gentoo resync : 27.03.2018

6 files changed, 124 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index d3ca3ace6856..64a7070f2445 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 419008 BLAKE2B 71f0ab3699e4a099c44c011fb7d1607c93e4628556d357e248d588dd4b30298f24421e20f3b09028f394cd30565736a3debab29d055e38cc1d05cc3b95e7fbb3 SHA512 243c38e1d0bd0c55ae403827eb74db802e4b6860f3637cb5417657bc368b43d6df8654d962a90a10485228d9fcdfa0522237ccff245f2bacf058795ba79b2a43
-TIMESTAMP 2018-03-25T17:38:30Z
+MANIFEST Manifest.files.gz 419322 BLAKE2B bce39d2884945f8b0837f04b097288921742142eb6b55a87c2b57dd813da0393accc39cdbc36b1a820a911d1643768c6e20f5e777dfbb00ce5c5e8a8cccb59ae SHA512 dc4a29347ba058490aabba547065505da49564b81a43273cfc09b72c95a82ddf4139c1b5cee3c714a13e2094579946b7283bffeb6f766247a44733ca3d2e3109
+TIMESTAMP 2018-03-27T20:38:29Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlq33pZfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlq6q8VfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD/DQ/+IT9kZVcpXrrxmLaxI3A5nm3GLeN059CAgHOWeiBGQCJ6dDa0PS84VUjM
-xWwakEuJk5xz2zfR3GCQ1TIrE/uPGYWZjOHiTNBU/xWIVGHY2yXtkDtsQNl2HM9t
-onRyZLyuuTTbsQfGEF4uXfrHrYow2yamsPuQR3eSpPCEWLxXJSkWyDQne2likDHe
-Q6xXPlR7j9OG9CcRKW9yMRdahYc4Gbo3r1oJbvMAZHaZQaN+7dM6izO+IX/2xK0S
-xg7MSEehSDmeo7x6jdUiTaEgTkrgGIYRWiS5CRa8hXq8wdyh18UFISC+GGmzGz3W
-2HzUQZQQAoOUVn3jHmtYGQ7XMNdlI8/8oKKmljAbGfQ3oFfnEclBOLSK5Lbqugrj
-TUJ089KxPCSK4MET3yIEaBQcJNlZbswogc36bJYHZ/SYT8ksPF1XsjAthk46T3x5
-1F9ehewmVcfnQbm6b8G6GBy8+FKX2yJLujBPFMuwEJj5gItxMPaXRezTpOK6mxkJ
-xGM/VgXh3Js2zvOpR/9HKxtPvwysVlxXG2LSAcD6+IRdGojSbBSgJ7jhZEePcse0
-5nzeJG/hCHkM3Y3lPVRviC9MC9lkRb+O4m+fk3wo6JJxVkw3TLgVFj5H17ZvOvpX
-IJ46wWfs6JbqGgahqjuCDDm5cowtiN0YJhmkBMcf/wnd/J08Od4=
-=TfBP
+klCQPA/9EdHHfbdXBLQjImjZVQhLL91RvMMGuIO1Wn9gKVG117BqNAm1awuJXqrY
+VjI5h3tnzbAGsXoM5pRT2YLYff3r3CUzLctRnBIFgxh4bjf9TFSHJEqWMY2jNJmR
+KyAM6vDY7fWGjX2CoRH81IqfWUtBuE4BEigSk4PqwNFm/pX41vsYWnMKQb16llyn
+9uP6saIMfrpw1j6gONMf9EgLfMa1CXUiVN8yNkE7bd4kJHl1p+6criD3Of5ZycE6
+f3ujjEJ/TZ12+P5fd/MHRb+7h/ZHg9yqAtRzHnR+0J4Qw7lp5RksoSxS8fGbAdCa
+VsqKhCKS05Oe+jRw0H8ZdimDtsFEaZU2fzrSSg9oxAlZs2ovZRI1K4PK7fkizCd4
+ZIuqz8jAA6Ynq7jMSbahqnuenkAqXeNQkybWJDd+xsNHPOZmi6FFqCxksvR4GV2Q
+DY9et0/FIOP8iso5YTbikEQ99W9cuYOBkaDi2b/Jx9fNwZ1eUyZATHElbLypQyV0
+JVnagrpkjXTeZQ2mosmg+2U24lUrAfPuWpVpSankzWid/qx00aiUyvcpwLNMjTpy
++UNCkoLXN6KhdWyUU1qcFsxDw7eGhn0Qt8k0WDKcwtk331zqr1B1ozEYuEAyOpir
+brXS0+DOVmjaJzn8jco9DuGI2cmKftUl7xssl1rC3NvBqbCH6tE=
+=Gmla
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 4a497152dc2d..39a8552e5338 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201803-12.xml b/metadata/glsa/glsa-201803-12.xml
new file mode 100644
index 000000000000..f4c5194fed96
--- /dev/null
+++ b/metadata/glsa/glsa-201803-12.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-12">
+  <title>BusyBox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BusyBox, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">busybox</product>
+  <announced>2018-03-26</announced>
+  <revised count="1">2018-03-26</revised>
+  <bug>563756</bug>
+  <bug>635392</bug>
+  <bug>638258</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/busybox" auto="yes" arch="*">
+      <unaffected range="ge">1.28.0</unaffected>
+      <vulnerable range="lt">1.28.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BusyBox is a set of tools for embedded systems and is a replacement for
+      GNU Coreutils.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BusyBox. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, or have
+      other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BusyBox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/busybox-1.28.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15873">CVE-2017-15873</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15874">CVE-2017-15874</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16544">CVE-2017-16544</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-13T17:58:35Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-03-26T16:24:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-13.xml b/metadata/glsa/glsa-201803-13.xml
new file mode 100644
index 000000000000..746efc7ec51a
--- /dev/null
+++ b/metadata/glsa/glsa-201803-13.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-13">
+  <title>PLIB: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in PLIB may allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">plib</product>
+  <announced>2018-03-26</announced>
+  <revised count="1">2018-03-26</revised>
+  <bug>440762</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/plib" auto="yes" arch="*">
+      <unaffected range="ge">1.8.5-r1</unaffected>
+      <vulnerable range="lt">1.8.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PLIB includes sound effects, music, a complete 3D engine, font
+      rendering, a simple Windowing library, a game scripting language, a GUI,
+      networking, 3D math library and a collection of handy utility functions.
+    </p>
+  </background>
+  <description>
+    <p>A stack-based buffer overflow within the error function of
+      ssg/ssgParser.cxx was discovered in PLIB.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted 3d
+      model file, could possibly execute arbitrary code with the privileges of
+      the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PLIB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/plib-1.8.5-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-4552">CVE-2012-4552</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-25T20:13:40Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-03-26T16:27:43Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 24bf41cfcf56..005c6ae1af93 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 25 Mar 2018 17:38:27 +0000
+Tue, 27 Mar 2018 20:38:25 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 6c9b1079e876..9a2f6c8de5f4 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-52069526c1e45dc28a6c6f776156e98973bd6822 1521678297 2018-03-22T00:24:57+00:00
+e77e32771f61fb0da58c84733fb97dfc54b01bb4 1522081689 2018-03-26T16:28:09+00:00