gentoo auto-resync : 01:08:2022 - 21:16:25

author: V3n3RiX <venerix@koprulu.sector> 2022-08-01 21:16:25 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2022-08-01 21:16:25 +0100
commit: c69eea8c84cee05e6ba332fd1f39cfb6554d5726 (patch)
tree: 86a17f65a677b3c475b682e087e779df29eb4b43 /metadata/glsa
parent: 9d396115d657f4e18ffa2c1d073980d8e3d6710f (diff)
5 files changed, 78 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index bed9fbc7da58..8322d6eb11f1 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 518604 BLAKE2B 771190ff87bcfe6702a19150591bf573a429c51546ab7bd3ae25f101a4ec657d93d6fb83f7cb3aa4055e581eab5fde9d88a73a604dc34f426cb30ebb4385af9b SHA512 0b5d0f14e5d6ec3ff896d9d472edea00620a08f552ffc5516b0264e609527cf65471ee37a5002559add52d5c1898b2b60d48c9e97e6d2451bd84bf24fd112ab4
-TIMESTAMP 2022-08-01T13:39:44Z
+MANIFEST Manifest.files.gz 518764 BLAKE2B 800d8c605261a8d2ca31eca4bde7d3bb3f684de4f3181019daf03f289f18680c6d96f494d58f96fe4ad07cdd9e1d88375337c122e7b8e08a991332389d887299 SHA512 aedc41e29d7be49299b1cb0ff40f391a2deff64b9b55c25130ff0d38269f249b737b1d372d346ecfc163d0044fae33a0e164e57a26c205b60f17269607a8117b
+TIMESTAMP 2022-08-01T19:39:46Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmLn16BfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmLoLAJfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD5Cw/9HSsGlW/Ey2Fp9xFryPNr+UmDP0Hh8fuA6w/ZoRO9dJf47qXmBc/5zzwH
-EZvvxUXP9otNG9eOaFbEPySxGMixcU7kNFQm3+LVzixFgPncJPvrzFjSNwTw74FG
-/EtuGmZidPsE713JNua+vZumVH7RPLKouguaFFeALAd50rz52mJVKc6915ppdGU+
-iIBe1mn8e4iqtp9upJ3P4MvzJzjKWj12r8dF9FqZJdnieyJ2hGQqZnPEueJN3+j3
-Ok64q+w4Aui1A0JOuUpECcfLfzNh+pzd9hM0MjfdK+zVORQJnBrFNY/U+rzisVXg
-yUZcvInGcAkCyKqhdpwmd8i5LXOpCY6gaTY/KzwKzORK575GoVNM74AF3NIoM3IA
-fTEtsrNosMqnxthvviJh//+zHdZzzPIheWcDmNNAUao/Py4xTWIO2shHjEzT21SX
-DGwsH9lviMnnqg2nt8n2wbfKO1gXudPOMzqk2QR2ebATaEvMe26fX4q+fZc1XHs4
-ulrq+f+6UfxXRoVVoZkiIOJsDD9JJJQESlZeAong1jjYLUhNQqsQZiueJmcIuGxj
-15GuOBDHbMDJZCay2LjBYHXUbDzx3DHExIv3KISTb/JIKlEukea/pqTAciOvKw0s
-iAHKeA29MpFE0CForerHlipag0VdlLw5b3N+lNSGk7L9ENICV18=
-=ZXJC
+klB7YBAArLMY7VswukN6d7NilVZakHYhgfNzVB5rSvFdFPi8VNw0ytyV3bmi6jsk
+vsXRcO3dJGZkPvDHUFckhGudSdBXpq7ZfPKMIjzhUFoWrg5Xn0EqbMua6s6/sToQ
+B9C20f8HHqoC04QXe3b40gB0kZmhiPJI5RUWT4NcYsUXAd33Duj2bXnD+ibDUiGb
+kOH3tFm8507uIDuIAwKvm2xTZc836fCQnYmWnaUaEp8Vhc5EUj18tSjnbGkn02WH
+fycjE6RelHAISeeQyL6fbCbhPN0MZr7oz7JiNGkT/Y1t8pb8dyGo0xvKmv5TcXyt
+m5YwruY+td5R9jPERDP3dtVha4vQ9ThzaqZ5pJUOI2SCOD11kYYhNF6tuVEk1F6M
+tUBA7zPQJWmSoFvKJTJRjXgEJMMva4PzC4nXBfi/mzaEBZykf8dgPiyFlnc4jqsy
+p2adi2y3nGtpDTyXv2qIJfmSHUKJe8tdMvaS51d0ZQ+99F5tlGrZlRfhbpOuSZSB
+2emw/8sMHyY8oODbXF32w1INGIRfOxjZlK7wRL9NVZUPC2E6XqRNCH4toPPrimFV
+unT88VV5aqVl/ssOjAPa6UP30QN53U91ScZLd1FpCTmtooZaquU/if+nJ4gmC3UY
+zB/z0UVtQFJKkz6SOZ1lVybvE9G1zbWXvnHPOpk3ZLpay10LY/k=
+=TUxA
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index f971639f2c97..1f73abc83f0a 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202207-01.xml b/metadata/glsa/glsa-202207-01.xml
new file mode 100644
index 000000000000..ecb32ade076e
--- /dev/null
+++ b/metadata/glsa/glsa-202207-01.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202207-01">
+    <title>HashiCorp Vault: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">vault</product>
+    <announced>2022-07-29</announced>
+    <revised count="1">2022-07-29</revised>
+    <bug>768312</bug>
+    <bug>797244</bug>
+    <bug>808093</bug>
+    <bug>817269</bug>
+    <bug>827945</bug>
+    <bug>829493</bug>
+    <bug>835070</bug>
+    <bug>845405</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-admin/vault" auto="yes" arch="*">
+            <unaffected range="ge">1.10.3</unaffected>
+            <vulnerable range="lt">1.10.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>HashiCorp Vault is a tool for managing secrets.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in HashiCorp Vault. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All HashiCorp Vault users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/vault-1.10.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25594">CVE-2020-25594</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27668">CVE-2021-27668</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3024">CVE-2021-3024</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3282">CVE-2021-3282</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32923">CVE-2021-32923</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37219">CVE-2021-37219</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38553">CVE-2021-38553</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38554">CVE-2021-38554</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41802">CVE-2021-41802</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43998">CVE-2021-43998</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45042">CVE-2021-45042</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-25243">CVE-2022-25243</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30689">CVE-2022-30689</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-07-29T21:22:59.361368Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-07-29T21:22:59.365886Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 93efb58b113a..e800822e105e 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 01 Aug 2022 13:39:41 +0000
+Mon, 01 Aug 2022 19:39:42 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 2e35e640c7ca..349124ae11e5 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-57effa1a78ecfa61900fdedbc9401d0948141e99 1645484369 2022-02-21T22:59:29+00:00
+254c716d0dd35a6846f281fd4a3eaf970dc0bede 1659377108 2022-08-01T18:05:08+00:00
author	V3n3RiX <venerix@koprulu.sector>	2022-08-01 21:16:25 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2022-08-01 21:16:25 +0100
commit	c69eea8c84cee05e6ba332fd1f39cfb6554d5726 (patch)
tree	86a17f65a677b3c475b682e087e779df29eb4b43 /metadata/glsa
parent	9d396115d657f4e18ffa2c1d073980d8e3d6710f (diff)