diff options
Diffstat (limited to 'metadata/glsa')
234 files changed, 2560 insertions, 208 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index f007b3c52688..680ba2f5fd43 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 502928 BLAKE2B 4e05777f9b079a42eb84d60a21da4ea6f5360b3577989267141081878f0b732bcb93075e1929366199e18d3e1a21a16ae70ed796931681b1b573aa0b10cc5078 SHA512 c56775c1540b0ebb8f0386f5b352030f212f18222cbbefb95a16fa57a60aae01a7069287ba96443202c19c8e16589238b433d1da54fea1ddc1c44b81ba9fa6b7 -TIMESTAMP 2021-05-22T06:08:56Z +MANIFEST Manifest.files.gz 509049 BLAKE2B e2b5c0e25d30cb613bf6b26a404bdd5c9ecf1ebe0f765c98e65b5c6abb8c3367dc1f4e8d19e68c1568e7e055e9c4617562aea2e0f52899586498178621fa32fa SHA512 460ef918d52020ec8e54fc6c17e54e0f11f0e50117f6c87479422f3fc3f4face3581664544e8cbcb8fc1265b88f7145a0e90a36cd8e1acef5b7908d625bdb379 +TIMESTAMP 2021-05-31T19:38:58Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmCon/hfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmC1O1JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAoHQ//W2DDWUiwt+BtixLL2bzvq5T/AIKC8lui5uS8N5rYduFmcqZB0O28p3bg -+FgSCAPlNFQ3CmZKQXmZZxCUsP814cblnBvtPuShBZW34OgY3HcbIlg3K4U7GCAv -HcfxSOq3WhcG4fpHBwqVjv7rIxcNWsH0RqSUkqa+ErAVb6BSGy8MR4FTGAPaZsjC -NDvzA8TsP08rO+YsezcevGZholkvLgJkQ/vS6EseGRy+cw5nBjnqEruQG4BbNNOj -oU9fXkFADtm5JgUOya+mPxiRur5bRv8KU8nZqkubIo7Owi+VxlYQLc0zvP8l+hLQ -ZkSg5+iKqKFULzqKoJaKbUmklXKwWZrhc7I2gyvtxTnCG2R+7YY/LEcfn821uT+n -8XeVbbnQr8eWwPtTr1cmqqvwQXqX/scwJrhRqK1e1NMbuLlP0AtrqiLT+KZN57Aa -PoQjvWotjJhaHul5VAE4zXUYVmGg63ak+RvENcETb+AtXLk9SAC5VQ3MtIM91scC -rfcgtGEyb1KfZ+wEzIUed7Rbn8UDcofTpeMV2EOIboLVzUZ0qGA0WZsZ8aCYQ4qK -eaKRKhAX+qCGx1D0VOeuZI8Deue7r02APSswkUMMgPjafeCqCJlGPvFKkqv4WUq9 -KzViSB9M+nXjEV8SuBgSV4hSA7TWug7ItKfIc38XLhbP1lFWjxk= -=+i6o +klBOkQ/+NQZkfNV2Yzu21GXWlC6VhkaE3hyS24uCfJlI/OhGPcDROAXe+wQyiJjE +vhKbupdIo1m3VsbglC/VKUg5nSAD2dkNU6m2EahzUjiNqRLJlAhUrh3S0wVTbsSF +s6yrPBaXPJmx0MCJvmNuOl9QOfZwYHqKKPHMTexjnyufHbh5NJwIK4vTEEHzr4ST +oPt2rkG9YPnHyQ7xotX/I7fJMH2xVb1cY7MBCSISBGiSzf+Myxl65zcGunzHJaad +rPfWkiIEpL8jauzUtPehm/IQsPwnTSAS9wt7XpriY3ano9A9eK1vuWuL14fCAx1N +PTRfzT7BGAf4vpQlYPjYklgvi95NJr7ws/bDFlNtE/lKQozJ9wYOxm1u0tk+JlcC +TUlHvHJDU2H1WG1s2ms8nN5Ye5xvVMOEBBt/eWM3vxv+IKt2bPsdgX/0XSQ9uvH8 +1kQvUHw3GduEySER17mH1RB3TuMp/AwRJM7wqbcbqJIcIheIcFSiCW53wAEEYXTZ +hNLDRX5K/85ohzu6smYp0MiI055Kk8x/oB89bdrc+wIDbrjIReGujmAK4DzTqlSb +Rhu25h7ug5msRv5HlQ6Ya8wboXYV2lNSqzDTtEF7vHVuqVA+INFv8YPiOSU0tYgo +D2og9Otl2nWXJqmM1ptvPkWNo0Ikda6kwLe25A2XXywavGYpXXw= +=taMy -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex a665ea17c60d..ae5404fb42ac 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-200503-22.xml b/metadata/glsa/glsa-200503-22.xml index dcd5c2142e6d..5bedbe96fb3d 100644 --- a/metadata/glsa/glsa-200503-22.xml +++ b/metadata/glsa/glsa-200503-22.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200503-22"> - <title>KDE: Local Denial of Service</title> + <title>KDE: Local Denial of service</title> <synopsis> KDE is vulnerable to a local Denial of Service attack. </synopsis> diff --git a/metadata/glsa/glsa-200503-33.xml b/metadata/glsa/glsa-200503-33.xml index c2229fc7fb54..1ef517127346 100644 --- a/metadata/glsa/glsa-200503-33.xml +++ b/metadata/glsa/glsa-200503-33.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200503-33"> - <title>IPsec-Tools: racoon Denial of Service</title> + <title>IPsec-Tools: racoon Denial of service</title> <synopsis> IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. </synopsis> diff --git a/metadata/glsa/glsa-200601-16.xml b/metadata/glsa/glsa-200601-16.xml index ac2bc802e3ac..0c4f4968825e 100644 --- a/metadata/glsa/glsa-200601-16.xml +++ b/metadata/glsa/glsa-200601-16.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200601-16"> - <title>MyDNS: Denial of Service</title> + <title>MyDNS: Denial of service</title> <synopsis> MyDNS contains a vulnerability that may lead to a Denial of Service attack. </synopsis> diff --git a/metadata/glsa/glsa-200603-11.xml b/metadata/glsa/glsa-200603-11.xml index 90b33f414faf..0585a3400a31 100644 --- a/metadata/glsa/glsa-200603-11.xml +++ b/metadata/glsa/glsa-200603-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200603-11"> - <title>Freeciv: Denial of Service</title> + <title>Freeciv: Denial of service</title> <synopsis> A memory allocation bug in Freeciv allows a remote attacker to perform a Denial of Service attack. diff --git a/metadata/glsa/glsa-200604-09.xml b/metadata/glsa/glsa-200604-09.xml index e680ddc0e89a..fb77749e5830 100644 --- a/metadata/glsa/glsa-200604-09.xml +++ b/metadata/glsa/glsa-200604-09.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200604-09"> - <title>Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service</title> + <title>Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of service</title> <synopsis> Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. diff --git a/metadata/glsa/glsa-200605-11.xml b/metadata/glsa/glsa-200605-11.xml index 62de66a80b05..3cee0b37eff0 100644 --- a/metadata/glsa/glsa-200605-11.xml +++ b/metadata/glsa/glsa-200605-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200605-11"> - <title>Ruby: Denial of Service</title> + <title>Ruby: Denial of service</title> <synopsis> Ruby WEBrick and XMLRPC servers are vulnerable to Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200606-11.xml b/metadata/glsa/glsa-200606-11.xml index a58e8de97308..c4ad483ce0c7 100644 --- a/metadata/glsa/glsa-200606-11.xml +++ b/metadata/glsa/glsa-200606-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200606-11"> - <title>JPEG library: Denial of Service</title> + <title>JPEG library: Denial of service</title> <synopsis> The JPEG library is vulnerable to a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200606-19.xml b/metadata/glsa/glsa-200606-19.xml index c0fec98a63a9..1c54e139b692 100644 --- a/metadata/glsa/glsa-200606-19.xml +++ b/metadata/glsa/glsa-200606-19.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200606-19"> - <title>Sendmail: Denial of Service</title> + <title>Sendmail: Denial of service</title> <synopsis> Faulty multipart MIME messages can cause forked Sendmail processes to crash. diff --git a/metadata/glsa/glsa-200606-26.xml b/metadata/glsa/glsa-200606-26.xml index 22e4caf92ed8..ce147a2f36f9 100644 --- a/metadata/glsa/glsa-200606-26.xml +++ b/metadata/glsa/glsa-200606-26.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200606-26"> - <title>EnergyMech: Denial of Service</title> + <title>EnergyMech: Denial of service</title> <synopsis> A Denial of Service vulnerability was discovered in EnergyMech that is easily exploitable via IRC. diff --git a/metadata/glsa/glsa-200608-09.xml b/metadata/glsa/glsa-200608-09.xml index ba8779a96cad..85072294a7e0 100644 --- a/metadata/glsa/glsa-200608-09.xml +++ b/metadata/glsa/glsa-200608-09.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200608-09"> - <title>MySQL: Denial of Service</title> + <title>MySQL: Denial of service</title> <synopsis> An authenticated user can crash MySQL through invalid parameters to the date_format function. diff --git a/metadata/glsa/glsa-200608-23.xml b/metadata/glsa/glsa-200608-23.xml index a93902eb2ecf..2fc97981e5fa 100644 --- a/metadata/glsa/glsa-200608-23.xml +++ b/metadata/glsa/glsa-200608-23.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200608-23"> - <title>Heartbeat: Denial of Service</title> + <title>Heartbeat: Denial of service</title> <synopsis> Heartbeat is vulnerable to a Denial of Service which can be triggered by a remote attacker without authentication. diff --git a/metadata/glsa/glsa-200609-03.xml b/metadata/glsa/glsa-200609-03.xml index bfc902174321..92a3af875a88 100644 --- a/metadata/glsa/glsa-200609-03.xml +++ b/metadata/glsa/glsa-200609-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200609-03"> - <title>OpenTTD: Remote Denial of Service</title> + <title>OpenTTD: Remote Denial of service</title> <synopsis> The OpenTTD server is vulnerable to a remote Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200609-11.xml b/metadata/glsa/glsa-200609-11.xml index 2ac89d018fbd..bc717d55702f 100644 --- a/metadata/glsa/glsa-200609-11.xml +++ b/metadata/glsa/glsa-200609-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200609-11"> - <title>BIND: Denial of Service</title> + <title>BIND: Denial of service</title> <synopsis> ISC BIND contains two vulnerabilities allowing a Denial of Service under certain conditions. diff --git a/metadata/glsa/glsa-200609-17.xml b/metadata/glsa/glsa-200609-17.xml index 7533659d3e1f..3a4a79d4b484 100644 --- a/metadata/glsa/glsa-200609-17.xml +++ b/metadata/glsa/glsa-200609-17.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200609-17"> - <title>OpenSSH: Denial of Service</title> + <title>OpenSSH: Denial of service</title> <synopsis> A flaw in the OpenSSH daemon allows remote unauthenticated attackers to cause a Denial of Service. diff --git a/metadata/glsa/glsa-200609-20.xml b/metadata/glsa/glsa-200609-20.xml index 2764e38d940c..d1b853bc63d5 100644 --- a/metadata/glsa/glsa-200609-20.xml +++ b/metadata/glsa/glsa-200609-20.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200609-20"> - <title>DokuWiki: Shell command injection and Denial of Service</title> + <title>DokuWiki: Shell command injection and Denial of service</title> <synopsis> DokuWiki is vulnerable to shell command injection and Denial of Service attacks when using ImageMagick. diff --git a/metadata/glsa/glsa-200611-09.xml b/metadata/glsa/glsa-200611-09.xml index e92010198547..1dec8d5fbb4e 100644 --- a/metadata/glsa/glsa-200611-09.xml +++ b/metadata/glsa/glsa-200611-09.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200611-09"> - <title>libpng: Denial of Service</title> + <title>libpng: Denial of service</title> <synopsis> A vulnerability in libpng may allow a remote attacker to crash applications that handle untrusted images. diff --git a/metadata/glsa/glsa-200612-18.xml b/metadata/glsa/glsa-200612-18.xml index 1a43445064da..5ed634ad43aa 100644 --- a/metadata/glsa/glsa-200612-18.xml +++ b/metadata/glsa/glsa-200612-18.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200612-18"> - <title>ClamAV: Denial of Service</title> + <title>ClamAV: Denial of service</title> <synopsis> ClamAV is vulnerable to Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200701-01.xml b/metadata/glsa/glsa-200701-01.xml index 7f9efc3a29ae..2671dcd8090a 100644 --- a/metadata/glsa/glsa-200701-01.xml +++ b/metadata/glsa/glsa-200701-01.