gentoo resync : 04.08.2018

7 files changed, 166 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index ea61b639badf..12934beaeb3a 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 426937 BLAKE2B fd40fb2cce7e8bb9b86f11cc0b67099c90238f284b3a458c8153c050be8f5f23899e2d0a85dee8371053bc572661a4ef4f721c0fbfb7976cc36ee7c7480ac631 SHA512 829750d5237ed3b11ae3dc9afdaacd5fe79e390dedf6730a47ac29c7f64e7bcce35e880cc0e44d263a4b9a9ed0186d2e6503cec484fcd93b4c19afde5af0ab31
-TIMESTAMP 2018-07-21T18:38:27Z
+MANIFEST Manifest.files.gz 427414 BLAKE2B 03f31e82901c67c54c9e2a393ac3d0d1d25bb342aa53f12ef4cda3b8ecae5db556d030b733bc4f3fdba54171e0a9a96a6e0e3c4ab9239061ea537618ba745ce1 SHA512 01f241123b41771420b69c122806bf7c9c1b4f6f77886ed4e9a9737364198dc0d9cc296f967c056f28a2af511a8d2680a7991527b5ca7723fbd12dcffe525a32
+TIMESTAMP 2018-08-04T07:08:39Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltTfaNfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltlUPdfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBefQ/+L9/xSV4wTVT+dMbfnOAw1fq/8IJzy8qP2qRqjV3wv/4qpgWA/1YOzQ5p
-lq5i1XkzUn8e+mJySP3deKzfjiT79vPejoy6nYDmFNCVaVND6fcxlQuJ5bNfAv+J
-w7BUtKWWtHjpXNfCQtOhuf01bKw2bauuinB8X3Oycms4rKJFISdP2YmNlnCCK7se
-OvQXj1bsvF2EU77IquxK2l3OilB/EI5GypOUlc8iBynbqozM4+el97wz8wgXRwWs
-BbwKCxB+O/t8yMgWykxuqqfcRSSAjg3XE+PY420tSlPk21tWQ7tbC0eytVQCvnsu
-kDZeuWzIrm7Bb/G6dQIck1XC+otfOufAQwoIkvjiXALvpbzONpbszzP/t75ISUf3
-vIdPPdpvFEdLKUexGHElE9Z2XZ61HYh+PhDMDAkL+PQMM2SJogaSrpHi3uSlbvET
-6TblWMprl8B0AD17hEGczi8COiGHMbAtxNUP/R1mFLhO5vj0hizJ4ssuxTze2SK9
-oZ/LEia+PZamG3nWa0A7Hq9kbR4sihpKXSggS4FTndSmxNvMOfOTjAPGBfXTHHgn
-Hg+5kIV8nlvfsrbZ2bUpr1QGOIiEUXsKIIaP2qxoQxGIxf6MyRjY9412EGhNBiAe
-jiUXtIrqC3aMHzW7MIs29Ok/cfN1KY+YSXiUFfTvTyLw5/Lh0Ro=
-=gdTN
+klDqmA/9EldPuI7gKEfkvqQ/3Ev33JZPxI9bzlXNJDvuQkpfXxlN3smXxkklQHLD
+ELay1kHbZVWjEGeOxGn4XidRBIk63s9eQxgGBfCkydMSyJF//zceHlMxUDAsSR74
+BeNPmsScuj88RFpXwiKvRH+jsUxIfpSVZiL4BgCx3loZEQC3RLsRj0fBgAX/Mjid
+q9y7x5rGNfK06vaaKEXvax0uHRA19OWaaA476R/AK6VEnB3wxXe5HE3pn4usxS1I
+RBUR5LLgSkbsimJB8XA/xhabeUnWu39CBIdWFTSjilbm1aVrnZfX+gnAe1AS7uQR
+oOVUEO8Tlmoe89KfSRQGonC1qQSl6ROv4biSN/4NSFNoH9tMIFiV/WZsraO3qc5F
+sVIP1Um+bB+l/OhVwFf1eWDgYiIj3opDKgb3E3JeBwmAR7wZ/cxRiDjq6LyutjR+
+KcWQ7yt0CENXm//I2zs17QjL0Cbr6O8nKUBD8FVPmck9VBk6Mi4jsdHk+WNOefYB
+OF51OqST9wbNjbDH9ViBED2kb9b9TTkrcb8kawSTWj03YdkqIsGJU9+FW2auvYuQ
+A1ly42q2CG0dCkhiSLhO26UaOy5EeXqOYDIVni9gz3Cn8o145XzGVaWLQv1hXJX6
+ErSxolVQb+2uukprBNLfKdeUy1vt1poQ7K/aHq88O+XidEanozs=
+=3s3j
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index a924ccd14e63..2c573718af44 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201807-02.xml b/metadata/glsa/glsa-201807-02.xml
new file mode 100644
index 000000000000..ec691f42d00e
--- /dev/null
+++ b/metadata/glsa/glsa-201807-02.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-02">
+  <title>Passenger: Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Passenger, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">passenger</product>
+  <announced>2018-07-22</announced>
+  <revised count="1">2018-07-22</revised>
+  <bug>658346</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apache/passenger" auto="yes" arch="*">
+      <unaffected range="ge">5.3.2</unaffected>
+      <vulnerable range="lt">5.3.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Passenger runs and manages your Ruby, Node.js, and Python apps.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Passenger. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could escalate privileges, execute arbitrary code,
