diff options
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 462854 -> 464298 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202004-02.xml | 16 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202004-14.xml | 53 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202004-15.xml | 51 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202004-16.xml | 50 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202004-17.xml | 60 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202005-01.xml | 56 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202005-02.xml | 50 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202005-03.xml | 72 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202005-04.xml | 72 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202005-05.xml | 53 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
14 files changed, 540 insertions, 27 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 33929072fc57..d049ba8837e2 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 462854 BLAKE2B 45d9c39aed70715f733b66b45dc5f1269928044878c906083c6e7a076449bf75e0a2abc6b2094fac1caf94f820d8a437f66033fe5edd3675345689e5a3f2c6d8 SHA512 cdd4cb4b70565ed751e2fc667e7560d4b3105f046b9428886b70b2d9ea0dc778c9446a4556ccea472de31ef09973c16422f77c1b2e65175f6c4833f501c93cc8 -TIMESTAMP 2020-04-25T09:38:56Z +MANIFEST Manifest.files.gz 464298 BLAKE2B 526a6ba1147d1a7dfd302a24bff7fbcd35795c074c66309f2769965fbf66a4030ab97ff6fe749f275ae27a9eb89af001a4da1c9034b77087136aaec3ef924db0 SHA512 9109f8b09544f23d56243b529abfacedcd6c96f06bd7ac30000b4fdc0fa196adcedd450a45aa34b2f3b9e39c5c79b21cf745580241e5a3dbd04444c94fd0e004 +TIMESTAMP 2020-05-14T09:08:22Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl6kBTBfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl69CoZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCcXg/7BNzMr/mNPnHYxDfDRe4oxPQRKDMr1qdDJpwbsh8OJkz5uJfc7W2wRUYJ -RGaQ9tGkZ8ih3qyETN4MyLIUU28kXcKBY+BJHQtHTlt3J+idwN+vAJJG1HZbTM6G -L4u2PxciwU2Jwnyj5Xv+R04iRpbOp03aMYk3O8vw1kE84eEWQoYzSl7rsNqVAJtO -58bQ/ez8BxFjSERAhCviFjQL8u3izCGVwWq6Ecw/rJaI/1h17s/9ps/wytgXCB1w -z1tLDdUHAlQKOdQ6F/htu6r2jS51ucRZr+asQRZ8UeamFTLW53n4Sqgw408WEb1C -fWPrxE/Q834drYte/z9lORGOjn6q+Gqw5oeNcTGCbTcN4s2VtEUjvycWeG99XJY0 -zuBgJSj4JrdNfiuEJwiaFiH9L4KqCcrGjatqzSzUA2tzjrO8W1SBXFtTLaIoYA6j -4aYutgnQqpKkjLhb+c3JblZf2BtqOFCm1Dm7C2pHDwpi/50t5w7jkKTN86sUouZw -NvwSzhLsAAdx5S3WWnMKcVDLGm8hUkA7ye9xuLr+Mm2Mm3zfNPUrcBLhd5vkfQsJ -LJqGMG9Wc5C8rJ3KztPMp6atUEMCGCXVFi+2zfk3qhXjfkV6Z1vUOnIDetPVpOhQ -n4u7WpbM9EuZwBGo1FVq32+0OJXMAkuH/oo3CX+XVKH0dLAEKxc= -=6TvA +klBPCQ/9GLnKLMxO7qpPA4LcZCXaZst+azJ4uJlD3wZnODRItV7LeqmFFCwFnZQ/ +yCnVdhTStN8MYHAaEvacNDFVL2PHmX9MJ3zNjvOOpseWnoAZMhaL7wxZY7tYU3Cx +vdYk43iTDT9RF3/WtAB/0gelTriIoz3bRtvTUCqdAwVO886edrb5q9dA+KN86X3K +NndLaIwf4S7dc7GVeW7Sipch6n0G5Qi9nVB5X6+SxagJUXJzeYSbU7rtCMvDfXi2 +DR2xTXLX6MjuCKC4iUwBK1mjTuaXPFBJuS8WfC4WueNArbEKAC+3fPPM9OwC6hkk +ZNX/x8G8LsHw31bSA0qrms0+SzKGsTugDK6PVude5BFE1yujCXzw1Q2znGXiZEch +sy+U3cGvHh1cuJQX+3I6G/NtaDmDFs+IgfxdPU+AyMHK2ms1M7gPJ+OnamHxivz7 +q3QgAjXGLH4HqqKnVykl4PLi/2WXnq5B7j9JF5uJr7qK0OrCZurcM0vKaCLvcQHW +f5o0GZmFq4zlWQ4o2kBwYtEXbQ7WMu3m5V71BCVixoZJWPXycD6YcroYUVbaBgBL +Ek9mMA0cml2tbeii/IVoYLOlKw7dV97+BKLKP+HAJNTRDp1FbfNkJ5fuj5ttvR2t +Sg6XGLfQTe31ZV0sKxaKtE2q4jGE3OmQZBdPPLqDURwNzqaa4tM= +=+xry -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex c466aa961150..1ff792f048e2 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202004-02.xml b/metadata/glsa/glsa-202004-02.xml index 33129dd64c29..479c9bbfe1f5 100644 --- a/metadata/glsa/glsa-202004-02.xml +++ b/metadata/glsa/glsa-202004-02.xml @@ -7,21 +7,17 @@ </synopsis> <product type="ebuild">virtualbox</product> <announced>2020-04-01</announced> - <revised count="1">2020-04-01</revised> + <revised count="2">2020-04-26</revised> <bug>714064</bug> <access>local, remote</access> <affected> <package name="app-emulation/virtualbox" auto="yes" arch="*"> - <unaffected range="rge">5.2.36</unaffected> - <unaffected range="rge">6.0.16</unaffected> - <unaffected range="rge">6.1.2</unaffected> - <vulnerable range="lt">6.1.2</vulnerable> + <unaffected range="ge">5.2.36</unaffected> + <vulnerable range="lt">5.2.36</vulnerable> </package> <package name="app-emulation/virtualbox-bin" auto="yes" arch="*"> - <unaffected range="rge">5.2.36</unaffected> - <unaffected range="rge">6.0.16</unaffected> - <unaffected range="rge">6.1.2</unaffected> - <vulnerable range="lt">6.1.2</vulnerable> + <unaffected range="ge">5.2.36</unaffected> + <vulnerable range="lt">5.2.36</vulnerable> </package> </affected> <background> @@ -118,5 +114,5 @@ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2727">CVE-2020-2727</uri> </references> <metadata tag="requester" timestamp="2020-04-01T19:35:27Z">whissi</metadata> - <metadata tag="submitter" timestamp="2020-04-01T19:41:08Z">whissi</metadata> + <metadata tag="submitter" timestamp="2020-04-26T19:47:03Z">whissi</metadata> </glsa> diff --git a/metadata/glsa/glsa-202004-14.xml b/metadata/glsa/glsa-202004-14.xml new file mode 100644 index 000000000000..31b09f10f695 --- /dev/null +++ b/metadata/glsa/glsa-202004-14.