diff options
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 440286 -> 442809 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-201904-10.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-11.xml | 59 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-12.xml | 56 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-13.xml | 50 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-14.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-15.xml | 47 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-16.xml | 50 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-17.xml | 55 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-18.xml | 44 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-19.xml | 48 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-20.xml | 48 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-21.xml | 46 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-22.xml | 50 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-23.xml | 47 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-24.xml | 61 | ||||
| -rw-r--r-- | metadata/glsa/glsa-201904-25.xml | 48 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
20 files changed, 824 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index e9f4a151bebc..04267fb39590 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 440286 BLAKE2B 2af5ef9362c78ba7bf11bdae9a9489f74edad467df6b2ae46f4c40f90efff0d9b9a16871d4b4dc3152d243cdeef378b57c07f591978c6f08430193f3f3b50211 SHA512 7e4746f00d3d1c261bcbe86e5a5e69eaabba6282a2dc735d9c66666182e861452e574ab7acbc8ab5e371b58e03c97a798c1b6252a2fefecafc24796f9bf8af6f -TIMESTAMP 2019-04-05T19:38:48Z +MANIFEST Manifest.files.gz 442809 BLAKE2B 4b7b795575911222fd7fe1e9f9900ced88b7957d15e08d5881ee7e2c91f556beb375085e3842469d53d9c216f6709039908e138283d8726731c25b7aa33c7861 SHA512 ad93d050cf3a9d3cfb5dbce463c01bff4a31f205a3d2773382f89e603197645720db7bb4b45496d26f019ef9161b89ce5d0e4aacd87f89dff11d9c1126c34c46 +TIMESTAMP 2019-04-28T08:08:59Z -----BEGIN PGP SIGNATURE----- -iQKSBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlynrshfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlzFX5tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDmmw/1FnKMgyH5T28DSzwMZuE8YkwURYIHCA5qWo9cxMNC3+zkmbbSk0VVpFYM -x4Kbujp284QVXKb0qFnaOIgg8I8vV8ZsfycoIlgBeMtC5lSK06za+aOIQtIsqUqA -dVKlptpy1PW0Yq2mtUHcU3km8JTzzyGCpmTEEQpYXP/aIzj9MdVW1tTGfeJFUILf -Wb9D/3A9ccU6tfdkPQMJGE2g3+vWU3yocfJtsAPdFFb3npZXrtQKQgLHm48OMKmU -q60eSg5qePVkgL67iitIoO5HFleNkTAgaOzTpGtd7/oxGzAqzgPQ3915hqTodC6E -ZUqxcXe+qVtWbFJkO9VtaQ1ZMVa2LjldoNY7ZvexOwmGZg7QGx7yx7sMato1XsM2 -S8+i7ylkBCxnk3gV1Bi4t6fgZEV9wK9cURpJEto5QFkqJDY/XHNxFlB0S8FWs/Uv -5DGhPi5nsjdHhUAoifJ22u21IRgAaS2GFXuwDLGgpA2ZOjRWXdMK2IfK84wHzWvj -ESHnObusGk5CJ6NDyLeo22ibnfKT/e4diLBE/wQZ/0BAb1VtTsCIUDPXv8pqEF3L -jSuKXXDo/qWtQChKbtLngMxCrxqo5j2n67itEcEPYCVCrTrvJDyqwb5bzBjtwlIn -sdgofFSpC7jNGj79z5H+d5QrMTDa46VgeVg3h/O/8TgzVM3JFw== -=Of+c +klBE1BAAk2H5Jdv7vxWNsG9w/4IKZHhE0/t7cNPGjLaFQVYo1KyVDmfT6/ZSN8Zo +Mnb1UgTUjM6cFKbe1gGVVHFQGKiMBWVhfYdnWErIP+8eLFOlqDYs1C74BprIdtlm +GJH1E2LNimj7p8HTgqbJAOhZmj6r7DZ3jXQ0DYbRKNUhfxAj3QrCPNvAp6TCftKH +p5UaXvBD6/DCHZlcneEXhyVZLqyJlMzkdhYdZW40QXjK+dU4jnAgt0J174gBsd5S +m23RpafkiNNDFVxTzGi6PQJhJNRqOtXwYdUKCZhtTPoAoCuQpJHvErHabRvY1VJa +r87k2JYHEIovzQ6Q5Nfsj21z9xMqMGZAoMjbreNotRxiXIxRdrvpuh59ujoJWsfQ +Re+RNNFeCHZKGjTHbNuhC8d+mzPwLGgtg0cK43bHvetPwCbEYTJF8VFhnNiUT30o +FKiQfF1JOSvPosScckofooFaDvGZuWPOi9r+n1wvYxrWBh4dDvlAtHOYDbVIEMLS +lhNwZpzgVl8heEs1I9DR8k9tAMScf0ZxXc9dm3yXR3QURavEdL94Zbo9Z7qiRe64 +6F31x6Big1/EuxhTrzg2j2ywsrA8mDZ/A7on+aOgGABij6b9UGiWpxiBZeBoOF1I +flLmcoDUWshrP7shx7V393lfRBaizybkStj4WooRnMMAwJF6Qz4= +=5MQa -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex c193a1df00d8..30f8c1bd5004 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201904-10.xml b/metadata/glsa/glsa-201904-10.xml new file mode 100644 index 000000000000..52942963da3b --- /dev/null +++ b/metadata/glsa/glsa-201904-10.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-10"> + <title>Mailman: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Mailman, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">mailman</product> + <announced>2019-04-08</announced> + <revised count="1">2019-04-08</revised> + <bug>662902</bug> + <access>remote</access> + <affected> + <package name="net-mail/mailman" auto="yes" arch="*"> + <unaffected range="ge">2.1.29</unaffected> + <vulnerable range="lt">2.1.29</vulnerable> + </package> + </affected> + <background> + <p>Mailman is a Python based mailing list server with an extensive web + interface. