summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin418049 -> 419008 bytes
-rw-r--r--metadata/glsa/glsa-201803-06.xml85
-rw-r--r--metadata/glsa/glsa-201803-07.xml60
-rw-r--r--metadata/glsa/glsa-201803-08.xml57
-rw-r--r--metadata/glsa/glsa-201803-09.xml59
-rw-r--r--metadata/glsa/glsa-201803-10.xml63
-rw-r--r--metadata/glsa/glsa-201803-11.xml59
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
10 files changed, 400 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index bd3a8b2b9889..15ce955b6fae 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 418049 BLAKE2B a3e82a397312cf762e5cda25564d440a2b3aecaa5aaa703bf956b60cecc8465221f566829e94822d9c1453675eb2846f013d89579e6c62c3c38ae184e7b9f98e SHA512 23b3a75e9e75b69bd5906e842a32dfa2ce18c0384359a6fc950c0d89c337ede1766f040f5accdac618d7d1d758c7068653796d64371f385e712efb90a2e82b8d
-TIMESTAMP 2018-03-17T23:08:22Z
+MANIFEST Manifest.files.gz 419008 BLAKE2B 71f0ab3699e4a099c44c011fb7d1607c93e4628556d357e248d588dd4b30298f24421e20f3b09028f394cd30565736a3debab29d055e38cc1d05cc3b95e7fbb3 SHA512 243c38e1d0bd0c55ae403827eb74db802e4b6860f3637cb5417657bc368b43d6df8654d962a90a10485228d9fcdfa0522237ccff245f2bacf058795ba79b2a43
+TIMESTAMP 2018-03-23T03:38:25Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqtn+ZfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlq0drFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klC4/BAAry6B8HUOo8uum9CqObD8/d8Kxl1OK81BANppejCSjNV/GzCScDmQTmDz
-M5kUQRwy2VKGuv3wvOOOMCXW5VOYID4nzGIenk8uw9zmhBA+WHH4hiBajorfCWT8
-O7/OUa+ZLRfrAGxi4xElCr61hgeGRU0JoofSR+z+8HydcbvsmBtT8TqxOqYKFOIl
-de4Vs4+BvSBnxKUlVECYm/3J5aZPAItGAgjKCYr/KsDReeOb/YxF236aum46SF1b
-TFLqWl83BMRdXQ78jwupP0OGvDRkn5Be9SUFlyKhP+0Eav8H53QnRaqdZbN8g9Hh
-0+BWGED7aJW/0AcQiD2Pn9IM6iiOn774HnlGdoPdac3fk+z69zXcKKFxso6ZPXQV
-Bd+H6LrfVlT+YGDcFXiOc0XxnGHkYqqLaBnvfgXk3TskUOinQWsSA77HDvJmNcna
-WD8tOUhBEelFtSWPWax8xwo3FMzHDY4i5FJsWZNxbWejbx2H3/Med+empOZnIJTL
-FZG3pTrr1CivlstYXjnXkNU79F+K+p3d8/RrVxf9IJHOQ/yWhpXhFFElXidpB1or
-ajA+Q5TISkHEezZP8sxc5HCnbU/igpnYOIR8Vaujtqd+1DysSRGzu1vFCsQXXDeM
-te0hUaazrCGpDHjehBlPDr/aTXmIHAT5r28qKcFJ9mo1vF54OyM=
-=30bJ
+klBfMxAAktzJ852Lqkxj8H6f5zybWDJAYdsAWLQ4uYFqqEB0EF3srq8Npsa+ioqJ
+0mQ0VKflagytBTJDNbN8aA26vqzXwj3c7HiKk8APzz+OodFDIsP4qfpR2SvZxn90
+p69LxjLbpBNqNuEVMwmltTQ3olMuZfP/H4C+ErNgr3zVbg+T5Ewf14FG82Kxw+Ts
+NGFXBcM8JwLAgSgAjMRQ0ngYNvgZ7W9OHkZh92mIrCEcDRlwuEcTSKWPu9PS7or+
+Wx69CcdirGqtTQYCFV7fpxVdUXDxMstyHzuqhPYRhLMpRzAKTCHacM6qSPy0w9di
+dAPmWKo1BbApE15OUfTyv78bg6uXnuQMEC/XzecnPuRphbXCzNHdjvTyil9PK6XK
+uRQwwzcIHcRfQqVjgJz0zPOyY4StsqXFz/m70n76hzqScDVXoJupfAWwODea9sFY
+2BPS9CKqsiBowo3viBDAzu2olvT6ROJSoBDPOlue11j98RmcWDBiWKkb1ydYztex
+wzvzyO1nFPRk1U4FX5vtXIpXzsrvh6MAkjv19kUU4yl1fltPswlEXRBOzPwtnU72
+GCZslQO5w75d3EXMahN91M5CCJOGYNt9Wr1diMnua1ZTMytaOR7BmK3v1qh4OAuq
+BghoiCLgn3u8PmIwTgfU2ddlhDFlLp3HUUcAYLB2VqchRUPIPJs=
+=RcK8
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 126487115776..4a497152dc2d 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-201803-06.xml b/metadata/glsa/glsa-201803-06.xml
new file mode 100644
index 000000000000..ece35c252ce9
--- /dev/null
+++ b/metadata/glsa/glsa-201803-06.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-06">
+ <title>Oracle JDK/JRE: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Oracle's JDK and JRE
+ software suites, the worst of which may allow execution of arbitrary code.
