gentoo resync : 16.06.2018

8 files changed, 228 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index d56a25b6be5e..4f2a9e2e7962 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 425353 BLAKE2B ec410f73e8160a04f1e8d9ba24f8a9a7403de8d80de422b45237ee3d29412684c7b01eb6c65076d2a0e39e2a5a031fa3a30e25eaf8291e44c92b9e9e62cb3412 SHA512 f41e2315afb547d2663e7d73d1c71ddccb41cbcb981f32843e47a742285e23731f0c982f66fc7df7697259b315666ee38e690923c6014e4574c7d7496b96947a
-TIMESTAMP 2018-06-09T07:38:40Z
+MANIFEST Manifest.files.gz 425986 BLAKE2B 7d85d5d425d6a32154acb4a6caf5510b1727824049e4d280e4ce24df212ed1afbd08799a2cc7c144ede280b60154612e1328ddb782e47076fb1ea7af095c3b33 SHA512 e30fd9fcd31461c74df766927e752a6d54f7b8d0fbbb414546d1dea373dbc0058af9ac0adc109de0105cbe98d3ae59802a6ade9f2b520edf7cc1b52ea112c9a9
+TIMESTAMP 2018-06-16T02:38:30Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlsbhABfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlskeCZfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDzWhAAhVdT7hhGiPbYCO+mQH40xr5WGgTRKVxMcRg1QdJt7EVRdXt0UcuFXRsy
-RMR07dJWhyf3+mRJEhacJpx+Va3I1WG9Kfn7WllciqGQVb2Hs4+iH22uIiCF8E7A
-VaqI/qtCEDVYSLjdf+JlmYktdtwFrqgBCD9vK8ZLvhg2f6IBnRhsdTH9omss6D42
-p+2S+pwGOsYNmQp2lHE5wt+B2AOFVZOwwvG5E6y0IxhaAMMlPA5CNjs026ZmDHRT
-+J9L1VDq3x8lZpUBQfJIYnXQG4mXSlJKnBQ02vwwnlllQQLMvThXo8gTx7SFr2zF
-btW8HsGWLpB92aYYyEP+aI+72yRTunrN9nl3NTvK/rV0Xyt2JCnSz7A7HqGVihLk
-qAogMFDhbdoruq4BaZ6MwizAkIXnPPPgs/gMnj7QswGypjGsQFTw5sYPLTg25Tr+
-Vj+upzZgLluwmwgloCeX6Y9o9KFKvpy4M7FJcJbR+Zjb1Pqugel95M7W1jg80VDz
-EsnVegV1ZmJ4w0llH9OjzAyZZjUwRFSbm/bDXFv9zh6e+Ziemz6SbBECEW1hweu4
-mi9pF1nCHE0Ac7Oq3kJG7M/8LLd7sghRgXmV61EbAB2TKZTRNvI2mE4OgDo5tgr0
-thEMbrEIrdoYruQb0twK4fmI4+FUybYSNKVPz14zreXELoH/pEQ=
-=DtZ2
+klAuKA//R7vn8WbOnK3bn6+1TkjPzv8Qt6EIhvFqNz6muJ2/T1/V2JBFlB1SUw9h
+8jt6U/s64Xmajzpcb8wYBT/5hkpYjVVyGrmoxeo3OWBzBt1VzxeXMQA3tS1Zb8EB
+kq61IMPA6lsJal13tXxxi0ujZLdA6KfFmmh6119yun2JDRMKhydJplHAOAwneQJn
+Q9EbEZzQtrQJEwkUGUQlurcP7/1kLMNCOnojKgsw1OyMcigrjiFNKrNOnl0Js3jO
+MUegsalLmSa5N9bHFJsbhsNQVpdIctZE+7sm0dDDm9ew0B0POH8Q7NsnMVli69tV
+k1d9AR6XmkeCB3sUEBUWhUdUh75cZj3JK5KWwicpSvLoJbGS5wXrFrS1Yy6e0Wrc
+hwsXw2S6TAmtRe72ZyQAOIR8fIcNq4ZM6eDhdgi59v3ygf2j35ucCccCbd8h0UNr
+ItJtOfqmzM4S6JYtZQIjNrXvPdCkn2IFFw1pPD2wCxkMTP+GyKT5aIGS6gbTT00t
+tkyNn39LbLNgaPik1Tcdl9wP3lcTyPGQDWk+GitVgm6k91fQQJ2rabiOTYYfvmGn
+sGRa5gRx7kpEiIGS9JV06MbjzXisXzUEFxwTKrCfF3FGccorK4xj/u4NSCRsEaXc
+glnU/FgaEw4c4x6r28h1rThperAU2clCg+MlDMsdl2Cfkjqbeq0=
+=OLTR
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 863cd62f2c63..40f16a604f30 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201806-01.xml b/metadata/glsa/glsa-201806-01.xml
new file mode 100644
index 000000000000..b4e460104169
--- /dev/null
+++ b/metadata/glsa/glsa-201806-01.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-01">
+  <title>GNU Wget: Cookie injection</title>
+  <synopsis>A vulnerablity in GNU Wget could allow arbitrary cookies to be
+    injected.
