gentoo resync : 06.08.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-09-06 10:28:05 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2019-09-06 10:28:05 +0100
commit: f1af93971b7490792d8541bc790e0d8c6d787059 (patch)
tree: a38046712bbc3a3844d77452d16c84e716caa3d4 /metadata/glsa
parent: fc637fb28da700da71ec2064d65ca5a7a31b9c6c (diff)
9 files changed, 218 insertions, 20 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 43909281f0ca..14342aa9db71 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 446941 BLAKE2B 27348febfa1e8b0c37a6262b9e1c30afa2668e0702870fc19e3e8e049c8aa3fce3a0a847ecfdfa1843e08f25b1c541365b360bee2789c88b7c7abd1d0af7a0a4 SHA512 b604df11b0bda8c02e03d8c0f183f427ec63dd525e2cbd5b7473a5dbfd7112d964e04f46efec437421b06496482ba2148b26225bcbd4b736cd57023d4aeb1ea7
-TIMESTAMP 2019-08-18T16:09:02Z
+MANIFEST Manifest.files.gz 447571 BLAKE2B 5dcbf22acab4aa936027b65cb350fd1f2f1c1e2537d9521e947b1cbe33f4d7b2b6fbb6bb4805bdf0c5ff45c77fcb33345e4c8d8b89729f3fa2275febb0067a24 SHA512 85251d26f1a84f633b1f394aeaeb284222b79a86f4ce32b3e4e3dbc431b1a27e54bd1e6b1023f766bdacf2a7c3226992247aab3e13dd008f70ff63b9b31dcd87
+TIMESTAMP 2019-09-06T08:39:04Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1ZeB5fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1yGyhfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAlMw//Y9l50sTL8BwL9tH0qPOFngKNjcjMJzJGgU69fY+GrSyTWN0U1GMQzpcR
-KqaTOuUJiSAxYhm8AZueZ73wGp21lm4qFUvKGHjWvTLT7YtlMqenG6kX/HeKoaM/
-5U1KHEAHVFgXOyQOD/h9ETZNnvB/oJhjXUgf46nYUnZi5UXrj73b8Z0G6jfNERO6
-9VQ3+VkOFYp6oOKplqDfyxrDCqwTzQRXap2dpmdozxVbydpr6BfquEbYy+0NijYC
-FNsEWNCwEo8GeWSdYFS8Q/eB3Vp6oCVAwBtW6+GZwsMEpt7/yGQe1Y9Zat1VGze2
-MsCQ06nnL/G/lnRpe1LtfzEugKh1RPzv78ZruY6dqkqo/wfrIkMksM2l9IU8zsE1
-XQgI/cFLfZoMNe7DhYvWPhe9Jj8jgIjiXY5F2RuiVt+B3K8DcJoBB0LeyrTSs9w+
-1q3eOiunW4Z6wTfeYpXmnIrW/ZDM0xw0SU/fgAKmf/u1QRy9ctNVGwB02u/Oif/o
-xbX5yfRQxEA7qK3RN6tPU1r+9QYbbyIUBePFXbbMCEv41QUpj9shNh3g5kC1LQPQ
-VG7l+/ewS57u6wUBRAEFosLVcU5zKZydHkmqJTY4mCpGbDcJQ/q16Es/kNBprEsM
-GkSyKT4EJrp8XUnqfXBVVADUP2aGqiJTQ8GPsBn5CUkb33fO2gY=
-=z3VN
+klCTtxAAhLPXP6XvR+/h9wHgS6IrEhLTQ3N5A5s8veo5JxxSv6qrosvcmz5D1Enx
+1TjSiBhfKZMacSjIbDbwn0LZ5r5e7RcZnY8wPpieL7xcYhgRF935Py4CTsjkEZXR
+EjCQWPbsSsPgTSya/RkMowmHib4ruGJtqKc12MJFB4XXGizIfGxT5sE278hJ4kKn
+oysYDsJgdq4Md9KRwr04f59oncNx3cvtfDCNfYDl9G1m57GZC/A/uuCdyx6wRk8B
+jdKDwxE7Yz3rJAHDnbiN629i3HaaN1Csu1IVgXKbUToCaKwRwno5W4uJE9tnNZjk
+RIFsdPrV/C62PdZXyxB8koPk5pVx/fmwn8hdh3Q23pITZXnUKQdEHg5gqV447KGk
+WlNi40qMmw5npaUmKWUGNCyNj4211BGPzbjn4xOKGQwZOAZZkE3eyNBWiS6kNALL
+2LkBmHjPe8It97gXBBfdyMElxMUhK1GljNFF7K8X10kT4Tnqy04q2heRN7e2pcaH
+y8H9iQlzFvi0fJt2yZZfKmc/ktlHwXiQJeFzk9ym+PiM2dmr35roCfR26aKF7yio
+LMCmGWvAW7WDxpAKDzfSmS05oavvtT9nI7H1MjZHSoHHescL6vVQU2drelNIyCuQ
+QVoSn7xRqg3yPU6F2lwhGCNKq95XcprgmmRseY8RnxHOEdddRXA=
+=x/mL
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 8dde4ddcf57d..8045ca98ae1e 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201908-03.xml b/metadata/glsa/glsa-201908-03.xml
index 2b768c68c862..4a5520a3d11c 100644
--- a/metadata/glsa/glsa-201908-03.xml
+++ b/metadata/glsa/glsa-201908-03.xml
@@ -7,7 +7,7 @@
   </synopsis>
   <product type="ebuild">jasper</product>
   <announced>2019-08-09</announced>
-  <revised count="2">2019-08-09</revised>
+  <revised count="3">2019-08-28</revised>
   <bug>614028</bug>
   <bug>614032</bug>
   <bug>624988</bug>
@@ -63,7 +63,6 @@
     <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13753">CVE-2017-13753</uri>
     <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14132">CVE-2017-14132</uri>
     <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14229">CVE-2017-14229</uri>
-    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14232">CVE-2017-14232</uri>
     <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5503">CVE-2017-5503</uri>
     <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5504">CVE-2017-5504</uri>
     <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5505">CVE-2017-5505</uri>
@@ -76,5 +75,5 @@
     <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-9154">CVE-2018-9154</uri>
   </references>
   <metadata tag="requester" timestamp="2019-08-04T18:37:11Z">b-man</metadata>
-  <metadata tag="submitter" timestamp="2019-08-09T22:17:32Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-28T22:02:05Z">b-man</metadata>
 </glsa>
diff --git a/metadata/glsa/glsa-201908-26.xml b/metadata/glsa/glsa-201908-26.xml
new file mode 100644
index 000000000000..9a757dd8348d
--- /dev/null
+++ b/metadata/glsa/glsa-201908-26.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-26">
+  <title>libofx: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libofx, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libofx</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>631304</bug>
+  <bug>636062</bug>
+  <bug>662910</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libofx" auto="yes" arch="*">
+      <unaffected range="ge">0.9.14</unaffected>