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200701-01"> - <title>DenyHosts: Denial of Service</title> + <title>DenyHosts: Denial of service</title> <synopsis> DenyHosts does not correctly parse log entries, potentially causing a remote Denial of Service. diff --git a/metadata/glsa/glsa-200701-05.xml b/metadata/glsa/glsa-200701-05.xml index 48768ef29606..37c4f19e0402 100644 --- a/metadata/glsa/glsa-200701-05.xml +++ b/metadata/glsa/glsa-200701-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200701-05"> - <title>KDE kfile JPEG info plugin: Denial of Service</title> + <title>KDE kfile JPEG info plugin: Denial of service</title> <synopsis> The KDE kfile JPEG info plugin of kdegraphics could enter an endless loop leading to a Denial of Service. diff --git a/metadata/glsa/glsa-200701-09.xml b/metadata/glsa/glsa-200701-09.xml index 35197acf508b..c2c0ae1fe2c8 100644 --- a/metadata/glsa/glsa-200701-09.xml +++ b/metadata/glsa/glsa-200701-09.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200701-09"> - <title>oftpd: Denial of Service</title> + <title>oftpd: Denial of service</title> <synopsis> An assertion in oftpd could lead to a denial of service vulnerability. </synopsis> diff --git a/metadata/glsa/glsa-200701-14.xml b/metadata/glsa/glsa-200701-14.xml index f3dff2ebb727..8fc60c481f9d 100644 --- a/metadata/glsa/glsa-200701-14.xml +++ b/metadata/glsa/glsa-200701-14.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200701-14"> - <title>Mod_auth_kerb: Denial of Service</title> + <title>Mod_auth_kerb: Denial of service</title> <synopsis> Mod_auth_kerb is vulnerable to a buffer overflow possibly allowing a Denial of Service. diff --git a/metadata/glsa/glsa-200702-03.xml b/metadata/glsa/glsa-200702-03.xml index 22952e849340..11a93ad71602 100644 --- a/metadata/glsa/glsa-200702-03.xml +++ b/metadata/glsa/glsa-200702-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200702-03"> - <title>Snort: Denial of Service</title> + <title>Snort: Denial of service</title> <synopsis> Snort contains a vulnerability in the rule matching algorithm that could result in a Denial of Service. diff --git a/metadata/glsa/glsa-200702-05.xml b/metadata/glsa/glsa-200702-05.xml index 0f8a14baba3d..98d513b6fd6a 100644 --- a/metadata/glsa/glsa-200702-05.xml +++ b/metadata/glsa/glsa-200702-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200702-05"> - <title>Fail2ban: Denial of Service</title> + <title>Fail2ban: Denial of service</title> <synopsis> A flaw in Fail2ban may allow remote attackers to deny access to arbitrary hosts. diff --git a/metadata/glsa/glsa-200702-06.xml b/metadata/glsa/glsa-200702-06.xml index 3e3f503e4e3a..1f3c0b9369f7 100644 --- a/metadata/glsa/glsa-200702-06.xml +++ b/metadata/glsa/glsa-200702-06.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200702-06"> - <title>BIND: Denial of Service</title> + <title>BIND: Denial of service</title> <synopsis> ISC BIND contains two vulnerabilities allowing a Denial of Service under certain conditions. diff --git a/metadata/glsa/glsa-200703-02.xml b/metadata/glsa/glsa-200703-02.xml index 9785ebf3dc25..7c75cc5b2b0f 100644 --- a/metadata/glsa/glsa-200703-02.xml +++ b/metadata/glsa/glsa-200703-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200703-02"> - <title>SpamAssassin: Long URI Denial of Service</title> + <title>SpamAssassin: Long URI Denial of service</title> <synopsis> SpamAssassin is vulnerable to a Denial of Service attack. </synopsis> diff --git a/metadata/glsa/glsa-200703-03.xml b/metadata/glsa/glsa-200703-03.xml index 8a543ec90f9d..408b8fb5cf27 100644 --- a/metadata/glsa/glsa-200703-03.xml +++ b/metadata/glsa/glsa-200703-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200703-03"> - <title>ClamAV: Denial of Service</title> + <title>ClamAV: Denial of service</title> <synopsis> ClamAV contains two vulnerabilities allowing a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200703-12.xml b/metadata/glsa/glsa-200703-12.xml index be1d5010c77b..c6ed3db7e650 100644 --- a/metadata/glsa/glsa-200703-12.xml +++ b/metadata/glsa/glsa-200703-12.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200703-12"> - <title>SILC Server: Denial of Service</title> + <title>SILC Server: Denial of service</title> <synopsis> SILC Server is affected by a Denial of Service vulnerability. </synopsis> diff --git a/metadata/glsa/glsa-200703-14.xml b/metadata/glsa/glsa-200703-14.xml index b2fcc2b2d9e4..49cc182ad3a4 100644 --- a/metadata/glsa/glsa-200703-14.xml +++ b/metadata/glsa/glsa-200703-14.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200703-14"> - <title>Asterisk: SIP Denial of Service</title> + <title>Asterisk: SIP Denial of service</title> <synopsis> Asterisk is vulnerable to Denial of Service in the SIP channel. </synopsis> diff --git a/metadata/glsa/glsa-200703-27.xml b/metadata/glsa/glsa-200703-27.xml index 4f7898a76ee2..5d1bddf411ee 100644 --- a/metadata/glsa/glsa-200703-27.xml +++ b/metadata/glsa/glsa-200703-27.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200703-27"> - <title>Squid: Denial of Service</title> + <title>Squid: Denial of service</title> <synopsis> Squid is affected by a Denial of Service vulnerability. </synopsis> diff --git a/metadata/glsa/glsa-200703-28.xml b/metadata/glsa/glsa-200703-28.xml index 1004180daada..5e2265c33171 100644 --- a/metadata/glsa/glsa-200703-28.xml +++ b/metadata/glsa/glsa-200703-28.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200703-28"> - <title>CUPS: Denial of Service</title> + <title>CUPS: Denial of service</title> <synopsis> CUPS incorrectly handles partially-negotiated SSL connections allowing for a Denial of Service. diff --git a/metadata/glsa/glsa-200704-11.xml b/metadata/glsa/glsa-200704-11.xml index 3f9ab070a191..c8ff587f0f63 100644 --- a/metadata/glsa/glsa-200704-11.xml +++ b/metadata/glsa/glsa-200704-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200704-11"> - <title>Vixie Cron: Denial of Service</title> + <title>Vixie Cron: Denial of service</title> <synopsis> The Gentoo implementation of Vixie Cron is vulnerable to a local Denial of Service. diff --git a/metadata/glsa/glsa-200704-13.xml b/metadata/glsa/glsa-200704-13.xml index e41f921b22eb..28ebd44ba71a 100644 --- a/metadata/glsa/glsa-200704-13.xml +++ b/metadata/glsa/glsa-200704-13.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200704-13"> - <title>File: Denial of Service</title> + <title>File: Denial of service</title> <synopsis> A vulnerability has been discovered in file allowing for a denial of service. diff --git a/metadata/glsa/glsa-200704-14.xml b/metadata/glsa/glsa-200704-14.xml index e4e6fe5c7030..5c7ec666f40c 100644 --- a/metadata/glsa/glsa-200704-14.xml +++ b/metadata/glsa/glsa-200704-14.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200704-14"> - <title>FreeRADIUS: Denial of Service</title> + <title>FreeRADIUS: Denial of service</title> <synopsis> A memory leak has been discovered in FreeRADIUS, possibly allowing for a Denial of Service. diff --git a/metadata/glsa/glsa-200704-22.xml b/metadata/glsa/glsa-200704-22.xml index d8e3e96f325c..3a176a3c6fb7 100644 --- a/metadata/glsa/glsa-200704-22.xml +++ b/metadata/glsa/glsa-200704-22.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200704-22"> - <title>BEAST: Denial of Service</title> + <title>BEAST: Denial of service</title> <synopsis> A vulnerability has been discovered in BEAST allowing for a Denial of Service. diff --git a/metadata/glsa/glsa-200705-04.xml b/metadata/glsa/glsa-200705-04.xml index 5978092a4c61..30a453228359 100644 --- a/metadata/glsa/glsa-200705-04.xml +++ b/metadata/glsa/glsa-200705-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200705-04"> - <title>Apache mod_perl: Denial of Service</title> + <title>Apache mod_perl: Denial of service</title> <synopsis> The mod_perl Apache module is vulnerable to a Denial of Service when processing regular expressions. diff --git a/metadata/glsa/glsa-200705-05.xml b/metadata/glsa/glsa-200705-05.xml index 6d950b3cfef8..18bccf17f9d3 100644 --- a/metadata/glsa/glsa-200705-05.xml +++ b/metadata/glsa/glsa-200705-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200705-05"> - <title>Quagga: Denial of Service</title> + <title>Quagga: Denial of service</title> <synopsis> A vulnerability has been discovered in Quagga allowing for a Denial of Service. diff --git a/metadata/glsa/glsa-200705-09.xml b/metadata/glsa/glsa-200705-09.xml index 577098b4b9ee..65861b5fe67e 100644 --- a/metadata/glsa/glsa-200705-09.xml +++ b/metadata/glsa/glsa-200705-09.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200705-09"> - <title>IPsec-Tools: Denial of Service</title> + <title>IPsec-Tools: Denial of service</title> <synopsis> IPsec-Tools contains a vulnerability that allows a remote attacker to crash the IPsec tunnel. diff --git a/metadata/glsa/glsa-200705-24.xml b/metadata/glsa/glsa-200705-24.xml index 6479d816edf4..de581b3b95c7 100644 --- a/metadata/glsa/glsa-200705-24.xml +++ b/metadata/glsa/glsa-200705-24.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200705-24"> - <title>libpng: Denial of Service</title> + <title>libpng: Denial of service</title> <synopsis> A vulnerability in libpng may allow a remote attacker to crash applications that handle untrusted images. diff --git a/metadata/glsa/glsa-200707-13.xml b/metadata/glsa/glsa-200707-13.xml index ce5738fe4381..b45386622549 100644 --- a/metadata/glsa/glsa-200707-13.xml +++ b/metadata/glsa/glsa-200707-13.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200707-13"> - <title>Fail2ban: Denial of Service</title> + <title>Fail2ban: Denial of service</title> <synopsis> Fail2ban is vulnerable to a Denial of Service attack. </synopsis> diff --git a/metadata/glsa/glsa-200708-04.xml b/metadata/glsa/glsa-200708-04.xml index 6a40c425140e..6dfe88cabe89 100644 --- a/metadata/glsa/glsa-200708-04.xml +++ b/metadata/glsa/glsa-200708-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200708-04"> - <title>ClamAV: Denial of Service</title> + <title>ClamAV: Denial of service</title> <synopsis> A vulnerability has been discovered in ClamAV, allowing for a Denial of Service. diff --git a/metadata/glsa/glsa-200708-14.xml b/metadata/glsa/glsa-200708-14.xml index c508dda3b743..99f8ebbbac13 100644 --- a/metadata/glsa/glsa-200708-14.xml +++ b/metadata/glsa/glsa-200708-14.