diff options
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 419008 -> 419322 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-201803-12.xml | 55 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201803-13.xml | 52 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
6 files changed, 124 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index d3ca3ace6856..64a7070f2445 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 419008 BLAKE2B 71f0ab3699e4a099c44c011fb7d1607c93e4628556d357e248d588dd4b30298f24421e20f3b09028f394cd30565736a3debab29d055e38cc1d05cc3b95e7fbb3 SHA512 243c38e1d0bd0c55ae403827eb74db802e4b6860f3637cb5417657bc368b43d6df8654d962a90a10485228d9fcdfa0522237ccff245f2bacf058795ba79b2a43 -TIMESTAMP 2018-03-25T17:38:30Z +MANIFEST Manifest.files.gz 419322 BLAKE2B bce39d2884945f8b0837f04b097288921742142eb6b55a87c2b57dd813da0393accc39cdbc36b1a820a911d1643768c6e20f5e777dfbb00ce5c5e8a8cccb59ae SHA512 dc4a29347ba058490aabba547065505da49564b81a43273cfc09b72c95a82ddf4139c1b5cee3c714a13e2094579946b7283bffeb6f766247a44733ca3d2e3109 +TIMESTAMP 2018-03-27T20:38:29Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlq33pZfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlq6q8VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klD/DQ/+IT9kZVcpXrrxmLaxI3A5nm3GLeN059CAgHOWeiBGQCJ6dDa0PS84VUjM -xWwakEuJk5xz2zfR3GCQ1TIrE/uPGYWZjOHiTNBU/xWIVGHY2yXtkDtsQNl2HM9t -onRyZLyuuTTbsQfGEF4uXfrHrYow2yamsPuQR3eSpPCEWLxXJSkWyDQne2likDHe -Q6xXPlR7j9OG9CcRKW9yMRdahYc4Gbo3r1oJbvMAZHaZQaN+7dM6izO+IX/2xK0S -xg7MSEehSDmeo7x6jdUiTaEgTkrgGIYRWiS5CRa8hXq8wdyh18UFISC+GGmzGz3W -2HzUQZQQAoOUVn3jHmtYGQ7XMNdlI8/8oKKmljAbGfQ3oFfnEclBOLSK5Lbqugrj -TUJ089KxPCSK4MET3yIEaBQcJNlZbswogc36bJYHZ/SYT8ksPF1XsjAthk46T3x5 -1F9ehewmVcfnQbm6b8G6GBy8+FKX2yJLujBPFMuwEJj5gItxMPaXRezTpOK6mxkJ -xGM/VgXh3Js2zvOpR/9HKxtPvwysVlxXG2LSAcD6+IRdGojSbBSgJ7jhZEePcse0 -5nzeJG/hCHkM3Y3lPVRviC9MC9lkRb+O4m+fk3wo6JJxVkw3TLgVFj5H17ZvOvpX -IJ46wWfs6JbqGgahqjuCDDm5cowtiN0YJhmkBMcf/wnd/J08Od4= -=TfBP +klCQPA/9EdHHfbdXBLQjImjZVQhLL91RvMMGuIO1Wn9gKVG117BqNAm1awuJXqrY +VjI5h3tnzbAGsXoM5pRT2YLYff3r3CUzLctRnBIFgxh4bjf9TFSHJEqWMY2jNJmR +KyAM6vDY7fWGjX2CoRH81IqfWUtBuE4BEigSk4PqwNFm/pX41vsYWnMKQb16llyn +9uP6saIMfrpw1j6gONMf9EgLfMa1CXUiVN8yNkE7bd4kJHl1p+6criD3Of5ZycE6 +f3ujjEJ/TZ12+P5fd/MHRb+7h/ZHg9yqAtRzHnR+0J4Qw7lp5RksoSxS8fGbAdCa +VsqKhCKS05Oe+jRw0H8ZdimDtsFEaZU2fzrSSg9oxAlZs2ovZRI1K4PK7fkizCd4 +ZIuqz8jAA6Ynq7jMSbahqnuenkAqXeNQkybWJDd+xsNHPOZmi6FFqCxksvR4GV2Q +DY9et0/FIOP8iso5YTbikEQ99W9cuYOBkaDi2b/Jx9fNwZ1eUyZATHElbLypQyV0 +JVnagrpkjXTeZQ2mosmg+2U24lUrAfPuWpVpSankzWid/qx00aiUyvcpwLNMjTpy ++UNCkoLXN6KhdWyUU1qcFsxDw7eGhn0Qt8k0WDKcwtk331zqr1B1ozEYuEAyOpir +brXS0+DOVmjaJzn8jco9DuGI2cmKftUl7xssl1rC3NvBqbCH6tE= +=Gmla -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 4a497152dc2d..39a8552e5338 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201803-12.xml b/metadata/glsa/glsa-201803-12.xml new file mode 100644 index 000000000000..f4c5194fed96 --- /dev/null +++ b/metadata/glsa/glsa-201803-12.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201803-12"> + <title>BusyBox: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in BusyBox, the worst of + which could allow remote attackers to execute arbitrary code. + </synopsis> + <product type="ebuild">busybox</product> + <announced>2018-03-26</announced> + <revised count="1">2018-03-26</revised> + <bug>563756</bug> + <bug>635392</bug> + <bug>638258</bug> + <access>remote</access> + <affected> + <package name="sys-apps/busybox" auto="yes" arch="*"> + <unaffected range="ge">1.28.0</unaffected> + <vulnerable range="lt">1.28.0</vulnerable> + </package> + </affected> + <background> + <p>BusyBox is a set of tools for embedded systems and is a replacement for + GNU Coreutils. