gentoo auto-resync : 21:08:2022 - 08:40:51

author: V3n3RiX <venerix@koprulu.sector> 2022-08-21 08:40:51 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2022-08-21 08:40:51 +0100
commit: 4dec1dfeca8e16b25934ff861c9eab7d1a8758a1 (patch)
tree: 6baa6667b5a6f8803404d9c87646bbaccbff3d41 /metadata/glsa
parent: 766dae6306eab8ca7e982499e2cab68eb5ecb105 (diff)
8 files changed, 452 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index f501520da5aa..e2b3e29edbaf 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 523682 BLAKE2B a866720fe3384cb354d689c52dc2eed547ab55e37608dcb637780fcc52106c8f5b1ad8a84b41fe53778860d6ace908fc8c4af0faa17e457054d95d23aee6e6b7 SHA512 8cd7653583d003af73b72c5887e3bbb7c5321dc87e14d08d6283a4c633685378b7922f0cd4552eeb523a7d2aca7c675e2fd4704a62d96cc574355d98d5158f89
-TIMESTAMP 2022-08-21T00:39:49Z
+MANIFEST Manifest.files.gz 524322 BLAKE2B 3983f62074c223717c76ae7cd44857f5de5972e245bd5f084c8632e144cf7a950ad3ddd53324db99f9b82eb9e76e49cd3a84bf1f531314d7660db91335a05cb9 SHA512 9b6be0313a2999bb5ad817a373c95ecf8d02d687a3d707b14136357c7bc684ea302f0ccdb228be1e52484b458ecca78cec7150915afe09c096106aa055c4eae2
+TIMESTAMP 2022-08-21T06:39:52Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmMBftVfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmMB0zhfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBC0hAAmGjM7cG9Xm0SwfGoWGW47Z3Q7zwDGatoqP6piorGq3qjYzxtNgN0iXt2
-FcKm8VB58kxujUKwQ4UBFL5Y1Rk4WJCGBnY/zvuLKp6GTgGJI8oX4zREJLz854uP
-pPjRpRCgRW6uqk7AjuKoVwOttyqKMS8IN8HZ/9Nd22kCisMU6zuKr62mtxGVtb1M
-vovYW00j4JGI49UIu0LScM8EZuL1eCW1PH5zWN9V+njkTjTIQ3FM7/SH7d4nOz4R
-5BIBo8AZh3J8FCY4pekV3csGJ8FulzlFvJfS7GZabrxFXAcXEARxgSu5dfzdo9no
-6QzYkKnYOBs7o0ownEJtbxZTM73esHyFzz51m/E2pdQ9wPRpbktQ7foJdK5drM1V
-qEw6F4I2bhTJjCRABEidUWm74mE1bjGqQmX/6fD0Qz/c5J9lC5viAtknfh4x7Eti
-KKwb8zMWgZFFKxDeCOclwAwrTXm1E1RL2HNbKts9BfhK1LnpP5nYGcwORbH0QWxc
-jVEbr9o7LYO42jd0HX4fB8n86Q3WcHBckUsLFa45QnQhvFkgrnKf4TlI7jRJXhT7
-/tKhn4C/CWS8abYFoBmlgZRS4QjtJzW9WIh0lvzvirt8FVmxbpsyZGL9ERu4AN4d
-4YQNEGQwmwRMyDJMCoNsJ/iT3QXmCyD8KAqnexKo+WSJYKtfhzY=
-=YLbY
+klDRaBAAnRlxiIHRi1a+BS3+1USaV5PC3qDCV65SzzBIWS9zWb657CiuG+UP+a99
+PBys0GawkwItVa1xNZmLlsdf/Snznn/a/5dLjLHEOWL2FN7BtUxigVKsxqVtvdiR
+Fix6ezPlEeh8I2vWka9rWIVMFI/CNBXFAUzxdEQQP4z/9F9UraNT7lkdU0mOz7LX
+/Nlnxg7m/1AYMRFrAunGM4K6QjKcJIwe7LGcL2M6W2I42oofnC1w2w+0zNM7KZJc
+Q/hdDY2yrf/nRQFWczs2AHXjyUvKN+/Ytt4M1tHPktD5morysmIKRKF6vXnFNNe4
+Z/irl05SLHSDTIWA9EqhyW49EuTupizMAu46Lqf6A/fCb2ySCgGlvVCTxWdazjYb
+5QiJT+Ew6REyVfpEu3uiNMDrK/9n25GNR4/QNKDP+itq0gx6rWYLkfidYgojp6+1
+lmU6BJvRrtJznTxWLTGrlTGjRhcQoFYK0q9NPklcwiJL0RNBqBmBRFSgkxG+xc3z
+0B4VIVVOs88BceC6Py8VJ1CQG3X50AqbnTJSnwZojqERmS+SHmq7kLVyd/mP0MxU
+dq+xhaqVceHEowYDsFMjoXSH7qmWV8oA8dSt0DxqEPyUCw8P1Sqb76edc6+Vfacr
+PUKVMzhj5jJ1euJz4yD8bL5JQXqmYvNwTEsn9W0zj5Ganhj/x7M=
+=b8lo
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 7e8bb5813ec4..170adcfbebd2 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202208-32.xml b/metadata/glsa/glsa-202208-32.xml
new file mode 100644
index 000000000000..1ff4b3b3d6ab
--- /dev/null
+++ b/metadata/glsa/glsa-202208-32.xml
@@ -0,0 +1,168 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-32">
+    <title>Vim, gVim: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">gvim,vim,vim-core</product>
+    <announced>2022-08-21</announced>
+    <revised count="1">2022-08-21</revised>
+    <bug>811870</bug>
+    <bug>818562</bug>
+    <bug>819528</bug>
+    <bug>823473</bug>
+    <bug>824930</bug>
+    <bug>828583</bug>
+    <bug>829658</bug>
+    <bug>830106</bug>
+    <bug>830994</bug>
+    <bug>833572</bug>
+    <bug>836432</bug>
+    <bug>851231</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-editors/gvim" auto="yes" arch="*">
+            <unaffected range="ge">9.0.0060</unaffected>
+            <vulnerable range="lt">9.0.0060</vulnerable>
+        </package>
+        <package name="app-editors/vim" auto="yes" arch="*">
+            <unaffected range="ge">9.0.0060</unaffected>
+            <vulnerable range="lt">9.0.0060</vulnerable>
+        </package>
+        <package name="app-editors/vim-core" auto="yes" arch="*">
+            <unaffected range="ge">9.0.0060</unaffected>
+            <vulnerable range="lt">9.0.0060</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Vim users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
+        </code>
+        
+        <p>All gVim users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
+        </code>
+        
+        <p>All vim-core users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3770">CVE-2021-3770</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3778">CVE-2021-3778</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3796">CVE-2021-3796</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3872">CVE-2021-3872</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3875">CVE-2021-3875</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3927">CVE-2021-3927</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3928">CVE-2021-3928</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3968">CVE-2021-3968</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3973">CVE-2021-3973</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3974">CVE-2021-3974</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3984">CVE-2021-3984</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4019">CVE-2021-4019</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4069">CVE-2021-4069</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4136">CVE-2021-4136</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4166">CVE-2021-4166</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