diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2019-09-13 17:56:30 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2019-09-13 17:56:30 +0100 |
| commit | 948d557b4a61dc14722668b6b11a4cf3cee07b01 (patch) | |
| tree | b28b6cb077ae6b2457e30d49028fc978d8e2b59b /metadata/glsa | |
| parent | e3cf2c86fca1750343c1885311f857f185ee4f2d (diff) | |
gentoo resync : 13.09.2019
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 448529 -> 448845 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-201909-07.xml | 64 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201909-08.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
6 files changed, 130 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index eba6cee644e5..08d0105c8a0a 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 448529 BLAKE2B 70fc5fdf3704f2b7ec0033da58e9dba173720d87011ed4a8c13796a79ab719c338f43528d1a392475f724b87e95f6e187b39a6f6e92d64f4882d0f0004bffa24 SHA512 53832aafadeff79f44632a74dc19ba49106055cc3a8017511025ef2e4ca2499a5d5154766e4957167240e37b7e0bfd956e305d79053c82988ad80b673f006f8c -TIMESTAMP 2019-09-07T23:09:08Z +MANIFEST Manifest.files.gz 448845 BLAKE2B 24feded351e2c02762000f35c6c58ac935b2383bf6acdd7450f974e16e15fe0935d3f657233d5cd4ab87639ad5f410b8ea36fd5c019b93bfbfc47983ef01dbdc SHA512 569d13495f7e4953afefd29435d7953d3afa1815ae86459c1f4f84726efaaedc5598835f415738d792d2d1060be50cf8ad9140b7fcf124dd7f9ea681a55957ab +TIMESTAMP 2019-09-13T16:08:55Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl10OJRfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl17vxdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCN8A//SkpChS4L4qFkiOHwjHf4wtUIa7szn1dux34X7fyb3W/5uXdyyRqCarK9 -X9Y8yqKkKUWBTRP195IsRMn76nJD0AwX2v5sKvOEsJJjCMD3Ka8uxKJqb1V23JXM -LXn0/cqFJHQCfVnZvNLQUCOg5TJEtKZQJVEojFwpicB8usWdGrvk0tuxi81bLbOB -+1ekRMfKy3Ik2sdMWKrowEoeoicOcbYTi7yGT+z8YceVIku+pDeq0Tbj8jvfOYdf -sdo5pPJeqYFk788zYELBpUGAfM1RkMTv3uuTdQ6bIjNnjb0cp2TP62oSoEYWOWDg -qh2Ts+j7As00AGtxjq6zv2jQj03rugy3aiz9FvEhR7aLh+acYgD66Lale9QXnHa+ -SLiA22EOXIuACTnFZr0E/IdZGU/KG3QFr2EKCmsupUVxiUINM/Ypz73bmbi6lEIW -7/ziqcDqYBMmxTcZg5x3gyqrOU/Na/nXEJZ3dLyA7zCtkgts+W4+oh2Iwm9Vcajn -FTHp0D0ep4hAv505JGUEKPv8tBsU4tmcdjbcpKBXaAF10OU4bkEJd3hzvcNTqrim -0V1YIj482yNYDWuQEOrru5yBRXrZj9nr+yAkW/sqGvH5zCSAeuMxOKTvzHlO1p1p -tEizdnKAB6hB3tFjgiF/JMZkDxx3+pMYoTnu57m0KQUjlcVTboo= -=V6QD +klBbNQ//a8McyvJlHI0q6HuRWu/GStp7gF6V9y8z1NvzSUNmvghVq/G1DYwohDsV +nzYtwREuQsASAOwJ16Vuw2OJZiIQeXv7P6O1XVDSEszPZkou6bndmtPQF7wuW4bI +43qXor8MwqLyq9i1rBmQmwqAhNX+nX+U+u82Lgs0GCdTt9rWG/MUXurha00VYvz6 +A4RJ7EqABPqL+SblgDRp8fjzohuj/GpkDLHJ8tXPdaLASp9IQfC9Uafz+qsDDgJX +nWi1Cvd4b10SNTvURCl99RwXt6wxXfN6aFe4NI97gWdb3HOW/tqE2pH33q+1iPPI +OBmzSg0BQ0L6LRKNqkssmpVYF0S7vVJzR+Kp6sKat/ZC2a3jUvRxacTDDeVcLILm +kW6/Md/C/mIFpOBOoxsOOQ7ZMx8PW+Isi5oQV7DxUidzdtH51fb1dZUw1QjZjJyO +M38kdgzWhDvq8JHFQvxY5FHREJxMiP4upobAAG6Sq4vUrRRLXepo9X22VwugW+YY +E9XhGviSfr+9wxzgRNcGgbybwB816t47mWo25VB46A3eCR7AXkbs/XDVe1JdEDyZ +BUFcWne0Jyc8VsztbxgDssrNZM6ALCoJuVTjp7AbNZ5rRpcJp2e8i9SoU65k6d8o +sWMiC+UcTg8zN5QstuEMwap5pnZfeO8YApI9I3+ZM3QxeFJLXqk= +=41fD -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 81138f54ea78..e80a943da59d 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201909-07.xml b/metadata/glsa/glsa-201909-07.xml new file mode 100644 index 000000000000..a91111969542 --- /dev/null +++ b/metadata/glsa/glsa-201909-07.xml @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201909-07"> + <title>Simple DirectMedia Layer: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Simple DirectMedia + Layer, the worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">libsdl2</product> + <announced>2019-09-08</announced> + <revised count="1">2019-09-08</revised> + <bug>690064</bug> + <bug>692392</bug> + <access>remote</access> + <affected> + <package name="media-libs/libsdl2" auto="yes" arch="*"> + <unaffected range="ge">2.0.10</unaffected> + <vulnerable range="lt">2.0.10</vulnerable> + </package> + </affected> + <background> + <p>Simple DirectMedia Layer is a cross-platform development library + designed to provide low level access to audio, keyboard, mouse, joystick, + and graphics hardware via OpenGL and Direct3D. