diff options
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 572670 -> 574093 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202405-21.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-22.xml | 46 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-23.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-24.xml | 45 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-25.xml | 111 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-26.xml | 44 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-27.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-28.xml | 63 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-29.xml | 121 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
13 files changed, 573 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index d234b6e408ad..ece5557e41f9 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 572670 BLAKE2B 53f887b1afdbde7318d64b5a2773bb5d9df44b119ad24b5683fbd2ae80615cb88bc0e858597f3342fc169482d9775591c1b93c38f6679166daa01f65e8ee2bd2 SHA512 e2ab6ec1262d65f9a9d9eec3c3a120c56903ac41761a8bd30674704a65d489d45a5909a6dcd6e413aa3493f4105d540fb62b8398ce239d745de856eaed58b752 -TIMESTAMP 2024-05-07T22:10:22Z +MANIFEST Manifest.files.gz 574093 BLAKE2B 318df115096d845985002a8b8e0f637d274e4e65edb2b9281542fee47cc506c5721051233f56472e2abd4118c170378e212be985d9a5f0ecbe6cb563bc0ee4b4 SHA512 091fa28c9a2e9dbf89c9f0d5538945e5b8fb4d2c99dd9e17cbb56c9703372becd5bb5b92c85c33997f22b700a438afb6954c2601cb7bf26223a2de8b571cca02 +TIMESTAMP 2024-05-08T22:10:17Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmY6ps5fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmY7+ElfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klB1/w//WJXneRPc+YVII9sGyLh9HqZPptD+DI9yXhadG1hzslhH6fD58XOkV6di -H8rWQvUUnwGbgjK4aTKB/NZ7XsUMeKLIw1YwuYGxfGU+jL68UJ96AuoApxhW5QtY -wymJHOQfMHF4Qzn45zdSXzCIV8SlcWYCdk8yh0paLuJZ/4ZPAViYcsKqrvUILsfK -9G72UFD3N5nqQGQSfUNtE9pyEY8uTFn9+seE/FvKhurVU26R7/6jIlsUqMK0XHvs -j0CHFP3eiQr0i5aC03OcxvZt9FTz94sGd18zxBwhAD/G1g1iCqNCs5u6PnR/BgL0 -7We8ERDW7Ia7fkI15w9AklrgEEGG2jL0udJ+qvx9xXzoPUf98iOmQy61/nUIcgR0 -lShfCnqfyyKZWEJbWUwJ/f6XuMRya5fM6LPni5qpTTcS3Atm1ee2Ju7Fi6CVCLxL -SqJnyQbvFFwgHIfi2TgGQ6sWPEy/pw9qqoMNHIetB2ZWOy5AeVPUZNR4S16YoUc/ -AiNYdEupWBVJXXt4q8/io0WT8LH+oeS2IgwFRwaHzkXwV/ZO4XIAf8u42GL+u0dT -0YDiIBVJjZBhfYFSd553tQUU8ZRM8ZOEf+Uet2k9cKgdY+0CcKaAk3Vw7A9xbM7z -SsGNJOrLflP/7Jg8vIXQZudzMQEDMoDKBQxCINTJopSHwQNtW5E= -=I47p +klDSpA/+LYmuWipmRJBCUVwGV9v94U//ywdeNOjG9NlGlov/X7mc6Whlem2uZaXA +Jm6ee/GVnujEyxaALi3yM7fqdNPturJA6vhZxZrZkfTqnKA3dW7Jr9UWab40zOZz +wEsx97j4Wm7ekgYEsCFLttqJqMibAZqQcxr4NWZUBKnopEAJYVg57bW/04tNOL8j +yMEqMTIIsTZxgVUsEfk6ehxbOdFQWXgmpMg8Gy7XdgvRT0ctAy+GM0tjE2PNAz3G +fBbVzfdmUb9IXNH3fn2WmKAjfbdTGmkDch7fN7j8hdT8gPSzZh1Tsy7twvrALvGp +lzZ53VyhZbpzhs2S0CDxt4bXez66r76raZy5RN8MpLfHVmWPzVbroNU4jwaltFz/ +6PWSVIiITc6cvyx+dIGFLiS1DDappMrqH9OmE3zaPvzTg9mn9fYi4hdBEbQ56vZl +lasd1ZBXTiKAX0jkpXFCF1g1yCEU9rl90CqRI4GZWGRU3YVJsFzDT4hiRo5CVJCG +E4sm0cGn56Ljq51Q5T8qkavXdcvvi5NpHhNnF+KYLe1TrzhysEajFFWkWQ8nqoXx +zCg/eHY2XhhO4Q23wQG5xCtMs6nGBUwvvJZs7Z0+kQelw71kw6w46R67+WjBepc3 +3bUZ60/fV4L6oJfhd9udxeUjqucCo2T7a79PzZiLBHFEohfI9QE= +=Rj0J -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 14dcfb5cf364..cf8e319c001b 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202405-21.xml b/metadata/glsa/glsa-202405-21.xml new file mode 100644 index 000000000000..fe0ce1ff7f20 --- /dev/null +++ b/metadata/glsa/glsa-202405-21.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-21"> + <title>Commons-BeanUtils: Improper Access Restriction</title> + <synopsis>A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code.</synopsis> + <product type="ebuild">commons-beanutils</product> + <announced>2024-05-08</announced> + <revised count="1">2024-05-08</revised> + <bug>739346</bug> + <access>remote</access> + <affected> + <package name="dev-java/commons-beanutils" auto="yes" arch="*"> + <unaffected range="ge">1.9.4</unaffected> + <vulnerable range="lt">1.9.4</vulnerable> + </package> + </affected> + <background> + <p>Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs</p> + </background> + <description> + <p>A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Commons-BeanUtils users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/commons-beanutils-1.9.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10086">CVE-2019-10086</uri> + </references> + <metadata tag="requester" timestamp="2024-05-08T05:13:04.382039Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-08T05:13:04.384810Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-22.xml b/metadata/glsa/glsa-202405-22.xml new file mode 100644 index 000000000000..d49835dbc286 --- /dev/null +++ b/metadata/glsa/glsa-202405-22.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-22"> + <title>rsync: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in rsync, the worst of which can lead to denial of service or information disclosure.