+ </synopsis>
+ <product type="ebuild">oracle-jdk-bin,oracle-jre-bin</product>
+ <announced>2018-03-19</announced>
+ <revised count="1">2018-03-19</revised>
+ <bug>645268</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="1.8">1.8.0.162</unaffected>
+ <vulnerable range="lt" slot="1.8">1.8.0.162</vulnerable>
+ </package>
+ <package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="1.8">1.8.0.162</unaffected>
+ <vulnerable range="lt" slot="1.8">1.8.0.162</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
+ Java applications on desktops and servers, as well as in today’s
+ demanding embedded environments. Java offers the rich user interface,
+ performance, versatility, portability, and security that today’s
+ applications require.
+ </p>
+
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Oracle’s Java SE.
+ Please review the referenced CVE identifiers for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could possibly execute arbitrary code with the
+ privileges of the process, gain access to information, or cause a Denial
+ of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Oracle JDK users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=dev-java/oracle-jdk-bin-1.8.0.162:1.8"
+ </code>
+
+ <p>All Oracle JRE users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=dev-java/oracle-jre-bin-1.8.0.162:1.8"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2579">CVE-2018-2579</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2581">CVE-2018-2581</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2582">CVE-2018-2582</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2588">CVE-2018-2588</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2599">CVE-2018-2599</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2602">CVE-2018-2602</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2603">CVE-2018-2603</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2618">CVE-2018-2618</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2627">CVE-2018-2627</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2629">CVE-2018-2629</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2633">CVE-2018-2633</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2634">CVE-2018-2634</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2637">CVE-2018-2637</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2638">CVE-2018-2638</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2639">CVE-2018-2639</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2641">CVE-2018-2641</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2663">CVE-2018-2663</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-03-15T22:00:47Z">chrisadr</metadata>
+ <metadata tag="submitter" timestamp="2018-03-19T00:51:13Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-07.xml b/metadata/glsa/glsa-201803-07.xml
new file mode 100644
index 000000000000..1a657b679528
--- /dev/null
+++ b/metadata/glsa/glsa-201803-07.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-07">
+ <title>JabberD 2.x: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Gentoo's JabberD 2.x
+ ebuild, the worst of which allows local attackers to escalate privileges.
+ </synopsis>
+ <product type="ebuild">jabberd2</product>
+ <announced>2018-03-19</announced>
+ <revised count="1">2018-03-19</revised>
+ <bug>623806</bug>
+ <bug>629412</bug>
+ <bug>631068</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="net-im/jabberd2" auto="yes" arch="*">
+ <vulnerable range="le">2.6.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>JabberD 2.x is an open source Jabber server written in C.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Gentoo’s JabberD 2.x
+ ebuild. Please review the referenced CVE identifiers for details.
+ </p>
+
+ </description>
+ <impact type="high">
+ <p>An attacker could possibly escalate privileges by owning system binaries
+ in trusted locations, cause a Denial of Service condition by manipulating
+ the PID file from jabberd2 services, bypass security via SASL ANONYMOUS
+ connections or have other unspecified impacts.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>Gentoo has discontinued support for JabberD 2.x and recommends that
+ users unmerge the package:
+ </p>
+
+ <code>
+ # emerge --unmerge "net-im/jabberd2"
+ </code>
+
+ <p>As an alternative, users may want to upgrade their systems to use
+ net-im/prosody instead of net-im/jabberd2.
+ </p>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10807">CVE-2017-10807</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18225">CVE-2017-18225</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18226">CVE-2017-18226</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-03-03T17:23:32Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2018-03-19T00:59:10Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-08.xml b/metadata/glsa/glsa-201803-08.xml
new file mode 100644
index 000000000000..194e41f8e18c
--- /dev/null
+++ b/metadata/glsa/glsa-201803-08.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-08">
+ <title>Adobe Flash Player: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
+ worst of which allows remote attackers to execute arbitrary code.
+ </synopsis>
+ <product type="ebuild">flash</product>
+ <announced>2018-03-19</announced>
+ <revised count="1">2018-03-19</revised>
+ <bug>646724</bug>
+ <bug>650424</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+ <unaffected range="ge">29.0.0.113</unaffected>
+ <vulnerable range="lt">29.0.0.113</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+ commonly used to provide interactive websites.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
+ Please review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could possibly execute arbitrary code with the
+ privileges of the process or bypass security restrictions.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-plugins/adobe-flash-29.0.0.113"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4871">CVE-2018-4871</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4877">CVE-2018-4877</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4878">CVE-2018-4878</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4919">CVE-2018-4919</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4920">CVE-2018-4920</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-03-13T18:13:28Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2018-03-19T01:08:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-09.xml b/metadata/glsa/glsa-201803-09.xml
new file mode 100644
index 000000000000..a2b75c881a85
--- /dev/null
+++ b/metadata/glsa/glsa-201803-09.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-09">
+ <title>KDE Plasma Workspaces: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in KDE Plasma Workspaces,
+ the worst of which allows local attackers to execute arbitrary commands.
