diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-01-13 06:19:51 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-01-13 06:19:51 +0000 |
commit | 8be70107efbb417f839292165ee39d07a062046f (patch) | |
tree | 013918887ec4a00f0cefdb4b4d1313cbc3054305 /metadata/glsa | |
parent | 343a7272d559a21a0e0ed13cb743fabb2bfcc479 (diff) |
gentoo resync : 13.01.2018
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 414446 -> 414930 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-201801-11.xml | 60 | ||||
-rw-r--r-- | metadata/glsa/glsa-201801-12.xml | 62 | ||||
-rw-r--r-- | metadata/glsa/glsa-201801-13.xml | 67 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
7 files changed, 206 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index dcea53f6af9a..0730e81f1a2f 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 414446 BLAKE2B 5b433dfd85097ead79bccfcdc5ac71450a49f0cd04217ea95a0da4d9b3a14d6a0df186361cf5d3a4ff24547968a8bdb79ea1e31d21aa21b86708e0885a152525 SHA512 2410eac2ebdd40b883f4296ea6c8ebefb16545c125c9ecb039ba9a79dc2d32f43aaaa01673cb98557d5d7aa414d7d0c72e688610d9b127a0d56cb1584e16cf5c -TIMESTAMP 2018-01-11T08:09:31Z +MANIFEST Manifest.files.gz 414930 BLAKE2B 54c8bec7c47b900f490e4e34024351be14f456a48cacf2b39c9c543980f7b457877607be1b1a2619bba3921e272569dddbe7cbe408004596209bfaef3ad1f30e SHA512 fe8b5b4b09d48323bfe7f07a9b7216c4b61eb0986f2508a393f9a5266ae4d6f5c8fb70ea146fd1e2823a5d5995190c0817a11d4bedf5624b5eaaddf74d3af007 +TIMESTAMP 2018-01-13T05:38:57Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlpXG7tfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlpZm3FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAWchAAkB06ilg+f0cQJjuO8Gb102XQO7rjETlzbaTbzsDHJL1ObwHr5CAFOZI2 -iQ/wEqnaUNd7pylDCnUK8JKKZi9CFe9Y2jSqqYqHmQx61+hveE+QO5b94JFT4PeT -lkiWD2/4jObDBG9T1k5S0vV8upozJ7rrthv9T7/XEs3KhByVQawpsYFL5dfqw40q -rO32paCDMkC5jPBPN7w98KODysNscMYS8hePUz+INe4xC82/I8cM2yaUXMUAlcKw -r1JfVrWMg0C+H7X/zLo5HFiB4Dzufsv494IQb+MKlHLAdt8e+QqJSS6EHiC9pBvw -sp1fn7FNDheP8HCuMeahKzafwWEZ9/4M+3HLelQsUA4YWIOF7isIn/rPhEWqJW8f -hcHQQb31Kv6SwWqlw+VuczhbMae3hbSGD0l3v9lICyNIjlQL+ULoQSqpiDYeGB2p -ZlHbw8AxN5x2kNZBFjr8PEPs/MDMXWUVEo01Ya3kzl5AZosUgNc2IygQDNLGEK2E -jXYtzKnDMXnygiR+vOttiAA5SIv7uRnGsvGPeqj8GyuMOBj+z6h55EoQY2I1g0MD -ZCL/jOJ466DxuCPamT5ZmVzlsNrphx1Z1TJhyRi0ErMm+Wq5mPSkQQHhdnSRmG5O -Mz8wV+6hQ5QLOeib14lHYflx84husK67qiNj/fVbTMJRvVGWPaU= -=xCMV +klAWuA//UdGefSrX8EJ+MKit+CCilc7b1s9qwlwbJ4TwQvOzzLI3+pZaEZCJLLD9 +eLUiUCuegKbXF55yMd1LWK72NZKeKgdeMLYn7rLFJq6kxJ5HQG12MsA0Gt5QrToj +CsKHhlOuhDwZGSpa8ppwF4XJeZ8uUif+xaW14dYaRnBQ7nyEGRSPnXhwKd5S/fqN +m4g6kfaHp6uORmLGD2Aag5Iqz+kX1jQo2DWF5yuxpHd2qSgO3n4Lzl/eA7IqkWHC +xNLTI1fBrBtsvAZEqNy7IbFbAEDXPnyMaA4wuTpdX6E56GHJkJTK6OVYD3UNxe8O +loz+Y03NfslKDmchp74781fcC8VRpW4X+G/em0fwLlc8r6WrJPGYG845PFdcfmIX +G8FN7Vx5i4QuWNWynR/TGOyFyIxGblle1mEytDq3r+9NRxDKfBeDOgzaM/Vb/+kA +bq+DgI8WwuF3L5WzCXO3Mkx41BmjTHakPLJK8pHRDfoCxnTtfvHo+aoxPzYdBg8c +VTzy0gkNof7xId25g2MhxISej/bqQZRfmgQocqIVj2IBFSfMSHf+lxUpLP0AmWp/ +jnoniFokq39Mta8+jp22agt1pKk0+u5PncdkdrFvPVWK4oBsHwWZIO7oV+gBTZVF +lUjvrkO1F8xfoVUSJlEgMbE7ifK1VHxts3mcu2vpbuqIMP4Q4b4= +=RuEd -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 895c44865813..8ea3f1eb83d4 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201801-11.xml b/metadata/glsa/glsa-201801-11.xml new file mode 100644 index 000000000000..7359c3c04a81 --- /dev/null +++ b/metadata/glsa/glsa-201801-11.xml @@ -0,0 +1,60 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201801-11"> + <title>PySAML2: Security bypass</title> + <synopsis>A vulnerability in PySAML2 might allow remote attackers to bypass + authentication. + </synopsis> + <product type="ebuild">PySAML2</product> + <announced>2018-01-11</announced> + <revised>2018-01-12: 2</revised> + <bug>644016</bug> + <access>remote</access> + <affected> + <package name="dev-python/pysaml2" auto="yes" arch="*"> + <unaffected range="ge">4.0.2-r3</unaffected> + <unaffected range="ge">4.5.0</unaffected> + <vulnerable range="lt">4.0.2-r3</vulnerable> + <vulnerable range="lt">4.5.0</vulnerable> + </package> + </affected> + <background> + <p>PySAML2 is a pure python implementation of SAML2</p> + </background> + <description> + <p>It was found that the PySAML2 relies on an assert statement to check the + user’s password. A python optimizations might remove this assertion. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could bypass security restrictions and access any + application which is using PySAML2 for authentication. + </p> + </impact> + <workaround> + <p>Disable python optimizations.