summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin555967 -> 556922 bytes
-rw-r--r--metadata/glsa/glsa-202312-04.xml42
-rw-r--r--metadata/glsa/glsa-202312-05.xml46
-rw-r--r--metadata/glsa/glsa-202312-06.xml69
-rw-r--r--metadata/glsa/glsa-202312-07.xml87
-rw-r--r--metadata/glsa/glsa-202312-08.xml42
-rw-r--r--metadata/glsa/glsa-202312-09.xml45
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
10 files changed, 348 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 53c7ffd3e8b1..775096a7f6f3 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 555967 BLAKE2B f8d4fef48648a9d09bbe93d208448de86b22cd76da4d314ac930d88c564c4839518a18954f79ce2207b72e6559b200a25946f00b481a39f8f280a3da7d8bd5d0 SHA512 e6bd36f85039b3e2f213edf290b2f44b0dfedc95bf381b126768d42ddf622495421571000978e136eb8f92aa4df5801ecf04d531f791c017b32a4ad73b757884
-TIMESTAMP 2023-12-22T07:10:03Z
+MANIFEST Manifest.files.gz 556922 BLAKE2B 4af97573db7aa951e408380dafaf4564604dab984a92046d73d1682616bf5972d8277f1ff5a139ca402707c848cbc37c64071d88cba8e2a217aa0fa1c81922f9 SHA512 ff2c1ae85d7fd96100abd1ac489ec14ce252228d4d7f01d4cc15ce1d273416a97c18a8c2879acb4b68cc91a2cec9f67808cb86557333ea7c653ae804465d62e0
+TIMESTAMP 2023-12-22T12:53:56Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWFNktfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWFhuVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDryw/6AwqEfxmMZ44e7J80Jf8odi31BoRGEDjQNMzkiS1fx/AB3Hbtf9GVin/k
-D3okI/vyvxmtq+3ZphJ/LM9NYCiFKZleRRALIvxMjOAK0SiZur7GC5EuiFl5CSib
-BvmssBlGNflevb7d/2l3lJFJG5XTVwfyFswzdp9+DcRnIBVUS28JLWKZSVilhRBB
-UoYPF/LFl48d6AaCgB0N5W+ZTqgSxUZ59xQda7/ya8OPshb+FsqbhTr4g3Hih1FM
-ixEe5uNjvsSNpbzdvHOijDYo78rhmRFjAJu8rLOlGXjY8P31bva7mvN5bkDTRgBp
-KCBMUiNEFWBKA3B6ldh0dTnTcbD7c3edOh4O1mAE4upCC2NlzPS4qyGnv05/goXG
-j+Fw9+9VK6ZWs2mMskHe2N24dSFl/uzD/wYgjSSl8m3aNoqBMCsOvq2cIK8U5/gO
-DQ5t2Ayu4Dy1VD5UOxxvy0b9z9yWtEs9PpKtirvcC33Qb+GvQSN+thn0LcFQkYHv
-x9xlnNDLVxJ3HC9I7nnEdufub3wIqqV7+HKSNHAvahgRuPK6ZaE1L7MmTR8DYLfq
-tgRsnFBY5vR5vhi5+597v+wxuLkZlP97rLq1XxCopvSo5YVQt14fYET6tVX+NAnv
-tgXfYtoLKjXT9uwisWZRG8vJ54F9Md6cj0UBKLeQT2L/vEaxNFM=
-=cQ8t
+klAaFQ/9HX+qDTHNEBNATtuTCYOCoSig88NaIjtgW/fTNTqKXykgUDRENc7GTl4+
+ix09n2RUeOiuo0XZEeDln1ByjxWcZW9xuigj1D1ZgltDOuAcxnVvbjvBLA0rL0cu
+B7dWC6iXz8N+3jk0Xz8r+wgOfkE2tCqqu443FYzAXNwybafMQ4BT+Uyq6FxWC1RP
++iKED/2BQqWJ9VzD7UiXil2WbPLMVK8dV52BanMoSP4EO/qvcbTMrtlNWZXHz/SM
+9nxs2ixD1bw7JicNf5JNS1VD+ogjM7eTZHLCR+d5r7/KoNY2H3jXGm+Qga8vVuoF
+WbBWbWPy13zhsgsNTM6WI0v5VNo3MdLwm4ujWNRsNSskhk/54F53MUJ+ADmtoazy
+rMyzn+oR/ssk8rYyrBdx/6SvSkCdvXtqrDL/t5H7x0Di8NSbI/OWVCQLcEXjgEhY
+jOkhqAZ0ye9aFWxLphXkR27IkL/HFRurGgwWbf6lAxSzO8iJSAyRm381JpHQiMGI
+pmpiW3/o7GhrEWfCEJhnpoU7xnxJYqEOZxttrwJC8+pKRUo/J6fGMyob3DylDI5O
+Ed664jTNoI5oY0pTDomVa4glwr4qbGYX4Z1WieCfEv3jnMmelzl4+5oFmKAkaxoM
+68sxMi96y+zMrgytjDv0b7YcdRSjzcAgRrEqsQbd7JiWcZzdets=
+=jBjJ
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 16c98dfcf002..fbe6d36a44bb 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202312-04.xml b/metadata/glsa/glsa-202312-04.xml
new file mode 100644
index 000000000000..6bd77e7aabfc
--- /dev/null
+++ b/metadata/glsa/glsa-202312-04.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202312-04">
+ <title>Arduino: Remote Code Execution</title>
+ <synopsis>A vulnerability has been found in Arduino which bundled a vulnerable version of log4j.</synopsis>
+ <product type="ebuild">arduino</product>
+ <announced>2023-12-22</announced>
+ <revised count="1">2023-12-22</revised>
+ <bug>830716</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-embedded/arduino" auto="yes" arch="*">
+ <unaffected range="ge">1.8.19</unaffected>
+ <vulnerable range="lt">1.8.19</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Arduino is an open-source AVR electronics prototyping platform.</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in Arduino. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Arduino bundles a vulnerable version of log4j that may lead to remote code execution.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Arduino users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-embedded/arduino-1.8.19"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4104">CVE-2021-4104</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-12-22T08:21:08.710033Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2023-12-22T08:21:08.712552Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202312-05.xml b/metadata/glsa/glsa-202312-05.xml
new file mode 100644
index 000000000000..7f286dd03d20
--- /dev/null
+++ b/metadata/glsa/glsa-202312-05.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202312-05">
+ <title>libssh: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to remote code execution.</synopsis>
+ <product type="ebuild">libssh</product>
+ <announced>2023-12-22</announced>
+ <revised count="1">2023-12-22</revised>
+ <bug>810517</bug>
+ <bug>905746</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-libs/libssh" auto="yes" arch="*">
+ <unaffected range="ge">0.10.5</unaffected>
+ <vulnerable range="lt">0.10.5</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libssh users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.10.5"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3634">CVE-2021-3634</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1667">CVE-2023-1667</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2283">CVE-2023-2283</uri>