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200708-14"> - <title>NVIDIA drivers: Denial of Service</title> + <title>NVIDIA drivers: Denial of service</title> <synopsis> A vulnerability has been discovered in the NVIDIA graphic drivers, allowing for a Denial of Service. diff --git a/metadata/glsa/glsa-200709-11.xml b/metadata/glsa/glsa-200709-11.xml index 08bd14227daa..9eafab06f7b3 100644 --- a/metadata/glsa/glsa-200709-11.xml +++ b/metadata/glsa/glsa-200709-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200709-11"> - <title>GDM: Local Denial of Service</title> + <title>GDM: Local Denial of service</title> <synopsis> GDM can be crashed by a local user, preventing it from managing future displays. diff --git a/metadata/glsa/glsa-200710-14.xml b/metadata/glsa/glsa-200710-14.xml index 43b9e66728ca..62556ffae5c1 100644 --- a/metadata/glsa/glsa-200710-14.xml +++ b/metadata/glsa/glsa-200710-14.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200710-14"> - <title>DenyHosts: Denial of Service</title> + <title>DenyHosts: Denial of service</title> <synopsis> DenyHosts does not correctly parse log entries, potentially causing a remote Denial of Service. diff --git a/metadata/glsa/glsa-200711-09.xml b/metadata/glsa/glsa-200711-09.xml index 74f22b4a6197..d1157db45683 100644 --- a/metadata/glsa/glsa-200711-09.xml +++ b/metadata/glsa/glsa-200711-09.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200711-09"> - <title>MadWifi: Denial of Service</title> + <title>MadWifi: Denial of service</title> <synopsis> MadWifi does not correctly process beacon frames which can lead to a remotely triggered Denial of Service. diff --git a/metadata/glsa/glsa-200711-13.xml b/metadata/glsa/glsa-200711-13.xml index 173e6eee7242..b5fae92bd609 100644 --- a/metadata/glsa/glsa-200711-13.xml +++ b/metadata/glsa/glsa-200711-13.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200711-13"> - <title>3proxy: Denial of Service</title> + <title>3proxy: Denial of service</title> <synopsis> A vulnerability has been discovered in 3proxy, possibly resulting in a Denial of Service. diff --git a/metadata/glsa/glsa-200711-25.xml b/metadata/glsa/glsa-200711-25.xml index 76d1de6e64af..2f8d6ecd0695 100644 --- a/metadata/glsa/glsa-200711-25.xml +++ b/metadata/glsa/glsa-200711-25.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200711-25"> - <title>MySQL: Denial of Service</title> + <title>MySQL: Denial of service</title> <synopsis> A Denial of Service vulnerability was found in MySQL. </synopsis> diff --git a/metadata/glsa/glsa-200711-31.xml b/metadata/glsa/glsa-200711-31.xml index 648863f135b3..c2ad71fe7458 100644 --- a/metadata/glsa/glsa-200711-31.xml +++ b/metadata/glsa/glsa-200711-31.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200711-31"> - <title>Net-SNMP: Denial of Service</title> + <title>Net-SNMP: Denial of service</title> <synopsis> A Denial of Service vulnerability has been discovered in Net-SNMP when processing GETBULK requests. diff --git a/metadata/glsa/glsa-200712-12.xml b/metadata/glsa/glsa-200712-12.xml index 7c3efd5ec3d3..80c56b18117f 100644 --- a/metadata/glsa/glsa-200712-12.xml +++ b/metadata/glsa/glsa-200712-12.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200712-12"> - <title>IRC Services: Denial of Service</title> + <title>IRC Services: Denial of service</title> <synopsis> A Denial of Service vulnerability has been reported in IRC Services. </synopsis> diff --git a/metadata/glsa/glsa-200712-19.xml b/metadata/glsa/glsa-200712-19.xml index 0f6a2b97d9db..0068fec39b4f 100644 --- a/metadata/glsa/glsa-200712-19.xml +++ b/metadata/glsa/glsa-200712-19.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200712-19"> - <title>Syslog-ng: Denial of Service</title> + <title>Syslog-ng: Denial of service</title> <synopsis> A Denial of Service vulnerability has been discovered in Syslog-ng. </synopsis> diff --git a/metadata/glsa/glsa-200801-04.xml b/metadata/glsa/glsa-200801-04.xml index d3e4a272fcae..8cfc9c9fd331 100644 --- a/metadata/glsa/glsa-200801-04.xml +++ b/metadata/glsa/glsa-200801-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200801-04"> - <title>OpenAFS: Denial of Service</title> + <title>OpenAFS: Denial of service</title> <synopsis> A Denial of Service vulnerability has been discovered in OpenAFS. </synopsis> diff --git a/metadata/glsa/glsa-200801-05.xml b/metadata/glsa/glsa-200801-05.xml index b859a1c011ad..f24ca70c440e 100644 --- a/metadata/glsa/glsa-200801-05.xml +++ b/metadata/glsa/glsa-200801-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200801-05"> - <title>Squid: Denial of Service</title> + <title>Squid: Denial of service</title> <synopsis> A Denial of Service vulnerability has been reported in Squid. </synopsis> diff --git a/metadata/glsa/glsa-200801-13.xml b/metadata/glsa/glsa-200801-13.xml index 3ebdb971b514..387976aae92a 100644 --- a/metadata/glsa/glsa-200801-13.xml +++ b/metadata/glsa/glsa-200801-13.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200801-13"> - <title>ngIRCd: Denial of Service</title> + <title>ngIRCd: Denial of service</title> <synopsis> ngIRCd does not properly sanitize commands sent by users, allowing for a Denial of Service. diff --git a/metadata/glsa/glsa-200801-16.xml b/metadata/glsa/glsa-200801-16.xml index 875199ea735d..1613eb45402a 100644 --- a/metadata/glsa/glsa-200801-16.xml +++ b/metadata/glsa/glsa-200801-16.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200801-16"> - <title>MaraDNS: CNAME Denial of Service</title> + <title>MaraDNS: CNAME Denial of service</title> <synopsis> MaraDNS is prone to a Denial of Service vulnerability impacting CNAME resolution. diff --git a/metadata/glsa/glsa-200801-17.xml b/metadata/glsa/glsa-200801-17.xml index 9e4f8f009df0..641d7c5e38eb 100644 --- a/metadata/glsa/glsa-200801-17.xml +++ b/metadata/glsa/glsa-200801-17.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200801-17"> - <title>Netkit FTP Server: Denial of Service</title> + <title>Netkit FTP Server: Denial of service</title> <synopsis> Netkit FTP Server contains a Denial of Service vulnerability. </synopsis> diff --git a/metadata/glsa/glsa-200801-20.xml b/metadata/glsa/glsa-200801-20.xml index d46c67897e1a..a69133598099 100644 --- a/metadata/glsa/glsa-200801-20.xml +++ b/metadata/glsa/glsa-200801-20.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200801-20"> - <title>libxml2: Denial of Service</title> + <title>libxml2: Denial of service</title> <synopsis> A Denial of Service vulnerability has been reported in libxml2. </synopsis> diff --git a/metadata/glsa/glsa-200802-08.xml b/metadata/glsa/glsa-200802-08.xml index 60f2a9054fb0..34f5fae29037 100644 --- a/metadata/glsa/glsa-200802-08.xml +++ b/metadata/glsa/glsa-200802-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200802-08"> - <title>Boost: Denial of Service</title> + <title>Boost: Denial of service</title> <synopsis> Two vulnerabilities have been reported in Boost, each one possibly resulting in a Denial of Service. diff --git a/metadata/glsa/glsa-200803-22.xml b/metadata/glsa/glsa-200803-22.xml index 00c1b30f8e06..9e0f0c951545 100644 --- a/metadata/glsa/glsa-200803-22.xml +++ b/metadata/glsa/glsa-200803-22.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200803-22"> - <title>LIVE555 Media Server: Denial of Service</title> + <title>LIVE555 Media Server: Denial of service</title> <synopsis> A Denial of Service vulnerability has been reported in LIVE555 Media Server. diff --git a/metadata/glsa/glsa-200803-32.xml b/metadata/glsa/glsa-200803-32.xml index cc5d432c4425..daa30e74884b 100644 --- a/metadata/glsa/glsa-200803-32.xml +++ b/metadata/glsa/glsa-200803-32.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200803-32"> - <title>Wireshark: Denial of Service</title> + <title>Wireshark: Denial of service</title> <synopsis> Multiple Denial of Service vulnerabilities have been discovered in Wireshark. diff --git a/metadata/glsa/glsa-200804-02.xml b/metadata/glsa/glsa-200804-02.xml index 29c40528257a..c6f4d547caf2 100644 --- a/metadata/glsa/glsa-200804-02.xml +++ b/metadata/glsa/glsa-200804-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200804-02"> - <title>bzip2: Denial of Service</title> + <title>bzip2: Denial of service</title> <synopsis> A buffer overread vulnerability has been discovered in Bzip2. </synopsis> diff --git a/metadata/glsa/glsa-200804-19.xml b/metadata/glsa/glsa-200804-19.xml index ec5409c1e7c5..44b2e4776143 100644 --- a/metadata/glsa/glsa-200804-19.xml +++ b/metadata/glsa/glsa-200804-19.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200804-19"> - <title>PHP Toolkit: Data disclosure and Denial of Service</title> + <title>PHP Toolkit: Data disclosure and Denial of service</title> <synopsis> PHP Toolkit does not quote parameters, allowing for PHP source code disclosure on Apache, and a Denial of Service. diff --git a/metadata/glsa/glsa-200804-26.xml b/metadata/glsa/glsa-200804-26.xml index 152bb1ead851..9ef461493335 100644 --- a/metadata/glsa/glsa-200804-26.xml +++ b/metadata/glsa/glsa-200804-26.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200804-26"> - <title>Openfire: Denial of Service</title> + <title>Openfire: Denial of service</title> <synopsis> A design error in Openfire might lead to a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200805-05.xml b/metadata/glsa/glsa-200805-05.xml index e10026a9b88b..ee55e151f114 100644 --- a/metadata/glsa/glsa-200805-05.xml +++ b/metadata/glsa/glsa-200805-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200805-05"> - <title>Wireshark: Denial of Service</title> + <title>Wireshark: Denial of service</title> <synopsis> Multiple Denial of Service vulnerabilities have been discovered in Wireshark. diff --git a/metadata/glsa/glsa-200805-08.xml b/metadata/glsa/glsa-200805-08.xml index b966afc4e59d..02e9b524981b 100644 --- a/metadata/glsa/glsa-200805-08.xml +++ b/metadata/glsa/glsa-200805-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200805-08"> - <title>InspIRCd: Denial of Service</title> + <title>InspIRCd: Denial of service</title> <synopsis> A buffer overflow in InspIRCd allows remote attackers to cause a Denial of Service. diff --git a/metadata/glsa/glsa-200805-15.xml b/metadata/glsa/glsa-200805-15.xml index 8b7c2bfc9fb2..96643bbef636 100644 --- a/metadata/glsa/glsa-200805-15.xml +++ b/metadata/glsa/glsa-200805-15.