summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin593961 -> 594757 bytes
-rw-r--r--metadata/glsa/glsa-202412-15.xml46
-rw-r--r--metadata/glsa/glsa-202412-16.xml46
-rw-r--r--metadata/glsa/glsa-202412-17.xml42
-rw-r--r--metadata/glsa/glsa-202412-18.xml42
-rw-r--r--metadata/glsa/glsa-202412-19.xml42
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
9 files changed, 235 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index f9925ef1a8b9..db05ebaf7b49 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 593961 BLAKE2B 9e51eddc4258dfd293772a8c82ec289f86114e18a46bf56e420b57980f7cf9b37fee6f93f04ed908923c02115eb1c6e416bc8f7d8e4cfa472e2c9d7b9148eae8 SHA512 99327e19d75eafe07369324a0998606992392285f4c4b207c1a84f2552b3eae76e148bff763328130eaf3f032059e57f9f032f99bec89f3e0eb5c0b5ccd19f27
-TIMESTAMP 2024-12-11T01:10:24Z
+MANIFEST Manifest.files.gz 594757 BLAKE2B 3ed57a7ac0c01997db034f5f5dd266af52027333e23d298570b77df23523485f17883be28b102d034d2beb60f9d7a970893aafbe6dcfdf2331645c8de999576b SHA512 3eb09c352a0ed09387849e4f85decdbe6cbe854279bddd122fd48217d33bc5f6dcc19074ec1eca6647d39a8189443048d33e588972c02da773a5f6edfe5b03f9
+TIMESTAMP 2024-12-12T01:12:18Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmdY5oBfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmdaOHJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAAJhAAnapw6HIgEQZaWf2Md1cWlfkyQBEpgzcg853awZdcJfDWXV8ZspxUMJPp
-vEuXVO41Or/Z11BuvNCdYnZy/h4gMist7wEB0ApPfIvCotJJ9MIY8lsnwDqwHidH
-/+dbGehFWTedBSURWZAanu2DD4ILxJ2W8MWaNMrAWisieiV9RyumG8+1SVpkecmF
-i/YV526zk5pA+iZI2mISivpEPB4UwGW5KKvpT1CaEqRNPyxHL72ndZpKp2ued8TD
-GKf0OuiKCc6gKjLPSKpWAsnNWWFR4NJSnV7VRZJ6VF7N5I6adJIPv8MqysUXJ04S
-6c0YTspHPYqsPx/6P1A+8F0NDTnvmRBcgEUCqdDRyd82xFq9yTJ57sntC5wxLYux
-0Csv9RBCsAHOX+yIdyrxYSIoDTGST5shvWlj0PJA3VDtnhuXEpLfPn/pujUJm+f1
-kql15oznzwHHgZAS9fG/27KVL5eSJ3A+eD8n0EFmXqYaJe2XNfnRpjccmE7cRHaQ
-5iSOXHYUHUjlkMgiCh/12AzOW5BbRuoqybMIprxo7tUWXyJyXpSYea4+RdS8elXg
-OdvjIUBZMQpsTSWwq2faVDSfphOcbOW2CysduKKc33I5AweJ2RcgkGoqlGlCZ9Yg
-f6VmSUWgCaC+UShYPKODCLeAIpLJHK896f32RKVIQ7Sz9R85mik=
-=QXhk
+klChqQ//QMzQakwmB86Xb2ZtFHrzSwLuH1OYN5Yz5XiOuVaL2NtpC41XyasIatbg
+go9woLsfojCKlL1nencPg30vdrNKykEvRlm4mXAX6BCbDEGbqVMi4976IfQNt0zy
+FTtvPDI2DEILDBKksLWgnNOYjLQRNX1fimcWd/aKTvGBkmJj8aA7iwcJYG+38n6W
+ryHeGos3D7DYc6k/o1PxZXMpTi5Cl2WbHt/vgMrB28XM8hHoxB9IqR/ABBb9aSyH
+77YX4s+Su3eJHfEb1TQGxFaJlRhGRei/FrRNq/UKikEycUw/wt/5T2BRfCUBqjo2
+ZM+zuLq6uyuC/NnTfiN9X9NyDTC/xXqcCnFHMfRbUe5n4a5iTSprxS5sXejB0+FR
+PyBjCs3lX8tRQvyrdLEACLc2EowCOYRdNCE6wg3kqvSD1r7mpdQZ3ocQ+OXlo61l
+yLSC5RIKNRLyhbx0bYMyQzlnXe16fKkEtNfRK8jw6n0fYNNvBheZFN5A77qktwz8
+2ztUVSYgumqJ5OQgjwM7MRW/f/gbhpEoCYdjTHPmmTCaBGP/hwWp0fJs14Yz1Rem
+T6ixXK8Yr4FUontVhV3TeGpY8nCQCkeJRT9paY6zAR1B7xHlGIFulmZ2YcYZjwKw
+6QGvxtnXMDpTJE+pLpytYN2F3z2rAvkR7O3wZF6tsOaSNhke1tc=
+=GU4T
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 32a2d2dd0951..3f7e1dac4e73 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202412-15.xml b/metadata/glsa/glsa-202412-15.xml
new file mode 100644
index 000000000000..762abfb6f9c1
--- /dev/null
+++ b/metadata/glsa/glsa-202412-15.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-15">
+ <title>OpenSC: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in OpenSC, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">opensc</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>907930</bug>
+ <bug>917651</bug>
+ <access>local</access>
+ <affected>
+ <package name="dev-libs/opensc" auto="yes" arch="*">
+ <unaffected range="ge">0.24.0</unaffected>
+ <vulnerable range="lt">0.24.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OpenSC contains tools and libraries for smart cards.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OpenSC users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.24.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2977">CVE-2023-2977</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4535">CVE-2023-4535</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40660">CVE-2023-40660</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40661">CVE-2023-40661</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T08:39:14.588601Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T08:39:14.593519Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-16.xml b/metadata/glsa/glsa-202412-16.xml
new file mode 100644
index 000000000000..af826ff2839e
--- /dev/null
+++ b/metadata/glsa/glsa-202412-16.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-16">
+ <title>libvirt: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in libvirt, the worst of which could lead to a denial of service.</synopsis>
+ <product type="ebuild">libvirt</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>908042</bug>
+ <bug>916497</bug>
+ <bug>929966</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-emulation/libvirt" auto="yes" arch="*">
+ <unaffected range="ge">10.2.0</unaffected>