+ <uri>GHSL-2023-085</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-12-22T09:05:35.565422Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2023-12-22T09:05:35.568851Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202312-06.xml b/metadata/glsa/glsa-202312-06.xml
new file mode 100644
index 000000000000..9943781b2989
--- /dev/null
+++ b/metadata/glsa/glsa-202312-06.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202312-06">
+ <title>Exiv2: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution.</synopsis>
+ <product type="ebuild">exiv2</product>
+ <announced>2023-12-22</announced>
+ <revised count="1">2023-12-22</revised>
+ <bug>785646</bug>
+ <bug>807346</bug>
+ <bug>917650</bug>
+ <access>local and remote</access>
+ <affected>
+ <package name="media-gfx/exiv2" auto="yes" arch="*">
+ <unaffected range="ge">0.28.1</unaffected>
+ <vulnerable range="lt">0.28.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Exiv2. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Exiv2 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-18771">CVE-2020-18771</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-18773">CVE-2020-18773</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-18774">CVE-2020-18774</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-18899">CVE-2020-18899</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29457">CVE-2021-29457</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29458">CVE-2021-29458</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29463">CVE-2021-29463</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29464">CVE-2021-29464</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29470">CVE-2021-29470</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29473">CVE-2021-29473</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29623">CVE-2021-29623</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31291">CVE-2021-31291</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31292">CVE-2021-31292</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32617">CVE-2021-32617</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32815">CVE-2021-32815</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34334">CVE-2021-34334</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34335">CVE-2021-34335</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37615">CVE-2021-37615</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37616">CVE-2021-37616</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37618">CVE-2021-37618</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37619">CVE-2021-37619</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37620">CVE-2021-37620</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37621">CVE-2021-37621</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37622">CVE-2021-37622</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37623">CVE-2021-37623</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44398">CVE-2023-44398</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-12-22T09:22:44.942530Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2023-12-22T09:22:44.945110Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202312-07.xml b/metadata/glsa/glsa-202312-07.xml
new file mode 100644
index 000000000000..66081cf21c67
--- /dev/null
+++ b/metadata/glsa/glsa-202312-07.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202312-07">
+ <title>QtWebEngine: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilitiies have been discovered in QtWebEngine, the worst of which could lead to remote code execution.</synopsis>
+ <product type="ebuild">qtwebengine</product>
+ <announced>2023-12-22</announced>
+ <revised count="1">2023-12-22</revised>
+ <bug>913050</bug>
+ <bug>915465</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-qt/qtwebengine" auto="yes" arch="*">
+ <unaffected range="ge">5.15.11_p20231120</unaffected>
+ <vulnerable range="lt">5.15.11_p20231120</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All QtWebEngine users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.11_p20231120"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4068">CVE-2023-4068</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4069">CVE-2023-4069</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4070">CVE-2023-4070</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4071">CVE-2023-4071</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4072">CVE-2023-4072</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4073">CVE-2023-4073</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4074">CVE-2023-4074</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4075">CVE-2023-4075</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4076">CVE-2023-4076</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4077">CVE-2023-4077</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4078">CVE-2023-4078</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4761">CVE-2023-4761</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4762">CVE-2023-4762</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4763">CVE-2023-4763</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4764">CVE-2023-4764</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5218">CVE-2023-5218</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5473">CVE-2023-5473</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5474">CVE-2023-5474</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5475">CVE-2023-5475</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