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200805-15"> - <title>libid3tag: Denial of Service</title> + <title>libid3tag: Denial of service</title> <synopsis> A Denial of Service vulnerability was found in libid3tag. </synopsis> diff --git a/metadata/glsa/glsa-200806-08.xml b/metadata/glsa/glsa-200806-08.xml index 07c01edbacde..d0c5a77a546c 100644 --- a/metadata/glsa/glsa-200806-08.xml +++ b/metadata/glsa/glsa-200806-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200806-08"> - <title>OpenSSL: Denial of Service</title> + <title>OpenSSL: Denial of service</title> <synopsis> Two vulnerabilities might allow for a Denial of Service of daemons using OpenSSL. diff --git a/metadata/glsa/glsa-200807-06.xml b/metadata/glsa/glsa-200807-06.xml index 6febbf8e29f7..4c8f81534f99 100644 --- a/metadata/glsa/glsa-200807-06.xml +++ b/metadata/glsa/glsa-200807-06.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200807-06"> - <title>Apache: Denial of Service</title> + <title>Apache: Denial of service</title> <synopsis> Multiple vulnerabilities in Apache might lead to a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200808-04.xml b/metadata/glsa/glsa-200808-04.xml index 65dc75fa103e..56e32abcfdd5 100644 --- a/metadata/glsa/glsa-200808-04.xml +++ b/metadata/glsa/glsa-200808-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200808-04"> - <title>Wireshark: Denial of Service</title> + <title>Wireshark: Denial of service</title> <synopsis> Multiple Denial of Service vulnerabilities have been discovered in Wireshark. diff --git a/metadata/glsa/glsa-200808-05.xml b/metadata/glsa/glsa-200808-05.xml index 7ca04ba842bc..eb4a3291baf8 100644 --- a/metadata/glsa/glsa-200808-05.xml +++ b/metadata/glsa/glsa-200808-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200808-05"> - <title>ISC DHCP: Denial of Service</title> + <title>ISC DHCP: Denial of service</title> <synopsis> A Denial of Service vulnerability was discovered in ISC DHCP. </synopsis> diff --git a/metadata/glsa/glsa-200809-09.xml b/metadata/glsa/glsa-200809-09.xml index 86b8b82925b1..dbcb6a4033c7 100644 --- a/metadata/glsa/glsa-200809-09.xml +++ b/metadata/glsa/glsa-200809-09.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200809-09"> - <title>Postfix: Denial of Service</title> + <title>Postfix: Denial of service</title> <synopsis> A memory leak in Postfix might allow local users to cause a Denial of Service. diff --git a/metadata/glsa/glsa-200809-11.xml b/metadata/glsa/glsa-200809-11.xml index d2b3e8b6ed4f..d52daa78b562 100644 --- a/metadata/glsa/glsa-200809-11.xml +++ b/metadata/glsa/glsa-200809-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200809-11"> - <title>HAVP: Denial of Service</title> + <title>HAVP: Denial of service</title> <synopsis> A Denial of Service vulnerability has been reported in HAVP. </synopsis> diff --git a/metadata/glsa/glsa-200812-03.xml b/metadata/glsa/glsa-200812-03.xml index 64a9b2625c2a..18468b710ee8 100644 --- a/metadata/glsa/glsa-200812-03.xml +++ b/metadata/glsa/glsa-200812-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200812-03"> - <title>IPsec-Tools: racoon Denial of Service</title> + <title>IPsec-Tools: racoon Denial of service</title> <synopsis> IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. diff --git a/metadata/glsa/glsa-200901-04.xml b/metadata/glsa/glsa-200901-04.xml index db1df4fc4468..216cca9b518a 100644 --- a/metadata/glsa/glsa-200901-04.xml +++ b/metadata/glsa/glsa-200901-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200901-04"> - <title>D-Bus: Denial of Service</title> + <title>D-Bus: Denial of service</title> <synopsis> An error condition can cause D-Bus to crash. </synopsis> diff --git a/metadata/glsa/glsa-200901-11.xml b/metadata/glsa/glsa-200901-11.xml index 3321fd6e7ec3..4a5984b72073 100644 --- a/metadata/glsa/glsa-200901-11.xml +++ b/metadata/glsa/glsa-200901-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200901-11"> - <title>Avahi: Denial of Service</title> + <title>Avahi: Denial of service</title> <synopsis> A Denial of Service vulnerability has been discovered in Avahi. </synopsis> diff --git a/metadata/glsa/glsa-200901-15.xml b/metadata/glsa/glsa-200901-15.xml index 41fba986c05b..f76b93c35a96 100644 --- a/metadata/glsa/glsa-200901-15.xml +++ b/metadata/glsa/glsa-200901-15.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200901-15"> - <title>Net-SNMP: Denial of Service</title> + <title>Net-SNMP: Denial of service</title> <synopsis> A vulnerability in Net-SNMP could lead to a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200903-13.xml b/metadata/glsa/glsa-200903-13.xml index d80632989601..fc0f88cdaa94 100644 --- a/metadata/glsa/glsa-200903-13.xml +++ b/metadata/glsa/glsa-200903-13.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200903-13"> - <title>MPFR: Denial of Service</title> + <title>MPFR: Denial of service</title> <synopsis> Multiple buffer overflows in MPFR might lead to a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200903-19.xml b/metadata/glsa/glsa-200903-19.xml index ad6e89cfac94..695675b08787 100644 --- a/metadata/glsa/glsa-200903-19.xml +++ b/metadata/glsa/glsa-200903-19.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200903-19"> - <title>Xerces-C++: Denial of Service</title> + <title>Xerces-C++: Denial of service</title> <synopsis> An error in Xerces-C++ allows for a Denial of Service via malicious XML schema files. diff --git a/metadata/glsa/glsa-200903-40.xml b/metadata/glsa/glsa-200903-40.xml index 5f8c75c50b8c..2cebd0751ef6 100644 --- a/metadata/glsa/glsa-200903-40.xml +++ b/metadata/glsa/glsa-200903-40.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200903-40"> - <title>Analog: Denial of Service</title> + <title>Analog: Denial of service</title> <synopsis> A Denial of Service vulnerability was discovered in Analog. </synopsis> diff --git a/metadata/glsa/glsa-200904-04.xml b/metadata/glsa/glsa-200904-04.xml index 6c52deb11a50..872ca9feab6c 100644 --- a/metadata/glsa/glsa-200904-04.xml +++ b/metadata/glsa/glsa-200904-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200904-04"> - <title>WeeChat: Denial of Service</title> + <title>WeeChat: Denial of service</title> <synopsis> A processing error in WeeChat might lead to a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200904-08.xml b/metadata/glsa/glsa-200904-08.xml index f3139bf89b68..fc552913629c 100644 --- a/metadata/glsa/glsa-200904-08.xml +++ b/metadata/glsa/glsa-200904-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200904-08"> - <title>OpenSSL: Denial of Service</title> + <title>OpenSSL: Denial of service</title> <synopsis> An error in OpenSSL might allow for a Denial of Service when printing certificate details. diff --git a/metadata/glsa/glsa-200904-10.xml b/metadata/glsa/glsa-200904-10.xml index 193c67427b65..fcb96cd0ec23 100644 --- a/metadata/glsa/glsa-200904-10.xml +++ b/metadata/glsa/glsa-200904-10.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200904-10"> - <title>Avahi: Denial of Service</title> + <title>Avahi: Denial of service</title> <synopsis> An error in Avahi might lead to a Denial of Service via network and CPU consumption. diff --git a/metadata/glsa/glsa-200904-13.xml b/metadata/glsa/glsa-200904-13.xml index 9764bf941537..ae0a94d91eaf 100644 --- a/metadata/glsa/glsa-200904-13.xml +++ b/metadata/glsa/glsa-200904-13.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200904-13"> - <title>Ventrilo: Denial of Service</title> + <title>Ventrilo: Denial of service</title> <synopsis> A vulnerability has been discovered in Ventrilo, allowing for a Denial of Service. diff --git a/metadata/glsa/glsa-200905-03.xml b/metadata/glsa/glsa-200905-03.xml index 75e027433cf4..df09584c4182 100644 --- a/metadata/glsa/glsa-200905-03.xml +++ b/metadata/glsa/glsa-200905-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200905-03"> - <title>IPSec Tools: Denial of Service</title> + <title>IPSec Tools: Denial of service</title> <synopsis> Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service. diff --git a/metadata/glsa/glsa-200905-06.xml b/metadata/glsa/glsa-200905-06.xml index f0daa27a2704..714676172cbe 100644 --- a/metadata/glsa/glsa-200905-06.xml +++ b/metadata/glsa/glsa-200905-06.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200905-06"> - <title>acpid: Denial of Service</title> + <title>acpid: Denial of service</title> <synopsis> An error in acpid might allow remote attackers to cause a Denial of Service. diff --git a/metadata/glsa/glsa-200906-02.xml b/metadata/glsa/glsa-200906-02.xml index 9a9e750e1aa2..257a1415bd69 100644 --- a/metadata/glsa/glsa-200906-02.xml +++ b/metadata/glsa/glsa-200906-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200906-02"> - <title>Ruby: Denial of Service</title> + <title>Ruby: Denial of service</title> <synopsis> A flaw in the Ruby standard library might allow remote attackers to cause a Denial of Service attack. diff --git a/metadata/glsa/glsa-200907-02.xml b/metadata/glsa/glsa-200907-02.xml index d9211d2c82bc..beec6bcaba1b 100644 --- a/metadata/glsa/glsa-200907-02.xml +++ b/metadata/glsa/glsa-200907-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200907-02"> - <title>ModSecurity: Denial of Service</title> + <title>ModSecurity: Denial of service</title> <synopsis> Two vulnerabilities in ModSecurity might lead to a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-200907-05.xml b/metadata/glsa/glsa-200907-05.xml index 265b7af3e63c..d506ec04c3a6 100644 --- a/metadata/glsa/glsa-200907-05.xml +++ b/metadata/glsa/glsa-200907-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200907-05"> - <title>git: git-daemon Denial of Service</title> + <title>git: git-daemon Denial of service</title> <synopsis> An error in git-daemon might lead to a Denial of Service via resource consumption. diff --git a/metadata/glsa/glsa-200908-02.xml b/metadata/glsa/glsa-200908-02.xml index 71c2cc9cba59..77eac4fc16cb 100644 --- a/metadata/glsa/glsa-200908-02.xml +++ b/metadata/glsa/glsa-200908-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200908-02"> - <title>BIND: Denial of Service</title> + <title>BIND: Denial of service</title> <synopsis> Dynamic Update packets can cause a Denial of Service in the BIND daemon. </synopsis> diff --git a/metadata/glsa/glsa-200908-07.xml b/metadata/glsa/glsa-200908-07.xml index d6fea11da9bc..5a3d87de1b7c 100644 --- a/metadata/glsa/glsa-200908-07.xml +++ b/metadata/glsa/glsa-200908-07.