOrOEfQizHJZldcswX
+iEpntU3YoYnfvLbXD0DZNeG7dleHun3/mq4SzO9fWYBpZXpTL1e5Pa67XehBmcUh
+0csxxFBONsDDUXCMqnBTeqxZg4klAFd9CDKUSOwdz7Uh9tH9Np01T88Uxirq9gN6
+Cf/Y7mOatyrLOX4xNtLme0aS1KI8R59jklZjTjm6FTmrFaT8WGqtryufU7mvS6+G
+sYzxd6hHwUlN5LtOPC11+cEfkyykH8vcbGLaAbredpcdHPt2FW8=
+=ReuQ
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 9199f2f00be1..6937d2829dcd 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202305-24.xml b/metadata/glsa/glsa-202305-24.xml
new file mode 100644
index 000000000000..26691b029100
--- /dev/null
+++ b/metadata/glsa/glsa-202305-24.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-24">
+    <title>MediaWiki: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">mediawiki</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>815376</bug>
+    <bug>829302</bug>
+    <bug>836430</bug>
+    <bug>855965</bug>
+    <bug>873385</bug>
+    <bug>888041</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-apps/mediawiki" auto="yes" arch="*">
+            <unaffected range="ge">1.38.5</unaffected>
+            <vulnerable range="lt">1.38.5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>MediaWiki is a collaborative editing software, used by big projects like Wikipedia.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MediaWiki users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.38.5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41798">CVE-2021-41798</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41799">CVE-2021-41799</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41800">CVE-2021-41800</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44854">CVE-2021-44854</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44855">CVE-2021-44855</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44856">CVE-2021-44856</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44857">CVE-2021-44857</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44858">CVE-2021-44858</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45038">CVE-2021-45038</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28202">CVE-2022-28202</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28205">CVE-2022-28205</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28206">CVE-2022-28206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28209">CVE-2022-28209</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31090">CVE-2022-31090</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31091">CVE-2022-31091</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34911">CVE-2022-34911</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34912">CVE-2022-34912</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41765">CVE-2022-41765</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41766">CVE-2022-41766</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41767">CVE-2022-41767</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47927">CVE-2022-47927</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:43:14.271112Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:43:14.304418Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-25.xml b/metadata/glsa/glsa-202305-25.xml
new file mode 100644
index 000000000000..c4eecf0252aa
--- /dev/null
+++ b/metadata/glsa/glsa-202305-25.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-25">
+    <title>OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in ModSecurity Core Rule Set, the worst of which could result in bypassing the WAF.</synopsis>
+    <product type="ebuild">modsecurity-crs</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>822003</bug>
+    <bug>872077</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-apache/modsecurity-crs" auto="yes" arch="*">
+            <unaffected range="ge">3.3.4</unaffected>
+            <vulnerable range="lt">3.3.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All OWASP ModSecurity Core Rule Set users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-apache/modsecurity-crs-3.3.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35368">CVE-2021-35368</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39955">CVE-2022-39955</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39956">CVE-2022-39956</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39957">CVE-2022-39957</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39958">CVE-2022-39958</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:43:55.477807Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:43:55.481401Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-26.xml b/metadata/glsa/glsa-202305-26.xml
new file mode 100644
index 000000000000..2d1baf019b1b
--- /dev/null
+++ b/metadata/glsa/glsa-202305-26.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-26">
+    <title>LibreCAD: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in LibreCAD, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">librecad</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>825362</bug>
+    <bug>832210</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-gfx/librecad" auto="yes" arch="*">
+            <unaffected range="ge">2.1.3-r7</unaffected>
+            <vulnerable range="lt">2.1.3-r7</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>LibreCAD is a generic 2D CAD program.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in LibreCAD. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All LibreCAD users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-gfx/librecad-2.1.3-r7"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21898">CVE-2021-21898</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21899">CVE-2021-21899</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21900">CVE-2021-21900</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45341">CVE-2021-45341</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45342">CVE-2021-45342</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45343">CVE-2021-45343</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:44:16.481147Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:44:16.483443Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-27.xml b/metadata/glsa/glsa-202305-27.xml
new file mode 100644
index 000000000000..4880ff970c78
--- /dev/null
+++ b/metadata/glsa/glsa-202305-27.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-27">
+    <title>Tinyproxy: Memory Disclosure</title>
+    <synopsis>A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure.</synopsis>
+    <product type="ebuild">tinyproxy</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>871924</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-proxy/tinyproxy" auto="yes" arch="*">
+            <unaffected range="ge">1.11.1_p20220908</unaffected>
+            <vulnerable range="lt">1.11.1_p20220908</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems.</p>
+    </background>
+    <description>
+        <p>Tinyproxy&#39;s request processing does not sufficiently null-initialize variables used in error pages.</p>
+    </description>
+    <impact type="low">
+        <p>Contents of the Tinyproxy server&#39;s memory could be disclosed via generated error pages.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Tinyproxy users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.11.1_p20220908"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40468">CVE-2022-40468</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:44:29.410959Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:44:29.417842Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-28.xml b/metadata/glsa/glsa-202305-28.xml
new file mode 100644
index 000000000000..a49a0f610781
--- /dev/null
+++ b/metadata/glsa/glsa-202305-28.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-28">
+    <title>snakeyaml: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in snakeyaml, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">snakeyaml</product>
+    <announced>2023-05-21</announced>
+    <revised count="1">2023-05-21</revised>
+    <bug>776796</bug>
+    <bug>868621</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-java/snakeyaml" auto="yes" arch="*">
+            <unaffected range="ge">1.33</unaffected>
+            <vulnerable range="lt">1.33</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>snakeyaml is a YAML 1.1 parser and emitter for Java.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in snakeyaml. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All snakeyaml users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-java/snakeyaml-1.33"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18640">CVE-2017-18640</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38749">CVE-2022-38749</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38750">CVE-2022-38750</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38751">CVE-2022-38751</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38752">CVE-2022-38752</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-05-21T19:44:41.839877Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-05-21T19:44:41.842236Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 58c09034afba..ae6cb2e0b6b7 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 21 May 2023 19:09:41 +0000
+Mon, 22 May 2023 01:09:41 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 0d82af0d51df..346d0911b1e8 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-732f6cefb4a1e4884e3fa3048d18faa0babd014a 1683183984 2023-05-04T07:06:24+00:00
+980b750f6ebc25adc36501cfe47c72ab672b5e9b 1684698697 2023-05-21T19:51:37+00:00
author	V3n3RiX <venerix@koprulu.sector>	2023-05-22 02:55:39 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2023-05-22 02:55:39 +0100
commit	470949042cc90856adb62f2671e04e3165fc8063 (patch)
tree	e577a02af2278fdc686930a13421f68abe332fd6 /metadata/glsa
parent	eb509e1a15f595f667e8d177ddb73311084af6c0 (diff)