+      <vulnerable range="lt">0.9.14</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library to support the Open Financial eXchange XML format</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libofx. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      file using an application linked against libofx, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libofx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libofx-0.9.14"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14731">CVE-2017-14731</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2816">CVE-2017-2816</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2920">CVE-2017-2920</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-18T02:20:40Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T15:00:19Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-27.xml b/metadata/glsa/glsa-201908-27.xml
new file mode 100644
index 000000000000..6f7af7bbed67
--- /dev/null
+++ b/metadata/glsa/glsa-201908-27.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-27">
+  <title>Nautilus: Security bypass</title>
+  <synopsis>A vulnerability in Nautilus may allow attackers to escape the
+    sandbox.
+  </synopsis>
+  <product type="ebuild">nautilus</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>692784</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/nautilus" auto="yes" arch="*">
+      <unaffected range="ge">3.30.5-r1</unaffected>
+      <vulnerable range="lt">3.30.5-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Default file manager for the GNOME desktop</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in Nautilus which allows an attacker to
+      escape the sandbox.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly bypass sandbox protection.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Nautilus users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=gnome-base/nautilus-3.30.5-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11461">CVE-2019-11461</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-26T21:48:06Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T15:00:33Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-28.xml b/metadata/glsa/glsa-201908-28.xml
new file mode 100644
index 000000000000..19818590fbcb
--- /dev/null
+++ b/metadata/glsa/glsa-201908-28.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-28">
+  <title>GNOME desktop library: Security bypass</title>
+  <synopsis>A vulnerability in the GNOME desktop library may allow attackers to
+    escape the sandbox.
+  </synopsis>
+  <product type="ebuild">gnome-desktop</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>692782</bug>
+  <access>local</access>
+  <affected>
+    <package name="gnome-base/gnome-desktop" auto="yes" arch="*">
+      <unaffected range="ge">3.30.2.3</unaffected>
+      <vulnerable range="lt">3.30.2.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Library with common API for various GNOME modules.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in the GNOME desktop library which allows
+      an attacker to escape the sandbox.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could possibly bypass sandbox protection.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNOME desktop library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=gnome-base/gnome-desktop-3.30.2.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11460">CVE-2019-11460</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-31T14:55:07Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T21:05:16Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201908-29.xml b/metadata/glsa/glsa-201908-29.xml
new file mode 100644
index 000000000000..4b86c592f6fa
--- /dev/null
+++ b/metadata/glsa/glsa-201908-29.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201908-29">
+  <title>Dovecot: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">dovecot</product>
+  <announced>2019-08-31</announced>
+  <revised count="1">2019-08-31</revised>
+  <bug>683732</bug>
+  <bug>692572</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-mail/dovecot" auto="yes" arch="*">
+      <unaffected range="ge">2.3.7.2</unaffected>
+      <vulnerable range="lt">2.3.7.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Dovecot is an open source IMAP and POP3 email server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Dovecot. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An unauthenticated remote attacker could send a specially crafted mail
+      or use crafted IMAP commands possibly resulting in the execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Dovecot users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/dovecot-2.3.7.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10691">CVE-2019-10691</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11500">CVE-2019-11500</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-08-31T14:29:36Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-08-31T21:05:29Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 7a755efccb78..2f6a7762bf94 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 18 Aug 2019 16:08:59 +0000
+Fri, 06 Sep 2019 08:39:01 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index a0dca6b11934..ac1358016db9 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-55b0fff2f98b275d6a6bcaf8e12164157936324c 1566095478 2019-08-18T02:31:18+00:00
+b3e8c925d3f6eb29b568169ff67ed18a2ff264c2 1567285941 2019-08-31T21:12:21+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2019-09-06 10:28:05 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2019-09-06 10:28:05 +0100
commit	f1af93971b7490792d8541bc790e0d8c6d787059 (patch)
tree	a38046712bbc3a3844d77452d16c84e716caa3d4 /metadata/glsa
parent	fc637fb28da700da71ec2064d65ca5a7a31b9c6c (diff)