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mailman. Please review + the referenced CVE identifier for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mailman users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.29" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0618">CVE-2018-0618</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-13796">CVE-2018-13796</uri> + </references> + <metadata tag="requester" timestamp="2019-03-28T03:31:17Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-08T15:19:06Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-11.xml b/metadata/glsa/glsa-201904-11.xml new file mode 100644 index 000000000000..f6fd170bf78a --- /dev/null +++ b/metadata/glsa/glsa-201904-11.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-11"> + <title>Portage: Man-in-the-middle</title> + <synopsis>A vulnerability in emerge-delta-webrsync and Portage could result + in a man-in-the-middle attack. + </synopsis> + <product type="ebuild">portage</product> + <announced>2019-04-08</announced> + <revised count="1">2019-04-08</revised> + <bug>646212</bug> + <access>remote</access> + <affected> + <package name="app-portage/emerge-delta-webrsync" auto="yes" arch="*"> + <unaffected range="ge">3.7.4</unaffected> + <vulnerable range="lt">3.7.4</vulnerable> + </package> + <package name="sys-apps/portage" auto="yes" arch="*"> + <unaffected range="ge">2.3.22</unaffected> + <vulnerable range="lt">2.3.22</vulnerable> + </package> + </affected> + <background> + <p>Portage is the package management and distribution system for Gentoo.</p> + </background> + <description> + <p>A vulnerability was discovered in emerge-delta-webrsync and Portage that + did not properly validate the revocation status of GPG keys. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could conduct a man-in-the-middle attack. Please + review the referenced bug for specific details. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All emerge-delta-webrsync users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-portage/emerge-delta-webrsync-3.7.4" + </code> + + <p>All Portage users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/portage-2.3.22" + </code> + </resolution> + <references> + </references> + <metadata tag="requester" timestamp="2019-03-24T23:20:15Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-08T15:21:14Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-12.xml b/metadata/glsa/glsa-201904-12.xml new file mode 100644 index 000000000000..35d006de1ab9 --- /dev/null +++ b/metadata/glsa/glsa-201904-12.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-12"> + <title>ClamAV: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in ClamAV, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">clamav</product> + <announced>2019-04-08</announced> + <revised count="1">2019-04-08</revised> + <bug>660820</bug> + <bug>667900</bug> + <bug>681840</bug> + <access>remote</access> + <affected> + <package name="app-antivirus/clamav" auto="yes" arch="*"> + <unaffected range="ge">0.101.2</unaffected> + <vulnerable range="lt">0.101.2</vulnerable> + </package> + </affected> + <background> + <p>ClamAV is a GPL virus scanner.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in ClamAV. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All ClamAV users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.101.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0360">CVE-2018-0360</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0361">CVE-2018-0361</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15378">CVE-2018-15378</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1785">CVE-2019-1785</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1786">CVE-2019-1786</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1787">CVE-2019-1787</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1788">CVE-2019-1788</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1789">CVE-2019-1789</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1798">CVE-2019-1798</uri> + </references> + <metadata tag="requester" timestamp="2019-03-29T21:05:49Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-04-08T15:22:53Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-13.xml b/metadata/glsa/glsa-201904-13.xml new file mode 100644 index 000000000000..3c6f7e5af643 --- /dev/null +++ b/metadata/glsa/glsa-201904-13.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-13"> + <title>Git: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Git, the worst of which + could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">git</product> + <announced>2019-04-11</announced> + <revised count="1">2019-04-11</revised> + <bug>671988</bug> + <bug>676262</bug> + <access>remote</access> + <affected> + <package name="dev-vcs/git" auto="yes" arch="*"> + <unaffected range="ge">2.20.1</unaffected> + <vulnerable range="lt">2.20.1</vulnerable> + </package> + </affected> + <background> + <p>Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Git. Please review the + referenced CVE identifiers for details + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifier and bugs for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Git users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.19.