gentoo auto-resync : 22:01:2024 - 16:48:54

5 files changed, 59 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 6e22334e7683..938fdf5d0e7a 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 562170 BLAKE2B 13793f99b2aeb07db808adbe0b1fe69005e597c86f14ec256c0bd329f157247d0873634aeaa1ef5172fbb27f87e570da5c2f41e37c53ebba4300745897cb3960 SHA512 33976cf0e449ecc18853b813040657dd420fdf2c05dc4aff4bdff73e28ad9894a7768a1303c77eed2804fc2648a328b169039a8cc4b94656ca92b5d36f9ce3d4
-TIMESTAMP 2024-01-22T10:10:04Z
+MANIFEST Manifest.files.gz 562328 BLAKE2B f917e7f3715dafbea4631d1e8735246d5b9887c3efe70c6ba46f3209bd4352c3858fb9f3b94eddfea989436bd50ec90a84cb7490a3686cfafe856b8100fc8b3c SHA512 d02be3afe2c6c1c06c58a6413b27e2ddfa1c0d22459c4da9eb5fbc7afe9b5335376f1397c09c4bae95745e7e93f1941a58053c3f1b7dfe65b33c41f933bb9720
+TIMESTAMP 2024-01-22T16:10:14Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWuPvxfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWuk2ZfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klC6nRAAtfGxYms9A607H9a1JMzKTdXjKzt6ZrVIuY6tWlrH0FXcVHaJ7FbvGk76
-zwzFVWBeQ9b/OBPrzpIuhUsavE0/rwJ0UIapBDlcV4cGt68se100Xwiyub4cevSP
-mF4oKn/BWgCSbYv0KccpsnpUj8GDWL3qEAqLh61x6j4QZQXBRVp0am33Bi8Sp9oA
-+7pLQt67ntXtswCsSYczB3uzvzMN1PMCezd4zm3oPDJo8VKkski9/lUhM/EBU2fC
-fGimq10wp3ucazxBZYgJJ4iorf09PxhTeyWBofqyDPk7vwlROgl9/FXYsIxk8ZkU
-ERIj3q57xzvsU+cWMegbj6LE1yhU2B/YhZpOlh3q2th4CEaEnS1rVlDbBMtWIcfF
-YM6cDG4nOJbdKjy45oUc3txLX+rBxSNckoFMygys5Y3xUxPn1cO9SwE0+BDCoCpi
-fJGUL2qb0Owu5fBDhEO/h+oQikha1vWaXjYawBoWroFJ3uXbuzFPzmfHLB6tZn52
-EbdJ5wrlvAtyoeKeWvxh+V9MYhfHoHBXBl+WtVFnzCRfa970f9WFACJhja14u9mU
-O8pxklUr+uhk6yeIZyJLXsTYg2YeylHyYgX2bAHy6VkIxNIlsUyZ/MJRR5f4aqd9
-i9ytoLf7ocjjlQy5FK6VvapBfHKGn0jMUQ6VfswCghaLiOHp++s=
-=EQ4b
+klCcgA/+KHqxTQPyOBKMeVrm+M6R6NGs8zuAEbNUEbmH43HkHTBIyGQtUOBXnUTP
+6JtutdlJ91Vi5y+7/EGKpN+H56au8ELCkhqnusvoRpK22nsWUqWHb7Zu6WkomeoS
+N2MM7K2QQRpF+WH/oF87XHmu6PjjJ+t1RxJALM1TG4HTnT2Qu54ZcZYgc1XM43ZZ
+BTsap0RVg3+tKUzKvYZoR+1ZCdZaL2zWs6L+vFvGzs5dbF4xOt3WWxcxVyiH76Z/
+p1bJvuXfubpOYuy097wTEBNofxypIsGpZ4ci0EZILEVkDRNY+llaUSa8/nDDq3uC
+7ko6L4v5ZN/nvbEhR7RGokhhquCv5uPWXRqtKjg/cmLo4KG3b0Hh4gl3lCv1tOZu
+tZWhrdQtegtQGhXqSzUGlFhhu8g9Q+xYsfL/rqxoOk0ieJa57TNHqginoTsGGe7w
+2Zk+f8z/k5K5k35lpq1/Yajbz3n4lQceHzf9sIus0FSPOq0yhq8RUO81Sz3w5DEK
+TuvteJ+0kRHnLqp/6Js131J/FIHOa+5w6J5aGh18JZPjf9JsXvw2lX9CW9eYAXRk
+NgjkD0YEbdxXTb6Y8KPdBlVigFRieq/SIe/Bw1bfyjo/ui/WlWEB+ZeFNGUjYRnd
+Eg2i0/C18MYUGbxIhBwUW/Q5V5S6JFHvJPDpyPyYp496w5BdTKk=
+=/Ypv
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index d4fa5e4d7562..89879b805fe9 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-26.xml b/metadata/glsa/glsa-202401-26.xml
new file mode 100644
index 000000000000..56b9740e67e9
--- /dev/null
+++ b/metadata/glsa/glsa-202401-26.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-26">
+    <title>Apache XML-RPC: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Apache XML-RPC, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">xmlrpc</product>
+    <announced>2024-01-22</announced>
+    <revised count="1">2024-01-22</revised>
+    <bug>713098</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-java/xmlrpc" auto="yes" arch="*">
+            <vulnerable range="le">3.1.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Apache XML-RPC (previously known as Helma XML-RPC) is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Apache XML-RPC. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>Gentoo has discontinued support for Apache XML-RPC. We recommend that users unmerge it:</p>
+        
+        <code>
+          # emerge --ask --depclean "dev-java/xmlrpc"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5002">CVE-2016-5002</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5003">CVE-2016-5003</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17570">CVE-2019-17570</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-22T14:37:11.898800Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-22T14:37:11.903161Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 40aa1e17f608..3b0ffe0079da 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 22 Jan 2024 10:10:00 +0000
+Mon, 22 Jan 2024 16:10:11 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 8731fa61a717..edc30d72137e 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-192b729d81f588010b67c1e39e06aa02c513b126 1705499128 2024-01-17T13:45:28+00:00
+6ee7e022f8f6a1893b71cb4e09707f9eb56fa40b 1705934279 2024-01-22T14:37:59+00:00