gentoo auto-resync : 31:10:2022 - 21:05:59

author: V3n3RiX <venerix@koprulu.sector> 2022-10-31 21:06:00 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2022-10-31 21:06:00 +0000
commit: c9c609463fab9bcfb35694627bca1429a21fdbb2 (patch)
tree: 024860c3c54aa33cdb6972acd3e2e0b8484f3aa7 /metadata/glsa
parent: 6dd9db91dd6ce9bbe3197aa82642866e637ba68d (diff)
6 files changed, 154 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 05fac352df90..3468dca39d38 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 534504 BLAKE2B eed9bb7a29c892a3259ca2d48b64837705fe26fbd6577bad1d3cace4232a5888ce8266ed96a03aca90d23a4478a9d0f75d6461dc800cc7f82db148acbd695a6b SHA512 b0d2b680e5aca400045ea32f4ddd621ed5cc3f567357e871ab24f936146e91eb30e012ec665ed48cd6e462046ffd067c2342356ac5be65f78cc6607739b27bb0
-TIMESTAMP 2022-10-31T14:09:43Z
+MANIFEST Manifest.files.gz 534819 BLAKE2B d1b75b8595407c89720bffe60de9ef926b1b2fa554d41f72384a1ef574e8143c7b19376a3a952ce0891748b7e20ae130a308a1d484c5608ff67945bce9aced54 SHA512 8fa7a0539dd3497dd7b1179e79b7856ac1a8e5187769d1e550a5b52ec09f9738f6c5c6939fee08ddc950dc6d06c0e39438349fd56e7d1579e8b40ebbdc3f0f26
+TIMESTAMP 2022-10-31T20:09:41Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNf1ydfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNgK4VfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCf6A//YaI8av4JHY+BNevy1YUxAgHdsfOnDxc9wIDiejyCzY4m+Zcm0rxweO9s
-sbUYb4KL1L5HrA077kYTvZnYb9M3mBqVTqAhUb4PLpDRp2JIYUqlVqyzJOZ1UsMF
-X/r1E2jOg9V2QVIwc4jrg28U/cf4GEmvvjMHN81NJeSNYGQbSLSLHwVQfr14Lrkq
-+jYhV2ToVRnBgQ0riR4SzYBfU+hnnbvy98SCQPbUCr2VAOvniXuXNlJF6TOi6x1h
-2+9TBwPSqrCLjVCJ2YID6O2ViFPKlmvH/qHW95fIsyvI7482C2tjS2pMgMbQgsh2
-6AKBd/Rk/C4eFPN7BWbXzaRLZNbMUsMikLty8WGywaJNOfh4y5bzJrZt9WyNaig7
-UDcoAWn5dopdIFHakdltsRp51zJazTyjfe/bSAByQvqemq8k1Y17e5MQDHDsNlNW
-33npwqZW49N0wB2CKghCuezWZIsqGWwsDYEW8FgGL99vZmVY4Dg3MQBQafScslEk
-MecvIhdD8zo0BMDLF8o0hkRcsId7fcypBfcS2zopwmpzoS+q1llX7lpfOjzmHjhd
-moC4Z+V1BVdiQOYVCTLXVRN0Q0z24q95Cn6ABdv26uYCtypc/ebfwVRPPL3MvhRF
-jKnR31KsklAP5ZP2oIQp0cscTD02/cFCMIl5cWqQciQapR9av88=
-=6uSb
+klD4IBAAjTq9SIDEgJXwRFYJyv8ml6Ww45gXq39gLz0ZsFNTAkFmqDnAt//URujz
+ONSK4M6yY1WZc+WcmLWHs5qSHBG/ed6l10AAvxV02+GlpC4QpfedZeQUjm8e2pfL
+5IWzPDzp+IzhVwDPheUmT5VS0AqGpx+stWLj7P2hkK7N5lExDtcN2BV73cV8IOVz
+DXfop0Psbp25/hmpoawqG6jOYX8fexEa0BHufRKCdQmtroPW3hWhzssl6ZM9hesJ
+Vtqr7gqtXIe0/jRKZqCGnuBgLx6+Exa0JeD2nRdUWSNpR/3a6rpMI8P23p0Lt6Vs
+8VKmPwnmg1iROnvMEQZcyVMoqjde1UTSDTzVTZ8AvbKf9FcqUqoBGMbvriXfKdl9
+3SiO7eaaTHla7EwyIGQc7C/RyvAY+E1wzrPrX3QRHDVDLfihdF6hojfDWlCVI4LQ
+7mLySE/vNcKpae071WcW9t3cT4rqAsnl3WzCdRRc826bmzaQEoVMUFIG3bic2+OJ
+5/3p4V55yoW6IkbPgmI8x5VBaTVljhQzNEGnvJyr12jKSMhOCquL2SRPhT4N2tkz
+koFIrS1djAFPCzq8pQgJr292fbjdaLoC/ATsFaA/2tOKEayZ1nCxxL2UMwc0aLs8
+xp7Q/wec31w/56bVn/WuwAx0RNfYxrkev7rAGLg0d1zNQhkK0Q0=
+=ra8K
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 393a04f741eb..8e591d03ea6d 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202210-34.xml b/metadata/glsa/glsa-202210-34.xml
new file mode 100644
index 000000000000..06c691d6f8c9
--- /dev/null
+++ b/metadata/glsa/glsa-202210-34.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-34">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2022-10-31</announced>
+    <revised count="1">2022-10-31</revised>
+    <bug>877773</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">106.0</unaffected>
+            <unaffected range="ge" slot="esr">102.4.0</unaffected>
+            <vulnerable range="lt" slot="rapid">106.0</vulnerable>
+            <vulnerable range="lt" slot="esr">102.4.0</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">106.0</unaffected>
+            <unaffected range="ge" slot="esr">102.4.0</unaffected>
