diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-09-08 01:07:24 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-09-08 01:07:24 +0100 |
commit | e3cf2c86fca1750343c1885311f857f185ee4f2d (patch) | |
tree | d9d1fbc20509d4c90f57fb2d9e1459bc8034c831 /metadata/glsa | |
parent | f1af93971b7490792d8541bc790e0d8c6d787059 (diff) |
gentoo resync : 08.09.2019
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 447571 -> 448529 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-201909-01.xml | 53 | ||||
-rw-r--r-- | metadata/glsa/glsa-201909-02.xml | 57 | ||||
-rw-r--r-- | metadata/glsa/glsa-201909-03.xml | 52 | ||||
-rw-r--r-- | metadata/glsa/glsa-201909-04.xml | 53 | ||||
-rw-r--r-- | metadata/glsa/glsa-201909-05.xml | 118 | ||||
-rw-r--r-- | metadata/glsa/glsa-201909-06.xml | 54 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
10 files changed, 404 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 14342aa9db71..eba6cee644e5 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 447571 BLAKE2B 5dcbf22acab4aa936027b65cb350fd1f2f1c1e2537d9521e947b1cbe33f4d7b2b6fbb6bb4805bdf0c5ff45c77fcb33345e4c8d8b89729f3fa2275febb0067a24 SHA512 85251d26f1a84f633b1f394aeaeb284222b79a86f4ce32b3e4e3dbc431b1a27e54bd1e6b1023f766bdacf2a7c3226992247aab3e13dd008f70ff63b9b31dcd87 -TIMESTAMP 2019-09-06T08:39:04Z +MANIFEST Manifest.files.gz 448529 BLAKE2B 70fc5fdf3704f2b7ec0033da58e9dba173720d87011ed4a8c13796a79ab719c338f43528d1a392475f724b87e95f6e187b39a6f6e92d64f4882d0f0004bffa24 SHA512 53832aafadeff79f44632a74dc19ba49106055cc3a8017511025ef2e4ca2499a5d5154766e4957167240e37b7e0bfd956e305d79053c82988ad80b673f006f8c +TIMESTAMP 2019-09-07T23:09:08Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1yGyhfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl10OJRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCTtxAAhLPXP6XvR+/h9wHgS6IrEhLTQ3N5A5s8veo5JxxSv6qrosvcmz5D1Enx -1TjSiBhfKZMacSjIbDbwn0LZ5r5e7RcZnY8wPpieL7xcYhgRF935Py4CTsjkEZXR -EjCQWPbsSsPgTSya/RkMowmHib4ruGJtqKc12MJFB4XXGizIfGxT5sE278hJ4kKn -oysYDsJgdq4Md9KRwr04f59oncNx3cvtfDCNfYDl9G1m57GZC/A/uuCdyx6wRk8B -jdKDwxE7Yz3rJAHDnbiN629i3HaaN1Csu1IVgXKbUToCaKwRwno5W4uJE9tnNZjk -RIFsdPrV/C62PdZXyxB8koPk5pVx/fmwn8hdh3Q23pITZXnUKQdEHg5gqV447KGk -WlNi40qMmw5npaUmKWUGNCyNj4211BGPzbjn4xOKGQwZOAZZkE3eyNBWiS6kNALL -2LkBmHjPe8It97gXBBfdyMElxMUhK1GljNFF7K8X10kT4Tnqy04q2heRN7e2pcaH -y8H9iQlzFvi0fJt2yZZfKmc/ktlHwXiQJeFzk9ym+PiM2dmr35roCfR26aKF7yio -LMCmGWvAW7WDxpAKDzfSmS05oavvtT9nI7H1MjZHSoHHescL6vVQU2drelNIyCuQ -QVoSn7xRqg3yPU6F2lwhGCNKq95XcprgmmRseY8RnxHOEdddRXA= -=x/mL +klCN8A//SkpChS4L4qFkiOHwjHf4wtUIa7szn1dux34X7fyb3W/5uXdyyRqCarK9 +X9Y8yqKkKUWBTRP195IsRMn76nJD0AwX2v5sKvOEsJJjCMD3Ka8uxKJqb1V23JXM +LXn0/cqFJHQCfVnZvNLQUCOg5TJEtKZQJVEojFwpicB8usWdGrvk0tuxi81bLbOB ++1ekRMfKy3Ik2sdMWKrowEoeoicOcbYTi7yGT+z8YceVIku+pDeq0Tbj8jvfOYdf +sdo5pPJeqYFk788zYELBpUGAfM1RkMTv3uuTdQ6bIjNnjb0cp2TP62oSoEYWOWDg +qh2Ts+j7As00AGtxjq6zv2jQj03rugy3aiz9FvEhR7aLh+acYgD66Lale9QXnHa+ +SLiA22EOXIuACTnFZr0E/IdZGU/KG3QFr2EKCmsupUVxiUINM/Ypz73bmbi6lEIW +7/ziqcDqYBMmxTcZg5x3gyqrOU/Na/nXEJZ3dLyA7zCtkgts+W4+oh2Iwm9Vcajn +FTHp0D0ep4hAv505JGUEKPv8tBsU4tmcdjbcpKBXaAF10OU4bkEJd3hzvcNTqrim +0V1YIj482yNYDWuQEOrru5yBRXrZj9nr+yAkW/sqGvH5zCSAeuMxOKTvzHlO1p1p +tEizdnKAB6hB3tFjgiF/JMZkDxx3+pMYoTnu57m0KQUjlcVTboo= +=V6QD -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 8045ca98ae1e..81138f54ea78 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201909-01.xml b/metadata/glsa/glsa-201909-01.xml new file mode 100644 index 000000000000..d94daf002b35 --- /dev/null +++ b/metadata/glsa/glsa-201909-01.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201909-01"> + <title>Perl: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Perl, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">perl</product> + <announced>2019-09-06</announced> + <revised count="1">2019-09-06</revised> + <bug>653432</bug> + <bug>670190</bug> + <access>remote</access> + <affected> + <package name="dev-lang/perl" auto="yes" arch="*"> + <unaffected range="ge">5.28.2</unaffected> + <vulnerable range="lt">5.28.2</vulnerable> + </package> + </affected> + <background> + <p>Perl is a highly capable, feature-rich programming language.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Perl. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Perl users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.28.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18311">CVE-2018-18311</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18312">CVE-2018-18312</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18313">CVE-2018-18313</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18314">CVE-2018-18314</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6797">CVE-2018-6797</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6798">CVE-2018-6798</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6913">CVE-2018-6913</uri> + </references> + <metadata tag="requester" timestamp="2019-09-01T00:43:08Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-09-06T16:00:53Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201909-02.xml b/metadata/glsa/glsa-201909-02.xml new file mode 100644 index 000000000000..14e36289adff --- /dev/null +++ b/metadata/glsa/glsa-201909-02.xml @@ -0,0 +1,57 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201909-02"> + <title>VLC: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in VLC, the worst of which + could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">vlc</product> + <announced>2019-09-06</announced> + <revised count="1">2019-09-06</revised> + <bug>689974</bug> + <access>remote</access> + <affected> + <package name="media-video/vlc" auto="yes" arch="*"> + <unaffected range="ge">3.0.8</unaffected> + <vulnerable range="lt">3.0.8</vulnerable> + </package> + </affected> + <background> + <p>VLC is a cross-platform media player and streaming server.