gentoo resync : 08.06.2019

5 files changed, 67 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index b2a2a083fd13..a159f5b48af6 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 442809 BLAKE2B 4b7b795575911222fd7fe1e9f9900ced88b7957d15e08d5881ee7e2c91f556beb375085e3842469d53d9c216f6709039908e138283d8726731c25b7aa33c7861 SHA512 ad93d050cf3a9d3cfb5dbce463c01bff4a31f205a3d2773382f89e603197645720db7bb4b45496d26f019ef9161b89ce5d0e4aacd87f89dff11d9c1126c34c46
-TIMESTAMP 2019-06-02T20:08:57Z
+MANIFEST Manifest.files.gz 442968 BLAKE2B 0e3056acaaa1238904402db3f7b9e5da9aa5a9653669d2d7ce6f23bca37fa04e6d2464868f79b589adb4a48dae4f38f6a27f145e60e4ed4a75c40ec11b1eba6c SHA512 4b7e5da9d352bb5de232fbbf053c3a1aaed9d07615188794445787743dcee0fee452db8b05004310c60b1d29787734050729e72ec84bf2e6f7a8c0bec2b2b9e1
+TIMESTAMP 2019-06-08T07:08:50Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlz0LNlfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlz7XwJfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBqlg/8CUvi+kZVGYaJOglw3jsmthz6vuNgr0OGSKRgdlX9WOxJAy/Ku4h0PwCf
-l02TOsDMYQLizfIpbcVvIZKyD9LFVyprATcqwxATWzRA7si/yWyaEz6IPTemZR6N
-ERL/5JRuQrfOwk/Nb1Ir3md9522Aob6my/5fkIbeE4B5KtDHcDjzd6GI3J8MhOGM
-kCDAOEz0D1VD8bIfWu66kpp2Sor97Lg/SFaJNTXpJT/3K9UM/GESWnzGCpJzl+5b
-QX9zuw6ygIC/MuLj50q87CpGIVdoRewMnI3+3y0ATtEQr/YycToN6n/y1hf0qsuE
-rYTcOTn5NhkKszD1lA0t2ywsPNr2VVt77TI/HW5YNiZplEcyec5AqY+PaUsXj/GG
-R0SUiAj+5Y7Cy/grXuhEEmZIjbWsEC+n/5nuGG5++ueZZhdkvWqWY8atVHXs0kxr
-FjPbEy84MWC4ezWMwXPTeN52Ou2/mJyZ7AxOFI149k4r6Ec+NEw20fBZ0xZqrWAy
-691MBMSgZnIy4bqN1u769YRbzC7s6ww2WwqUpT/FlGMt2zdZ+4Yi06VYD3eYkmHz
-Ko5o+kREopix76sLu1h8oMmtSs8piJquykiWG144ujST9T6ya62+juF4b+PhcMAz
-r1KKJzy/396xDTFrhIGPPjwwx5QE2pVA+11jRvt2b0aaa2f8OKE=
-=yfsp
+klBpUxAApzTCbmFjz3Bh7fygXErT2NswuTAvMY2I7wGo6REqnrbFq2h5r82X5ENm
+RioaIYCcShjCK1zz9Tdl8Z/McvnA9f9/9b/FJiCnSXLLcmzG2RVK/vhX9S9YCosM
+XCE5oRjwsjwINTCq4vARE9XQ3IWVWpXI+ahkN6XVT0BJX8zzH/sDCvAxwBgc1j4H
+HzJ0fhTVFORP7MNxjf/VSLc4Vhtuo/QOnbi40/ggmG4u3yxcOQs+cOeesYjdlfTP
+b6uFAWaH6NwwWkGTN5GkFPeJ8AB16jy0vgb7Ab3Y+5m/mKEBxiYOKej71PnkqpG+
+nvPtqyMRyXsP9U2x0nJLXT04NAIlcafa6w009NE6Tz542Z9Vhg7UtlM2fmytu4Uh
+ffjNKr0lX/ZyqK4dYgjrkjYCgJZX7pWlsIc7K5agH5SfmaBF3qQ+Pahe0CvqOfTr
+sJ/XlS8CqVEuINW3m9iWNPDqF0cfcOh5FqC1CiUR9U+2Gck81OYplySi2CP1jMzN
+iNE3iChNPJE+fuCh8I+sZ3JZzo8o7z+pcYsCMvaZ1ZDnf8zTq4R/aqDE2glduZFF
+pcHtiKY88ruzcTz28z2kj9pIccbi3YrTaQQxGLRKz2bLyBQ86S6ze74qd+Wtj0zC
+9i4srndAS7qbFNsYtHCkkbli9pkhA4jEpDtIpDRnXycYavbARYk=
+=Oi/y
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 30f8c1bd5004..4f3d5d05a5e4 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201906-01.xml b/metadata/glsa/glsa-201906-01.xml
new file mode 100644
index 000000000000..43586e2bcd8a
--- /dev/null
+++ b/metadata/glsa/glsa-201906-01.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201906-01">
+  <title>Exim: Remote command execution</title>
+  <synopsis>A vulnerability in Exim could allow a remote attacker to execute
+    arbitrary commands.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2019-06-06</announced>
+  <revised count="1">2019-06-06</revised>
+  <bug>687336</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.92</unaffected>
+      <vulnerable range="lt">4.92</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in how Exim validates recipient addresses
+      in the deliver_message() function.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could execute arbitrary commands by sending an email
+      with a specially crafted recipient address to the affected system.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.92"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10149">CVE-2019-10149</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-06-05T17:30:31Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-06-06T17:27:59Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index a5240019f154..94f5d443814c 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 02 Jun 2019 20:08:54 +0000
+Sat, 08 Jun 2019 07:08:46 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 41a53add6ecd..b72a40632e5a 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-42c9d977ba183a5bc173b70ad145977fc6705eda 1556150376 2019-04-24T23:59:36+00:00
+74d83a200d28906c5e5b46a676cd5579da349080 1559842216 2019-06-06T17:30:16+00:00