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202004-14"> + <title>FontForge: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in FontForge, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">fontforge</product> + <announced>2020-04-30</announced> + <revised count="1">2020-04-30</revised> + <bug>706778</bug> + <bug>715808</bug> + <access>local, remote</access> + <affected> + <package name="media-gfx/fontforge" auto="yes" arch="*"> + <unaffected range="ge">20200314</unaffected> + <vulnerable range="lt">20200314</vulnerable> + </package> + </affected> + <background> + <p>FontForge is a PostScript font editor and converter.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in FontForge. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to open a specially crafted font + using FontForge, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All FontForge users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/fontforge-20200314" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15785">CVE-2019-15785</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5395">CVE-2020-5395</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5496">CVE-2020-5496</uri> + </references> + <metadata tag="requester" timestamp="2020-04-01T20:32:15Z">whissi</metadata> + <metadata tag="submitter" timestamp="2020-04-30T23:00:58Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202004-15.xml b/metadata/glsa/glsa-202004-15.xml new file mode 100644 index 000000000000..29b4a35af54b --- /dev/null +++ b/metadata/glsa/glsa-202004-15.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202004-15"> + <title>libu2f-host: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in libu2f-host, the worst + of which could result in the execution of code. + </synopsis> + <product type="ebuild">libu2f-host</product> + <announced>2020-04-30</announced> + <revised count="1">2020-04-30</revised> + <bug>678580</bug> + <bug>679724</bug> + <access>local, remote</access> + <affected> + <package name="app-crypt/libu2f-host" auto="yes" arch="*"> + <unaffected range="ge">1.1.10</unaffected> + <vulnerable range="lt">1.1.10</vulnerable> + </package> + </affected> + <background> + <p>Yubico Universal 2nd Factor (U2F) Host C Library.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in libu2f-host. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="high"> + <p>A remote attacker could entice a user to plug-in a malicious USB device, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All libu2f-host users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/libu2f-host-1.1.10" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20340">CVE-2018-20340</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9578">CVE-2019-9578</uri> + </references> + <metadata tag="requester" timestamp="2020-04-16T07:16:39Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2020-04-30T23:12:17Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202004-16.xml b/metadata/glsa/glsa-202004-16.xml new file mode 100644 index 000000000000..247dbbc2c38b --- /dev/null +++ b/metadata/glsa/glsa-202004-16.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202004-16"> + <title>Cacti: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">cacti</product> + <announced>2020-04-30</announced> + <revised count="1">2020-04-30</revised> + <bug>715166</bug> + <bug>716406</bug> + <access>remote</access> + <affected> + <package name="net-analyzer/cacti" auto="yes" arch="*"> + <unaffected range="ge">1.2.11</unaffected> + <vulnerable range="lt">1.2.11</vulnerable> + </package> + </affected> + <background> + <p>Cacti is a complete frontend to rrdtool.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Cacti. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Cacti users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.11" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8813">CVE-2020-8813</uri> + <uri link="https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11"> + Cacti 1.2.11 Release Notes + </uri> + </references> + <metadata tag="requester" timestamp="2020-04-08T05:48:28Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2020-04-30T23:18:03Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202004-17.xml b/metadata/glsa/glsa-202004-17.xml new file mode 100644 index 000000000000..48d400b6927f --- /dev/null +++ b/metadata/glsa/glsa-202004-17.xml @@ -0,0 +1,60 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202004-17"> + <title>Django: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Django, the worst of + which could result in privilege escalation. + </synopsis> + <product type="ebuild">django</product> + <announced>2020-04-30</announced> + <revised count="1">2020-04-30</revised> + <bug>692384</bug> + <bug>701744</bug> + <bug>706204</bug> + <bug>707998</bug> + <bug>711522</bug> + <access>remote</access> + <affected> + <package name="dev-python/django" auto="yes" arch="*"> + <unaffected range="ge">2.2.11</unaffected> + <vulnerable range="lt">2.2.11</vulnerable> + </package> + </affected> + <background> + <p>Django is a Python-based web framework.