summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin564559 -> 565188 bytes
-rw-r--r--metadata/glsa/glsa-202402-07.xml112
-rw-r--r--metadata/glsa/glsa-202402-08.xml63
-rw-r--r--metadata/glsa/glsa-202402-09.xml46
-rw-r--r--metadata/glsa/glsa-202402-10.xml43
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
8 files changed, 281 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index fc6d79297ab7..a067ab4fe5e2 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 564559 BLAKE2B 4573972668e1d15f583f0713614d500cc9049b63596c2a0bcd653c8468b9dc77c6bbcd3534aacb491dc7aca67cc1724869f381150601d1b0818f51122f081971 SHA512 2a20cbfb64231457b4db4ad02d18e1e4362a95349f0ba302b080c3047bb1e9d19cc268cdb18594ad19d7288e2966da164e36e2c508ae6749818e720a5aa1156a
-TIMESTAMP 2024-02-04T04:49:57Z
+MANIFEST Manifest.files.gz 565188 BLAKE2B 35f53a7f251713df50fcb7686e05bd9d32b5212c332acfb4f78810cfda409c59230202499f72410dca6d258aada2515c2e918fad341cbf357376890fc5ded7c1 SHA512 fad70ec1cb0f5ab8ebcba04d8007ecba54af8d22cd82a30f9a41b2ab8881ca037e0bb21c2fed295cb035a2ed0547d37975ced7975eba62e289894d58e57cb379
+TIMESTAMP 2024-02-04T11:09:59Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmW/F3VfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmW/cIdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBoAg//VlBNY5IMcx/R9LssDFdFzLYbDrNd43DAivWd+lhwx+saAvptMd4a+/T/
-2NyUgN0JySyvKr6FXj0IGc18QKWnWCoYqh/GgK7KZqzJrwym0zYY5+UjbzOANpPM
-ShbGdKAJ6eT7qMegAV9WB9zpwyR/glCAJsWZ7QmW5wN4EJJ/8V9YqZxRvjG44TCt
-CW7BeYCvR3qZBJm6GipOz3AJoBG11+/L0x0vhv/o9qJRxnc9Tt8sbqxAfCQErKhG
-MTIaZE6ckIxfwFMmrUvBMT9BsdzwBsdEmrOZNdvgMumRSdmRjE7q+T3lF71j7+ss
-Kx1g4qx6MOcgbvux2d7JuASaGMcoaFyyGJs0Iz4U29kUoqibnMP8D6NP3i7pQmtm
-bqj+dsc9uaD3fEwukL08Qwqcj9+Tc4NmKxpPJ5CVyCXJ/KDpKxqTvnCXDvaOzT63
-blcPXvoyy6aKrdHkcISuWr0CF7kT4UM/wbn+cxr+D9bG4M81UoSoalzeWqz+Uowa
-OPac+0VttSu2xng4rhJj5bmJ8M3mXLyFQFVD9D703uOeP4YuMTOeYgGvky1D0wP5
-aceVMzTO9RG7rxGRvFHInFCldjdPuiLY/kK1l2kDWARMjpvkQAzn9oGfIpILi2Rt
-SRNEIYWtSATknLfOLy9X9KjnRa/y1iokOq5L8xc7HUbHphTnX8U=
-=EgzG
+klBN3hAAgcWo7K7XicKstQ1kc5Ikii2t9ZvBtGUlr/6QZ7hNauuwxZ4kYMbRDAwe
+T8MeYeUfv35Co/smjPzJmyCs77Bs3GZq36i1wyX5YEJ7lSykzC/XKRrMZ3/m6Lga
+EHOTvAIHwTkKbgXYkblOSiKPji5lPaFdpZZo/BThZ9KBlyFLVO+l8XZZx2hdmfce
+LKZDaHoeVtymMNlPgq6G1rod4jGrn8rjc1REs//KtF6AV1xOGdqYtoR/jJR9a5uD
+xNQ9QZxEkdccZ/hOJekOd0Ts8XsUB7OKSnp9Qv/By3v/lYoJyHY2+vqcGEPn55jh
+7AlRxcXs/zxT1sqgRjkjbC4EHXrKjJo25/MNewDkvDJS6sw7lrVgte4S7CwpVDL0
+f9rcGmuZWQnSZs8Gef91NDsWpnRdrDkUcNyAQfDD+j/FPRb44QH+qsDPtNXBHy7R
+d/DP2l0hSyDBJAz4lslmCXLJISX3yyy9psFi4u0gpQdyB2SEm8x7jJPe23NQSVdK
+eC8euqB/tJim84rc8evJuRtpulKm7SBDQ1UguJtWPiSRBn/7pmrtkpqqOseXrE1d
+TVKOFUZiBVs974kZrgHY3C41/g6xKn4XN8pzYjyxvaKhHiyhBirg2qmt9vl0wzBV
+ws5Kqc7aONkh2UL5+3077Yv0O8/uVyDHFAUPWmWC/wMowHzlBUE=
+=Cb5O
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 901943427f96..3ef3b069a1bd 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202402-07.xml b/metadata/glsa/glsa-202402-07.xml
new file mode 100644
index 000000000000..957020465626
--- /dev/null
+++ b/metadata/glsa/glsa-202402-07.xml
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-07">
+ <title>Xen: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">xen</product>
+ <announced>2024-02-04</announced>
+ <revised count="1">2024-02-04</revised>
+ <bug>754105</bug>
+ <bug>757126</bug>
+ <bug>826998</bug>
+ <bug>837575</bug>
+ <bug>858122</bug>
+ <bug>876790</bug>
+ <bug>879031</bug>
+ <bug>903624</bug>
+ <bug>905389</bug>
+ <bug>915970</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-emulation/xen" auto="yes" arch="*">
+ <unaffected range="ge">4.16.6_pre1</unaffected>
+ <vulnerable range="lt">4.16.6_pre1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Xen is a bare-metal hypervisor.