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in VLC. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All VLC users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-3.0.8" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13602">CVE-2019-13602</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13962">CVE-2019-13962</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14437">CVE-2019-14437</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14438">CVE-2019-14438</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14498">CVE-2019-14498</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14533">CVE-2019-14533</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14534">CVE-2019-14534</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14535">CVE-2019-14535</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14776">CVE-2019-14776</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14777">CVE-2019-14777</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14778">CVE-2019-14778</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14970">CVE-2019-14970</uri> + </references> + <metadata tag="requester" timestamp="2019-09-02T22:22:22Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-09-06T16:01:08Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201909-03.xml b/metadata/glsa/glsa-201909-03.xml new file mode 100644 index 000000000000..70b47802e0c1 --- /dev/null +++ b/metadata/glsa/glsa-201909-03.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201909-03"> + <title>Pango: Buffer overflow</title> + <synopsis>A buffer overflow in Pango might allow an attacker to execute + arbitrary code. + </synopsis> + <product type="ebuild">pango</product> + <announced>2019-09-06</announced> + <revised count="1">2019-09-06</revised> + <bug>692110</bug> + <access>remote</access> + <affected> + <package name="x11-libs/pango" auto="yes" arch="*"> + <unaffected range="ge">1.42.4-r2</unaffected> + <vulnerable range="lt">1.42.4-r2</vulnerable> + </package> + </affected> + <background> + <p>Pango is a library for layout and rendering of internationalized text.</p> + </background> + <description> + <p>A buffer overflow has been discovered in Pango’s + pango_log2vis_get_embedding_levels function. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to process a specially crafted + string with functions like pango_itemize, possibly resulting in execution + of arbitrary code with the privileges of the process or a Denial of + Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Pango users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/pango-1.42.4-r2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1010238"> + CVE-2019-1010238 + </uri> + </references> + <metadata tag="requester" timestamp="2019-09-02T22:32:20Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-09-06T16:01:18Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201909-04.xml b/metadata/glsa/glsa-201909-04.xml new file mode 100644 index 000000000000..0d229fc59291 --- /dev/null +++ b/metadata/glsa/glsa-201909-04.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201909-04"> + <title>Apache: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Apache, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">apache</product> + <announced>2019-09-06</announced> + <revised count="1">2019-09-06</revised> + <bug>692172</bug> + <access>remote</access> + <affected> + <package name="www-servers/apache" auto="yes" arch="*"> + <unaffected range="ge">2.4.41</unaffected> + <vulnerable range="lt">2.4.41</vulnerable> + </package> + </affected> + <background> + <p>The Apache HTTP server is one of the most popular web servers on the + Internet. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Apache. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Apache users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.41" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10081">CVE-2019-10081</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10082">CVE-2019-10082</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10092">CVE-2019-10092</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10097">CVE-2019-10097</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10098">CVE-2019-10098</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9517">CVE-2019-9517</uri> + </references> + <metadata tag="requester" timestamp="2019-09-02T22:39:09Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-09-06T16:01:34Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201909-05.xml