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Django. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker, by sending specially crafted input, could possibly + cause a Denial of Service condition, or alter the database. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Django users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-2.2.11" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12308">CVE-2019-12308</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14232">CVE-2019-14232</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14233">CVE-2019-14233</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14234">CVE-2019-14234</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14235">CVE-2019-14235</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19118">CVE-2019-19118</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19844">CVE-2019-19844</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7471">CVE-2020-7471</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9402">CVE-2020-9402</uri> + </references> + <metadata tag="requester" timestamp="2020-04-08T04:55:21Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2020-04-30T23:30:28Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202005-01.xml b/metadata/glsa/glsa-202005-01.xml new file mode 100644 index 000000000000..3aab94ef2438 --- /dev/null +++ b/metadata/glsa/glsa-202005-01.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202005-01"> + <title>Long Range ZIP: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Long Range ZIP, the + worst of which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">lrzip</product> + <announced>2020-05-12</announced> + <revised count="1">2020-05-12</revised> + <bug>617930</bug> + <bug>624462</bug> + <access>local, remote</access> + <affected> + <package name="app-arch/lrzip" auto="yes" arch="*"> + <unaffected range="ge">0.631_p20190619</unaffected> + <vulnerable range="lt">0.631_p20190619</vulnerable> + </package> + </affected> + <background> + <p>Optimized for compressing large files</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Long Range ZIP. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>A remote attacker could entice a user to open a specially crafted + archive file possibly resulting in a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Long Range ZIP users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/lrzip-0.631_p20190619" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8842">CVE-2017-8842</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8843">CVE-2017-8843</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8844">CVE-2017-8844</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8845">CVE-2017-8845</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8846">CVE-2017-8846</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8847">CVE-2017-8847</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9928">CVE-2017-9928</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9929">CVE-2017-9929</uri> + </references> + <metadata tag="requester" timestamp="2020-04-05T23:09:43Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2020-05-12T23:29:01Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202005-02.xml b/metadata/glsa/glsa-202005-02.xml new file mode 100644 index 000000000000..10428dc5ea6c --- /dev/null +++ b/metadata/glsa/glsa-202005-02.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202005-02"> + <title>QEMU: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">qemu</product> + <announced>2020-05-12</announced> + <revised count="1">2020-05-12</revised> + <bug>716518</bug> + <bug>717154</bug> + <bug>717770</bug> + <access>local</access> + <affected> + <package name="app-emulation/qemu" auto="yes" arch="*"> + <unaffected range="ge">4.2.0-r5</unaffected> + <vulnerable range="lt">4.2.0-r5</vulnerable> + </package> + </affected> + <background> + <p>QEMU is a generic and open source machine emulator and virtualizer.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All QEMU users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-4.2.0-r5" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11102">CVE-2020-11102</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1711">CVE-2020-1711</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7039">CVE-2020-7039</uri> + </references> + <metadata tag="requester" timestamp="2020-05-04T02:29:17Z">b-man</metadata> + <metadata tag="submitter" timestamp="2020-05-12T23:31:56Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202005-03.xml b/metadata/glsa/glsa-202005-03.xml new file mode 100644 index 000000000000..0311ac6901f8 --- /dev/null +++ b/metadata/glsa/glsa-202005-03.