+ </synopsis>
+ <product type="ebuild">plasma-workspace</product>
+ <announced>2018-03-19</announced>
+ <revised count="1">2018-03-19</revised>
+ <bug>647106</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="kde-plasma/plasma-workspace" auto="yes" arch="*">
+ <unaffected range="ge">5.11.5-r1</unaffected>
+ <vulnerable range="lt">5.11.5-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>KDE Plasma workspace is a widget based desktop environment designed to
+ be fast and efficient.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.
+ Please review the referenced CVE identifiers for details.
+ </p>
+
+ </description>
+ <impact type="normal">
+ <p>An attacker could execute arbitrary commands via specially crafted thumb
+ drive’s volume labels or obtain sensitive information via specially
+ crafted notifications.
+ </p>
+ </impact>
+ <workaround>
+ <p>Users should mount removable devices with Dolphin instead of the device
+ notifier.
+ </p>
+
+ <p>Users should disable notifications.</p>
+ </workaround>
+ <resolution>
+ <p>All KDE Plasma Workspace users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=kde-plasma/plasma-workspace-5.11.5-r1"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6790">CVE-2018-6790</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6791">CVE-2018-6791</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-02-18T16:21:26Z">chrisadr</metadata>
+ <metadata tag="submitter" timestamp="2018-03-19T01:13:47Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-10.xml b/metadata/glsa/glsa-201803-10.xml
new file mode 100644
index 000000000000..b79033cc21c1
--- /dev/null
+++ b/metadata/glsa/glsa-201803-10.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-10">
+ <title>collectd: Multiple vulnerabilities</title>
+ <synopsis>Gentoo's collectd package contains multiple vulnerabilities, the
+ worst of which may allow local attackers to escalate privileges.
+ </synopsis>
+ <product type="ebuild">collectd</product>
+ <announced>2018-03-22</announced>
+ <revised count="1">2018-03-22</revised>
+ <bug>628540</bug>
+ <bug>637538</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="app-admin/collectd" auto="yes" arch="*">
+ <unaffected range="ge">5.7.2-r1</unaffected>
+ <vulnerable range="lt">5.7.2-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>collectd is a daemon which collects system and application performance
+ metrics periodically and provides mechanisms to store the values in a
+ variety of ways, for example in RRD files.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been found in Gentoo’s collectd package.
+ Please review the referenced CVE identifiers and bug entries for details.
+ </p>
+ </description>
+ <impact type="high">
+ <p>A local attacker, who either is already collectd’s system user or
+ belongs to collectd’s group, could potentially gain root privileges and
+ cause a Denial of Service condition.
+ </p>
+
+ <p>Remote attackers could cause a Denial of Service condition via specially
+ crafted SNMP responses.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All collectd users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=app-admin/collectd-5.7.2-r1"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16820">
+ CVE-2017-16820
+ </uri>
+ <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-18240">
+ CVE-2017-18240
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-03-03T16:45:48Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2018-03-22T00:14:20Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201803-11.xml b/metadata/glsa/glsa-201803-11.xml
new file mode 100644
index 000000000000..4f435c89f1c3
--- /dev/null
+++ b/metadata/glsa/glsa-201803-11.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-11">
+ <title>WebKitGTK+: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+ of which may lead to arbitrary code execution.
+ </synopsis>
+ <product type="ebuild">WebKitGTK+</product>
+ <announced>2018-03-22</announced>
+ <revised count="1">2018-03-22</revised>
+ <bug>645686</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+ <unaffected range="ge">2.18.6</unaffected>
+ <vulnerable range="lt">2.18.6</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+ suitable for projects requiring any kind of web integration, from hybrid
+ HTML/CSS applications to full-fledged web browsers.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+ review the referenced CVE identifiers for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>An attacker could execute arbitrary commands via maliciously crafted web
+ content.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.18.6"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13884">CVE-2017-13884</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13885">CVE-2017-13885</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7153">CVE-2017-7153</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7160">CVE-2017-7160</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7161">CVE-2017-7161</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7165">CVE-2017-7165</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4088">CVE-2018-4088</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4089">CVE-2018-4089</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-4096">CVE-2018-4096</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-03-19T02:23:57Z">jmbailey</metadata>
+ <metadata tag="submitter" timestamp="2018-03-22T00:24:32Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index c03a51db858b..d84b88152932 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 17 Mar 2018 23:08:18 +0000
+Fri, 23 Mar 2018 03:38:22 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 531345869884..6c9b1079e876 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-34ad30cce52efe764ba4081474d36b99763811a1 1520983028 2018-03-13T23:17:08+00:00
+52069526c1e45dc28a6c6f776156e98973bd6822 1521678297 2018-03-22T00:24:57+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-27 22:49:37 +0000