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200908-07"> - <title>Perl Compress::Raw modules: Denial of Service</title> + <title>Perl Compress::Raw modules: Denial of service</title> <synopsis> An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might lead to a Denial of Service. diff --git a/metadata/glsa/glsa-200908-08.xml b/metadata/glsa/glsa-200908-08.xml index 0ccedf026c92..4b5a418e2861 100644 --- a/metadata/glsa/glsa-200908-08.xml +++ b/metadata/glsa/glsa-200908-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200908-08"> - <title>ISC DHCP: dhcpd Denial of Service</title> + <title>ISC DHCP: dhcpd Denial of service</title> <synopsis> dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service. diff --git a/metadata/glsa/glsa-200909-05.xml b/metadata/glsa/glsa-200909-05.xml index 40704e5ada01..a398bc011ea5 100644 --- a/metadata/glsa/glsa-200909-05.xml +++ b/metadata/glsa/glsa-200909-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200909-05"> - <title>Openswan: Denial of Service</title> + <title>Openswan: Denial of service</title> <synopsis> Multiple vulnerabilities in the pluto IKE daemon of Openswan might allow remote attackers to cause a Denial of Service. diff --git a/metadata/glsa/glsa-200909-16.xml b/metadata/glsa/glsa-200909-16.xml index 851049fae14b..64761d810ec6 100644 --- a/metadata/glsa/glsa-200909-16.xml +++ b/metadata/glsa/glsa-200909-16.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200909-16"> - <title>Wireshark: Denial of Service</title> + <title>Wireshark: Denial of service</title> <synopsis> Multiple vulnerabilities have been discovered in Wireshark which allow for Denial of Service. diff --git a/metadata/glsa/glsa-201001-01.xml b/metadata/glsa/glsa-201001-01.xml index fb7fd3c0c5b1..a46349146899 100644 --- a/metadata/glsa/glsa-201001-01.xml +++ b/metadata/glsa/glsa-201001-01.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201001-01"> - <title>NTP: Denial of Service</title> + <title>NTP: Denial of service</title> <synopsis> A Denial of Service condition in ntpd can cause excessive CPU or bandwidth consumption. diff --git a/metadata/glsa/glsa-201006-17.xml b/metadata/glsa/glsa-201006-17.xml index ab4d122e4506..32888ad18ae2 100644 --- a/metadata/glsa/glsa-201006-17.xml +++ b/metadata/glsa/glsa-201006-17.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201006-17"> - <title>lighttpd: Denial of Service</title> + <title>lighttpd: Denial of service</title> <synopsis> A processing error in lighttpd might result in a Denial of Service condition. diff --git a/metadata/glsa/glsa-201009-07.xml b/metadata/glsa/glsa-201009-07.xml index 46008757c7cf..1500716099c6 100644 --- a/metadata/glsa/glsa-201009-07.xml +++ b/metadata/glsa/glsa-201009-07.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201009-07"> - <title>libxml2: Denial of Service</title> + <title>libxml2: Denial of service</title> <synopsis> Multiple Denial of Services vulnerabilities were found in libxml2. </synopsis> diff --git a/metadata/glsa/glsa-201110-07.xml b/metadata/glsa/glsa-201110-07.xml index 9a25d95636cd..8d7182803f22 100644 --- a/metadata/glsa/glsa-201110-07.xml +++ b/metadata/glsa/glsa-201110-07.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201110-07"> - <title>vsftpd: Denial of Service</title> + <title>vsftpd: Denial of service</title> <synopsis>A Denial of Service vulnerability was found in vsftpd.</synopsis> <product type="ebuild">vsftpd</product> <announced>2011-10-10</announced> diff --git a/metadata/glsa/glsa-201110-12.xml b/metadata/glsa/glsa-201110-12.xml index 7062b518450b..90c706220115 100644 --- a/metadata/glsa/glsa-201110-12.xml +++ b/metadata/glsa/glsa-201110-12.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201110-12"> - <title>Unbound: Denial of Service</title> + <title>Unbound: Denial of service</title> <synopsis>Multiple Denial of Service vulnerabilities were found in Unbound.</synopsis> <product type="ebuild">unbound</product> <announced>2011-10-15</announced> diff --git a/metadata/glsa/glsa-201110-17.xml b/metadata/glsa/glsa-201110-17.xml index ea0e65c2c6b5..47fefb9d0311 100644 --- a/metadata/glsa/glsa-201110-17.xml +++ b/metadata/glsa/glsa-201110-17.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201110-17"> - <title>Avahi: Denial of Service</title> + <title>Avahi: Denial of service</title> <synopsis>Multiple vulnerabilities were found in Avahi, allowing for Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201202-03.xml b/metadata/glsa/glsa-201202-03.xml index 3baeb6dd9e4b..0da4cebd6ca4 100644 --- a/metadata/glsa/glsa-201202-03.xml +++ b/metadata/glsa/glsa-201202-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201202-03"> - <title>MaraDNS: Denial of Service</title> + <title>MaraDNS: Denial of service</title> <synopsis>A hash collision vulnerability in MaraDNS allows remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201202-04.xml b/metadata/glsa/glsa-201202-04.xml index 280556e84d85..96096d809071 100644 --- a/metadata/glsa/glsa-201202-04.xml +++ b/metadata/glsa/glsa-201202-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201202-04"> - <title>PowerDNS: Denial of Service</title> + <title>PowerDNS: Denial of service</title> <synopsis>A vulnerability in PowerDNS could allow a remote attacker to create a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201202-06.xml b/metadata/glsa/glsa-201202-06.xml index 18e40c3c20ff..f840c259f877 100644 --- a/metadata/glsa/glsa-201202-06.xml +++ b/metadata/glsa/glsa-201202-06.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201202-06"> - <title>Asterisk: Denial of Service</title> + <title>Asterisk: Denial of service</title> <synopsis>A vulnerability in Asterisk could allow a remote attacker to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201203-04.xml b/metadata/glsa/glsa-201203-04.xml index 0c57f9328661..a7d5a7b85283 100644 --- a/metadata/glsa/glsa-201203-04.xml +++ b/metadata/glsa/glsa-201203-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201203-04"> - <title>libxml2: Denial of Service</title> + <title>libxml2: Denial of service</title> <synopsis>A hash collision vulnerability in libxml2 allows remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201203-05.xml b/metadata/glsa/glsa-201203-05.xml index 95ac56dff1c5..17d12d9339ed 100644 --- a/metadata/glsa/glsa-201203-05.xml +++ b/metadata/glsa/glsa-201203-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201203-05"> - <title>Rack: Denial of Service</title> + <title>Rack: Denial of service</title> <synopsis>A hash collision vulnerability in Rack allows remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201203-08.xml b/metadata/glsa/glsa-201203-08.xml index 0911c0469772..bba0509f08e8 100644 --- a/metadata/glsa/glsa-201203-08.xml +++ b/metadata/glsa/glsa-201203-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201203-08"> - <title>libxslt: Denial of Service</title> + <title>libxslt: Denial of service</title> <synopsis>A vulnerability in libxslt could result in Denial of Service.</synopsis> <product type="ebuild">libxslt</product> <announced>2012-03-06</announced> diff --git a/metadata/glsa/glsa-201203-13.xml b/metadata/glsa/glsa-201203-13.xml index b276e279908d..98d1f6edf966 100644 --- a/metadata/glsa/glsa-201203-13.xml +++ b/metadata/glsa/glsa-201203-13.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201203-13"> - <title>Openswan: Denial of Service</title> + <title>Openswan: Denial of service</title> <synopsis>Multiple vulnerabilities in Openswan may create a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201206-20.xml b/metadata/glsa/glsa-201206-20.xml index aeda09bcb145..ac53364d11b2 100644 --- a/metadata/glsa/glsa-201206-20.xml +++ b/metadata/glsa/glsa-201206-20.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201206-20"> - <title>gdk-pixbuf: Denial of Service</title> + <title>gdk-pixbuf: Denial of service</title> <synopsis>Multiple vulnerabilities in gdk-pixbuf may create a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201207-06.xml b/metadata/glsa/glsa-201207-06.xml index fc5aef2fcaa8..3e4ce1c21d84 100644 --- a/metadata/glsa/glsa-201207-06.xml +++ b/metadata/glsa/glsa-201207-06.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201207-06"> - <title>JRuby: Denial of Service</title> + <title>JRuby: Denial of service</title> <synopsis>A hash collision vulnerability in JRuby allows remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201207-07.xml b/metadata/glsa/glsa-201207-07.xml index b7b19be392a4..1dbaabc34817 100644 --- a/metadata/glsa/glsa-201207-07.xml +++ b/metadata/glsa/glsa-201207-07.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201207-07"> - <title>Keepalived: Denial of Service</title> + <title>Keepalived: Denial of service</title> <synopsis>Keepalived uses world-writable PID files, allowing a local attacker to kill arbitrary processes. </synopsis> diff --git a/metadata/glsa/glsa-201209-08.xml b/metadata/glsa/glsa-201209-08.xml index 320c8db03717..e051dc3d8bb5 100644 --- a/metadata/glsa/glsa-201209-08.xml +++ b/metadata/glsa/glsa-201209-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201209-08"> - <title>SquidClamav: Denial of Service</title> + <title>SquidClamav: Denial of service</title> <synopsis>A vulnerability in SquidClamav may result in Denial of Service.</synopsis> <product type="ebuild">squidclamav</product> <announced>2012-09-24</announced> diff --git a/metadata/glsa/glsa-201209-09.xml b/metadata/glsa/glsa-201209-09.xml index 516acf6ab69e..33a7516c26cc 100644 --- a/metadata/glsa/glsa-201209-09.xml +++ b/metadata/glsa/glsa-201209-09.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201209-09"> - <title>Atheme IRC Services: Denial of Service</title> + <title>Atheme IRC Services: Denial of service</title> <synopsis>A vulnerability has been found in Atheme which may lead to Denial of Service or a bypass of security restrictions. </synopsis> diff --git a/metadata/glsa/glsa-201209-12.xml b/metadata/glsa/glsa-201209-12.xml index 6d3624bc4366..8fefa8855908 100644 --- a/metadata/glsa/glsa-201209-12.xml +++ b/metadata/glsa/glsa-201209-12.