</synopsis> + <product type="ebuild">rsync</product> + <announced>2024-05-08</announced> + <revised count="1">2024-05-08</revised> + <bug>792576</bug> + <bug>838724</bug> + <bug>862876</bug> + <access>remote</access> + <affected> + <package name="net-misc/rsync" auto="yes" arch="*"> + <unaffected range="ge">3.2.5_pre1</unaffected> + <vulnerable range="lt">3.2.5_pre1</vulnerable> + </package> + </affected> + <background> + <p>rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All rsync users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.2.5_pre1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">CVE-2018-25032</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14387">CVE-2020-14387</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29154">CVE-2022-29154</uri> + </references> + <metadata tag="requester" timestamp="2024-05-08T06:28:44.897737Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-08T06:28:44.901845Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-23.xml b/metadata/glsa/glsa-202405-23.xml new file mode 100644 index 000000000000..e27b66cb426f --- /dev/null +++ b/metadata/glsa/glsa-202405-23.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-23"> + <title>U-Boot tools: double free vulnerability</title> + <synopsis>A vulnerability has been discovered in U-Boot tools which can lead to execution of arbitary code.</synopsis> + <product type="ebuild">u-boot-tools</product> + <announced>2024-05-08</announced> + <revised count="1">2024-05-08</revised> + <bug>717000</bug> + <access>remote</access> + <affected> + <package name="dev-embedded/u-boot-tools" auto="yes" arch="*"> + <unaffected range="ge">2020.04</unaffected> + <vulnerable range="lt">2020.04</vulnerable> + </package> + </affected> + <background> + <p>U-Boot tools provides utiiities for working with Das U-Boot.</p> + </background> + <description> + <p>A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>In Das U-Boot a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All U-Boot tools users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-embedded/u-boot-tools-2020.04" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8432">CVE-2020-8432</uri> + </references> + <metadata tag="requester" timestamp="2024-05-08T07:20:03.445897Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-08T07:20:03.451147Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-24.xml b/metadata/glsa/glsa-202405-24.xml new file mode 100644 index 000000000000..e0e2b0211ef9 --- /dev/null +++ b/metadata/glsa/glsa-202405-24.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-24"> + <title>ytnef: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution.</synopsis> + <product type="ebuild">ytnef</product> + <announced>2024-05-08</announced> + <revised count="1">2024-05-08</revised> + <bug>774255</bug> + <access>remote</access> + <affected> + <package name="net-mail/ytnef" auto="yes" arch="*"> + <unaffected range="ge">2.0</unaffected> + <vulnerable range="lt">2.0</vulnerable> + </package> + </affected> + <background> + <p>ytnef is a TNEF stream reader for reading winmail.dat files.</p> + </background> + <description> + <p>The TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
+
+The SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All ytnef users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/ytnef-2.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3403">CVE-2021-3403</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3404">CVE-2021-3404</uri> + </references> + <metadata tag="requester" timestamp="2024-05-08T08:16:41.923823Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-08T08:16:41.929071Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-25.xml b/metadata/glsa/glsa-202405-25.xml new file mode 100644 index 000000000000..c2899b509e4b --- /dev/null +++ b/metadata/glsa/glsa-202405-25.xml @@ -0,0 +1,111 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-25"> + <title>MariaDB: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code.</synopsis> + <product type="ebuild">mariadb</product> + <announced>2024-05-08</announced> + <revised count="1">2024-05-08</revised> + <bug>699874</bug> + <bug>822759</bug> + <bug>832490</bug> + <bug>838244</bug> + <bug>847526</bug> + <bug>856484</bug> + <bug>891781</bug> + <access>remote</access> + <affected> + <package name="dev-db/mariadb" auto="yes" arch="*"> + <unaffected range="ge" slot="10.6">10.6.13</unaffected> + <unaffected range="ge" slot="10.11">10.11.3</unaffected> + <vulnerable range="lt" slot="10.6">10.11.3</vulnerable> + <vulnerable range="lt" slot="10.11">10.11.3</vulnerable> + <vulnerable range="lt">10.6.0</vulnerable> + </package> + </affected> + <background> + <p>MariaDB is an enhanced, drop-in replacement for MySQL.