+ <vulnerable range="lt">10.2.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libvirt users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-10.2.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2700">CVE-2023-2700</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3750">CVE-2023-3750</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2494">CVE-2024-2494</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T08:41:12.324140Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T08:41:12.327199Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-17.xml b/metadata/glsa/glsa-202412-17.xml
new file mode 100644
index 000000000000..e30b8e8c0bf9
--- /dev/null
+++ b/metadata/glsa/glsa-202412-17.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-17">
+ <title>idna: Denial of Service</title>
+ <synopsis>A vulnerability has been discovered in idna, which can lead to a denial of service.</synopsis>
+ <product type="ebuild">idna</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>929208</bug>
+ <access>local</access>
+ <affected>
+ <package name="dev-python/idna" auto="yes" arch="*">
+ <unaffected range="ge">3.7</unaffected>
+ <vulnerable range="lt">3.7</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Internationalized Domain Names for Python (IDNA 2008 and UTS #46)</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in idna. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifier for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All idna users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/idna-3.7"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3651">CVE-2024-3651</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T09:59:38.412294Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T09:59:38.415710Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-18.xml b/metadata/glsa/glsa-202412-18.xml
new file mode 100644
index 000000000000..6d486fe48840
--- /dev/null
+++ b/metadata/glsa/glsa-202412-18.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-18">
+ <title>Distrobox: Arbitrary Code Execution</title>
+ <synopsis>A vulnerability has been discovered in Distrobox, which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">distrobox</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>927742</bug>
+ <access>local</access>
+ <affected>
+ <package name="app-containers/distrobox" auto="yes" arch="*">
+ <unaffected range="ge">1.7.0.1</unaffected>
+ <vulnerable range="lt">1.7.0.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Use any Linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Distrobox uses podman, docker or lilipod to create containers using the Linux distribution of your choice. The created container will be tightly integrated with the host, allowing sharing of the HOME directory of the user, external storage, external USB devices and graphical apps (X11/Wayland), and audio.</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in Distrobox. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifier for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Distrobox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-containers/distrobox-1.7.0.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-29864">CVE-2024-29864</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T11:59:52.896177Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T11:59:52.901538Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-19.xml b/metadata/glsa/glsa-202412-19.xml
new file mode 100644
index 000000000000..e00b2b93e210
--- /dev/null
+++ b/metadata/glsa/glsa-202412-19.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-19">
+ <title>eza: Arbitrary Code Execution</title>
+ <synopsis>A vulnerability has been discovered in eza, which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">eza</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>926532</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-apps/eza" auto="yes" arch="*">
+ <unaffected range="ge">0.18.6</unaffected>
+ <vulnerable range="lt">0.18.6</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>eza is a modern, maintained replacement for ls, written in rust.</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in eza. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>A buffer overflow vulnerability in eza allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All eza users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/eza-0.18.6"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-25817">CVE-2024-25817</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T12:01:47.731410Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T12:01:47.734155Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 162006730a05..d88fc2d459e8 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 11 Dec 2024 01:10:20 +0000
+Thu, 12 Dec 2024 01:12:15 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index b3f45f008db7..81d49ef373c5 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-8e9782e9da489c617d2f765d94af1f83cb851840 1733647137 2024-12-08T08:38:57Z
+874165db3d0e140c9165e4612647b37bfd94cb80 1733918516 2024-12-11T12:01:56Z
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-16 06:09:09 +0000