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Xen users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.16.6_pre1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28703">CVE-2021-28703</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28704">CVE-2021-28704</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28705">CVE-2021-28705</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28706">CVE-2021-28706</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28707">CVE-2021-28707</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28708">CVE-2021-28708</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28709">CVE-2021-28709</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23816">CVE-2022-23816</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23824">CVE-2022-23824</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23825">CVE-2022-23825</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26356">CVE-2022-26356</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26357">CVE-2022-26357</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26358">CVE-2022-26358</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26359">CVE-2022-26359</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26360">CVE-2022-26360</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26361">CVE-2022-26361</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27672">CVE-2022-27672</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29900">CVE-2022-29900</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29901">CVE-2022-29901</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33746">CVE-2022-33746</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33747">CVE-2022-33747</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33748">CVE-2022-33748</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33749">CVE-2022-33749</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42309">CVE-2022-42309</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42310">CVE-2022-42310</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42319">CVE-2022-42319</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42320">CVE-2022-42320</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42321">CVE-2022-42321</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42322">CVE-2022-42322</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42323">CVE-2022-42323</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42324">CVE-2022-42324</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42325">CVE-2022-42325</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42326">CVE-2022-42326</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42327">CVE-2022-42327</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42330">CVE-2022-42330</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42331">CVE-2022-42331</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42332">CVE-2022-42332</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42333">CVE-2022-42333</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42334">CVE-2022-42334</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42335">CVE-2022-42335</uri>
+ <uri>XSA-351</uri>
+ <uri>XSA-355</uri>
+ <uri>XSA-385</uri>
+ <uri>XSA-387</uri>
+ <uri>XSA-388</uri>
+ <uri>XSA-389</uri>
+ <uri>XSA-397</uri>
+ <uri>XSA-399</uri>
+ <uri>XSA-400</uri>
+ <uri>XSA-407</uri>
+ <uri>XSA-412</uri>
+ <uri>XSA-414</uri>
+ <uri>XSA-415</uri>
+ <uri>XSA-416</uri>
+ <uri>XSA-417</uri>
+ <uri>XSA-418</uri>
+ <uri>XSA-419</uri>
+ <uri>XSA-420</uri>
+ <uri>XSA-421</uri>
+ <uri>XSA-422</uri>
+ <uri>XSA-425</uri>
+ <uri>XSA-430</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-04T07:16:20.846105Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-02-04T07:16:20.848211Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202402-08.xml b/metadata/glsa/glsa-202402-08.xml
new file mode 100644
index 000000000000..5c208e784b66
--- /dev/null
+++ b/metadata/glsa/glsa-202402-08.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-08">
+ <title>OpenSSL: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">openssl</product>
+ <announced>2024-02-04</announced>
+ <revised count="1">2024-02-04</revised>
+ <bug>876787</bug>
+ <bug>893446</bug>
+ <bug>902779</bug>
+ <bug>903545</bug>
+ <bug>907413</bug>
+ <bug>910556</bug>
+ <bug>911560</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/openssl" auto="yes" arch="*">
+ <unaffected range="ge">3.0.10</unaffected>