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19486">CVE-2018-19486</uri> + </references> + <metadata tag="requester" timestamp="2019-03-10T06:15:06Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-11T01:14:55Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-14.xml b/metadata/glsa/glsa-201904-14.xml new file mode 100644 index 000000000000..a6418b23e658 --- /dev/null +++ b/metadata/glsa/glsa-201904-14.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-14"> + <title>GnuTLS: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in GnuTLS, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">gnutls</product> + <announced>2019-04-15</announced> + <revised count="1">2019-04-15</revised> + <bug>681846</bug> + <access>remote</access> + <affected> + <package name="net-libs/gnutls" auto="yes" arch="*"> + <unaffected range="ge">3.6.7</unaffected> + <vulnerable range="lt">3.6.7</vulnerable> + </package> + </affected> + <background> + <p>GnuTLS is a secure communications library implementing the SSL, TLS and + DTLS protocols and technologies around them. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GnuTLS. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the CVE identifiers referenced below for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GnuTLS users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.6.7" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3829">CVE-2019-3829</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3836">CVE-2019-3836</uri> + </references> + <metadata tag="requester" timestamp="2019-04-02T06:51:08Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-15T20:45:09Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-15.xml b/metadata/glsa/glsa-201904-15.xml new file mode 100644 index 000000000000..5c645f5aecf1 --- /dev/null +++ b/metadata/glsa/glsa-201904-15.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-15"> + <title>libTIFF: Denial of Service</title> + <synopsis>A vulnerability in libTIFF could lead to a Denial of Service + condition. + </synopsis> + <product type="ebuild">tiff</product> + <announced>2019-04-15</announced> + <revised count="1">2019-04-15</revised> + <bug>669948</bug> + <access>remote</access> + <affected> + <package name="media-libs/tiff" auto="yes" arch="*"> + <unaffected range="ge">4.0.10</unaffected> + <vulnerable range="lt">4.0.10</vulnerable> + </package> + </affected> + <background> + <p>The TIFF library contains encoding and decoding routines for the Tag + Image File Format. It is called by numerous programs, including GNOME and + KDE applications, to interpret TIFF images. + </p> + </background> + <description> + <p>Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the CVE identifier referenced below for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All tiff users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.10" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18557">CVE-2018-18557</uri> + </references> + <metadata tag="requester" timestamp="2019-04-02T05:33:33Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-15T20:50:36Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-16.xml b/metadata/glsa/glsa-201904-16.xml new file mode 100644 index 000000000000..16fca23fd62f --- /dev/null +++ b/metadata/glsa/glsa-201904-16.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-16"> + <title>phpMyAdmin: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in phpMyAdmin, the worst + of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">phpmyadmin</product> + <announced>2019-04-15</announced> + <revised count="1">2019-04-15</revised> + <bug>658742</bug> + <bug>672938</bug> + <access>remote</access> + <affected> + <package name="dev-db/phpmyadmin" auto="yes" arch="*"> + <unaffected range="ge">4.8.4</unaffected> + <vulnerable range="lt">4.8.4</vulnerable> + </package> + </affected> + <background> + <p>phpMyAdmin is a web-based management tool for MySQL databases.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in phpMyAdmin. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the CVE identifiers referenced below for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All phpMyAdmin users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.8.