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All MariaDB 10.6 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.6" + </code> + + <p>All MariaDB 10.11 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.11" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2938">CVE-2019-2938</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2974">CVE-2019-2974</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46661">CVE-2021-46661</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46662">CVE-2021-46662</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46663">CVE-2021-46663</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46664">CVE-2021-46664</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46665">CVE-2021-46665</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46666">CVE-2021-46666</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46667">CVE-2021-46667</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46668">CVE-2021-46668</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46669">CVE-2021-46669</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24048">CVE-2022-24048</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24050">CVE-2022-24050</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24051">CVE-2022-24051</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24052">CVE-2022-24052</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27376">CVE-2022-27376</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27377">CVE-2022-27377</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27378">CVE-2022-27378</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27379">CVE-2022-27379</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27380">CVE-2022-27380</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27381">CVE-2022-27381</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27382">CVE-2022-27382</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27383">CVE-2022-27383</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27384">CVE-2022-27384</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27385">CVE-2022-27385</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27386">CVE-2022-27386</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27444">CVE-2022-27444</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27445">CVE-2022-27445</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27446">CVE-2022-27446</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27447">CVE-2022-27447</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27448">CVE-2022-27448</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27449">CVE-2022-27449</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27451">CVE-2022-27451</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27452">CVE-2022-27452</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27455">CVE-2022-27455</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27456">CVE-2022-27456</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27457">CVE-2022-27457</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27458">CVE-2022-27458</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31621">CVE-2022-31621</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31622">CVE-2022-31622</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31623">CVE-2022-31623</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31624">CVE-2022-31624</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32081">CVE-2022-32081</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32082">CVE-2022-32082</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32083">CVE-2022-32083</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32084">CVE-2022-32084</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32085">CVE-2022-32085</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32086">CVE-2022-32086</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32088">CVE-2022-32088</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32089">CVE-2022-32089</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32091">CVE-2022-32091</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38791">CVE-2022-38791</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47015">CVE-2022-47015</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5157">CVE-2023-5157</uri> + </references> + <metadata tag="requester" timestamp="2024-05-08T08:40:00.435252Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-08T08:40:00.439162Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-26.xml b/metadata/glsa/glsa-202405-26.xml new file mode 100644 index 000000000000..dd4b37ce9234 --- /dev/null +++ b/metadata/glsa/glsa-202405-26.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-26"> + <title>qtsvg: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to a denial of service.