gentoo auto-resync : 24:09:2024 - 01:25:19

5 files changed, 68 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 65362c0cec26..a6a8b0643b56 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 588370 BLAKE2B f495c00819858399f9c4e7652d637570436f076630fa2fc4800ddf34885210fb91bd7c12f91ce7ade4940796d66018d85520a5d35b7b1ff8f652e76f28f1d4ba SHA512 38849dbaf4ed005f716f199bf64f2a61c41194f77e951006c230efe4b69c16d6588767174dbd0d98bbc887c6a3d43322070c6d8dc4011f90da0a8dbec61db515
-TIMESTAMP 2024-09-22T23:40:13Z
+MANIFEST Manifest.files.gz 588531 BLAKE2B 3d83a66d9c762955ba134aea6253e48c5f33b610ac0abc6f10cedd45b687dae99d8b74290e6f92ba6c9a33c4195523812d85c6c5ad730ad640e7adc2454206d0 SHA512 6413c60682e5f6ed998faa702d52a254f7a124cc29c7adba0a99a08aa315c2dc44d48331f0154669e4067f28194b9628445a0fd685284a0bcdbe57a764951e49
+TIMESTAMP 2024-09-23T23:40:24Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmbwqt1fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmbx/GpfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBDwhAAg3bxHf4mzxiPxbxX8+s1UQtEyLZ9paSXHndkDa63lPW3/qbk5bOZtcrs
-V5ZTKFx7QGY3ufz+FNplPNxcDJ8QKXsIDBJbQHnOhkWngtoa654kRcDrMv5bqPO+
-pxnmaGtNktNJZa6qon7DXekYfDUpsVu4HHw1/vudZl4hiwc1JwsUvGAa0BJcMNIf
-4KCVVGOppCcKa8ajDTbDuvcXi8qXKQ5ibPlBzTnTOhpDyc0GLmGFMbOLqhuCL6td
-RJMRgCuBlVNDOLo5bXMXR/gwiEmoVqw/inXQnw5BfbCWdlP7a6r0GFFkj8hUvI0H
-YqqOv3tWgMcR+4rMADwvsVDpQs4xFplpFZ3/vGXCePHEJDp4CyPbRDbDsHjAQ21S
-OMLSCdDckQEooG6/6iA+FPXYdCYm3hbCKl0luBm4DaI95DAO0xDrT7nOPHo82oVD
-ZkXPq1igX5jstGJiOYKP89Wm9QY/HD/fRMC/Z09JHb20CjKfWYQiuqBWAGWZ1Rto
-Lf/wREioH2/UgYp+OaFZ2ewEASf8AkL5zB4lvGRexAelIO1RviFNkCzcrIUJ6aXb
-uFC0OCDVLIF9kHNd0fyr5t7YPWLnzYD97pS/lZ+lJCvvA0CTbFXYgTvqhFGLHhch
-QmD/TBCMPaRhNZ2cJ2obKSpsMib+cDYWGpZH055sLF5QnwFi8E0=
-=OzuT
+klAFug/8D9l9mftSYDgXWElprKOgccx44uDyz+Wk/LoI8kNPGB8PnMTBpbamKY3/
+cgqPJkS/rOuUBn2Fk3RV18xnByEV+tR0kgKHFilgzYZZ4+NdTwgQjOJP1kg9I1eI
+XDGtrJHpueoiS/EswrU++h1kuDBV4YsFLjSeNV1a9MV2q6yF4GcaXtCHxhgwZWzF
+erNQ6kionzVQDzbSOceCmS2h8wZtUCul/yWg5fVrKTlmtzHx9+rkMD2DPXKFdR/h
+N+s0nQWuj2TDKHFIVDBIYJ5BF9m7V1hQNIXc9cHk8W5TJQLwAdlsfEq7ZQ6gu5AQ
+0sCS3G6VqO2upLxrR/UkQK5sF9RySdGRIDGpNnjdS4xkWIRF2Q16ksxpa9dv5AiT
+PbSzwlwBdDFc/mOLxAMKLdLEe+ADRC6AqIMrqKx7flzNj1S072E1J1TVB7tafJdu
+FKaEznpBRPbBtQoSsl32wfVOBGdwj5f8cogdRt8tvO8juBz1jTYpvv7tPYStdYmF
+EHxfOWRKyn34DEcx53HQUsqtOC4jw6FUL7/jzfP0/LcKpXF5Z2S3bl0b8aNKWkhK
+rKeFcDJbtMB/wBmo/Axfh9NsK16pNhiF0y/cIfnxXJ4AIPgmSOFSk/vnLrbdNxJf
+GdXya78fexJPmQ82udR6t94W2hBFK3V/fhTg/4hyU6iCE1bRmAI=
+=Ofvz
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 1c5c3851b1f5..15a50bac9716 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202409-20.xml b/metadata/glsa/glsa-202409-20.xml
new file mode 100644
index 000000000000..0f55e4837a0c
--- /dev/null
+++ b/metadata/glsa/glsa-202409-20.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-20">
+    <title>curl: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.</synopsis>
+    <product type="ebuild">curl</product>
+    <announced>2024-09-23</announced>
+    <revised count="1">2024-09-23</revised>
+    <bug>919325</bug>
+    <bug>919889</bug>
+    <bug>923413</bug>
+    <bug>927960</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/curl" auto="yes" arch="*">
+            <unaffected range="ge">8.7.1</unaffected>
+            <vulnerable range="lt">8.7.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>A command line tool and library for transferring data with URLs.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All curl users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/curl-8.7.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42619">CVE-2023-42619</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-46218">CVE-2023-46218</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-46219">CVE-2023-46219</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0853">CVE-2024-0853</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2004">CVE-2024-2004</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2398">CVE-2024-2398</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2466">CVE-2024-2466</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-23T05:53:30.922445Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-09-23T05:53:30.926884Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 9893824f6eca..8fd16c406a3f 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 22 Sep 2024 23:40:10 +0000
+Mon, 23 Sep 2024 23:40:19 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index fb54db6a96f5..98677f8c2800 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-c5244efc38e02f2f0af5af93f3b49a15bf368da2 1726995862 2024-09-22T09:04:22Z
+b04b4f7e697b62c8b67bd3c4bad5d6903b20f23f 1727070820 2024-09-23T05:53:40Z