summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2018-03-18 04:54:42 +0000
committerV3n3RiX <venerix@redcorelinux.org>2018-03-18 04:54:42 +0000
commit5510d9d7d1c93c2ea71a2bd6f0666168808d5dd6 (patch)
treec968fff3108e2b4d88e4e564a56bfd066f170573 /metadata/glsa
parent1dde4e5c4b92d849bf1abf0a48135b2a0644f7e1 (diff)
gentoo resync : 18.03.2018
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin417870 -> 418049 bytes
-rw-r--r--metadata/glsa/glsa-200507-28.xml2
-rw-r--r--metadata/glsa/glsa-200512-16.xml2
-rw-r--r--metadata/glsa/glsa-201006-18.xml2
-rw-r--r--metadata/glsa/glsa-201803-05.xml101
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
8 files changed, 121 insertions, 20 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index b7267268126c..bd3a8b2b9889 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 417870 BLAKE2B 5065b7b9f6a96f86bf5abd010e56c6e80ea6e4c69ded7bea498bd5905b65effbae954175f68157189d42be8287232bc8ecabbe86115cb331cde9dc1246a35750 SHA512 e1fab6a999acc784d0c5597fc2bfabdd9ef83ae65ef7b5c1a4101d3f3f8041354340f6c5964f9aae4129d9150fdf2da2ad3b336198034e9d7bd904feaab65bf6
-TIMESTAMP 2018-03-13T16:08:15Z
+MANIFEST Manifest.files.gz 418049 BLAKE2B a3e82a397312cf762e5cda25564d440a2b3aecaa5aaa703bf956b60cecc8465221f566829e94822d9c1453675eb2846f013d89579e6c62c3c38ae184e7b9f98e SHA512 23b3a75e9e75b69bd5906e842a32dfa2ce18c0384359a6fc950c0d89c337ede1766f040f5accdac618d7d1d758c7068653796d64371f385e712efb90a2e82b8d
+TIMESTAMP 2018-03-17T23:08:22Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqn929fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqtn+ZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDahA//b1RhsPfj9OKb4b0EylBR1I5d3grRGF1FIWcDNrOAXaIzIdTkEeNbKc4H
-QGk7VQbOKBey9cj8Kd1896KtvG1cRXiZVHsjLC2k1ToCNbDTM2lPTk3+ybQdA/nC
-fOfRdNWR0zt+TJ6n1mZE6MsNxA/WQTIs/Q8lRwdUaaHVKvsM5oEh52Cwp7WTA1lK
-FkHF9estJfWWQnZtVgDc9Qik0bI/CwZPZiSIr7Ew0yoUKhrxv3nHeqbB5me2fU+9
-w0zBW4GksEkbPlvqG2bdecuqtG2DtKOLRFegpoaQ2/UCPwICMdw3es2wIAgZViLs
-S6inH2XluDPiEgs+4D+pf1LWt2e3c3xCzIuCG+3I0iDQUzkqk5aPkHGVAXXmHoe2
-WO00h/Hosv1hEMXm1N73c7tTF9czvBRBLCvMFzuHgf7xgPVXZLJWX5Al6kQdmQiR
-H+iLGfQ9xX76lro6o+v9QWw7GuWUnrDpaqwstOTErr51pYUDR5q76W/4wwLIIEOx
-kl8bWMfEKx1uWvAgSUuIpIJRJqfaOimeFaGr7Pf5KVbvitjqDyGF6ebjwgKfZ3fF
-9wwOk6fQvpTmpC6RVJNaf0jyySf5uP02PT9jMTJeyK9e0FcPJx1oFNvqPHI8BdTR
-zpAeJfKyCc7mbVuRy2qq9DHtLAVuaJsm07x9H/ilxxt7yvPXIco=
-=PlZa
+klC4/BAAry6B8HUOo8uum9CqObD8/d8Kxl1OK81BANppejCSjNV/GzCScDmQTmDz
+M5kUQRwy2VKGuv3wvOOOMCXW5VOYID4nzGIenk8uw9zmhBA+WHH4hiBajorfCWT8
+O7/OUa+ZLRfrAGxi4xElCr61hgeGRU0JoofSR+z+8HydcbvsmBtT8TqxOqYKFOIl
+de4Vs4+BvSBnxKUlVECYm/3J5aZPAItGAgjKCYr/KsDReeOb/YxF236aum46SF1b
+TFLqWl83BMRdXQ78jwupP0OGvDRkn5Be9SUFlyKhP+0Eav8H53QnRaqdZbN8g9Hh
+0+BWGED7aJW/0AcQiD2Pn9IM6iiOn774HnlGdoPdac3fk+z69zXcKKFxso6ZPXQV
+Bd+H6LrfVlT+YGDcFXiOc0XxnGHkYqqLaBnvfgXk3TskUOinQWsSA77HDvJmNcna
+WD8tOUhBEelFtSWPWax8xwo3FMzHDY4i5FJsWZNxbWejbx2H3/Med+empOZnIJTL
+FZG3pTrr1CivlstYXjnXkNU79F+K+p3d8/RrVxf9IJHOQ/yWhpXhFFElXidpB1or
+ajA+Q5TISkHEezZP8sxc5HCnbU/igpnYOIR8Vaujtqd+1DysSRGzu1vFCsQXXDeM
+te0hUaazrCGpDHjehBlPDr/aTXmIHAT5r28qKcFJ9mo1vF54OyM=
+=30bJ
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index b6ba86246c9d..126487115776 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-200507-28.xml b/metadata/glsa/glsa-200507-28.xml
index 3b12ec9974fd..fe1515499e55 100644
--- a/metadata/glsa/glsa-200507-28.xml
+++ b/metadata/glsa/glsa-200507-28.xml
@@ -12,7 +12,7 @@
<bug>100686</bug>
<access>remote</access>
<affected>
- <package name="app-emulation/emul-linux-x86-baselibs" auto="yes" arch="AMD64">
+ <package name="app-emulation/emul-linux-x86-baselibs" auto="yes" arch="amd64">
<unaffected range="ge">2.1.2</unaffected>
<vulnerable range="lt">2.1.2</vulnerable>
</package>
diff --git a/metadata/glsa/glsa-200512-16.xml b/metadata/glsa/glsa-200512-16.xml
index c9628ab9364d..d1fd1664d4d3 100644
--- a/metadata/glsa/glsa-200512-16.xml
+++ b/metadata/glsa/glsa-200512-16.xml
@@ -18,7 +18,7 @@
<unaffected range="rge">2.1.30-r13</unaffected>
<vulnerable range="lt">2.2.3-r8</vulnerable>
</package>
- <package name="app-emulation/emul-linux-x86-xlibs" auto="yes" arch="AMD64">
+ <package name="app-emulation/emul-linux-x86-xlibs" auto="yes" arch="amd64">
<unaffected range="ge">2.2.1</unaffected>
<vulnerable range="lt">2.2.1</vulnerable>
</package>
diff --git a/metadata/glsa/glsa-201006-18.xml b/metadata/glsa/glsa-201006-18.xml
index 29392d117c3c..bbd423cef309 100644
--- a/metadata/glsa/glsa-201006-18.xml
+++ b/metadata/glsa/glsa-201006-18.xml
@@ -125,7 +125,7 @@
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850">CVE-2010-0850</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886">CVE-2010-0886</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887">CVE-2010-0887</uri>
- <uri link="/doc/en/java.xml#doc_chap4">Gentoo Linux Java documentation</uri>
+ <uri link="https://wiki.gentoo.org/wiki/Java">Gentoo Linux Java documentation</uri>