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201209-12"> - <title>Libtasn1: Denial of Service</title> + <title>Libtasn1: Denial of service</title> <synopsis>A vulnerability in Libtasn1 might cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201209-14.xml b/metadata/glsa/glsa-201209-14.xml index 2e41c9e63e78..16c0ffb00f44 100644 --- a/metadata/glsa/glsa-201209-14.xml +++ b/metadata/glsa/glsa-201209-14.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201209-14"> - <title>file: Denial of Service</title> + <title>file: Denial of service</title> <synopsis>A vulnerability in file could result in Denial of Service.</synopsis> <product type="ebuild">file</product> <announced>2012-09-26</announced> diff --git a/metadata/glsa/glsa-201209-20.xml b/metadata/glsa/glsa-201209-20.xml index 19cf6109fea6..69c91c77d8ec 100644 --- a/metadata/glsa/glsa-201209-20.xml +++ b/metadata/glsa/glsa-201209-20.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201209-20"> - <title>mod_rpaf: Denial of Service</title> + <title>mod_rpaf: Denial of service</title> <synopsis>A vulnerability in mod_rpaf may result in Denial of Service.</synopsis> <product type="ebuild">mod_rpaf</product> <announced>2012-09-27</announced> diff --git a/metadata/glsa/glsa-201301-06.xml b/metadata/glsa/glsa-201301-06.xml index c51e55f944cb..612b1dbab7e7 100644 --- a/metadata/glsa/glsa-201301-06.xml +++ b/metadata/glsa/glsa-201301-06.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201301-06"> - <title>ISC DHCP: Denial of Service</title> + <title>ISC DHCP: Denial of service</title> <synopsis>Multiple vulnerabilities have been found in ISC DHCP, the worst of which may allow remote Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201308-02.xml b/metadata/glsa/glsa-201308-02.xml index bab7fa6e14c0..f5a0b5daebb0 100644 --- a/metadata/glsa/glsa-201308-02.xml +++ b/metadata/glsa/glsa-201308-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201308-02"> - <title>D-Bus: Denial of Service</title> + <title>D-Bus: Denial of service</title> <synopsis>A vulnerability has been found in D-Bus which allows a local user to cause a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201309-01.xml b/metadata/glsa/glsa-201309-01.xml index 1bf4114b17b2..658ec5e207ff 100644 --- a/metadata/glsa/glsa-201309-01.xml +++ b/metadata/glsa/glsa-201309-01.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201309-01"> - <title>Cyrus-SASL: Denial of Service</title> + <title>Cyrus-SASL: Denial of service</title> <synopsis>A NULL pointer dereference in Cyrus-SASL may allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201309-03.xml b/metadata/glsa/glsa-201309-03.xml index 983ce843dd94..8625528ca7c5 100644 --- a/metadata/glsa/glsa-201309-03.xml +++ b/metadata/glsa/glsa-201309-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201309-03"> - <title>Xlockmore: Denial of Service</title> + <title>Xlockmore: Denial of service</title> <synopsis>A buffer overflow in Xlockmore might allow remote attackers to cause a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201311-04.xml b/metadata/glsa/glsa-201311-04.xml index e1730eca2635..f32c058f879f 100644 --- a/metadata/glsa/glsa-201311-04.xml +++ b/metadata/glsa/glsa-201311-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201311-04"> - <title>Vixie cron: Denial of Service</title> + <title>Vixie cron: Denial of service</title> <synopsis>A vulnerability has been found in Vixie cron, allowing local attackers to conduct symlink attacks. </synopsis> diff --git a/metadata/glsa/glsa-201311-18.xml b/metadata/glsa/glsa-201311-18.xml index 799c3ecf5650..7d4c35954ae4 100644 --- a/metadata/glsa/glsa-201311-18.xml +++ b/metadata/glsa/glsa-201311-18.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201311-18"> - <title>Unbound: Denial of Service</title> + <title>Unbound: Denial of service</title> <synopsis>Multiple Denial of Service vulnerabilities have been found in Unbound. </synopsis> diff --git a/metadata/glsa/glsa-201312-15.xml b/metadata/glsa/glsa-201312-15.xml index 88f6a6288a04..027a038d19b9 100644 --- a/metadata/glsa/glsa-201312-15.xml +++ b/metadata/glsa/glsa-201312-15.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201312-15"> - <title>Tinyproxy: Denial of Service</title> + <title>Tinyproxy: Denial of service</title> <synopsis>A vulnerability has been found in Tinyproxy, allows remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201401-05.xml b/metadata/glsa/glsa-201401-05.xml index 2e856e71a1ae..e0504d2e700a 100644 --- a/metadata/glsa/glsa-201401-05.xml +++ b/metadata/glsa/glsa-201401-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201401-05"> - <title>ISC DHCP: Denial of Service</title> + <title>ISC DHCP: Denial of service</title> <synopsis>A memory exhaustion vulnerability in ISC DHCP could lead to Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201401-07.xml b/metadata/glsa/glsa-201401-07.xml index c0e733e08325..d7b49ab80cf5 100644 --- a/metadata/glsa/glsa-201401-07.xml +++ b/metadata/glsa/glsa-201401-07.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201401-07"> - <title>libxslt: Denial of Service</title> + <title>libxslt: Denial of service</title> <synopsis>Multiple Denial of Service vulnerabilities have been found in libxslt. </synopsis> diff --git a/metadata/glsa/glsa-201401-34.xml b/metadata/glsa/glsa-201401-34.xml index bba64bbbcf34..9c7660a1ef4c 100644 --- a/metadata/glsa/glsa-201401-34.xml +++ b/metadata/glsa/glsa-201401-34.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201401-34"> - <title>BIND: Denial of Service</title> + <title>BIND: Denial of service</title> <synopsis>Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201402-11.xml b/metadata/glsa/glsa-201402-11.xml index 3b42a11ed900..32b8a6329541 100644 --- a/metadata/glsa/glsa-201402-11.xml +++ b/metadata/glsa/glsa-201402-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201402-11"> - <title>Links: Denial of Service</title> + <title>Links: Denial of service</title> <synopsis>An integer overflow in Links might allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201402-14.xml b/metadata/glsa/glsa-201402-14.xml index f1c8a0032b98..ffb27ce0e459 100644 --- a/metadata/glsa/glsa-201402-14.xml +++ b/metadata/glsa/glsa-201402-14.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201402-14"> - <title>International Components for Unicode: Denial of Service</title> + <title>International Components for Unicode: Denial of service</title> <synopsis>Two vulnerabilities in International Components for Unicode might allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201402-25.xml b/metadata/glsa/glsa-201402-25.xml index e4bd8e090e1a..927714d1a986 100644 --- a/metadata/glsa/glsa-201402-25.xml +++ b/metadata/glsa/glsa-201402-25.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201402-25"> - <title>OpenSSL: Denial of Service</title> + <title>OpenSSL: Denial of service</title> <synopsis>A vulnerability in OpenSSL's handling of TLS handshakes could result in a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201403-03.xml b/metadata/glsa/glsa-201403-03.xml index 4d1dd97ce594..b951172bdde8 100644 --- a/metadata/glsa/glsa-201403-03.xml +++ b/metadata/glsa/glsa-201403-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201403-03"> - <title>file: Denial of Service</title> + <title>file: Denial of service</title> <synopsis>A vulnerability in file could result in Denial of Service.</synopsis> <product type="ebuild">file</product> <announced>2014-03-13</announced> diff --git a/metadata/glsa/glsa-201403-04.xml b/metadata/glsa/glsa-201403-04.xml index 9c88b3663438..fddfad7996cb 100644 --- a/metadata/glsa/glsa-201403-04.xml +++ b/metadata/glsa/glsa-201403-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201403-04"> - <title>QtCore: Denial of Service</title> + <title>QtCore: Denial of service</title> <synopsis>A vulnerability in QXmlSimpleReader class can be used to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201405-02.xml b/metadata/glsa/glsa-201405-02.xml index feb538b9f1c1..ca980569f658 100644 --- a/metadata/glsa/glsa-201405-02.xml +++ b/metadata/glsa/glsa-201405-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201405-02"> - <title>libSRTP: Denial of Service</title> + <title>libSRTP: Denial of service</title> <synopsis>A vulnerability in libSRTP can result in a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201405-05.xml b/metadata/glsa/glsa-201405-05.xml index 4d4d968a9a81..314dac66473d 100644 --- a/metadata/glsa/glsa-201405-05.xml +++ b/metadata/glsa/glsa-201405-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201405-05"> - <title>Asterisk: Denial of Service</title> + <title>Asterisk: Denial of service</title> <synopsis>Multiple buffer overflows in Asterisk might allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201405-14.xml b/metadata/glsa/glsa-201405-14.xml index 5983113bd598..cd8bcad2f577 100644 --- a/metadata/glsa/glsa-201405-14.xml +++ b/metadata/glsa/glsa-201405-14.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201405-14"> - <title>Ruby OpenID: Denial of Service</title> + <title>Ruby OpenID: Denial of service</title> <synopsis>A vulnerability in Ruby OpenID may lead to Denial of Service.</synopsis> <product type="ebuild">ruby-openid</product> <announced>2014-05-17</announced> diff --git a/metadata/glsa/glsa-201405-16.xml b/metadata/glsa/glsa-201405-16.xml index 229014a3a906..744a1d2bc46f 100644 --- a/metadata/glsa/glsa-201405-16.xml +++ b/metadata/glsa/glsa-201405-16.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201405-16"> - <title>Mono: Denial of Service</title> + <title>Mono: Denial of service</title> <synopsis>A hash collision vulnerability in Mono allows remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201405-20.xml b/metadata/glsa/glsa-201405-20.xml index 8ed494ebb41f..c889f9dfe189 100644 --- a/metadata/glsa/glsa-201405-20.xml +++ b/metadata/glsa/glsa-201405-20.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201405-20"> - <title>JBIG-KIT: Denial of Service</title> + <title>JBIG-KIT: Denial of service</title> <synopsis>A stack-based buffer overflow in JBIG-KIT might allow remote attackers to cause a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201405-21.xml b/metadata/glsa/glsa-201405-21.xml index 342671e4105d..f95cfa4e1719 100644 --- a/metadata/glsa/glsa-201405-21.xml +++ b/metadata/glsa/glsa-201405-21.