gentoo resync (2) : 24.07.2021

9 files changed, 261 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 233040c09ae1..2b69c03a9c4d 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 517009 BLAKE2B 7dfe2c6f0d3c02fd13a4ff92c8b43527ed90bc991cb77cf23a6b6f4d95a096baf241470cf7a0758af0ac5a10a8c455ea6117a88ca56d9619752cbe7f94a48887 SHA512 a547d3f7e4ce6646a0fd7f1bbc0c170ce1ad5c251ff3df4af3717aeb9fe49d0376f58f7a94715f226b5ed2e9b7f27692afb69b78d807ec8b830b728935a0bcbd
-TIMESTAMP 2021-07-24T00:39:02Z
+MANIFEST Manifest.files.gz 517807 BLAKE2B 2ecdb63e9cfe1a1b71d23ab4fe58b057928be5a410ab9012b87ec1e7c917af227099229248e5b2c7dc5b25edb96e4adad920259d956349d0ecbb204178f8da2c SHA512 4ca9cc06a8ae7d4eefdd8a435b92f1f4e675295b618afdb11cf1d7f45b49f0fd5137f7f0c81b60933a8b942fe25de9928a9f4ffe0d5968bae8eae39c95a7da50
+TIMESTAMP 2021-07-24T10:39:00Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmD7YSZfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmD77cRfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klC5Mw/9GsZ9wpwdz+PbVdusr4HHAV59IT+qhg3/55VhmeVfPaFMIsfVpxbhZPtj
-EjaHeBD/iOblkKhN7ctyFMe3Vf/r63bMmhT6ERpV3mKu8h43LsHN5qcjQ4TlvCvD
-kT+IJiMI3LfxdRlYQMGr572aclA/xd194LiPJyUj4j0p2slbrbtzp3OEKTO+BI/a
-6ZVULgMrMowWbAZTeqqusOK1RC5z4URqhAHun+7piyBmtc3tph3KcpQKRpBon2Kv
-+6ONA1LzmHrbvEJnjsuTSx1irS1b5prQgU8CPJ6h9Y6QObDDxjmut4JHfC0MBXeI
-RUaIQHxgqfcetTh+WwjY9mGVxVS2NlgCeOUQU5pgKZJ40mWQDbFId2BYs4ih8WzU
-YFl5zbzie3mxyFoo5ssc8/Q/HOoOU+sG6Ld8M8Wu9BwP1us7GE8dRaVrW+xSKkDc
-7Fj09YZbKpD7HiQZOyjf3xK3D6W80ZPs5VujslWE+YPuV/V4sy516hJ2QmYJlFvI
-mrjk3mwocKx/Zyhm45z+g5AkRCA8g2leHNX5SwF38+ZkOXTtIiQdbrO2IT6MoO/Q
-/ticUcLzITIDwfsN5fXUSO1hOAXl3FzDLsUvKw+yPmbIhXIK5bwgHPk5QE/ACdpo
-j0PRo+XX2V1BYzJg1n3aU4M8nVuYaKEah7vp3GhvPiLKxMB9msg=
-=EP+w
+klDkyBAAmRqjylEIbuXdVXNAAONSpgaE5SdtjXCcN9xG0Co4IaUqqD6nTxme8Urj
+doE5xAKmxII/K1T1knbbo41gqantFqcZe7KTGBiOvheDs0Y9r6EGQy0AQkYpKAhc
+1WOp2sBU1YTeFZjVwPfPeeVKdUtbk7r3wRltHyy0hmEWJCnii2J0xFBYOlDvD/H6
+gft4/FzuYu3ddBmTnEpoeZL+p2pKWbE1bwbrraRNKSKgrA9WHvKKZ6KnX3i1UyMA
+HdKGD7IyEKo16OMvIz6JC1gjpW/15PEf0sh6CS8/k4L6Nz/AwIl5a+GSmqAwyoJe
+VDHDEx93w7k7qipf34c/rnSoGM5o7RxNnoINKNmjdccVNMAAPremPiEigtHEqm3y
+EzLMmHcCOF8ozP0krArbEsivinB35mYSbOdr5/Axs9ziBodh5aHJXFNdc4v+PtZx
+KL57ok/lo54B0mNTRe7YFcGUSK3ANWYc8wWIYXj4LnUzKrdnVGYGSZkHvGmvA2Z7
+NO3ig8iQImG7QdzwUKo63xBfFyT1r3rQO0F51C9w/sY5JW7dhucGZIwyi+C/XaNn
+7YArDP4VOvjFHOGsTFkCDEco1IqKI0pE2gezJhG0ScVPvPPnwEeEmVxEQsdD/Ffi
+fCgZ/yKXdgMb5uhNEVeRSETxUiwKp54NuHEtIP0evHELNT2tI9Y=
+=XN4T
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 7f2ba8300b23..fb3d67f1010c 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202107-51.xml b/metadata/glsa/glsa-202107-51.xml
new file mode 100644
index 000000000000..0b667aeb20d2
--- /dev/null
+++ b/metadata/glsa/glsa-202107-51.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-51">
+  <title>IcedTeaWeb: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in IcedTeaWeb, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">icedtea-web</product>
+  <announced>2021-07-23</announced>
+  <revised count="1">2021-07-23</revised>
+  <bug>711392</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/icedtea-web" auto="yes" arch="*">
+      <unaffected range="ge">1.8.4-r1</unaffected>
+      <vulnerable range="lt">1.8.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FOSS Java browser plugin and Web Start implementation.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in IcedTeaWeb. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All IcedTeaWeb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-web-1.8.4-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10181">CVE-2019-10181</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10185">CVE-2019-10185</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-22T03:54:46Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-23T02:56:17Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-52.xml b/metadata/glsa/glsa-202107-52.xml
new file mode 100644
index 000000000000..bab0fae4e8c3
--- /dev/null
+++ b/metadata/glsa/glsa-202107-52.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-52">
+  <title>Apache Velocity: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache Velocity, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">velocity</product>
+  <announced>2021-07-23</announced>
+  <revised count="1">2021-07-23</revised>
+  <bug>775248</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/velocity" auto="yes" arch="*">
+      <unaffected range="ge">2.3</unaffected>
+      <vulnerable range="lt">2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Velocity is a general purpose template engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache Velocity. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Velocity users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/velocity-2.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13936">CVE-2020-13936</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13959">CVE-2020-13959</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-23T01:34:53Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-23T03:03:07Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-53.xml b/metadata/glsa/glsa-202107-53.xml