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12613">CVE-2018-12613</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19968">CVE-2018-19968</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19969">CVE-2018-19969</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19970">CVE-2018-19970</uri> + </references> + <metadata tag="requester" timestamp="2019-03-30T00:23:53Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-04-15T20:53:01Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-17.xml b/metadata/glsa/glsa-201904-17.xml new file mode 100644 index 000000000000..16ee81006487 --- /dev/null +++ b/metadata/glsa/glsa-201904-17.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-17"> + <title>Patch: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Patch, the worst of + which could result in the execution of arbitrary code. + </synopsis> + <product type="ebuild">patch</product> + <announced>2019-04-17</announced> + <revised count="1">2019-04-17</revised> + <bug>647792</bug> + <bug>647794</bug> + <bug>652710</bug> + <access>remote</access> + <affected> + <package name="sys-devel/patch" auto="yes" arch="*"> + <unaffected range="ge">2.7.6-r3</unaffected> + <vulnerable range="lt">2.7.6-r3</vulnerable> + </package> + </affected> + <background> + <p>Patch takes a patch file containing a difference listing produced by the + diff program and applies those differences to one or more original files, + producing patched versions. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Patch. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Patch users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/patch-2.7.6-r3" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000156"> + CVE-2018-1000156 + </uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6951">CVE-2018-6951</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6952">CVE-2018-6952</uri> + </references> + <metadata tag="requester" timestamp="2019-04-11T21:19:29Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-04-17T18:28:49Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-18.xml b/metadata/glsa/glsa-201904-18.xml new file mode 100644 index 000000000000..3c23d4bace80 --- /dev/null +++ b/metadata/glsa/glsa-201904-18.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-18"> + <title>libseccomp: Privilege escalation</title> + <synopsis>A vulnerability in libseccomp allows for privilege escalation.</synopsis> + <product type="ebuild">libseccomp</product> + <announced>2019-04-17</announced> + <revised count="1">2019-04-17</revised> + <bug>680442</bug> + <access>remote</access> + <affected> + <package name="sys-libs/libseccomp" auto="yes" arch="*"> + <unaffected range="ge">2.4.0</unaffected> + <vulnerable range="lt">2.4.0</vulnerable> + </package> + </affected> + <background> + <p>A library that provides an easy to use, platform independent, interface + to the Linux Kernel’s syscall filtering mechanism. + </p> + </background> + <description> + <p>Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifier for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All libseccomp users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/libseccomp-2.4.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9893">CVE-2019-9893</uri> + </references> + <metadata tag="requester" timestamp="2019-03-24T13:22:58Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-17T18:31:42Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-19.xml b/metadata/glsa/glsa-201904-19.xml new file mode 100644 index 000000000000..71f6cdb43a2e --- /dev/null +++ b/metadata/glsa/glsa-201904-19.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-19"> + <title>Dovecot: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Dovecot, the worst of + which could result in root privilege escalation. + </synopsis> + <product type="ebuild">dovecot</product> + <announced>2019-04-17</announced> + <revised count="1">2019-04-17</revised> + <bug>677350</bug> + <bug>681922</bug> + <access>remote</access> + <affected> + <package name="net-mail/dovecot" auto="yes" arch="*"> + <unaffected range="ge">2.3.5.1</unaffected> + <vulnerable range="lt">2.3.5.1</vulnerable> + </package> + </affected> + <background> + <p>Dovecot is an open source IMAP and POP3 email server.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Dovecot. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Dovecot users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/dovecot-2.3.5.1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3814">CVE-2019-3814</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7524">CVE-2019-7524</uri> + </references> + <metadata tag="requester" timestamp="2019-04-02T07:08:40Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-17T18:33:06Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-20.xml b/metadata/glsa/glsa-201904-20.xml new file mode 100644 index 000000000000..3600d8fe7704 --- /dev/null +++ b/metadata/glsa/glsa-201904-20.