+  </synopsis>
+  <product type="ebuild">wget</product>
+  <announced>2018-06-13</announced>
+  <revised count="1">2018-06-13</revised>
+  <bug>655216</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/wget" auto="yes" arch="*">
+      <unaffected range="ge">1.19.5</unaffected>
+      <vulnerable range="lt">1.19.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Wget is a free software package for retrieving files using HTTP,
+      HTTPS and FTP, the most widely-used Internet protocols.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in GNU Wget’s resp_new function which
+      does not validate \r\n sequences in continuation lines.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could inject arbitrary cookie entry requests.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Wget users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/wget-1.19.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0494">CVE-2018-0494</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-12T02:50:06Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-06-13T20:52:56Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-02.xml b/metadata/glsa/glsa-201806-02.xml
new file mode 100644
index 000000000000..c5e008caafbf
--- /dev/null
+++ b/metadata/glsa/glsa-201806-02.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-02">
+  <title>Adobe Flash Player: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+    worst of which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">adobe-flash</product>
+  <announced>2018-06-13</announced>
+  <revised count="1">2018-06-13</revised>
+  <bug>656230</bug>
+  <bug>657564</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+      <unaffected range="ge">30.0.0.113</unaffected>
+      <vulnerable range="lt">30.0.0.113</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+      commonly used to provide interactive websites.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-plugins/adobe-flash-30.0.0.113"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4944">CVE-2018-4944</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4945">CVE-2018-4945</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5000">CVE-2018-5000</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5001">CVE-2018-5001</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5002">CVE-2018-5002</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-09T15:32:29Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-06-13T20:54:22Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-03.xml b/metadata/glsa/glsa-201806-03.xml
new file mode 100644
index 000000000000..afc08f70bd46
--- /dev/null
+++ b/metadata/glsa/glsa-201806-03.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-03">
+  <title>BURP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were discovered in BURP's Gentoo ebuild,
+    the worst of which could lead to root privilege escalation.
+  </synopsis>
+  <product type="ebuild">burp</product>
+  <announced>2018-06-13</announced>
+  <revised count="1">2018-06-13</revised>
+  <bug>628770</bug>
+  <bug>641842</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-backup/burp" auto="yes" arch="*">
+      <unaffected range="ge">2.1.32</unaffected>
+      <vulnerable range="lt">2.1.32</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A network backup and restore program.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s BURP ebuild does not properly set
+      permissions or place the pid file in a safe directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>Users should ensure the proper permissions are set as discussed in the
+      referenced bugs.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All BURP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-backup/burp-2.1.32"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18284">CVE-2017-18284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18285">CVE-2017-18285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-29T13:34:12Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-06-13T20:55:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201806-04.xml b/metadata/glsa/glsa-201806-04.xml
new file mode 100644
index 000000000000..d2b15f529f0b
--- /dev/null
+++ b/metadata/glsa/glsa-201806-04.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201806-04">
+  <title>Quassel: Multiple vulnerabilities </title>
+  <synopsis>Multiple vulnerabilities have been found in Quassel, the worst of
+    which could allow remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">net-irc/quassel</product>
+  <announced>2018-06-14</announced>
+  <revised count="1">2018-06-14</revised>
+  <bug>653834</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/quassel" auto="yes" arch="*">
+      <unaffected range="ge">0.12.5</unaffected>
+      <vulnerable range="lt">0.12.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Quassel is a Qt4/KDE4 IRC client suppporting a remote daemon for 24/7
+      connectivity.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Quassel. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause arbitrary code execution or a Denial of
+      Service condition.
+    </p>
+    
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Quassel users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/quassel-0.12.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000178">
+      CVE-2018-1000178
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000179">
+      CVE-2018-1000179
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-06-05T01:35:09Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-06-14T02:22:47Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 2f9edffac363..a1b9bb79d317 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 09 Jun 2018 07:38:36 +0000
+Sat, 16 Jun 2018 02:38:26 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 4ed1ab056d1b..2fc2c8370740 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-e1eed7ae3b27f8139b508d9d14861c4437216138 1527689205 2018-05-30T14:06:45+00:00
+4cb84c65fba89ce4840b325b360cc5346c9677f2 1528942991 2018-06-14T02:23:11+00:00