new file mode 100644
index 000000000000..5b93e892e55b
--- /dev/null
+++ b/metadata/glsa/glsa-202107-53.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-53">
+  <title>Leptonica: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Leptonica, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">leptonica</product>
+  <announced>2021-07-24</announced>
+  <revised count="3">2021-07-24</revised>
+  <bug>775629</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/leptonica" auto="yes" arch="*">
+      <unaffected range="ge">1.80.0</unaffected>
+      <vulnerable range="lt">1.80.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Leptonica is a C library for image processing and analysis.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Leptonica. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Leptonica users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/leptonica-1.80.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36277">CVE-2020-36277</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36278">CVE-2020-36278</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36279">CVE-2020-36279</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36280">CVE-2020-36280</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36281">CVE-2020-36281</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-24T02:43:34Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-24T03:05:56Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-54.xml b/metadata/glsa/glsa-202107-54.xml
new file mode 100644
index 000000000000..83bb578e119b
--- /dev/null
+++ b/metadata/glsa/glsa-202107-54.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-54">
+  <title>libyang: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libyang, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libyang</product>
+  <announced>2021-07-24</announced>
+  <revised count="1">2021-07-24</revised>
+  <bug>791373</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libyang" auto="yes" arch="*">
+      <unaffected range="ge">1.0.236</unaffected>
+      <vulnerable range="lt">1.0.236</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>YANG data modeling language library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libyang. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libyang users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libyang-1.0.236"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28902">CVE-2021-28902</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28903">CVE-2021-28903</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28904">CVE-2021-28904</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28905">CVE-2021-28905</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28906">CVE-2021-28906</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-24T02:37:39Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-24T03:07:13Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-55.xml b/metadata/glsa/glsa-202107-55.xml
new file mode 100644
index 000000000000..15738c120ba6
--- /dev/null
+++ b/metadata/glsa/glsa-202107-55.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-55">
+  <title>SDL 2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libsdl2, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libsdl2</product>
+  <announced>2021-07-24</announced>
+  <revised count="1">2021-07-24</revised>
+  <bug>766204</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libsdl2" auto="yes" arch="*">
+      <unaffected range="ge">2.0.14-r1</unaffected>
+      <vulnerable range="lt">2.0.14-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Simple DirectMedia Layer is a cross-platform development library
+      designed to provide low level access to audio, keyboard, mouse, joystick,
+      and graphics hardware via OpenGL and Direct3D.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in SDL 2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SDL 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libsdl2-2.0.14-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14409">CVE-2020-14409</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14410">CVE-2020-14410</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-24T02:31:25Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-24T03:07:52Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 33f7bb267cb6..36c501de0268 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 24 Jul 2021 00:38:58 +0000
+Sat, 24 Jul 2021 10:38:56 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 5a39cf9d5775..bbcaf950a9ce 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-b771364599953f210f7a780b5aacba265c26034b 1626929656 2021-07-22T04:54:16+00:00
+7b9e3c731523fe15934efc37e813384c70ecd7b6 1627096087 2021-07-24T03:08:07+00:00