</p> + </workaround> + <resolution> + <p>All PySAML2 4.0 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/pysaml2-4.0.2-r3" + </code> + + <p>All PySAML2 4.5 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/pysaml2-4.5.0" + </code> + + </resolution> + <references> + <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000433"> + CVE-2017-1000433 + </uri> + </references> + <metadata tag="requester" timestamp="2018-01-09T14:46:58Z">whissi</metadata> + <metadata tag="submitter" timestamp="2018-01-12T01:23:24Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201801-12.xml b/metadata/glsa/glsa-201801-12.xml new file mode 100644 index 000000000000..f97629b7f436 --- /dev/null +++ b/metadata/glsa/glsa-201801-12.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201801-12"> + <title>icoutils: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in icoutils, the worst of + which may lead to arbitrary code execution. + </synopsis> + <product type="ebuild">icoutils</product> + <announced>2018-01-11</announced> + <revised>2018-01-11: 1</revised> + <bug>605138</bug> + <access>local, remote</access> + <affected> + <package name="media-gfx/icoutils" auto="yes" arch="*"> + <unaffected range="ge">0.32.0</unaffected> + <vulnerable range="lt">0.32.0</vulnerable> + </package> + </affected> + <background> + <p>A set of command-line programs for extracting and converting images in + Microsoft Windows(R) icon and cursor files. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in icoutils. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to process a specially crafted + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All icoutils users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/icoutils-0.32.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5208"> + CVE-2017-5208 + </uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6009"> + CVE-2017-6009 + </uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6010"> + CVE-2017-6010 + </uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6011"> + CVE-2017-6011 + </uri> + </references> + <metadata tag="requester" timestamp="2018-01-05T06:04:02Z">jmbailey</metadata> + <metadata tag="submitter" timestamp="2018-01-11T22:41:52Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201801-13.xml b/metadata/glsa/glsa-201801-13.xml new file mode 100644 index 000000000000..e744cfc54c4c --- /dev/null +++ b/metadata/glsa/glsa-201801-13.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201801-13"> + <title>TigerVNC: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in TigerVNC, the worst of + which may lead to arbitrary code execution. + </synopsis> + <product type="ebuild">tigervnc</product> + <announced>2018-01-11</announced> + <revised>2018-01-11: 1</revised> + <bug>614742</bug> + <bug>636396</bug> + <access>local, remote</access> + <affected> + <package name="net-misc/tigervnc" auto="yes" arch="*"> + <unaffected range="ge">1.8.0</unaffected> + <vulnerable range="lt">1.8.0</vulnerable> + </package> + </affected> + <background> + <p>TigerVNC is a high-performance VNC server/client.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in TigerVNC. Please review + the referenced CVE Identifiers for details. + </p> + </description> + <impact type="normal"> + <p>An attacker could execute arbitrary code or cause a Denial of Service + condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All TigerVNC users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/tigervnc-1.8.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10207"> + CVE-2016-10207 + </uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7392"> + CVE-2017-7392 + </uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7393"> + CVE-2017-7393 + </uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7394"> + CVE-2017-7394 + </uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7395"> + CVE-2017-7395 + </uri> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7396"> + CVE-2017-7396 + </uri> + </references> + <metadata tag="requester" timestamp="2017-11-24T22:29:53Z">chrisadr</metadata> + <metadata tag="submitter" timestamp="2018-01-11T22:42:09Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index b9a5d670b0ce..749c873f8b58 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Thu, 11 Jan 2018 08:09:27 +0000 +Sat, 13 Jan 2018 05:38:53 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index aaca69940ebb..bad538a8fc07 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -83b03abfd2cbeb32bafb0df4d1a742e9717c33a3 1515417463 2018-01-08T13:17:43+00:00 +8dca4027f96f539f3d11cd618e9a606c9597dbca 1515720256 2018-01-12T01:24:16+00:00 |