diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-11-27 22:51:10 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-11-27 22:51:10 +0000 |
commit | ee0c4d5e506a6c64994a15c3af5cf1ca22045567 (patch) | |
tree | bdf578939023d42f04092ddb4bcd190eb391770f /metadata/glsa | |
parent | 161eaa4b12ca6314376288834bba20b7824d0d77 (diff) |
gentoo auto-resync : 27:11:2023 - 22:51:09
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 555336 -> 555493 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-202311-18.xml | 49 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 66 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 55c9cb606a7c..f66a8b1744b4 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 555336 BLAKE2B 61845e600ed6d18be132119bdf3c18b5d7470dc0e9e6d2d7bbbd986ec173c3f6efeafe2d8c452a7dc1908ee00dc99ededa85cc6987ca0678a809132c3f9d1090 SHA512 0d231256dfdb4051a222ab45deaa4260258f4a609494607807f233e851695323a751b69e56f75452b3f361b66f39284d7c3ad73ec04ea29c532b73d36166af03 -TIMESTAMP 2023-11-26T21:40:23Z +MANIFEST Manifest.files.gz 555493 BLAKE2B 9b9c68f6fcd5aa241244f03965d32d2bee2397eebacb0b4742f3b5eff9058f33cdb8d4c1f96505cd2a1acaed4347077a204862e5674effe944e54b05e7466726 SHA512 bf81aa35acfc8893b8a8ffc0d57915c1a8e6b54e9400f0d03f26dd199de30e2601f7a7c1060d2185e26c3276979665ae687fb8e8a1e2b4d537df4a3270e38d43 +TIMESTAMP 2023-11-27T22:10:27Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVju0dfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVlE9NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAdAg/9HRVlm1xv6zoKAhDA1NwI1rbyFdQjYjt7+CtXcI42i9DcEzqfTMLvDTtB -NLy8LNQUtdvhGHKV+pJMESG76/tsWjd505+NpAqQZ5i+NLiaw57YUxBoTItSZoTR -IsuxZ3aiPKQ/wwjQq8EKpd46+aSiDE39EIN0PBW/XaknvtyQ4MT0lTcl6IB2tLNy -Xo1/HYqT0ntSpx0igG9PyTPvvrRVxjEhetW/dTLuHLpKeo5dkY8RYDW8QOLY+X3/ -Bewar+puRYfBgANIqN50CCj+HPH6LygiJYLL1qE5RxU8NNX1WKep1xKPt+/B11aK -6wz7s56SS+b/1vEsk7giwpqjbruwiDajVu/x7hX6RYyQQjDLIYdlfN3LeotNnZVo -/t9fe1V3GUOXQUuzf3p6UgXvlVeuRRYq4uDcoC56BMqc+Mm9o6hhplk0ENOxLLu3 -Y9zwXSdO1UxqrJ0tXeeWIo73H1aW38WBASf8ViR2vSUkOGMl30c4aE/+IwDlr3PE -sWYQmWpbGtpsd7DVgcRxzrEKoSWAaOxT1uTKmJInw1zwWKLyo9W6HcEVG8HtmqmL -JUogB4Q9grseL/nQF8ydPQrQZ18gcdQfTwZuDp+JlAHHVOE3NA/4eJwsl19FUOLa -NmirymoSREdT8UJMLHUrUue+/TwaiDfpivH0WI9FKAoT+u94pmo= -=KM/Y +klDJOg/+JGlixE8sQIb9zxBp43pvibxE0cBMkHFs9cymGkdR4QnADKvd9NbqzeEC +qQLuZf3qKZ+jTnJNcNGa3aknvpNlzFiU2S/7rc12IdHDMEUsNUpWXBP+5K7TLDm2 +SZDdD5SFOuRkJwF66QSLPrsVhwd4fHhHijDrbogA6FSRnnQSZ0QidEzWN/PrkXYa +ZxWXy8Bw7op4ClKfClhCrIovq9lIcAlSfMQNq53hu41aNQb21iVlDFRNtY8hm1S/ +TkVC45TH5YFjki8OX8gI02jH8VRJCF4tf7mHb3nTPMyRztJujMssnlGAnj6HVe3S +p/hdi1BrfK7ntnDKIZIZIDXT+9bODUjd3t6ea6fPTZORFEthUs6Ho7KTKc3mv3uu +XpEnIgzU3gaGh1FEmlHM6TmsjpxNcdqhA38FeEbuvmlV2qzgh917Xya3548+BNus +zYeZH/hfXe4lqmoXFcalynW1o4dNlFe2H3+tAtFQjTP6z/s1HtDUWdxiOhU4/5T2 +dyz3ZhJbcd5RFed5CJlOJ6wE554QaPFBi5OeioqeZS5vqUB4rtyS3IylN7Q5RJV1 +T4/x+CO+4KMXhhl9s06KzkYPK1knc/DTs0AsWr3rKQ1MGLWpAuj7nzPZpm4zdSYD +sBX6uleDfAC6kevu3nR4Mj91UZrWCsMacweyMIuGKxaE+WwzfKw= +=cNip -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex fd82309ee061..0ed9dcec42d6 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202311-18.xml b/metadata/glsa/glsa-202311-18.xml new file mode 100644 index 000000000000..e9be8ca61104 --- /dev/null +++ b/metadata/glsa/glsa-202311-18.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202311-18"> + <title>GLib: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in GLib.</synopsis> + <product type="ebuild">glib</product> + <announced>2023-11-27</announced> + <revised count="1">2023-11-27</revised> + <bug>886197</bug> + <bug>887807</bug> + <access>remote</access> + <affected> + <package name="dev-libs/glib" auto="yes" arch="*"> + <unaffected range="ge">2.74.4</unaffected> + <vulnerable range="lt">2.74.4</vulnerable> + </package> + </affected> + <background> + <p>GLib is a library providing a number of GNOME's core objects and functions.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GLib. Please review the referenced CVEs for details.</p> + </description> + <impact type="high"> + <p>GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
+
+GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
+
+GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GLib users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.74.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29499">CVE-2023-29499</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32611">CVE-2023-32611</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32665">CVE-2023-32665</uri> + </references> + <metadata tag="requester" timestamp="2023-11-27T12:24:33.325998Z">graaff</metadata> + <metadata tag="submitter" timestamp="2023-11-27T12:24:33.328076Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 7279f918bfde..ea3b769c08f8 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 26 Nov 2023 21:40:20 +0000 +Mon, 27 Nov 2023 22:10:25 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 41bafd70d2fe..313f325014a1 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -17b5b8836331281e84f8ed624b689a3d52cac6fe 1700995599 2023-11-26T10:46:39+00:00 +e8cae5eafb887bc451b4344e6de2d99b8d6e75de 1701088111 2023-11-27T12:28:31+00:00 |