summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2023-11-27 22:51:10 +0000
committerV3n3RiX <venerix@koprulu.sector>2023-11-27 22:51:10 +0000
commitee0c4d5e506a6c64994a15c3af5cf1ca22045567 (patch)
treebdf578939023d42f04092ddb4bcd190eb391770f /metadata/glsa
parent161eaa4b12ca6314376288834bba20b7824d0d77 (diff)
gentoo auto-resync : 27:11:2023 - 22:51:09
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin555336 -> 555493 bytes
-rw-r--r--metadata/glsa/glsa-202311-18.xml49
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
5 files changed, 66 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 55c9cb606a7c..f66a8b1744b4 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 555336 BLAKE2B 61845e600ed6d18be132119bdf3c18b5d7470dc0e9e6d2d7bbbd986ec173c3f6efeafe2d8c452a7dc1908ee00dc99ededa85cc6987ca0678a809132c3f9d1090 SHA512 0d231256dfdb4051a222ab45deaa4260258f4a609494607807f233e851695323a751b69e56f75452b3f361b66f39284d7c3ad73ec04ea29c532b73d36166af03
-TIMESTAMP 2023-11-26T21:40:23Z
+MANIFEST Manifest.files.gz 555493 BLAKE2B 9b9c68f6fcd5aa241244f03965d32d2bee2397eebacb0b4742f3b5eff9058f33cdb8d4c1f96505cd2a1acaed4347077a204862e5674effe944e54b05e7466726 SHA512 bf81aa35acfc8893b8a8ffc0d57915c1a8e6b54e9400f0d03f26dd199de30e2601f7a7c1060d2185e26c3276979665ae687fb8e8a1e2b4d537df4a3270e38d43
+TIMESTAMP 2023-11-27T22:10:27Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVju0dfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVlE9NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAdAg/9HRVlm1xv6zoKAhDA1NwI1rbyFdQjYjt7+CtXcI42i9DcEzqfTMLvDTtB
-NLy8LNQUtdvhGHKV+pJMESG76/tsWjd505+NpAqQZ5i+NLiaw57YUxBoTItSZoTR
-IsuxZ3aiPKQ/wwjQq8EKpd46+aSiDE39EIN0PBW/XaknvtyQ4MT0lTcl6IB2tLNy
-Xo1/HYqT0ntSpx0igG9PyTPvvrRVxjEhetW/dTLuHLpKeo5dkY8RYDW8QOLY+X3/
-Bewar+puRYfBgANIqN50CCj+HPH6LygiJYLL1qE5RxU8NNX1WKep1xKPt+/B11aK
-6wz7s56SS+b/1vEsk7giwpqjbruwiDajVu/x7hX6RYyQQjDLIYdlfN3LeotNnZVo
-/t9fe1V3GUOXQUuzf3p6UgXvlVeuRRYq4uDcoC56BMqc+Mm9o6hhplk0ENOxLLu3
-Y9zwXSdO1UxqrJ0tXeeWIo73H1aW38WBASf8ViR2vSUkOGMl30c4aE/+IwDlr3PE
-sWYQmWpbGtpsd7DVgcRxzrEKoSWAaOxT1uTKmJInw1zwWKLyo9W6HcEVG8HtmqmL
-JUogB4Q9grseL/nQF8ydPQrQZ18gcdQfTwZuDp+JlAHHVOE3NA/4eJwsl19FUOLa
-NmirymoSREdT8UJMLHUrUue+/TwaiDfpivH0WI9FKAoT+u94pmo=
-=KM/Y
+klDJOg/+JGlixE8sQIb9zxBp43pvibxE0cBMkHFs9cymGkdR4QnADKvd9NbqzeEC
+qQLuZf3qKZ+jTnJNcNGa3aknvpNlzFiU2S/7rc12IdHDMEUsNUpWXBP+5K7TLDm2
+SZDdD5SFOuRkJwF66QSLPrsVhwd4fHhHijDrbogA6FSRnnQSZ0QidEzWN/PrkXYa
+ZxWXy8Bw7op4ClKfClhCrIovq9lIcAlSfMQNq53hu41aNQb21iVlDFRNtY8hm1S/
+TkVC45TH5YFjki8OX8gI02jH8VRJCF4tf7mHb3nTPMyRztJujMssnlGAnj6HVe3S
+p/hdi1BrfK7ntnDKIZIZIDXT+9bODUjd3t6ea6fPTZORFEthUs6Ho7KTKc3mv3uu
+XpEnIgzU3gaGh1FEmlHM6TmsjpxNcdqhA38FeEbuvmlV2qzgh917Xya3548+BNus
+zYeZH/hfXe4lqmoXFcalynW1o4dNlFe2H3+tAtFQjTP6z/s1HtDUWdxiOhU4/5T2
+dyz3ZhJbcd5RFed5CJlOJ6wE554QaPFBi5OeioqeZS5vqUB4rtyS3IylN7Q5RJV1
+T4/x+CO+4KMXhhl9s06KzkYPK1knc/DTs0AsWr3rKQ1MGLWpAuj7nzPZpm4zdSYD
+sBX6uleDfAC6kevu3nR4Mj91UZrWCsMacweyMIuGKxaE+WwzfKw=
+=cNip
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index fd82309ee061..0ed9dcec42d6 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202311-18.xml b/metadata/glsa/glsa-202311-18.xml
new file mode 100644
index 000000000000..e9be8ca61104
--- /dev/null
+++ b/metadata/glsa/glsa-202311-18.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202311-18">
+ <title>GLib: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in GLib.</synopsis>
+ <product type="ebuild">glib</product>
+ <announced>2023-11-27</announced>
+ <revised count="1">2023-11-27</revised>
+ <bug>886197</bug>
+ <bug>887807</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/glib" auto="yes" arch="*">
+ <unaffected range="ge">2.74.4</unaffected>
+ <vulnerable range="lt">2.74.4</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>GLib is a library providing a number of GNOME&#39;s core objects and functions.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in GLib. Please review the referenced CVEs for details.</p>
+ </description>
+ <impact type="high">
+ <p>GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
+
+GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
+
+GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All GLib users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.74.4"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29499">CVE-2023-29499</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32611">CVE-2023-32611</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32665">CVE-2023-32665</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-11-27T12:24:33.325998Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2023-11-27T12:24:33.328076Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 7279f918bfde..ea3b769c08f8 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 26 Nov 2023 21:40:20 +0000
+Mon, 27 Nov 2023 22:10:25 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 41bafd70d2fe..313f325014a1 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-17b5b8836331281e84f8ed624b689a3d52cac6fe 1700995599 2023-11-26T10:46:39+00:00
+e8cae5eafb887bc451b4344e6de2d99b8d6e75de 1701088111 2023-11-27T12:28:31+00:00