4173">CVE-2021-4173</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4187">CVE-2021-4187</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4192">CVE-2021-4192</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4193">CVE-2021-4193</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46059">CVE-2021-46059</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0128">CVE-2022-0128</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0156">CVE-2022-0156</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0158">CVE-2022-0158</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0213">CVE-2022-0213</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0261">CVE-2022-0261</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0318">CVE-2022-0318</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0319">CVE-2022-0319</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0351">CVE-2022-0351</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0359">CVE-2022-0359</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0361">CVE-2022-0361</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0368">CVE-2022-0368</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0392">CVE-2022-0392</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0393">CVE-2022-0393</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0407">CVE-2022-0407</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0408">CVE-2022-0408</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0413">CVE-2022-0413</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0417">CVE-2022-0417</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0443">CVE-2022-0443</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0554">CVE-2022-0554</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0629">CVE-2022-0629</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0685">CVE-2022-0685</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0714">CVE-2022-0714</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0729">CVE-2022-0729</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0943">CVE-2022-0943</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1154">CVE-2022-1154</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1160">CVE-2022-1160</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1381">CVE-2022-1381</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1420">CVE-2022-1420</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1616">CVE-2022-1616</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1619">CVE-2022-1619</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1620">CVE-2022-1620</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1621">CVE-2022-1621</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1629">CVE-2022-1629</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1674">CVE-2022-1674</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1720">CVE-2022-1720</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1733">CVE-2022-1733</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1735">CVE-2022-1735</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1769">CVE-2022-1769</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1771">CVE-2022-1771</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1785">CVE-2022-1785</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1796">CVE-2022-1796</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1851">CVE-2022-1851</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1886">CVE-2022-1886</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1897">CVE-2022-1897</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1898">CVE-2022-1898</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1927">CVE-2022-1927</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1942">CVE-2022-1942</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1968">CVE-2022-1968</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2000">CVE-2022-2000</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2042">CVE-2022-2042</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2124">CVE-2022-2124</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2125">CVE-2022-2125</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2126">CVE-2022-2126</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2129">CVE-2022-2129</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2175">CVE-2022-2175</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2182">CVE-2022-2182</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2183">CVE-2022-2183</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2206">CVE-2022-2206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2207">CVE-2022-2207</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2208">CVE-2022-2208</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2210">CVE-2022-2210</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2231">CVE-2022-2231</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2257">CVE-2022-2257</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2264">CVE-2022-2264</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2284">CVE-2022-2284</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2285">CVE-2022-2285</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2286">CVE-2022-2286</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2287">CVE-2022-2287</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2288">CVE-2022-2288</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2289">CVE-2022-2289</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2304">CVE-2022-2304</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2343">CVE-2022-2343</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2344">CVE-2022-2344</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2345">CVE-2022-2345</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-08-21T01:33:31.581561Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-08-21T01:33:31.591372Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202208-33.xml b/metadata/glsa/glsa-202208-33.xml