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-20"> + <title>Apache: Privilege escalation</title> + <synopsis>A vulnerability in Apache might allow an attacker to escalate + privileges. + </synopsis> + <product type="ebuild">apache</product> + <announced>2019-04-22</announced> + <revised count="1">2019-04-22</revised> + <bug>682306</bug> + <access>remote</access> + <affected> + <package name="www-servers/apache" auto="yes" arch="*"> + <unaffected range="ge">2.4.39</unaffected> + <vulnerable range="lt">2.4.39</vulnerable> + </package> + </affected> + <background> + <p>The Apache HTTP server is one of the most popular web servers on the + Internet. + </p> + </background> + <description> + <p>A vulnerability was discovered in Apache with MPM event, worker, or + prefork. + </p> + </description> + <impact type="normal"> + <p>An attacker could escalate privileges.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Apache users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.39" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0211">CVE-2019-0211</uri> + </references> + <metadata tag="requester" timestamp="2019-04-21T03:09:02Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-04-22T23:27:43Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-21.xml b/metadata/glsa/glsa-201904-21.xml new file mode 100644 index 000000000000..c15ae6a5c47c --- /dev/null +++ b/metadata/glsa/glsa-201904-21.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-21"> + <title>SQLite: Remote code execution</title> + <synopsis>A vulnerability in SQLite may allow for the remote execution of + code. + </synopsis> + <product type="ebuild">sqlite</product> + <announced>2019-04-22</announced> + <revised count="1">2019-04-22</revised> + <bug>672942</bug> + <access>remote</access> + <affected> + <package name="dev-db/sqlite" auto="yes" arch="*"> + <unaffected range="ge">3.25.3</unaffected> + <vulnerable range="lt">3.25.3</vulnerable> + </package> + </affected> + <background> + <p>SQLite is a C library that implements an SQL database engine.</p> + </background> + <description> + <p>An integer overflow was discovered in SQLite’s FTS3 extension.</p> + </description> + <impact type="normal"> + <p>A remote attacker could, by executing arbitrary SQL statements against a + vulnerable host, execute arbitrary code. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All SQLite users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.25.3" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20346">CVE-2018-20346</uri> + </references> + <metadata tag="requester" timestamp="2019-04-20T00:53:44Z">b-man</metadata> + <metadata tag="submitter" timestamp="2019-04-22T23:31:33Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-22.xml b/metadata/glsa/glsa-201904-22.xml new file mode 100644 index 000000000000..0859caae3dd4 --- /dev/null +++ b/metadata/glsa/glsa-201904-22.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-22"> + <title>OpenDKIM: Root privilege escalation</title> + <synopsis>A vulnerability was discovered in Gentoo's ebuild for OpenDKIM + which could lead to root privilege escalation. + </synopsis> + <product type="ebuild">opendkim</product> + <announced>2019-04-22</announced> + <revised count="1">2019-04-22</revised> + <bug>629914</bug> + <access>remote</access> + <affected> + <package name="mail-filter/opendkim" auto="yes" arch="*"> + <unaffected range="ge">2.10.3-r8</unaffected> + <vulnerable range="lt">2.10.3-r8</vulnerable> + </package> + </affected> + <background> + <p>A community effort to develop and maintain a C library for producing + DKIM-aware applications and an open source milter for providing DKIM + service. + </p> + </background> + <description> + <p>It was discovered that Gentoo’s OpenDKIM ebuild does not properly set + permissions or place the pid file in a safe directory. + </p> + </description> + <impact type="normal"> + <p>A local attacker could escalate privileges.</p> + </impact> + <workaround> + <p>Users should ensure the proper permissions are set as discussed in the + referenced bugs. + </p> + </workaround> + <resolution> + <p>All OpenDKIM users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/opendkim-2.10.3-r8" + </code> + </resolution> + <references> + </references> + <metadata tag="requester" timestamp="2019-04-02T07:15:45Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-22T23:34:15Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-23.xml b/metadata/glsa/glsa-201904-23.xml new file mode 100644 index 000000000000..9dbde006580e --- /dev/null +++ b/metadata/glsa/glsa-201904-23.