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202005-03"> + <title>Mozilla Thunderbird: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird, + the worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">thunderbird</product> + <announced>2020-05-12</announced> + <revised count="1">2020-05-12</revised> + <bug>721324</bug> + <access>remote</access> + <affected> + <package name="mail-client/thunderbird" auto="yes" arch="*"> + <unaffected range="ge">68.8.0</unaffected> + <vulnerable range="lt">68.8.0</vulnerable> + </package> + <package name="mail-client/thunderbird-bin" auto="yes" arch="*"> + <unaffected range="ge">68.8.0</unaffected> + <vulnerable range="lt">68.8.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker may be able to execute arbitrary code, cause a Denial + of Service condition or spoof sender email address. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Thunderbird users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-68.8.0" + </code> + + <p>All Mozilla Thunderbird binary users should upgrade to the latest + version: + </p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-68.8.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12397">CVE-2020-12397</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/"> + MFSA-2020-18 + </uri> + </references> + <metadata tag="requester" timestamp="2020-05-06T20:22:31Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-05-12T23:34:15Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202005-04.xml b/metadata/glsa/glsa-202005-04.xml new file mode 100644 index 000000000000..d5c267fdd883 --- /dev/null +++ b/metadata/glsa/glsa-202005-04.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202005-04"> + <title>Mozilla Firefox: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the + worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">firefox</product> + <announced>2020-05-12</announced> + <revised count="1">2020-05-12</revised> + <bug>721090</bug> + <access>remote</access> + <affected> + <package name="www-client/firefox" auto="yes" arch="*"> + <unaffected range="ge">68.8.0</unaffected> + <vulnerable range="lt">68.8.0</vulnerable> + </package> + <package name="www-client/firefox-bin" auto="yes" arch="*"> + <unaffected range="ge">68.8.0</unaffected> + <vulnerable range="lt">68.8.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process, an information leak or a Denial of Service + condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-68.8.0" + </code> + + <p>All Mozilla Firefox binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.8.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12394">CVE-2020-12394</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12396">CVE-2020-12396</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/"> + MFSA-2020-17 + </uri> + </references> + <metadata tag="requester" timestamp="2020-05-06T14:48:10Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-05-12T23:36:01Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202005-05.xml b/metadata/glsa/glsa-202005-05.xml new file mode 100644 index 000000000000..3e3855c771f2 --- /dev/null +++ b/metadata/glsa/glsa-202005-05.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202005-05"> + <title>Squid: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Squid, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">squid</product> + <announced>2020-05-12</announced> + <revised count="1">2020-05-12</revised> + <bug>719046</bug> + <access>remote</access> + <affected> + <package name="net-proxy/squid" auto="yes" arch="*"> + <unaffected range="ge">4.11</unaffected> + <vulnerable range="lt">4.11</vulnerable> + </package> + </affected> + <background> + <p>Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Squid. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Squid users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-4.11" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12519">CVE-2019-12519</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12521">CVE-2019-12521</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11945">CVE-2020-11945</uri> + </references> + <metadata tag="requester" timestamp="2020-05-04T11:10:13Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-05-12T23:40:20Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 64d6d4b98f8d..a8a4210fb03b 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 25 Apr 2020 09:38:53 +0000 +Thu, 14 May 2020 09:08:19 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index eab48bd233f7..42d3e919a17e 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -5f514a6bc0b6082d08328fcc290cbba6761ee102 1587655514 2020-04-23T15:25:14+00:00 +87a3185d1d1560e7d00df11c54ac0f9e63c64368 1589326875 2020-05-12T23:41:15+00:00 |