diff options
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 442809 -> 442968 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-201906-01.xml | 50 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 67 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index b2a2a083fd13..a159f5b48af6 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 442809 BLAKE2B 4b7b795575911222fd7fe1e9f9900ced88b7957d15e08d5881ee7e2c91f556beb375085e3842469d53d9c216f6709039908e138283d8726731c25b7aa33c7861 SHA512 ad93d050cf3a9d3cfb5dbce463c01bff4a31f205a3d2773382f89e603197645720db7bb4b45496d26f019ef9161b89ce5d0e4aacd87f89dff11d9c1126c34c46 -TIMESTAMP 2019-06-02T20:08:57Z +MANIFEST Manifest.files.gz 442968 BLAKE2B 0e3056acaaa1238904402db3f7b9e5da9aa5a9653669d2d7ce6f23bca37fa04e6d2464868f79b589adb4a48dae4f38f6a27f145e60e4ed4a75c40ec11b1eba6c SHA512 4b7e5da9d352bb5de232fbbf053c3a1aaed9d07615188794445787743dcee0fee452db8b05004310c60b1d29787734050729e72ec84bf2e6f7a8c0bec2b2b9e1 +TIMESTAMP 2019-06-08T07:08:50Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlz0LNlfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlz7XwJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBqlg/8CUvi+kZVGYaJOglw3jsmthz6vuNgr0OGSKRgdlX9WOxJAy/Ku4h0PwCf -l02TOsDMYQLizfIpbcVvIZKyD9LFVyprATcqwxATWzRA7si/yWyaEz6IPTemZR6N -ERL/5JRuQrfOwk/Nb1Ir3md9522Aob6my/5fkIbeE4B5KtDHcDjzd6GI3J8MhOGM -kCDAOEz0D1VD8bIfWu66kpp2Sor97Lg/SFaJNTXpJT/3K9UM/GESWnzGCpJzl+5b -QX9zuw6ygIC/MuLj50q87CpGIVdoRewMnI3+3y0ATtEQr/YycToN6n/y1hf0qsuE -rYTcOTn5NhkKszD1lA0t2ywsPNr2VVt77TI/HW5YNiZplEcyec5AqY+PaUsXj/GG -R0SUiAj+5Y7Cy/grXuhEEmZIjbWsEC+n/5nuGG5++ueZZhdkvWqWY8atVHXs0kxr -FjPbEy84MWC4ezWMwXPTeN52Ou2/mJyZ7AxOFI149k4r6Ec+NEw20fBZ0xZqrWAy -691MBMSgZnIy4bqN1u769YRbzC7s6ww2WwqUpT/FlGMt2zdZ+4Yi06VYD3eYkmHz -Ko5o+kREopix76sLu1h8oMmtSs8piJquykiWG144ujST9T6ya62+juF4b+PhcMAz -r1KKJzy/396xDTFrhIGPPjwwx5QE2pVA+11jRvt2b0aaa2f8OKE= -=yfsp +klBpUxAApzTCbmFjz3Bh7fygXErT2NswuTAvMY2I7wGo6REqnrbFq2h5r82X5ENm +RioaIYCcShjCK1zz9Tdl8Z/McvnA9f9/9b/FJiCnSXLLcmzG2RVK/vhX9S9YCosM +XCE5oRjwsjwINTCq4vARE9XQ3IWVWpXI+ahkN6XVT0BJX8zzH/sDCvAxwBgc1j4H +HzJ0fhTVFORP7MNxjf/VSLc4Vhtuo/QOnbi40/ggmG4u3yxcOQs+cOeesYjdlfTP +b6uFAWaH6NwwWkGTN5GkFPeJ8AB16jy0vgb7Ab3Y+5m/mKEBxiYOKej71PnkqpG+ +nvPtqyMRyXsP9U2x0nJLXT04NAIlcafa6w009NE6Tz542Z9Vhg7UtlM2fmytu4Uh +ffjNKr0lX/ZyqK4dYgjrkjYCgJZX7pWlsIc7K5agH5SfmaBF3qQ+Pahe0CvqOfTr +sJ/XlS8CqVEuINW3m9iWNPDqF0cfcOh5FqC1CiUR9U+2Gck81OYplySi2CP1jMzN +iNE3iChNPJE+fuCh8I+sZ3JZzo8o7z+pcYsCMvaZ1ZDnf8zTq4R/aqDE2glduZFF +pcHtiKY88ruzcTz28z2kj9pIccbi3YrTaQQxGLRKz2bLyBQ86S6ze74qd+Wtj0zC +9i4srndAS7qbFNsYtHCkkbli9pkhA4jEpDtIpDRnXycYavbARYk= +=Oi/y -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 30f8c1bd5004..4f3d5d05a5e4 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201906-01.xml b/metadata/glsa/glsa-201906-01.xml new file mode 100644 index 000000000000..43586e2bcd8a --- /dev/null +++ b/metadata/glsa/glsa-201906-01.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201906-01"> + <title>Exim: Remote command execution</title> + <synopsis>A vulnerability in Exim could allow a remote attacker to execute + arbitrary commands. + </synopsis> + <product type="ebuild">exim</product> + <announced>2019-06-06</announced> + <revised count="1">2019-06-06</revised> + <bug>687336</bug> + <access>remote</access> + <affected> + <package name="mail-mta/exim" auto="yes" arch="*"> + <unaffected range="ge">4.92</unaffected> + <vulnerable range="lt">4.92</vulnerable> + </package> + </affected> + <background> + <p>Exim is a message transfer agent (MTA) designed to be a a highly + configurable, drop-in replacement for sendmail. + </p> + </background> + <description> + <p>A vulnerability was discovered in how Exim validates recipient addresses + in the deliver_message() function. + </p> + </description> + <impact type="high"> + <p>A remote attacker could execute arbitrary commands by sending an email + with a specially crafted recipient address to the affected system. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Exim users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.92" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10149">CVE-2019-10149</uri> + </references> + <metadata tag="requester" timestamp="2019-06-05T17:30:31Z">whissi</metadata> + <metadata tag="submitter" timestamp="2019-06-06T17:27:59Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index a5240019f154..94f5d443814c 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 02 Jun 2019 20:08:54 +0000 +Sat, 08 Jun 2019 07:08:46 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 41a53add6ecd..b72a40632e5a 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -42c9d977ba183a5bc173b70ad145977fc6705eda 1556150376 2019-04-24T23:59:36+00:00 +74d83a200d28906c5e5b46a676cd5579da349080 1559842216 2019-06-06T17:30:16+00:00 |