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Simple DirectMedia + Layer. Please review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to process a specially crafted + audio or video, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Simple DirectMedia Layer users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libsdl2-2.0.10" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13626">CVE-2019-13626</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7572">CVE-2019-7572</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7573">CVE-2019-7573</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7574">CVE-2019-7574</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7575">CVE-2019-7575</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7576">CVE-2019-7576</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7577">CVE-2019-7577</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7578">CVE-2019-7578</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7635">CVE-2019-7635</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7636">CVE-2019-7636</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7638">CVE-2019-7638</uri> + </references> + <metadata tag="requester" timestamp="2019-09-07T00:08:23Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-09-08T17:40:28Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201909-08.xml b/metadata/glsa/glsa-201909-08.xml new file mode 100644 index 000000000000..7f2b35906305 --- /dev/null +++ b/metadata/glsa/glsa-201909-08.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201909-08"> + <title>D-Bus: Authentication bypass</title> + <synopsis>An authentication bypass was discovered in D-Bus.</synopsis> + <product type="ebuild">dbus</product> + <announced>2019-09-08</announced> + <revised count="1">2019-09-08</revised> + <bug>687900</bug> + <access>local</access> + <affected> + <package name="sys-apps/dbus" auto="yes" arch="*"> + <unaffected range="ge">1.12.16</unaffected> + <vulnerable range="lt">1.12.16</vulnerable> + </package> + </affected> + <background> + <p>D-Bus is a message bus system which processes can use to talk to each + other. + </p> + </background> + <description> + <p>It was discovered that a local attacker could manipulate symbolic links + in their own home directory to bypass authentication and connect to a + DBusServer with elevated privileges. + </p> + </description> + <impact type="normal"> + <p>A local attacker can bypass authentication mechanisms and elevate + privileges. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All D-Bus users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.12.16" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12749">CVE-2019-12749</uri> + </references> + <metadata tag="requester" timestamp="2019-09-07T17:12:55Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-09-08T17:40:45Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 36c3392d5556..4897696602c8 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 07 Sep 2019 23:09:04 +0000 +Fri, 13 Sep 2019 16:08:52 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 82f2e1957979..933a7041a478 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -68b71b2cbc79a9ef9e8701eb09586b9f2f9eb7b2 1567815781 2019-09-07T00:23:01+00:00 +0d8b041795d355b2f8da9b84725a62150a91dc13 1567964538 2019-09-08T17:42:18+00:00 |