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201405-21"> - <title>Charybdis, ShadowIRCd: Denial of Service</title> + <title>Charybdis, ShadowIRCd: Denial of service</title> <synopsis>A vulnerability has been found in Charybdis and ShadowIRCd, possibly resulting in remote Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201405-24.xml b/metadata/glsa/glsa-201405-24.xml index 069f8d1f85f2..412fdc38ca6e 100644 --- a/metadata/glsa/glsa-201405-24.xml +++ b/metadata/glsa/glsa-201405-24.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201405-24"> - <title>Apache Portable Runtime, APR Utility Library: Denial of Service</title> + <title>Apache Portable Runtime, APR Utility Library: Denial of service</title> <synopsis>Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201406-04.xml b/metadata/glsa/glsa-201406-04.xml index 958e65c665bf..a99c235d5a1f 100644 --- a/metadata/glsa/glsa-201406-04.xml +++ b/metadata/glsa/glsa-201406-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201406-04"> - <title>SystemTap: Denial of Service</title> + <title>SystemTap: Denial of service</title> <synopsis>A vulnerability in SystemTap could allow a local attacker to create a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201406-23.xml b/metadata/glsa/glsa-201406-23.xml index 8e64dae79bdf..e80c53dc8e7b 100644 --- a/metadata/glsa/glsa-201406-23.xml +++ b/metadata/glsa/glsa-201406-23.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201406-23"> - <title>DenyHosts: Denial of Service</title> + <title>DenyHosts: Denial of service</title> <synopsis>A vulnerability in DenyHosts could allow a remote attacker to create a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201407-01.xml b/metadata/glsa/glsa-201407-01.xml index 10697913e884..4a84a78e2233 100644 --- a/metadata/glsa/glsa-201407-01.xml +++ b/metadata/glsa/glsa-201407-01.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201407-01"> - <title>OpenTTD: Denial of Service</title> + <title>OpenTTD: Denial of service</title> <synopsis>A vulnerability in OpenTTD could allow a remote attacker to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201407-04.xml b/metadata/glsa/glsa-201407-04.xml index 4b478172bfa2..92f3af8d0116 100644 --- a/metadata/glsa/glsa-201407-04.xml +++ b/metadata/glsa/glsa-201407-04.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201407-04"> - <title>GnuPG: Denial of Service</title> + <title>GnuPG: Denial of service</title> <synopsis>A vulnerability in GnuPG can lead to a Denial of Service condition.</synopsis> <product type="ebuild">GnuPG. </product> <announced>2014-07-16</announced> diff --git a/metadata/glsa/glsa-201408-08.xml b/metadata/glsa/glsa-201408-08.xml index 1a9f4a94adc9..a5e640f0f807 100644 --- a/metadata/glsa/glsa-201408-08.xml +++ b/metadata/glsa/glsa-201408-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201408-08"> - <title>file: Denial of Service</title> + <title>file: Denial of service</title> <synopsis>A vulnerability in file could result in Denial of Service. </synopsis> <product type="ebuild">file</product> <announced>2014-08-26</announced> diff --git a/metadata/glsa/glsa-201409-02.xml b/metadata/glsa/glsa-201409-02.xml index 54ad07f110da..8fd46bf3bab9 100644 --- a/metadata/glsa/glsa-201409-02.xml +++ b/metadata/glsa/glsa-201409-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201409-02"> - <title>Net-SNMP: Denial of Service</title> + <title>Net-SNMP: Denial of service</title> <synopsis>Multiple vulnerabilities have been found in Net-SNMP which could allow remote attackers to cause Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201409-07.xml b/metadata/glsa/glsa-201409-07.xml index 6265fadea682..d67dc7b8101b 100644 --- a/metadata/glsa/glsa-201409-07.xml +++ b/metadata/glsa/glsa-201409-07.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201409-07"> - <title>c-icap: Denial of Service</title> + <title>c-icap: Denial of service</title> <synopsis>A vulnerability in c-icap could result in Denial of Service. </synopsis> <product type="ebuild">c-icap,DoS</product> <announced>2014-09-19</announced> diff --git a/metadata/glsa/glsa-201409-08.xml b/metadata/glsa/glsa-201409-08.xml index 6c07d082ac20..8fa255a5fbee 100644 --- a/metadata/glsa/glsa-201409-08.xml +++ b/metadata/glsa/glsa-201409-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201409-08"> - <title>libxml2: Denial of Service</title> + <title>libxml2: Denial of service</title> <synopsis>A vulnerability in libxml2 allows a remote attacker to cause Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201411-07.xml b/metadata/glsa/glsa-201411-07.xml index 90a31b3b8872..626953bd8ccb 100644 --- a/metadata/glsa/glsa-201411-07.xml +++ b/metadata/glsa/glsa-201411-07.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201411-07"> - <title>Openswan: Denial of Service</title> + <title>Openswan: Denial of service</title> <synopsis>A NULL pointer dereference in Openswan may allow remote attackers to cause Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201412-03.xml b/metadata/glsa/glsa-201412-03.xml index 26a12152e17a..d43330517284 100644 --- a/metadata/glsa/glsa-201412-03.xml +++ b/metadata/glsa/glsa-201412-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-03"> - <title>Dovecot: Denial of Service</title> + <title>Dovecot: Denial of service</title> <synopsis>A vulnerability in Dovecot could allow a remote attacker to create a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201412-06.xml b/metadata/glsa/glsa-201412-06.xml index a01b6e448b47..c993e4d34892 100644 --- a/metadata/glsa/glsa-201412-06.xml +++ b/metadata/glsa/glsa-201412-06.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-06"> - <title>libxml2: Denial of Service</title> + <title>libxml2: Denial of service</title> <synopsis>A vulnerability in libxml2 could result in Denial of Service.</synopsis> <product type="ebuild">libxml2</product> <announced>2014-12-10</announced> diff --git a/metadata/glsa/glsa-201412-16.xml b/metadata/glsa/glsa-201412-16.xml index 9952692321c9..cb189790d79d 100644 --- a/metadata/glsa/glsa-201412-16.xml +++ b/metadata/glsa/glsa-201412-16.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-16"> - <title>CouchDB: Denial of Service</title> + <title>CouchDB: Denial of service</title> <synopsis>A vulnerability in CouchDB could result in Denial of Service.</synopsis> <product type="ebuild">couchdb</product> <announced>2014-12-13</announced> diff --git a/metadata/glsa/glsa-201412-20.xml b/metadata/glsa/glsa-201412-20.xml index 88ee9b5c9853..80222f85754b 100644 --- a/metadata/glsa/glsa-201412-20.xml +++ b/metadata/glsa/glsa-201412-20.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-20"> - <title>GNUstep Base library: Denial of Service</title> + <title>GNUstep Base library: Denial of service</title> <synopsis>A vulnerability in GNUstep Base library could lead to Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201412-25.xml b/metadata/glsa/glsa-201412-25.xml index 58d21454aed1..59936b32dce3 100644 --- a/metadata/glsa/glsa-201412-25.xml +++ b/metadata/glsa/glsa-201412-25.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-25"> - <title>QtGui: Denial of Service</title> + <title>QtGui: Denial of service</title> <synopsis>A NULL pointer dereference in QtGui could lead to Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201412-27.xml b/metadata/glsa/glsa-201412-27.xml index 227cffd10672..5fa51c8a8165 100644 --- a/metadata/glsa/glsa-201412-27.xml +++ b/metadata/glsa/glsa-201412-27.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-27"> - <title>Ruby: Denial of Service</title> + <title>Ruby: Denial of service</title> <synopsis>Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201412-31.xml b/metadata/glsa/glsa-201412-31.xml index afba26975529..9cd7dee0126e 100644 --- a/metadata/glsa/glsa-201412-31.xml +++ b/metadata/glsa/glsa-201412-31.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-31"> - <title>ZNC: Denial of Service</title> + <title>ZNC: Denial of service</title> <synopsis>Multiple vulnerabilities in ZNC could lead to Denial of Service.</synopsis> <product type="ebuild">znc</product> <announced>2014-12-19</announced> diff --git a/metadata/glsa/glsa-201412-35.xml b/metadata/glsa/glsa-201412-35.xml index e260519fd008..18211d95da93 100644 --- a/metadata/glsa/glsa-201412-35.xml +++ b/metadata/glsa/glsa-201412-35.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-35"> - <title>RSYSLOG: Denial of Service</title> + <title>RSYSLOG: Denial of service</title> <synopsis>Multiple vulnerabilities have been found in RSYSLOG, allowing attackers to cause Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201412-36.xml b/metadata/glsa/glsa-201412-36.xml index 54314591da1d..b654cff79b00 100644 --- a/metadata/glsa/glsa-201412-36.xml +++ b/metadata/glsa/glsa-201412-36.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-36"> - <title>libvirt: Denial of Service</title> + <title>libvirt: Denial of service</title> <synopsis>Multiple vulnerabilities have been found in libvirt, worst of which allows context-dependent attackers to cause Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201412-41.xml b/metadata/glsa/glsa-201412-41.xml index 0e4423b9b5fc..d7c4486aebaa 100644 --- a/metadata/glsa/glsa-201412-41.xml +++ b/metadata/glsa/glsa-201412-41.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-41"> - <title>OpenVPN: Denial of Service</title> + <title>OpenVPN: Denial of service</title> <synopsis>A vulnerability in OpenVPN could lead to Denial of Service.</synopsis> <product type="ebuild">openvpn</product> <announced>2014-12-26</announced> diff --git a/metadata/glsa/glsa-201412-42.xml b/metadata/glsa/glsa-201412-42.xml index b9ef0229df6a..d0c8d9c3f85e 100644 --- a/metadata/glsa/glsa-201412-42.xml +++ b/metadata/glsa/glsa-201412-42.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-42"> - <title>Xen: Denial of Service</title> + <title>Xen: Denial of service</title> <synopsis>Multiple vulnerabilities have been found in Xen, possibly resulting in Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201412-46.xml b/metadata/glsa/glsa-201412-46.xml index 973ec5a5ac22..6dda6c616e29 100644 --- a/metadata/glsa/glsa-201412-46.xml +++ b/metadata/glsa/glsa-201412-46.