+      cause a Denial of Service condition, or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Passenger users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-apache/passenger-5.3.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12026">CVE-2018-12026</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12027">CVE-2018-12027</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12028">CVE-2018-12028</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12029">CVE-2018-12029</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-03T02:38:28Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-07-22T20:50:15Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201807-03.xml b/metadata/glsa/glsa-201807-03.xml
new file mode 100644
index 000000000000..f6a41e2fa62d
--- /dev/null
+++ b/metadata/glsa/glsa-201807-03.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-03">
+  <title>ZNC:Multiple Vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ZNC, the worst of which
+    could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">ZNC</product>
+  <announced>2018-07-29</announced>
+  <revised count="2">2018-07-29</revised>
+  <bug>661228</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/znc" auto="yes" arch="*">
+      <unaffected range="ge">1.7.1</unaffected>
+      <vulnerable range="lt">1.7.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ZNC is an advanced IRC bouncer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ZNC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could read arbitary files and esclate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ZNC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/znc-1.7.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14055">CVE-2018-14055</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14056">CVE-2018-14056</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-16T11:02:53Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2018-07-29T21:57:06Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201807-04.xml b/metadata/glsa/glsa-201807-04.xml
new file mode 100644
index 000000000000..38cedbc06c3c
--- /dev/null
+++ b/metadata/glsa/glsa-201807-04.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-04">
+  <title>cURL:Heap-based Buffer Overflow </title>
+  <synopsis>A heap-based buffer overflow in cURL might allow remote attackers
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2018-07-29</announced>
+  <revised count="1">2018-07-29</revised>
+  <bug>660894</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.61.0</unaffected>
+      <vulnerable range="lt">7.61.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+    
+  </background>
+  <description>
+    <p>A heap-based buffer overflow was discovered in cURL’s
+      Curl_smtp_escape_eob() function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a Denial of Service condition or execute
+      arbitrary code via SMTP connections.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.61.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0500">CVE-2018-0500</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-21T22:56:00Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-07-29T22:11:16Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 12cc7817ec00..0254be2da60c 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 21 Jul 2018 18:38:24 +0000
+Sat, 04 Aug 2018 07:08:35 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 9cf5b169a530..39d5ceab637c 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-05c861bfc6df24f1e1d8bdfbeddfde0b268a1418 1531886373 2018-07-18T03:59:33+00:00
+bc003b9516bfd3c1d933c8cd919b86b13f8c5548 1532902339 2018-07-29T22:12:19+00:00