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-23"> + <title>GLib: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in GLib, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">glib</product> + <announced>2019-04-22</announced> + <revised count="1">2019-04-22</revised> + <bug>668474</bug> + <access>remote</access> + <affected> + <package name="dev-libs/glib" auto="yes" arch="*"> + <unaffected range="ge">2.56.4</unaffected> + <vulnerable range="lt">2.56.4</vulnerable> + </package> + </affected> + <background> + <p>GLib is a library providing a number of GNOME’s core objects and + functions. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GLib. Please review the + referenced bug for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced bugs for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GLib users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.56.4" + </code> + </resolution> + <references> + </references> + <metadata tag="requester" timestamp="2019-03-10T06:13:16Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-22T23:36:01Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-24.xml b/metadata/glsa/glsa-201904-24.xml new file mode 100644 index 000000000000..95f5370a2b59 --- /dev/null +++ b/metadata/glsa/glsa-201904-24.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-24"> + <title>Ming: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Ming, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">ming</product> + <announced>2019-04-24</announced> + <revised count="1">2019-04-24</revised> + <bug>624712</bug> + <bug>626498</bug> + <bug>646770</bug> + <access>remote</access> + <affected> + <package name="media-libs/ming" auto="yes" arch="*"> + <unaffected range="ge">0.20181112</unaffected> + <vulnerable range="lt">0.20181112</vulnerable> + </package> + </affected> + <background> + <p>A library for generating Macromedia Flash files.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Ming. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Ming users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/ming-0.20181112" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11728">CVE-2017-11728</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11729">CVE-2017-11729</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11730">CVE-2017-11730</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11731">CVE-2017-11731</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11732">CVE-2017-11732</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11733">CVE-2017-11733</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-11734">CVE-2017-11734</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9988">CVE-2017-9988</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9989">CVE-2017-9989</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5251">CVE-2018-5251</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5294">CVE-2018-5294</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6315">CVE-2018-6315</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6358">CVE-2018-6358</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6359">CVE-2018-6359</uri> + </references> + <metadata tag="requester" timestamp="2019-04-19T01:46:20Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-24T23:57:18Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-201904-25.xml b/metadata/glsa/glsa-201904-25.xml new file mode 100644 index 000000000000..b72443a1d3cb --- /dev/null +++ b/metadata/glsa/glsa-201904-25.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201904-25"> + <title>QEMU: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">qemu</product> + <announced>2019-04-24</announced> + <revised count="1">2019-04-24</revised> + <bug>680834</bug> + <bug>681850</bug> + <access>remote</access> + <affected> + <package name="app-emulation/qemu" auto="yes" arch="*"> + <unaffected range="ge">3.1.0-r4</unaffected> + <vulnerable range="lt">3.1.0-r4</vulnerable> + </package> + </affected> + <background> + <p>QEMU is a generic and open source machine emulator and virtualizer.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All QEMU users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-3.1.0-r4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20815">CVE-2018-20815</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9824">CVE-2019-9824</uri> + </references> + <metadata tag="requester" timestamp="2019-03-10T05:49:31Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2019-04-24T23:59:19Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 96a4d66147ab..053c17427b9b 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 05 Apr 2019 19:38:44 +0000 +Sun, 28 Apr 2019 08:08:55 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 8bf01aa3c270..41a53add6ecd 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -7c09f6fddfb8f5996646e8bceb05ce66a9df690d 1554402888 2019-04-04T18:34:48+00:00 +42c9d977ba183a5bc173b70ad145977fc6705eda 1556150376 2019-04-24T23:59:36+00:00 |