+ <vulnerable range="lt">3.0.10</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OpenSSL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.10"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3358">CVE-2022-3358</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4203">CVE-2022-4203</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4304">CVE-2022-4304</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4450">CVE-2022-4450</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0215">CVE-2023-0215</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0216">CVE-2023-0216</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0217">CVE-2023-0217</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0286">CVE-2023-0286</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0401">CVE-2023-0401</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0464">CVE-2023-0464</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0465">CVE-2023-0465</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0466">CVE-2023-0466</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2650">CVE-2023-2650</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2975">CVE-2023-2975</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3446">CVE-2023-3446</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3817">CVE-2023-3817</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-04T08:02:53.423975Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2024-02-04T08:02:53.426294Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202402-09.xml b/metadata/glsa/glsa-202402-09.xml
new file mode 100644
index 000000000000..2d07a381fb7e
--- /dev/null
+++ b/metadata/glsa/glsa-202402-09.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-09">
+ <title>Wireshark: Multiple Vulnerabilities</title>
+ <synopsis>Multiple out-of-bounds read vulnerabilities have been discovered in Wireshark.</synopsis>
+ <product type="ebuild">wireshark</product>
+ <announced>2024-02-04</announced>
+ <revised count="1">2024-02-04</revised>
+ <bug>915224</bug>
+ <bug>917421</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/wireshark" auto="yes" arch="*">
+ <unaffected range="ge">4.0.11</unaffected>
+ <vulnerable range="lt">4.0.11</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Wireshark is a versatile network protocol analyzer.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Wireshark users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-4.0.11"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5371">CVE-2023-5371</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6174">CVE-2023-6174</uri>
+ <uri>WNPA-SEC-2023-27</uri>
+ <uri>WNPA-SEC-2023-28</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-04T09:10:28.677221Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2024-02-04T09:10:28.679331Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202402-10.xml b/metadata/glsa/glsa-202402-10.xml
new file mode 100644
index 000000000000..19a5db39fc6e
--- /dev/null
+++ b/metadata/glsa/glsa-202402-10.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-10">
+ <title>NBD Tools: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in NBD Tools, the worst of which could result in arbitary code execution.</synopsis>
+ <product type="ebuild">nbd</product>
+ <announced>2024-02-04</announced>
+ <revised count="1">2024-02-04</revised>
+ <bug>834678</bug>
+ <access>remote</access>
+ <affected>
+ <package name="sys-block/nbd" auto="yes" arch="*">
+ <unaffected range="ge">3.24</unaffected>
+ <vulnerable range="lt">3.24</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The NBD Tools are the Network Block Device utilities allowing one to use remote block devices over a TCP/IP network. It includes a userland NBD server.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in NBD Tools. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All NBD Tools users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-block/nbd-3.24"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26495">CVE-2022-26495</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26496">CVE-2022-26496</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-04T09:45:27.057982Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2024-02-04T09:45:27.060281Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 1540eb6262ab..8cabcf439a5a 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 04 Feb 2024 04:49:53 +0000
+Sun, 04 Feb 2024 11:09:55 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index a7ee54c922de..54415f85eec3 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-2f6d7004e06dfb3d395547c81289abf44cb1b2ac 1706950695 2024-02-03T08:58:15+00:00
+c7a3936d7b9a6b4a836663710ca581880d4d5130 1707039950 2024-02-04T09:45:50+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 23:25:13 +0000