5476">CVE-2023-5476</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5477">CVE-2023-5477</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5478">CVE-2023-5478</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5479">CVE-2023-5479</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5480">CVE-2023-5480</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5481">CVE-2023-5481</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5482">CVE-2023-5482</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5483">CVE-2023-5483</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5484">CVE-2023-5484</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5485">CVE-2023-5485</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5486">CVE-2023-5486</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5487">CVE-2023-5487</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5849">CVE-2023-5849</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5850">CVE-2023-5850</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5851">CVE-2023-5851</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5852">CVE-2023-5852</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5853">CVE-2023-5853</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5854">CVE-2023-5854</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5855">CVE-2023-5855</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5856">CVE-2023-5856</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5857">CVE-2023-5857</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5858">CVE-2023-5858</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5859">CVE-2023-5859</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5996">CVE-2023-5996</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5997">CVE-2023-5997</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6112">CVE-2023-6112</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-12-22T10:51:22.348762Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2023-12-22T10:51:22.351823Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202312-08.xml b/metadata/glsa/glsa-202312-08.xml
new file mode 100644
index 000000000000..ef351a71a433
--- /dev/null
+++ b/metadata/glsa/glsa-202312-08.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202312-08">
+ <title>LibRaw: Heap Buffer Overflow</title>
+ <synopsis>A vulnerability has been found in LibRaw where a heap buffer overflow may lead to an application crash.</synopsis>
+ <product type="ebuild">libraw</product>
+ <announced>2023-12-22</announced>
+ <revised count="1">2023-12-22</revised>
+ <bug>908041</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/libraw" auto="yes" arch="*">
+ <unaffected range="ge">0.21.1-r1</unaffected>
+ <vulnerable range="lt">0.21.1-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>LibRaw is a library for reading RAW files obtained from digital photo cameras.</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in LibRaw. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All LibRaw users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.21.1-r1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1729">CVE-2023-1729</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-12-22T11:43:10.877313Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2023-12-22T11:43:10.880686Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202312-09.xml b/metadata/glsa/glsa-202312-09.xml
new file mode 100644
index 000000000000..2073312aa85e
--- /dev/null
+++ b/metadata/glsa/glsa-202312-09.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202312-09">
+ <title>NASM: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in NASM, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">nasm</product>
+ <announced>2023-12-22</announced>
+ <revised count="1">2023-12-22</revised>
+ <bug>686720</bug>
+ <bug>903755</bug>
+ <access>local and remote</access>
+ <affected>
+ <package name="dev-lang/nasm" auto="yes" arch="*">
+ <unaffected range="ge">2.16.01</unaffected>
+ <vulnerable range="lt">2.16.01</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>NASM is a 80x86 assembler that has been created for portability and modularity. NASM supports Pentium, P6, SSE MMX, and 3DNow extensions. It also supports a wide range of objects formats (ELF, a.out, COFF, etc), and has its own disassembler.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in NASM. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All NASM users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/nasm-2.16.01"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8343">CVE-2019-8343</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21528">CVE-2020-21528</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44370">CVE-2022-44370</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-12-22T12:11:31.423926Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2023-12-22T12:11:31.426302Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 2fa20aca64d3..0fce71efb089 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 22 Dec 2023 07:10:00 +0000
+Fri, 22 Dec 2023 12:53:51 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index a634e4ed0d72..920ff58ffd43 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-d581a8407333114280b6515712cb22816e2b9f36 1703057325 2023-12-20T07:28:45+00:00
+9f9ee310bf6c4ebf26d43ff75e027e27f23beb80 1703247114 2023-12-22T12:11:54+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 04:17:59 +0000