</synopsis> + <product type="ebuild">qtsvg</product> + <announced>2024-05-08</announced> + <revised count="1">2024-05-08</revised> + <bug>830381</bug> + <bug>906465</bug> + <access>remote</access> + <affected> + <package name="dev-qt/qtsvg" auto="yes" arch="*"> + <unaffected range="ge" slot="5">5.15.9-r1</unaffected> + <vulnerable range="lt" slot="5">5.15.9-r1</vulnerable> + </package> + </affected> + <background> + <p>qtsvg is a SVG rendering library for the Qt framework.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All qtsvg users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtsvg-5.15.9-r1:5" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45930">CVE-2021-45930</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32573">CVE-2023-32573</uri> + </references> + <metadata tag="requester" timestamp="2024-05-08T09:13:29.745666Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-08T09:13:29.749484Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-27.xml b/metadata/glsa/glsa-202405-27.xml new file mode 100644 index 000000000000..eb8326533b69 --- /dev/null +++ b/metadata/glsa/glsa-202405-27.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-27"> + <title>Epiphany: Buffer Overflow</title> + <synopsis>A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow.</synopsis> + <product type="ebuild">epiphany</product> + <announced>2024-05-08</announced> + <revised count="1">2024-05-08</revised> + <bug>839786</bug> + <access>remote</access> + <affected> + <package name="www-client/epiphany" auto="yes" arch="*"> + <unaffected range="ge">42.4</unaffected> + <vulnerable range="lt">42.4</vulnerable> + </package> + </affected> + <background> + <p>Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko.</p> + </background> + <description> + <p>A vulnerability has been discovered in Epiphany. Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>In GNOME Epiphany an HTML document can trigger a client buffer overflow (in ephy_string_shorten) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Epiphany users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/epiphany-42.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29536">CVE-2022-29536</uri> + </references> + <metadata tag="requester" timestamp="2024-05-08T09:47:31.556833Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-08T09:47:31.561419Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-28.xml b/metadata/glsa/glsa-202405-28.xml new file mode 100644 index 000000000000..775039d90ab6 --- /dev/null +++ b/metadata/glsa/glsa-202405-28.xml @@ -0,0 +1,63 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-28"> + <title>NVIDIA Drivers: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation.</synopsis> + <product type="ebuild">nvidia-drivers</product> + <announced>2024-05-08</announced> + <revised count="1">2024-05-08</revised> + <bug>909226</bug> + <bug>916583</bug> + <access>remote</access> + <affected> + <package name="x11-drivers/nvidia-drivers" auto="yes" arch="*"> + <unaffected range="ge">470.223.02</unaffected> + <unaffected range="ge">525.147.05</unaffected> + <unaffected range="ge">535.129.03</unaffected> + <vulnerable range="lt">470.223.02</vulnerable> + <vulnerable range="lt">525.147.05</vulnerable> + <vulnerable range="lt">535.129.03</vulnerable> + </package> + </affected> + <background> + <p>NVIDIA Drivers are NVIDIA's accelerated graphics driver.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All NVIDIA Drivers 470 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-470.223.02:0/470" + </code> + + <p>All NVIDIA Drivers 525 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-525.147.05:0/525" + </code> + + <p>All NVIDIA Drivers 535 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.129.03:0/535" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25515">CVE-2023-25515</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25516">CVE-2023-25516</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31022">CVE-2023-31022</uri> + </references> + <metadata tag="requester" timestamp="2024-05-08T10:58:20.300933Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-08T10:58:20.303998Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-29.xml b/metadata/glsa/glsa-202405-29.xml new file mode 100644 index 000000000000..fa25f9465123 --- /dev/null +++ b/metadata/glsa/glsa-202405-29.xml @@ -0,0 +1,121 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-29"> + <title>Node.js: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Node.js.