+            <vulnerable range="lt" slot="rapid">106.0</vulnerable>
+            <vulnerable range="lt" slot="esr">102.4.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-102.4.0"
+        </code>
+        
+        <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.4.0"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-106.0"
+        </code>
+        
+        <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-106.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42927">CVE-2022-42927</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42928">CVE-2022-42928</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42929">CVE-2022-42929</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42930">CVE-2022-42930</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42931">CVE-2022-42931</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42932">CVE-2022-42932</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-10-31T19:59:56.977107Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-10-31T19:59:56.986876Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-35.xml b/metadata/glsa/glsa-202210-35.xml
new file mode 100644
index 000000000000..386fe8be2916
--- /dev/null
+++ b/metadata/glsa/glsa-202210-35.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-35">
+    <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">thunderbird,thunderbird-bin</product>
+    <announced>2022-10-31</announced>
+    <revised count="1">2022-10-31</revised>
+    <bug>873667</bug>
+    <bug>878315</bug>
+    <access>remote</access>
+    <affected>
+        <package name="mail-client/thunderbird" auto="yes" arch="*">
+            <unaffected range="ge">102.4.0</unaffected>
+            <vulnerable range="lt">102.4.0</vulnerable>
+        </package>
+        <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+            <unaffected range="ge">102.4.0</unaffected>
+            <vulnerable range="lt">102.4.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.4.0"
+        </code>
+        
+        <p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.4.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39236">CVE-2022-39236</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39249">CVE-2022-39249</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39250">CVE-2022-39250</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39251">CVE-2022-39251</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42927">CVE-2022-42927</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42928">CVE-2022-42928</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42929">CVE-2022-42929</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42932">CVE-2022-42932</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-10-31T20:00:20.605903Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-10-31T20:00:20.611766Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 970a2781a2a0..334485abf617 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 31 Oct 2022 14:09:40 +0000
+Mon, 31 Oct 2022 20:09:38 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 990214d62d77..7d73b3116d6b 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-5144637cf49194493c452aae3f7a7b07bf677d9b 1667180477 2022-10-31T01:41:17+00:00
+794e005ddee1af19fec133f96c714f4b8786a377 1667246504 2022-10-31T20:01:44+00:00
author	V3n3RiX <venerix@koprulu.sector>	2022-10-31 21:06:00 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2022-10-31 21:06:00 +0000
commit	c9c609463fab9bcfb35694627bca1429a21fdbb2 (patch)
tree	024860c3c54aa33cdb6972acd3e2e0b8484f3aa7 /metadata/glsa
parent	6dd9db91dd6ce9bbe3197aa82642866e637ba68d (diff)