new file mode 100644
index 000000000000..9a40b07937b0
--- /dev/null
+++ b/metadata/glsa/glsa-202208-33.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-33">
+    <title>Gnome Shell, gettext, libcroco: Multiple Vulnerabilities</title>
+    <synopsis>A vulnerability has been found in libcroco which could result in denial of service.</synopsis>
+    <product type="ebuild">gettext,gnome-shell,libcroco</product>
+    <announced>2022-08-21</announced>
+    <revised count="1">2022-08-21</revised>
+    <bug>722752</bug>
+    <bug>755848</bug>
+    <bug>769998</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-libs/libcroco" auto="yes" arch="*">
+            <unaffected range="ge">0.6.13</unaffected>
+            <vulnerable range="lt">0.6.13</vulnerable>
+        </package>
+        <package name="gnome-base/gnome-shell" auto="yes" arch="*">
+            <unaffected range="ge">3.36.7</unaffected>
+            <vulnerable range="lt">3.36.7</vulnerable>
+        </package>
+        <package name="sys-devel/gettext" auto="yes" arch="*">
+            <unaffected range="ge">0.21</unaffected>
+            <vulnerable range="lt">0.21</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>GNOME Shell provides core user interface functions for the GNOME desktop, like switching to windows and launching applications.
+
+gettext contains the GNU locale utilities.
+
+libcroco is a standalone CSS2 parsing and manipulation library.</p>
+    </background>
+    <description>
+        <p>The cr_parser_parse_any_core function in libcroco&#39;s cr-parser.c does not limit recursion, leading to a denial of service via a stack overflow when trying to parse crafted CSS.
+
+Gnome Shell and gettext bundle libcroco in their own sources and thus are potentially vulnerable as well.</p>
+    </description>
+    <impact type="normal">
+        <p>An attacker with control over the input to the library can cause a denial of service.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All gettext users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.21"
+        </code>
+        
+        <p>All Gnome Shell users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=gnome-base/gnome-shell-3.36.7"
+        </code>
+        
+        <p>All libcroco users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/libcroco-0.6.13"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12825">CVE-2020-12825</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-08-21T01:34:48.802416Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-08-21T01:34:48.808281Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202208-34.xml b/metadata/glsa/glsa-202208-34.xml
new file mode 100644
index 000000000000..d9d0d45186a7
--- /dev/null
+++ b/metadata/glsa/glsa-202208-34.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-34">
+    <title>Apache Tomcat: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">tomcat</product>
+    <announced>2022-08-21</announced>
+    <revised count="1">2022-08-21</revised>
+    <bug>773571</bug>
+    <bug>801916</bug>
+    <bug>818160</bug>
+    <bug>855971</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-servers/tomcat" auto="yes" arch="*">
+            <unaffected range="ge" slot="10">10.0.23</unaffected>
+            <unaffected range="ge" slot="9">9.0.65</unaffected>
+            <unaffected range="ge" slot="8.5">8.5.82</unaffected>
+            <vulnerable range="lt" slot="10">10.0.23</vulnerable>
+            <vulnerable range="lt" slot="9">9.0.65</vulnerable>
+            <vulnerable range="lt" slot="8.5">8.5.82</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Apache Tomcat 10.x users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10"
+        </code>
+        
+        <p>All Apache Tomcat 9.x users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9"
+        </code>
+        
+        <p>All Apache Tomcat 8.5.x users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25122">CVE-2021-25122</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25329">CVE-2021-25329</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30639">CVE-2021-30639</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30640">CVE-2021-30640</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33037">CVE-2021-33037</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42340">CVE-2021-42340</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34305">CVE-2022-34305</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-08-21T01:35:21.756179Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-08-21T01:35:21.761073Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202208-35.xml b/metadata/glsa/glsa-202208-35.xml
new file mode 100644
index 000000000000..b35642c517b8
--- /dev/null
+++ b/metadata/glsa/glsa-202208-35.xml
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-35">
+    <title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">chromium,chromium-bin,google-chrome,microsoft-edge</product>
+    <announced>2022-08-21</announced>
+    <revised count="1">2022-08-21</revised>
+    <bug>858104</bug>
+    <bug>859442</bug>
+    <bug>863512</bug>
+    <bug>865501</bug>
+    <bug>864723</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/chromium" auto="yes" arch="*">