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in BusyBox. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could possibly execute arbitrary code with the + privileges of the process, cause a Denial of Service condition, or have + other unspecified impacts. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All BusyBox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.28.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15873">CVE-2017-15873</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15874">CVE-2017-15874</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16544">CVE-2017-16544</uri> + </references> + <metadata tag="requester" timestamp="2018-03-13T17:58:35Z">chrisadr</metadata> + <metadata tag="submitter" timestamp="2018-03-26T16:24:01Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201803-13.xml b/metadata/glsa/glsa-201803-13.xml new file mode 100644 index 000000000000..746efc7ec51a --- /dev/null +++ b/metadata/glsa/glsa-201803-13.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201803-13"> + <title>PLIB: User-assisted execution of arbitrary code</title> + <synopsis>A vulnerability in PLIB may allow remote attackers to execute + arbitrary code. + </synopsis> + <product type="ebuild">plib</product> + <announced>2018-03-26</announced> + <revised count="1">2018-03-26</revised> + <bug>440762</bug> + <access>remote</access> + <affected> + <package name="media-libs/plib" auto="yes" arch="*"> + <unaffected range="ge">1.8.5-r1</unaffected> + <vulnerable range="lt">1.8.5-r1</vulnerable> + </package> + </affected> + <background> + <p>PLIB includes sound effects, music, a complete 3D engine, font + rendering, a simple Windowing library, a game scripting language, a GUI, + networking, 3D math library and a collection of handy utility functions. + </p> + </background> + <description> + <p>A stack-based buffer overflow within the error function of + ssg/ssgParser.cxx was discovered in PLIB. + </p> + </description> + <impact type="normal"> + <p>A remote attacker, by enticing a user to open a specially crafted 3d + model file, could possibly execute arbitrary code with the privileges of + the process. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All PLIB users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/plib-1.8.5-r1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-4552">CVE-2012-4552</uri> + </references> + <metadata tag="requester" timestamp="2018-03-25T20:13:40Z">b-man</metadata> + <metadata tag="submitter" timestamp="2018-03-26T16:27:43Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 24bf41cfcf56..005c6ae1af93 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 25 Mar 2018 17:38:27 +0000 +Tue, 27 Mar 2018 20:38:25 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 6c9b1079e876..9a2f6c8de5f4 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -52069526c1e45dc28a6c6f776156e98973bd6822 1521678297 2018-03-22T00:24:57+00:00 +e77e32771f61fb0da58c84733fb97dfc54b01bb4 1522081689 2018-03-26T16:28:09+00:00 |