gentoo auto-resync : 31:10:2023 - 15:49:10

author: V3n3RiX <venerix@koprulu.sector> 2023-10-31 15:49:11 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2023-10-31 15:49:11 +0000
commit: 7e84f2c47ae7a0e8b76fc3080b1c7ee8487ee76b (patch)
tree: a9e4ad6ee37ed8a3010b6548546639cb80447b40 /metadata/glsa
parent: 4241e2d11b148ec5e384070a86c12f7ad7b1884d (diff)
6 files changed, 121 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index fd43c2bc07d4..bef035319159 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 552319 BLAKE2B 1034d391c2693d13bfa95dfdbcefc204dc3ca1ffa49d6aacfcdcab441ee60fef27eef107774f8880993e95aa4111f94343a775548ac3105ef443397b62ba6121 SHA512 d36fdc3ac1978f9b20de459a0cc40364d9e4ff8f6711a93b6a929151ce403eb2576dae9df2d5306e0e35d0baacf2083fdee5905974cfe2f3c4fefe745eef3d03
-TIMESTAMP 2023-10-31T09:10:02Z
+MANIFEST Manifest.files.gz 552633 BLAKE2B f04d03cfce30402b87d7525767633e29394130432fcdd26de705b95ca93788a70abca8abbeee435b946253f2ad9b75f01bf24da1998a529bb89a6bbf1fcfc16e SHA512 6b0fd8a9a899a613a7dbab3dc51f5953cd3a0d18a12e17a4fceca64f11be5c7f83763d742dfada845bf1aec1c1467db31c6df823b9bc683d59fbec9a516d285a
+TIMESTAMP 2023-10-31T15:10:00Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVAxGpfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVBGMhfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCjthAAj+sv6v5kv7XXvbqdz+rR94Ey+f5N0yd02qy0yMrwV+5UyU1X1DiYn2pi
-43g0UtxaJapRdpwEvrt4GB2vFq1ntPRCVLf8Kn+Bc2pZy+Q3gDsWF+bdqpYkcZgA
-TpWoIP6d0CuioJazoO1JNXLkEjqix0+PVvD1IL8wpPNmCqesOeV9bMzzVGVipGSM
-lN2cTifG2Zl7qe3RuN9vDqQjKD73JM4cc8vya9YNeaodXCbN5DTE95vQ5Ka9+Rmv
-DHQUA1c6YzDmSIu0cZiUUzRvp/bnaizyoNZ2bq8JPolcRTdLUzDmxDNxWA3bfcni
-qUYeJ9po0unNjv6hCW/m0cerNQx0v8l/V6BR2zkMETkmTx/tFVZtcKuLR/22p3i6
-Mo8qBCZkyS7nG0y767paf/lLBE4VjaVgPT85K32wu5M4CJi/2zO2erIkWLS6lKQU
-2yqnoDFLlnKzR7dTk/wOKlTwLCWNyHvl6qXX3g1F1qnneE+1G7jzmvvwhP8e7Wg4
-ZDhH5OFA56k52qlKHAPxuVPqMWysnNgUKBXZYZSfwo9a0oaWAWHUHyA1hdU7BNSe
-bkkZr3beVA1l/5S6dK/E2LzGiKW5krFZvQjj1QUfE5w1QbjRWpoNYxWBm2jZ3EIT
-oCuONzEYFIeTZ9jg7x/R86WI52Dnf2CBQYifmnIna1bZS04WNxg=
-=68h8
+klCXmQ/+JcM2cCbyXhuXCFLekp31lYEi0cCZ75JqRHrgz+OOL8uxxKftVHHo6Im7
+n850BO1cPCrYSYBeyUnmCntubtY5lIZu3DUI5oeIEIuSVaxz/y8gI9oT/pMXfa6u
+Warnp81XAHK6DAy3TwysDiw1yLnDQo2zKnRJPz8+L0Q2RxrVvL3m5INTpri3U4gN
+aZajEKrXPft/qhOU8SxOE3oTMhPdwog2OVZYi5z5HIjukIWD+TZue/nfDi+Hi32P
+myimWZhxzsxP+lnr51zdwCc/N/TSkOkwKEma+C6upSJ2M/r3FxMq94udNMudxJ84
++p+snFxpAp//xdMeLPwSFXeJA4kEWJYmet+/TswraaHPitMZl7dIhewNqsgqEztw
+JriODLjLG6mfqMvxUz/Rc5lARmSC/9+Jt0AHWNxyAmCyZ0Zf2qE+58FPXTMn6LyL
+8lNhykMy6MvOruKBIczpGcOChvvTdWgpkos83G4hKhdqYa26d1ZcqZmf1AcSD69q
+pbsL0M3hvc4JCMEY7rbF+ms0FoSGFLPzJMgfeNFzDGJAbQyG0HjOVwNEPESQW4R3
+GldyNpKvwNXL66S8wh4Kw8kvk8YH8FD4/ODUO4x3qFZjtKQG3RODk1NDq91Gpvd+
+nFejewrTa+aC9USAK2jSB67i3hpvSIXNYjb4Lz+A6ETNLEj9QJA=
+=H4hs
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 949a26c5d1b7..a95cee3f4f56 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202310-22.xml b/metadata/glsa/glsa-202310-22.xml
new file mode 100644
index 000000000000..5944404c52d3
--- /dev/null
+++ b/metadata/glsa/glsa-202310-22.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202310-22">
+    <title>Salt: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Salt, the worst of which could result in local privilege escalation.</synopsis>
+    <product type="ebuild">salt</product>
+    <announced>2023-10-31</announced>
+    <revised count="1">2023-10-31</revised>
+    <bug>767919</bug>
+    <bug>812440</bug>
+    <bug>836365</bug>
+    <bug>855962</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="app-admin/salt" auto="yes" arch="*">
+            <unaffected range="ge">3004.2</unaffected>
