gentoo auto-resync : 04:10:2023 - 17:51:59

5 files changed, 61 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index db6e875dfbda..f3638011a8b6 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 549460 BLAKE2B a1f9ee4b119079d55103a4ccc3197b5638e1f0913b6b08dbff50e6a9ae785bd677e97041b367e5c90d4e715da5a2e9d245d4614a65f57c6fffbe3055d41af720 SHA512 af57c6ff084a9b4d66c2d7d6cdcf381f6edfb5a8b5e7b97a153bb0d0556002c8d13b0c6530999163f8396d382c2b2f781f28b63456546ee7c16c7c3f82742c24
-TIMESTAMP 2023-10-04T10:10:13Z
+MANIFEST Manifest.files.gz 549618 BLAKE2B df3cca5309face77ad600cd7dd41da5c8d5969140f0f882439af0839721ca14a3e2ddda207c25ab4f6c4bb766db6e715560df951e539d7cc21ac6c04098c804d SHA512 fecd1787120b073b451d8a3eda16e7b1d80f65213749758b8dc28dd7adb7911c5d678553c3d79c9868d343fd46ecb5e858110be9deff13b5fe735cee99c77036
+TIMESTAMP 2023-10-04T16:10:22Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUdOgVfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUdjm5fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDmlg/9HBr9rlvuXXu6wZkguZCHd+LrEdxj2g0beJ9QakQ9OnSpm5kiYlWKQEsp
-vRjHJO/iAg1E3zC4JfLUAje1AaYwDUggAYuc+lLCozQfJzq0kyChYQm9mWd5LyA/
-ym3+SzzulpOhE4aQgCZEUN0sOylkHmiMlcwx4mh7Dpc0knIFb/7GDTmZYoJy6WwI
-+hedW0Jj+9LVV7OgZ6yNWCjRfhVV3NnrA2wRAmVWFNgs3PTezenZ/myP1vo6+8Yz
-kq2yP0ybQX7mQD6b9xf3o9NSk6wYmz/6DXCAgCTMVLhblEhJ7o3+7H0H2W59nF5E
-HaybFdmrObOzM7nivDIHpKE3zjwypkkmCcMcBRv9wuddph+38VSNmIaAhG1T2NQ4
-Lhb2se13umiwSOIfEulS3lMJVvTtSTZl8h7sUUJrY23hxMDfCqd9WjcvuosWCYNV
-E3rsNlwE/UIH1zToXJ6uKfT27u9rsYue6h5awjkl7f+0+taWGjQerCYj7TFkoy5Z
-XrwpwWPycLlwV75qcHLS9l6xkpLMaeZQ1qeDadAm+D7RqNqfMsTzbDJSyunkPuRD
-/94492Y1OE3cZRN4aCAyEBiF/fT2zDuczMhOuWDpAAu6Cs++/6J6idfpomEEWB1z
-nHKJg77r5ySgWhDFY9xjpyWTwtob7bY189ndGQChAxlZNI54P3s=
-=TDQs
+klAW1w/9GEkAnWv4jk/CSI4tbaI2N6UsQWxgpljhqstH/hO+1TqxU7AqCVBu7jb2
+g/F5zcxyfn1qaL1M8D1GcoWpvkLLcFahw+B5zgSmPOh8hEplz/M4gjIWJ0BXOj3Z
+BoaE7utURddat2uuFlrtFNfgX91eCgEioSjdeqkaGy2jU6XcbENnFu3nha14Wl6L
+FaO8pxXiYjOqfG0aYh8jrF6B9q5l0FjrdfUi+scZOSU1u7xcJNdYVEUWIIYBktqJ
+ytLCIoByEUWFBz8EcGT46weTWSEDm5ZTtSzha+4kQ4SVtFuk/dVSYvPH/9jENJtC
+sD0cQj7UL+BEns9CkeoEiGrV+7962XNRU/QJgXngkmGLv2H+5Jeakz6mrEeSGFO4
+HeDD39WXf+l7BjRkD39NrOlFjwICcC8KI24Qa1X1E7cpgdq2x8dIhxx0I6jERvGZ
+HCv5Xo3hPyM55epx9xeiFdK5ETO5POgm5eEVf4DbA8s50rNlOu/gapYB63CyO/53
+WLQUlvFa98atJ/Esj3pvBpGjyUbv302mm3Al3P2fpCrsp4CM6gMu9p+QuFYcHyIz
+/bpR/lD7ZlU1zEIbt6oKEGH4Mn3C3c4cvqkc4YkuLOqCtcXZMtxqNgUDTjymzEsF
+wiHgXPT/DKAMUdsc2rXbjqD6IwSQae6ZmuCJz6yZF2Xpf+0MWTA=
+=TE3s
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index b03f0fde4bfb..a7e06bb28b43 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202310-04.xml b/metadata/glsa/glsa-202310-04.xml
new file mode 100644
index 000000000000..e7025c0e616f
--- /dev/null
+++ b/metadata/glsa/glsa-202310-04.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202310-04">
+    <title>libvpx: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in libvpx, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">libvpx</product>
+    <announced>2023-10-04</announced>
+    <revised count="1">2023-10-04</revised>
+    <bug>914875</bug>
+    <bug>914987</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/libvpx" auto="yes" arch="*">
+            <unaffected range="ge">1.13.1</unaffected>
+            <vulnerable range="lt">1.13.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libvpx users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/libvpx-1.13.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5217">CVE-2023-5217</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44488">CVE-2023-44488</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-10-04T10:49:17.755721Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2023-10-04T10:49:17.758091Z">sam</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index b92e786ad91c..365bbb13eee1 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 04 Oct 2023 10:10:09 +0000
+Wed, 04 Oct 2023 16:10:16 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 276c5a56bfe3..d43c424dd71e 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-029e12731f29676d3f6ebed09f7747ee6e15c5e8 1696406561 2023-10-04T08:02:41+00:00
+78441d962cbe20f36c819692b8c5ea5befbaf0be 1696416594 2023-10-04T10:49:54+00:00