</synopsis> + <product type="ebuild">nodejs</product> + <announced>2024-05-08</announced> + <revised count="1">2024-05-08</revised> + <bug>772422</bug> + <bug>781704</bug> + <bug>800986</bug> + <bug>805053</bug> + <bug>807775</bug> + <bug>811273</bug> + <bug>817938</bug> + <bug>831037</bug> + <bug>835615</bug> + <bug>857111</bug> + <bug>865627</bug> + <bug>872692</bug> + <bug>879617</bug> + <bug>918086</bug> + <bug>918614</bug> + <access>remote</access> + <affected> + <package name="net-libs/nodejs" auto="yes" arch="*"> + <unaffected range="ge">16.20.2</unaffected> + <unaffected range="ge">18.17.1</unaffected> + <unaffected range="ge">20.5.1</unaffected> + <vulnerable range="lt">16.20.2</vulnerable> + <vulnerable range="lt">18.17.1</vulnerable> + <vulnerable range="lt">20.5.1</vulnerable> + </package> + </affected> + <background> + <p>Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Node.js 20 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1" + </code> + + <p>All Node.js 18 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1" + </code> + + <p>All Node.js 16 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7774">CVE-2020-7774</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3672">CVE-2021-3672</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22883">CVE-2021-22883</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22884">CVE-2021-22884</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22918">CVE-2021-22918</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22930">CVE-2021-22930</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22931">CVE-2021-22931</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22939">CVE-2021-22939</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22940">CVE-2021-22940</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22959">CVE-2021-22959</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22960">CVE-2021-22960</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37701">CVE-2021-37701</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37712">CVE-2021-37712</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39134">CVE-2021-39134</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39135">CVE-2021-39135</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44531">CVE-2021-44531</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44532">CVE-2021-44532</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44533">CVE-2021-44533</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0778">CVE-2022-0778</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3602">CVE-2022-3602</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3786">CVE-2022-3786</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21824">CVE-2022-21824</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32212">CVE-2022-32212</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32213">CVE-2022-32213</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32214">CVE-2022-32214</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32215">CVE-2022-32215</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32222">CVE-2022-32222</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35255">CVE-2022-35255</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35256">CVE-2022-35256</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35948">CVE-2022-35948</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35949">CVE-2022-35949</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43548">CVE-2022-43548</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30581">CVE-2023-30581</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30582">CVE-2023-30582</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30583">CVE-2023-30583</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30584">CVE-2023-30584</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30586">CVE-2023-30586</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30587">CVE-2023-30587</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30588">CVE-2023-30588</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30589">CVE-2023-30589</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30590">CVE-2023-30590</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32002">CVE-2023-32002</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32003">CVE-2023-32003</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32004">CVE-2023-32004</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32005">CVE-2023-32005</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32006">CVE-2023-32006</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32558">CVE-2023-32558</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32559">CVE-2023-32559</uri> + </references> + <metadata tag="requester" timestamp="2024-05-08T11:16:15.398000Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-08T11:16:15.402000Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 207b8eb9b990..2ecddce0dc8c 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 07 May 2024 22:10:19 +0000 +Wed, 08 May 2024 22:10:12 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 88c796a7b0d1..9fd299452b65 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -508b72c9779f4f058551ebb133c5d5f21fd4e654 1715058264 2024-05-07T05:04:24+00:00 +88bffd0cf8491b108b57ac229b72f8b472c31ed1 1715166997 2024-05-08T11:16:37Z |