+            <vulnerable range="lt">3004.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Salt is a fast, intelligent and scalable automation engine.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Salt users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/salt-3004.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28243">CVE-2020-28243</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28972">CVE-2020-28972</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35662">CVE-2020-35662</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3144">CVE-2021-3144</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3148">CVE-2021-3148</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3197">CVE-2021-3197</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21996">CVE-2021-21996</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25281">CVE-2021-25281</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25282">CVE-2021-25282</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25283">CVE-2021-25283</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25284">CVE-2021-25284</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31607">CVE-2021-31607</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22934">CVE-2022-22934</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22935">CVE-2022-22935</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22936">CVE-2022-22936</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22941">CVE-2022-22941</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22967">CVE-2022-22967</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-10-31T11:57:07.707510Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2023-10-31T11:57:07.710051Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202310-23.xml b/metadata/glsa/glsa-202310-23.xml
new file mode 100644
index 000000000000..9bd12a4cdf87
--- /dev/null
+++ b/metadata/glsa/glsa-202310-23.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202310-23">
+    <title>libxslt: Multiple Vulnerabilities</title>
+    <synopsis>Several use-after-free vulnerabilities have been found in libxslt.</synopsis>
+    <product type="ebuild">libxslt</product>
+    <announced>2023-10-31</announced>
+    <revised count="1">2023-10-31</revised>
+    <bug>820722</bug>
+    <bug>833508</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-libs/libxslt" auto="yes" arch="*">
+            <unaffected range="ge">1.1.35</unaffected>
+            <vulnerable range="lt">1.1.35</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libxslt is the XSLT C library developed for the GNOME project. XSLT itself is an XML language to define transformations for XML.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libxslt users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.35"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30560">CVE-2021-30560</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-10-31T12:53:57.599608Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2023-10-31T12:53:57.603095Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index e4b66c4e93f3..a0f179165bc1 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 31 Oct 2023 09:09:58 +0000
+Tue, 31 Oct 2023 15:09:57 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index a9b608f2dce0..fdc81e778759 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-31f2c2345585dd05f950ce51bc6b7227485938e0 1698733547 2023-10-31T06:25:47+00:00
+49515c936bcad95017ac696eb33dd49f6f28e9b5 1698756865 2023-10-31T12:54:25+00:00
author	V3n3RiX <venerix@koprulu.sector>	2023-10-31 15:49:11 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2023-10-31 15:49:11 +0000
commit	7e84f2c47ae7a0e8b76fc3080b1c7ee8487ee76b (patch)
tree	a9e4ad6ee37ed8a3010b6548546639cb80447b40 /metadata/glsa
parent	4241e2d11b148ec5e384070a86c12f7ad7b1884d (diff)