summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin421225 -> 421384 bytes
-rw-r--r--metadata/glsa/glsa-201804-12.xml50
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
5 files changed, 67 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index b0172a3a6dca..dfc8ee5bad2f 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 421225 BLAKE2B 3ea0f2afdb7fa11952c73e1802a82ddcb4bbe95b75606861aa9d94acba35691b97854b65d7d3bec40e0f5f2ef206de903696db876b0bd6db34bb27aaac0696b0 SHA512 76fd57544ae0eee9baf3d5b9e8ef3b04f05195897cba1f495609eaed7c83e275ffa678d92f50587d688bf40cbb1147872efee9d9634b6c45b00f94da4fa7cdc0
-TIMESTAMP 2018-04-13T23:08:32Z
+MANIFEST Manifest.files.gz 421384 BLAKE2B bfbe5e356f9fb5467472e01b9ffa4c7ab788e49c049d40c7633dfa4d2ebb5c4bf4f92a4fa43049b85dad5d10c593ecd0e243ea7c1975e84055fc34386f72a4e8 SHA512 f0c1e1729862aec592153456994003bbdbb8f9bff919d3e8a74ef963808bc6065be99f22297469abc9678fd65da4c09918d0a860c5e2f27c193f04efea6f9560
+TIMESTAMP 2018-04-16T15:08:35Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrROHBfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrUvHNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAE4w/+PF7xO8QJUYsybzrs5McZdWx5a55vucu4rWgu22UravTxNi+zYx/rbOcA
-0KC5I8lcDaF6RHxhLYWaXYn857htwcwHjuV1l/gk1hch4+Vj5EbvMSTmpyIbHZHI
-IcImx05DmETrdPzd61jSPby5056vzdqbQn0w1Ap0X8Vojh8csZ+q34azTahIlH84
-/mTbq3ZmZ9AVbda6ML7yIBoEJz5Epku9tVl4rCHcRVq3VIHNZeNgUspLqEoGU0JQ
-GUI8AOHGS+/F8LzcKzk4Gqj/Z+EVIWRQjWJDcyadS+yphLk2Y1OzSJ1zx0SJqsd5
-V/6ONBmOoCteY5G/asdGh07pIxPuZG6Nni1H8ZcX2ikj/Wgtab9g0rp3EtTcd1nF
-to/7VPbK5suXtjVcFl56Qk2uGmdDucNB16p6FCxv51xmf7OIQq0Vq1Wb7U1PtqDf
-YB8wlVYnYvTHclmwrUIapfOK3Aiu+Pc0RqP7Z9iN8uPVxNFgpROOvjrEfYD25ekC
-qymxYpdzIzSfI0+ubVb+6FMzym47I5caUifO95leXdY+/HNQfR+sKAobX0hters+
-j+2pi4rQhkQ8mpmyeq0GvyiMKU/DkrObVuw1UAOR+64Ypia14X0ip+dIt0C9ufVr
-eZO8fcPYaihUF+tMrahdpku6vjr2jAABdxUn6YhhF96t4di3Ek4=
-=iXP5
+klCY0BAAqZNm01XKR8+NAmnCrYYtSCAwaCaF0Nb3iffw+a2VlxGqYBBxMF/P5NSg
+asnD9IITG4Kl8FNGk2+DkqstEKdEjrcNxvavbtWX0PjVVlqyzmsLOCK3b6v41y/I
+S4XOcJx4TJdQWaLiLXKXPAl6kZ65fSsx8GA2wHE3/L7unZB2xfH4ykHYS5TlpLEO
+sRSx2kPJySsG4SB0Uc/Q4woEcOJlcKQAxAP+j+iBcrGR8T8ZEZRO6oyxcjvHM6yG
+PZRZOkq3m4BCy0sL0eqq4ITeyAu2LNXRf4o80k3rvmf+n86YLl0yi3/+LU4GW73W
+AkA/LNEJXxaxpB+NHkSkQnjXOxExUCCtoIHQMAwj8jejDurIvImEB5OV/DRcfgme
+V8IcWxhQFRblhUfNQ8g9KDqPwWCHf9Py1OSz8ywlHaHFUpim7BlqdFrw2z+Ic+/D
+jzvqOkgdv5HX1/bxPQA8q531mcWQ8N8QnnC52S2FsfSPhgdGXOl71G31rKGJBB56
+W6hxomPk++9F848S5vqC7lnEjEs0HeiF8M+CKr9ol8F11LHKpJ0rd/AlDDfM8zQz
+/6YZnLX9WzcQ2LKWOPIfxjnA4Yuckmn7IlfjPcM3kRadPBuNeNET+/bfq9XOOQRS
+DKA+D5qZWVX5F3O9cZWCsT1J7z4QgbBVROTs2kwbbgsfjpuUTEg=
+=AlW9
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 2e79d14541e9..88a05be6bc96 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-201804-12.xml b/metadata/glsa/glsa-201804-12.xml
new file mode 100644
index 000000000000..097160fddf87
--- /dev/null
+++ b/metadata/glsa/glsa-201804-12.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-12">
+ <title>Go: Arbitrary code execution</title>
+ <synopsis>A vulnerability in Go allows remote attackers to execute arbitrary
+ commands.
+ </synopsis>
+ <product type="ebuild">go</product>
+ <announced>2018-04-15</announced>
+ <revised count="1">2018-04-15</revised>
+ <bug>650014</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-lang/go" auto="yes" arch="*">
+ <unaffected range="ge">1.10.1</unaffected>
+ <vulnerable range="lt">1.10.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Go is an open source programming language that makes it easy to build
+ simple, reliable, and efficient software.
+ </p>
+ </background>
+ <description>
+ <p>A vulnerability in Go was discovered which does not validate the import
+ path of remote repositories.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Remote attackers, by enticing a user to import from a crafted website,
+ could execute arbitrary commands.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Go users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-lang/go-1.10.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7187">CVE-2018-7187</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-04-14T16:24:01Z">b-man</metadata>
+ <metadata tag="submitter" timestamp="2018-04-15T23:23:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index d573ad74ec83..1686faf69c07 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 13 Apr 2018 23:08:28 +0000
+Mon, 16 Apr 2018 15:08:31 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 154e4764a7e2..3c4f54fe8d44 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-61614754c5c47e19e67ecfbc5307d90c6d8b3d1f 1523477362 2018-04-11T20:09:22+00:00
+aa26a212e36fbca3a9091a00250a459fd6576eae 1523834733 2018-04-15T23:25:33+00:00