b/metadata/glsa/glsa-201909-05.xml new file mode 100644 index 000000000000..dfe043bf6ac4 --- /dev/null +++ b/metadata/glsa/glsa-201909-05.xml @@ -0,0 +1,118 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201909-05"> + <title>WebkitGTK+: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst + of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">webkitgtk+</product> + <announced>2019-09-06</announced> + <revised count="1">2019-09-06</revised> + <bug>683234</bug> + <bug>686216</bug> + <bug>693122</bug> + <access>remote</access> + <affected> + <package name="net-libs/webkit-gtk" auto="yes" arch="*"> + <unaffected range="ge">2.24.4</unaffected> + <vulnerable range="lt">2.24.4</vulnerable> + </package> + </affected> + <background> + <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, from hybrid + HTML/CSS applications to full-fledged web browsers. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>An attacker, by enticing a user to visit maliciously crafted web + content, may be able to execute arbitrary code or cause memory + corruption. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All WebkitGTK+ users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11070">CVE-2019-11070</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6201">CVE-2019-6201</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6251">CVE-2019-6251</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7285">CVE-2019-7285</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7292">CVE-2019-7292</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8503">CVE-2019-8503</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8506">CVE-2019-8506</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8515">CVE-2019-8515</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8518">CVE-2019-8518</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8523">CVE-2019-8523</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8524">CVE-2019-8524</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8535">CVE-2019-8535</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8536">CVE-2019-8536</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8544">CVE-2019-8544</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8551">CVE-2019-8551</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8558">CVE-2019-8558</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8559">CVE-2019-8559</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8563">CVE-2019-8563</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8595">CVE-2019-8595</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8607">CVE-2019-8607</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8615">CVE-2019-8615</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri> + <uri link="https://webkitgtk.org/security/WSA-2019-0002.html">WSA-2019-0002</uri> + <uri link="https://webkitgtk.org/security/WSA-2019-0004.html">WSA-2019-0004</uri> + </references> + <metadata tag="requester" timestamp="2019-09-02T22:15:30Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-09-06T16:01:55Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201909-06.xml b/metadata/glsa/glsa-201909-06.xml new file mode 100644 index 000000000000..b8780c59022a --- /dev/null +++ b/metadata/glsa/glsa-201909-06.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201909-06"> + <title>Exim: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Exim, the worst of + which allows remote attackers to execute arbitrary code. + </synopsis> + <product type="ebuild">exim</product> + <announced>2019-09-07</announced> + <revised count="1">2019-09-07</revised> + <bug>692394</bug> + <bug>693494</bug> + <access>remote</access> + <affected> + <package name="mail-mta/exim" auto="yes" arch="*"> + <unaffected range="ge">4.92.2</unaffected> + <vulnerable range="lt">4.92.2</vulnerable> + </package> + </affected> + <background> + <p>Exim is a message transfer agent (MTA) designed to be a a highly + configurable, drop-in replacement for sendmail. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Exim. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="high"> + <p>A remote attacker, by connecting to the SMTP listener daemon, could + possibly execute arbitrary code with the privileges of the process or + cause a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Exim users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.92.2" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13917">CVE-2019-13917</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15846">CVE-2019-15846</uri> + </references> + <metadata tag="requester" timestamp="2019-09-06T15:35:36Z">whissi</metadata> + <metadata tag="submitter" timestamp="2019-09-07T00:22:35Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 2f6a7762bf94..36c3392d5556 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 06 Sep 2019 08:39:01 +0000 +Sat, 07 Sep 2019 23:09:04 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index ac1358016db9..82f2e1957979 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -b3e8c925d3f6eb29b568169ff67ed18a2ff264c2 1567285941 2019-08-31T21:12:21+00:00 +68b71b2cbc79a9ef9e8701eb09586b9f2f9eb7b2 1567815781 2019-09-07T00:23:01+00:00 |