gentoo auto-resync : 18:11:2024 - 03:03:03

author: V3n3RiX <venerix@koprulu.sector> 2024-11-18 03:03:03 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2024-11-18 03:03:03 +0000
commit: f9f6fa91738181ebe9aca71b75d157d8b5df5335 (patch)
tree: 556cf671790196d83709b89133064a855f1879f2 /metadata/glsa
parent: 3455c0a5153ae27d7c6c16ecd35fa3dec33f3dda (diff)
7 files changed, 163 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 8796d70d4531..a54ab7b40911 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 591237 BLAKE2B 337b7bfb955540c4a1db37248b67e090eaeeb7b8bd1be2166a7b7b6b7877361e29661e73dffac923196433912a6797bf800bd067ee7f993890f6ac1e2f34bc49 SHA512 3ec2beca56ab3930f53a204889fc0b11246eb13af838a455e7955b61d8b6e21c61a23bc9f21acf3897bce56f1f4d035316c961dd19264f3c406050ed06677149
-TIMESTAMP 2024-11-17T02:40:56Z
+MANIFEST Manifest.files.gz 591718 BLAKE2B cd53ee1575b57b03315f3e2b15f89a06fbc6711259ee7a82e1ca6f8970d8fdd183ea1f95f313b15f9f7f905c2c8641fa9ae9f0d8a12e8fedc6851ee3f7c15bbd SHA512 1cf337d112115a521c08a9fa208a2c60a1ef9651426b5a20b7ff05709eda7e21b384c627f1dedd2abb84476daf5fadea280b479585390abd903daec89814b24f
+TIMESTAMP 2024-11-18T02:40:52Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmc5V7hfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmc6qTRfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBhUA//ao/nQkC5qBp1pNT+mH/YWw/e3D3OizI8VxihHwLlJtzbhBFzjTpE8olP
-Bq5rNnzjJulZtfxPq56vcbiwuaXWGC7+JK3Kq6TA7zPeaQO1Pnyq4V4aw+Hcjy7T
-jUgkH025J6Bz/mcVY8xmhh9dFi/jX1eqKH5cdSmReFafXCQl789Eqx01ezorzK/h
-J+03BKXBqSCr3VIVKjBqLaCZJ/VCyYw29Cgd8yjQL+8XqfHqE4it3v2xeGoMQblI
-i5kBH5Gp/Y3FPpNLVTYTRYZaCjUGkFR615VwHKOt1cBc+SGBD1aA/2Knhw8bcOpZ
-4TuvQEzcUfMISnkxMUFEQjIQKBPj3WEQaMNra5Q+gdB+aAlGqgf6gAS9YULOUBM0
-5/vMQRwVnmpFj1oU2Gct85x4hVj9VHNah3BvZbe8AcCdbeB40SVpNZeVJADa6tH0
-42o44d/WTsVyWc7neK4jhCVlGDomFAckpgZMfZfYTPpeJSKbcJwCikS2kXU8cf3R
-3/mrQz0ragJidEc9lqUAZ97zj+RHkYweSd62ycKxEjvdl8ooHHKeS1XT91NGdKJn
-H3yQ7CczE/XUuGV1wcyESSQmVSPH/3J97bjRzYfVY1wY9yNgQtQyqsLd08iYtiUe
-qmFS/zP7t08Miju8Ykygo+9nRRlRFpSccoPIfYvFcb22OexFaB8=
-=56A1
+klCcMhAAhmLZY3JBm1J8dBc5mwYjyQt5vvl96GNdTMlxRPs1YGAGs7Am3y46DRzS
+ICalGJPb2yNKtInQzI5BGlGrgsS4hnvojZs85o4eEfldxXsV+RER70Fgu68Rq8i2
+t3UDaRjJyF1J3rjSK6CZFKGbwMBM5yp5kuQz94JsLl3K+d+A0CQTT7ZH9t1Nm1br
+L+SG5JN0jCzDE6u6niLibSiHCK2jANMEWv8RP5UYSSIkSdAUGU1HwJVe/c4VYxSV
+CjpHPbKhlvCI5sEfZoojuzcQ04S1aqYecldoYj+EWmOzc2Sn1lN1PF4LEbeXBacE
+2p5qDXG+8Scn2hqjq2fy/HZcvk3LC2JRc8SmGvm34dkgcu71vwoJ7vavYSWNGzJq
+Rm0raF88IdzbTHXPtbAR/ak1XGQRvoWn2aci3hMMMTkA30nXZKuPru6mJPj1wp/B
+7uPV8upTnj97EhbLOSdE1Pv98f42XYTeBm3LGW65tvT7yPKgjM8fOoQofOXZf2lH
+Ze8OKqtNTIKR7AgdTsHKABpNP7LbbfDxszpABZKM+IwlcY5pbd4mgzFuNf3J+17x
+BxfLnC+SPJ/D5N6tiw9FRnpMAag2q6WrjqpGLyycYesNt9+J1Jx7nRY7jLVQCE0V
+tl4anYYBser4HEuhL4zSgmCijV6EITwsA4SGNcr3PnHN5DLThkc=
+=88id
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 6a5fd4ebf046..22441536c90f 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202411-07.xml b/metadata/glsa/glsa-202411-07.xml
new file mode 100644
index 000000000000..70b0592be14c
--- /dev/null
+++ b/metadata/glsa/glsa-202411-07.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202411-07">
+    <title>Pillow: Arbitrary code execution</title>
+    <synopsis>A vulnerability has been discovered in Pillow, which may lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">pillow</product>
+    <announced>2024-11-17</announced>
+    <revised count="1">2024-11-17</revised>
+    <bug>928391</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="dev-python/pillow" auto="yes" arch="*">
+            <unaffected range="ge">10.3.0</unaffected>
+            <vulnerable range="lt">10.3.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The friendly PIL fork.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Pillow. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifier for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Pillow users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-python/pillow-10.3.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-28219">CVE-2024-28219</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-11-17T09:47:11.089899Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-11-17T09:47:11.092222Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202411-08.xml b/metadata/glsa/glsa-202411-08.xml