<uri link="https://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html">Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010</uri>
</references>
<metadata tag="requester" timestamp="2010-04-02T09:43:04Z">
diff --git a/metadata/glsa/glsa-201803-05.xml b/metadata/glsa/glsa-201803-05.xml
new file mode 100644
index 000000000000..4feb90ed0823
--- /dev/null
+++ b/metadata/glsa/glsa-201803-05.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-05">
+ <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+ Chrome, the worst of which could result in the execution of arbitrary code.
+ </synopsis>
+ <product type="ebuild">chromium, google-chrome</product>
+ <announced>2018-03-13</announced>
+ <revised count="2">2018-03-13</revised>
+ <bug>649800</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="www-client/chromium" auto="yes" arch="*">
+ <unaffected range="ge">65.0.3325.146</unaffected>
+ <vulnerable range="lt">65.0.3325.146</vulnerable>
+ </package>
+ <package name="www-client/google-chrome" auto="yes" arch="*">
+ <unaffected range="ge">65.0.3325.146</unaffected>
+ <vulnerable range="lt">65.0.3325.146</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Chromium is an open-source browser project that aims to build a safer,
+ faster, and more stable way for all users to experience the web.
+ </p>
+
+ <p>Google Chrome is one fast, simple, and secure browser for all your
+ devices.
+ </p>
+
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Chromium and Google
+ Chrome. Please review the referenced CVE identifiers and Google Chrome
+ Releases for details.
+ </p>
+
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could possibly execute arbitrary code with the
+ privileges of the process, cause a Denial of Service condition, bypass
+ content security controls, or conduct URL spoofing.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Chromium users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/chromium-65.0.3325.146"
+ </code>
+
+ <p>All Google Chrome users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/google-chrome-65.0.3325.146"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6057">CVE-2018-6057</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6058">CVE-2018-6058</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6059">CVE-2018-6059</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6060">CVE-2018-6060</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6061">CVE-2018-6061</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6062">CVE-2018-6062</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6063">CVE-2018-6063</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6064">CVE-2018-6064</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6065">CVE-2018-6065</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6066">CVE-2018-6066</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6067">CVE-2018-6067</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6068">CVE-2018-6068</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6069">CVE-2018-6069</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6070">CVE-2018-6070</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6071">CVE-2018-6071</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6072">CVE-2018-6072</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6073">CVE-2018-6073</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6074">CVE-2018-6074</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6075">CVE-2018-6075</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6076">CVE-2018-6076</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6077">CVE-2018-6077</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6078">CVE-2018-6078</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6079">CVE-2018-6079</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6080">CVE-2018-6080</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6081">CVE-2018-6081</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6082">CVE-2018-6082</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6083">CVE-2018-6083</uri>
+ <uri link="https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html">
+ Google Chrome Release 20180306
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-03-10T18:57:32Z">chrisadr</metadata>
+ <metadata tag="submitter" timestamp="2018-03-13T20:58:50Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 0a8ed9c15796..c03a51db858b 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 13 Mar 2018 16:08:11 +0000
+Sat, 17 Mar 2018 23:08:18 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index ae3297387e20..531345869884 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-a3a9d59f86ebf5d6e6d86f34addc40bfcfe72e5a 1520785907 2018-03-11T16:31:47+00:00
+34ad30cce52efe764ba4081474d36b99763811a1 1520983028 2018-03-13T23:17:08+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-14 17:05:55 +0000