gentoo auto-resync : 28:12:2022 - 20:13:25

6 files changed, 104 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index dde277e283c3..8f69ec45c3c4 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 538471 BLAKE2B b7385901234c82cabfe7b6fe500f9a2de535ba832c5fe98f7b1adcf90342ab9ac009a4eefb2c71141609f93233148e5db41c6f760cbea8413d0a285b67c25f90 SHA512 8b561e583b67bc367b59eefc1d958442632b1001434a1d0874a9ae00334c80cc4a27278dac1813b0d7b255f214d060c5e60573b828bb87fc8e319dc9233f12aa
-TIMESTAMP 2022-12-28T13:09:46Z
+MANIFEST Manifest.files.gz 538785 BLAKE2B a42e589b6c2be5ab4486b79822a326a12b3725dbc28e32cbb116cd453b6899511ab2026524f136171407f678f9acafd852f1a2a245b8caed5bad581d2eb86337 SHA512 8ff81ddfe9cd2569ab4fe6eabe9daf23f1f66918aba5cae55ff8241b2bb330fac90cb5595df81455bfa98b51ed1c6e965c73508fe1b662e752525e3e27b52956
+TIMESTAMP 2022-12-28T19:09:46Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmOsQBpfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmOslHpfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDAhQ//blbxpx9ata6gs23WCj6hoY/OSkQTOOUqhkdoxyKRpxKsez4P2kavVyVT
-pMeK7fIjwrUMtfuAPccsal7atyFuY/uwUytsZwZxH4N8yX8wggtn9yz9UJaz/oEm
-TaLI1z/LojO8hLmgzw3oWcCpGW1OtFJvyHE3Suru2XZU+7U00DGSsZGirfAZjqtm
-GXOCd/Ij3PsBecsHtNmiLExpqdsTDbjYxcNnVOWCulRApySVQsTKvYBOBbSnLq/k
-xfDjA3AGGgTsmMsBRjBoQL46qrD1C0//abMJtypx6obhBb0Bbby7VqhXw7Xcjp4e
-95VI/in54fr1my9Hw12IIvXiuTxStEmhnxckcioAsMTgsFLthYoO4ihgzTwH9idk
-m9R4VB7ZgbaQizxvG0lHlxE3Vr9uCXRK76NPQX4scQqqFA+rhoOAzOvlQo0Ozmj8
-Mii+8AWLz+zeBYr0MbVOr2M5BU1m/J5sU0IwBGpurYsMTrYjDOajKfont31v9Ur4
-jiQ65kkw05X5wAnwELodQqwcOIJ1cA+WTH090c0SFlmWwGXpISiAdQOeRAe0ZZmu
-4Xve8exVy3aKj72VyJQePWk+ybhQVEqIzBDUR/v/O3+ZA5FCFtAIvQ2IWgUXHCiE
-sc8tWdz0ueiPCzOy6xBxK0L9JYDKzKRN+GzUjI4TFxFoOLrT9Cg=
-=31+0
+klAGJA//bZn8RloRQKqa9d+/Me4A6vwvGZY6itOqxzZQ8Gou9NjhqL4E+FzQ6wdh
+uN0TnMWZfnijAqsS/3NUzNL9Hfk4iAOiOe3/WkWuLT/u2GsK2CsIxaLA59V10pfu
+CFMOms32PrVzRPis1W2904NPAXGFDNmCpu776ZRNhMqEyas6CD/PjkWLg9NkN1gr
+1CfKaBnqNEKFv1rRUjH4SDvxyzETJw37VnKsFTVUmpisrcQyfFC/BaSvjna47bds
+2kQST8lYEg2q0DYtQEXt/be/JzK+X8dRyBnap0ZEdZ5kjUszwe3HeHFy7FVr/Cvu
+hikbS77tVGhnbkfxIBQXvxFKHu6hzm3h/bCwDyl7Ycg5vpy+c74H1FSqU2/89PbP
+qi70LmrpvVIDHQM9OpQ7j6/jtB4JJfNS8GYWjBC7JFfFfCbm3g0g1FELsMb2vVuI
+lOuHM0dSJ3syxLX0HKkh+X375SpT9reeA2WZUwLTkiCBM/kYfY1KOpAO+k35l2n+
+mpf0reWddEH7cqfD+Xe7zpnK5ZMjxe/F2pLr4OL0w6piTF29kU0/bRo3TzVrfEMa
+1jYRFArP96fYWREOiLDlzEvmfOeu9q2rdKxnmnRxUi53AFJpDKprKbOfcTgG0PhI
+R1XWa5qESDodfD3QtteAemqTN4LgjFv6aZ/FSjSGRVeps+fa2RI=
+=woxM
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 08a5b8f59c90..5677e1e6d089 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202212-06.xml b/metadata/glsa/glsa-202212-06.xml
new file mode 100644
index 000000000000..436b90c7c2c1
--- /dev/null
+++ b/metadata/glsa/glsa-202212-06.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202212-06">
+    <title>OpenSSH: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">openssh</product>
+    <announced>2022-12-28</announced>
+    <revised count="1">2022-12-28</revised>
+    <bug>874876</bug>
+    <bug>733802</bug>
+    <bug>815010</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/openssh" auto="yes" arch="*">
+            <unaffected range="ge">9.1_p1</unaffected>
+            <vulnerable range="lt">9.1_p1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All OpenSSH users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.1_p1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15778">CVE-2020-15778</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-12-28T18:57:54.132897Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-12-28T18:57:54.136452Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202212-07.xml b/metadata/glsa/glsa-202212-07.xml
new file mode 100644
index 000000000000..8842cbc2388f
--- /dev/null
+++ b/metadata/glsa/glsa-202212-07.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202212-07">
+    <title>libksba: Remote Code Execution</title>
+    <synopsis>An integer overflow vulnerability has been found in libksba which could result in remote code execution.</synopsis>
+    <product type="ebuild">libksba</product>
+    <announced>2022-12-28</announced>
+    <revised count="1">2022-12-28</revised>
+    <bug>877453</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-libs/libksba" auto="yes" arch="*">
+            <unaffected range="ge">1.6.3</unaffected>
+            <vulnerable range="lt">1.6.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Libksba is a X.509 and CMS (PKCS#7) library.</p>
+    </background>
+    <description>
+        <p>An integer overflow in parsing ASN.1 objects could lead to a buffer overflow.</p>
+    </description>
+    <impact type="high">
+        <p>Crafted ASN.1 objects could trigger an integer overflow and buffer overflow to result in remote code execution.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libksba users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/libksba-1.6.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3515">CVE-2022-3515</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47629">CVE-2022-47629</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-12-28T18:58:25.172111Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-12-28T18:58:25.175039Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 73f4542b449f..218dfa66fe48 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 28 Dec 2022 13:09:42 +0000
+Wed, 28 Dec 2022 19:09:43 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 2b634000a4d7..861b82ee26e2 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-300d0a6989f134e6228f91cb9ea405db485ee8f0 1671415469 2022-12-19T02:04:29+00:00
+b95962b57e3a2b7645af0491db5baf8f15b6b69d 1672253964 2022-12-28T18:59:24+00:00