gentoo resync : 16.04.2018

5 files changed, 67 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index b0172a3a6dca..dfc8ee5bad2f 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 421225 BLAKE2B 3ea0f2afdb7fa11952c73e1802a82ddcb4bbe95b75606861aa9d94acba35691b97854b65d7d3bec40e0f5f2ef206de903696db876b0bd6db34bb27aaac0696b0 SHA512 76fd57544ae0eee9baf3d5b9e8ef3b04f05195897cba1f495609eaed7c83e275ffa678d92f50587d688bf40cbb1147872efee9d9634b6c45b00f94da4fa7cdc0
-TIMESTAMP 2018-04-13T23:08:32Z
+MANIFEST Manifest.files.gz 421384 BLAKE2B bfbe5e356f9fb5467472e01b9ffa4c7ab788e49c049d40c7633dfa4d2ebb5c4bf4f92a4fa43049b85dad5d10c593ecd0e243ea7c1975e84055fc34386f72a4e8 SHA512 f0c1e1729862aec592153456994003bbdbb8f9bff919d3e8a74ef963808bc6065be99f22297469abc9678fd65da4c09918d0a860c5e2f27c193f04efea6f9560
+TIMESTAMP 2018-04-16T15:08:35Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrROHBfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrUvHNfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAE4w/+PF7xO8QJUYsybzrs5McZdWx5a55vucu4rWgu22UravTxNi+zYx/rbOcA
-0KC5I8lcDaF6RHxhLYWaXYn857htwcwHjuV1l/gk1hch4+Vj5EbvMSTmpyIbHZHI
-IcImx05DmETrdPzd61jSPby5056vzdqbQn0w1Ap0X8Vojh8csZ+q34azTahIlH84
-/mTbq3ZmZ9AVbda6ML7yIBoEJz5Epku9tVl4rCHcRVq3VIHNZeNgUspLqEoGU0JQ
-GUI8AOHGS+/F8LzcKzk4Gqj/Z+EVIWRQjWJDcyadS+yphLk2Y1OzSJ1zx0SJqsd5
-V/6ONBmOoCteY5G/asdGh07pIxPuZG6Nni1H8ZcX2ikj/Wgtab9g0rp3EtTcd1nF
-to/7VPbK5suXtjVcFl56Qk2uGmdDucNB16p6FCxv51xmf7OIQq0Vq1Wb7U1PtqDf
-YB8wlVYnYvTHclmwrUIapfOK3Aiu+Pc0RqP7Z9iN8uPVxNFgpROOvjrEfYD25ekC
-qymxYpdzIzSfI0+ubVb+6FMzym47I5caUifO95leXdY+/HNQfR+sKAobX0hters+
-j+2pi4rQhkQ8mpmyeq0GvyiMKU/DkrObVuw1UAOR+64Ypia14X0ip+dIt0C9ufVr
-eZO8fcPYaihUF+tMrahdpku6vjr2jAABdxUn6YhhF96t4di3Ek4=
-=iXP5
+klCY0BAAqZNm01XKR8+NAmnCrYYtSCAwaCaF0Nb3iffw+a2VlxGqYBBxMF/P5NSg
+asnD9IITG4Kl8FNGk2+DkqstEKdEjrcNxvavbtWX0PjVVlqyzmsLOCK3b6v41y/I
+S4XOcJx4TJdQWaLiLXKXPAl6kZ65fSsx8GA2wHE3/L7unZB2xfH4ykHYS5TlpLEO
+sRSx2kPJySsG4SB0Uc/Q4woEcOJlcKQAxAP+j+iBcrGR8T8ZEZRO6oyxcjvHM6yG
+PZRZOkq3m4BCy0sL0eqq4ITeyAu2LNXRf4o80k3rvmf+n86YLl0yi3/+LU4GW73W
+AkA/LNEJXxaxpB+NHkSkQnjXOxExUCCtoIHQMAwj8jejDurIvImEB5OV/DRcfgme
+V8IcWxhQFRblhUfNQ8g9KDqPwWCHf9Py1OSz8ywlHaHFUpim7BlqdFrw2z+Ic+/D
+jzvqOkgdv5HX1/bxPQA8q531mcWQ8N8QnnC52S2FsfSPhgdGXOl71G31rKGJBB56
+W6hxomPk++9F848S5vqC7lnEjEs0HeiF8M+CKr9ol8F11LHKpJ0rd/AlDDfM8zQz
+/6YZnLX9WzcQ2LKWOPIfxjnA4Yuckmn7IlfjPcM3kRadPBuNeNET+/bfq9XOOQRS
+DKA+D5qZWVX5F3O9cZWCsT1J7z4QgbBVROTs2kwbbgsfjpuUTEg=
+=AlW9
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 2e79d14541e9..88a05be6bc96 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201804-12.xml b/metadata/glsa/glsa-201804-12.xml
new file mode 100644
index 000000000000..097160fddf87
--- /dev/null
+++ b/metadata/glsa/glsa-201804-12.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-12">
+  <title>Go: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Go allows remote attackers to execute arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">go</product>
+  <announced>2018-04-15</announced>
+  <revised count="1">2018-04-15</revised>
+  <bug>650014</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/go" auto="yes" arch="*">
+      <unaffected range="ge">1.10.1</unaffected>
+      <vulnerable range="lt">1.10.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Go is an open source programming language that makes it easy to build
+      simple, reliable, and efficient software.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in Go was discovered which does not validate the import
+      path of remote repositories.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers, by enticing a user to import from a crafted website,
+      could execute arbitrary commands.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Go users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/go-1.10.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7187">CVE-2018-7187</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-14T16:24:01Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-15T23:23:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index d573ad74ec83..1686faf69c07 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 13 Apr 2018 23:08:28 +0000
+Mon, 16 Apr 2018 15:08:31 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 154e4764a7e2..3c4f54fe8d44 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-61614754c5c47e19e67ecfbc5307d90c6d8b3d1f 1523477362 2018-04-11T20:09:22+00:00
+aa26a212e36fbca3a9091a00250a459fd6576eae 1523834733 2018-04-15T23:25:33+00:00