+            <unaffected range="ge">104.0.5112.101</unaffected>
+            <vulnerable range="lt">104.0.5112.101</vulnerable>
+        </package>
+        <package name="www-client/chromium-bin" auto="yes" arch="*">
+            <unaffected range="ge">104.0.5112.101</unaffected>
+            <vulnerable range="lt">104.0.5112.101</vulnerable>
+        </package>
+        <package name="www-client/google-chrome" auto="yes" arch="*">
+            <unaffected range="ge">104.0.5112.101</unaffected>
+            <vulnerable range="lt">104.0.5112.101</vulnerable>
+        </package>
+        <package name="www-client/microsoft-edge" auto="yes" arch="*">
+            <unaffected range="ge">104.0.1293.63</unaffected>
+            <vulnerable range="lt">104.0.1293.63</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
+
+Google Chrome is one fast, simple, and secure browser for all your devices.
+
+Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Chromium users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"
+        </code>
+        
+        <p>All Chromium binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"
+        </code>
+        
+        <p>All Google Chrome users should upgrade to tha latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"
+        </code>
+        
+        <p>All Microsoft Edge users should upgrade to tha latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2163">CVE-2022-2163</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2294">CVE-2022-2294</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2295">CVE-2022-2295</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2296">CVE-2022-2296</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2477">CVE-2022-2477</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2478">CVE-2022-2478</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2479">CVE-2022-2479</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2480">CVE-2022-2480</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2481">CVE-2022-2481</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2603">CVE-2022-2603</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2604">CVE-2022-2604</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2605">CVE-2022-2605</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2606">CVE-2022-2606</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2607">CVE-2022-2607</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2608">CVE-2022-2608</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2609">CVE-2022-2609</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2610">CVE-2022-2610</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2611">CVE-2022-2611</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2612">CVE-2022-2612</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2613">CVE-2022-2613</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2614">CVE-2022-2614</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2615">CVE-2022-2615</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2616">CVE-2022-2616</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2617">CVE-2022-2617</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2618">CVE-2022-2618</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2619">CVE-2022-2619</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2620">CVE-2022-2620</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2621">CVE-2022-2621</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2622">CVE-2022-2622</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2623">CVE-2022-2623</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2624">CVE-2022-2624</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2852">CVE-2022-2852</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2853">CVE-2022-2853</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2854">CVE-2022-2854</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2855">CVE-2022-2855</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2856">CVE-2022-2856</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2857">CVE-2022-2857</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2858">CVE-2022-2858</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2859">CVE-2022-2859</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2860">CVE-2022-2860</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2861">CVE-2022-2861</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33636">CVE-2022-33636</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33649">CVE-2022-33649</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35796">CVE-2022-35796</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-08-21T06:11:41.017671Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-08-21T06:11:41.021023Z">sam</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 4a43529b82e0..5026473316b2 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 21 Aug 2022 00:39:46 +0000
+Sun, 21 Aug 2022 06:39:49 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index fe751d1c8859..844345985e03 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-f69203b9608d0db5bda6ce4050bf90de5119c0f8 1660513701 2022-08-14T21:48:21+00:00
+cc821fda3ee186d2bcc82c6163599beb50f2302d 1661062375 2022-08-21T06:12:55+00:00
author	V3n3RiX <venerix@koprulu.sector>	2022-08-21 08:40:51 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2022-08-21 08:40:51 +0100
commit	4dec1dfeca8e16b25934ff861c9eab7d1a8758a1 (patch)
tree	6baa6667b5a6f8803404d9c87646bbaccbff3d41 /metadata/glsa
parent	766dae6306eab8ca7e982499e2cab68eb5ecb105 (diff)