new file mode 100644
index 000000000000..922593fd678f
--- /dev/null
+++ b/metadata/glsa/glsa-202411-08.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202411-08">
+    <title>X.Org X server, XWayland: Multiple Vulnerabilities</title>
+    <synopsis>A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation.</synopsis>
+    <product type="ebuild">xorg-server,xwayland</product>
+    <announced>2024-11-17</announced>
+    <revised count="1">2024-11-17</revised>
+    <bug>928531</bug>
+    <bug>942465</bug>
+    <access>local</access>
+    <affected>
+        <package name="x11-base/xorg-server" auto="yes" arch="*">
+            <unaffected range="ge">21.1.14</unaffected>
+            <vulnerable range="lt">21.1.14</vulnerable>
+        </package>
+        <package name="x11-base/xwayland" auto="yes" arch="*">
+            <unaffected range="ge">24.1.4</unaffected>
+            <vulnerable range="lt">24.1.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The X Window System is a graphical windowing system based on a client/server model.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All X.Org X server users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.14"
+        </code>
+        
+        <p>All XWayland users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-base/xwayland-24.1.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9632">CVE-2024-9632</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-31080">CVE-2024-31080</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-31081">CVE-2024-31081</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-31082">CVE-2024-31082</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-31083">CVE-2024-31083</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-11-17T09:49:25.879517Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-11-17T09:49:25.883830Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202411-09.xml b/metadata/glsa/glsa-202411-09.xml
new file mode 100644
index 000000000000..69504e0c5d4c
--- /dev/null
+++ b/metadata/glsa/glsa-202411-09.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202411-09">
+    <title>Perl: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">perl</product>
+    <announced>2024-11-17</announced>
+    <revised count="1">2024-11-17</revised>
+    <bug>807307</bug>
+    <bug>905296</bug>
+    <bug>918612</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-lang/perl" auto="yes" arch="*">
+            <unaffected range="ge">5.38.2</unaffected>
+            <vulnerable range="lt">5.38.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Perl is Larry Wall’s Practical Extraction and Report Language.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Perl users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.38.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36770">CVE-2021-36770</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31486">CVE-2023-31486</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-47038">CVE-2023-47038</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-11-17T09:51:20.109847Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-11-17T09:51:20.112367Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 00b2a9bba286..b501e681dc9b 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 17 Nov 2024 02:40:52 +0000
+Mon, 18 Nov 2024 02:40:47 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 4ae8a8888c86..0858bad8cc1f 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-781f9b3a3d3c32e196db69205e615bdfd40b6c49 1730902566 2024-11-06T14:16:06Z
+06b1665a387d4d7cb73b9b91b99b6ed644d013ed 1731837118 2024-11-17T09:51:58Z
author	V3n3RiX <venerix@koprulu.sector>	2024-11-18 03:03:03 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2024-11-18 03:03:03 +0000
commit	f9f6fa91738181ebe9aca71b75d157d8b5df5335 (patch)
tree	556cf671790196d83709b89133064a855f1879f2 /metadata/glsa
parent	3455c0a5153ae27d7c6c16ecd35fa3dec33f3dda (diff)