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-46"> - <title>LittleCMS: Denial of Service</title> + <title>LittleCMS: Denial of service</title> <synopsis>Multiple buffer overflow flaws and a parser error in LittleCMS could cause Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201412-48.xml b/metadata/glsa/glsa-201412-48.xml index 62aec4732ba5..be51de898fa4 100644 --- a/metadata/glsa/glsa-201412-48.xml +++ b/metadata/glsa/glsa-201412-48.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201412-48"> - <title>file: Denial of Service</title> + <title>file: Denial of service</title> <synopsis>A vulnerability in file could allow a context-dependent attack to create a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201502-14.xml b/metadata/glsa/glsa-201502-14.xml index 8abef79d55b7..6f94fb697306 100644 --- a/metadata/glsa/glsa-201502-14.xml +++ b/metadata/glsa/glsa-201502-14.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201502-14"> - <title>grep: Denial of Service</title> + <title>grep: Denial of service</title> <synopsis>A vulnerability in grep could result in Denial of Service. </synopsis> <product type="ebuild">grep,dos</product> <announced>2015-02-25</announced> diff --git a/metadata/glsa/glsa-201503-02.xml b/metadata/glsa/glsa-201503-02.xml index 8665dc717d91..28f58b933d39 100644 --- a/metadata/glsa/glsa-201503-02.xml +++ b/metadata/glsa/glsa-201503-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201503-02"> - <title>D-Bus: Denial of Service</title> + <title>D-Bus: Denial of service</title> <synopsis>A vulnerability has been found in D-Bus, possibly resulting in local Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201503-08.xml b/metadata/glsa/glsa-201503-08.xml index 48633c2dacf0..d38e5342a11f 100644 --- a/metadata/glsa/glsa-201503-08.xml +++ b/metadata/glsa/glsa-201503-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201503-08"> - <title>file: Denial of Service</title> + <title>file: Denial of service</title> <synopsis>Vulnerabilities in file could allow a context-dependent attack to create a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201507-02.xml b/metadata/glsa/glsa-201507-02.xml index 5ebfd72e89e8..6f71d87dd7da 100644 --- a/metadata/glsa/glsa-201507-02.xml +++ b/metadata/glsa/glsa-201507-02.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201507-02"> - <title>Tor: Denial of Service</title> + <title>Tor: Denial of service</title> <synopsis>Two vulnerabilities have been found in Tor, the worst of which can allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201507-03.xml b/metadata/glsa/glsa-201507-03.xml index 14eb3aa499e9..aa82322b4b1b 100644 --- a/metadata/glsa/glsa-201507-03.xml +++ b/metadata/glsa/glsa-201507-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201507-03"> - <title>Exiv2: Denial of Service</title> + <title>Exiv2: Denial of service</title> <synopsis>A vulnerability in Exiv2 could lead to Denial of Service condition.</synopsis> <product type="ebuild">exiv2</product> <announced>2015-07-07</announced> diff --git a/metadata/glsa/glsa-201507-08.xml b/metadata/glsa/glsa-201507-08.xml index 678c5f652b60..9f3a3e7b3d20 100644 --- a/metadata/glsa/glsa-201507-08.xml +++ b/metadata/glsa/glsa-201507-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201507-08"> - <title>libxml2: Denial of Service</title> + <title>libxml2: Denial of service</title> <synopsis>A vulnerability in libxml2 allows a remote attacker to cause Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201507-11.xml b/metadata/glsa/glsa-201507-11.xml index d6b145118660..805038e6bdc2 100644 --- a/metadata/glsa/glsa-201507-11.xml +++ b/metadata/glsa/glsa-201507-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201507-11"> - <title>Perl: Denial of Service</title> + <title>Perl: Denial of service</title> <synopsis>A vulnerability in Perl allows a remote attacker to cause Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201507-12.xml b/metadata/glsa/glsa-201507-12.xml index 9f9381c92dab..fbf1efc92dc1 100644 --- a/metadata/glsa/glsa-201507-12.xml +++ b/metadata/glsa/glsa-201507-12.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201507-12"> - <title>libCapsiNetwork: Denial of Service</title> + <title>libCapsiNetwork: Denial of service</title> <synopsis>A buffer overflow in libcapsinetwork might allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201507-17.xml b/metadata/glsa/glsa-201507-17.xml index 917f618700fc..40006ead8406 100644 --- a/metadata/glsa/glsa-201507-17.xml +++ b/metadata/glsa/glsa-201507-17.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201507-17"> - <title>SNMP: Denial of Service</title> + <title>SNMP: Denial of service</title> <synopsis>A vulnerability in SNMP could lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201508-03.xml b/metadata/glsa/glsa-201508-03.xml index 918d6488611c..f6d9915d493b 100644 --- a/metadata/glsa/glsa-201508-03.xml +++ b/metadata/glsa/glsa-201508-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201508-03"> - <title>Icecast: Denial of Service</title> + <title>Icecast: Denial of service</title> <synopsis>A bug in the Icecast code handling source client URL authentication causes a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201509-05.xml b/metadata/glsa/glsa-201509-05.xml index 10f969848090..df4c34083751 100644 --- a/metadata/glsa/glsa-201509-05.xml +++ b/metadata/glsa/glsa-201509-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201509-05"> - <title>NetworkManager: Denial of Service</title> + <title>NetworkManager: Denial of service</title> <synopsis>Improper handling of Router Advertisements in NetworkManager could cause a Denial of Service condition in IPv6 network stacks. </synopsis> diff --git a/metadata/glsa/glsa-201510-01.xml b/metadata/glsa/glsa-201510-01.xml index 52af9d49c609..902f3e35796d 100644 --- a/metadata/glsa/glsa-201510-01.xml +++ b/metadata/glsa/glsa-201510-01.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201510-01"> - <title>BIND: Denial of Service</title> + <title>BIND: Denial of service</title> <synopsis>A vulnerability in BIND could lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201512-01.xml b/metadata/glsa/glsa-201512-01.xml index b38f18f341e8..43c0c782d7b2 100644 --- a/metadata/glsa/glsa-201512-01.xml +++ b/metadata/glsa/glsa-201512-01.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201512-01"> - <title>Dnsmasq: Denial of Service</title> + <title>Dnsmasq: Denial of service</title> <synopsis>A vulnerability in Dnsmasq can lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201605-03.xml b/metadata/glsa/glsa-201605-03.xml index addc04e39f54..74310dab6092 100644 --- a/metadata/glsa/glsa-201605-03.xml +++ b/metadata/glsa/glsa-201605-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201605-03"> - <title>libfpx: Denial of Service</title> + <title>libfpx: Denial of service</title> <synopsis>A double free vulnerability has been discovered in libfpx that allows remote attackers to cause a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201611-13.xml b/metadata/glsa/glsa-201611-13.xml index c4b6a2dd4173..340f93f10c7d 100644 --- a/metadata/glsa/glsa-201611-13.xml +++ b/metadata/glsa/glsa-201611-13.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201611-13"> - <title>MongoDB: Denial of Service</title> + <title>MongoDB: Denial of service</title> <synopsis>A vulnerability in MongoDB can lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201611-17.xml b/metadata/glsa/glsa-201611-17.xml index 0b744a3719ed..06918e18c19c 100644 --- a/metadata/glsa/glsa-201611-17.xml +++ b/metadata/glsa/glsa-201611-17.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201611-17"> - <title>RPCBind: Denial of Service</title> + <title>RPCBind: Denial of service</title> <synopsis>A buffer overflow in RPCBind might allow remote attackers to cause a Denial of Service. </synopsis> diff --git a/metadata/glsa/glsa-201612-12.xml b/metadata/glsa/glsa-201612-12.xml index 7c87051e4ada..bed37652846e 100644 --- a/metadata/glsa/glsa-201612-12.xml +++ b/metadata/glsa/glsa-201612-12.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201612-12"> - <title>Patch: Denial of Service</title> + <title>Patch: Denial of service</title> <synopsis>Patch is vulnerable to a locally generated Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201612-13.xml b/metadata/glsa/glsa-201612-13.xml index 2a94b8945daf..bbd016eb7ed8 100644 --- a/metadata/glsa/glsa-201612-13.xml +++ b/metadata/glsa/glsa-201612-13.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201612-13"> - <title>nghttp2: Denial of Service</title> + <title>nghttp2: Denial of service</title> <synopsis>Nghttp2 is vulnerable to a Denial of Service attack.</synopsis> <product type="ebuild">nghttp2</product> <announced>2016-12-05</announced> diff --git a/metadata/glsa/glsa-201701-05.xml b/metadata/glsa/glsa-201701-05.xml index 86c9150d5b4c..7dc6c70320a1 100644 --- a/metadata/glsa/glsa-201701-05.xml +++ b/metadata/glsa/glsa-201701-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201701-05"> - <title>BusyBox: Denial of Service</title> + <title>BusyBox: Denial of service</title> <synopsis>A vulnerability in BusyBox might allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201701-26.xml b/metadata/glsa/glsa-201701-26.xml index 8004eafa664f..7a8fc557c10b 100644 --- a/metadata/glsa/glsa-201701-26.xml +++ b/metadata/glsa/glsa-201701-26.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201701-26"> - <title>BIND: Denial of Service</title> + <title>BIND: Denial of service</title> <synopsis>A vulnerability in BIND might allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201703-05.xml b/metadata/glsa/glsa-201703-05.xml index e1637abc9d05..6b0df1ab9a0d 100644 --- a/metadata/glsa/glsa-201703-05.xml +++ b/metadata/glsa/glsa-201703-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201703-05"> - <title>GNU Libtasn1: Denial of Service</title> + <title>GNU Libtasn1: Denial of service</title> <synopsis>A vulnerability in Libtasn1 allows remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201706-11.xml b/metadata/glsa/glsa-201706-11.xml index 48a4c273b816..e520317c30a4 100644 --- a/metadata/glsa/glsa-201706-11.xml +++ b/metadata/glsa/glsa-201706-11.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201706-11"> - <title>PCRE library: Denial of Service</title> + <title>PCRE library: Denial of service</title> <synopsis>A vulnerability in PCRE library allows remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201708-08.xml b/metadata/glsa/glsa-201708-08.xml index 1ca006521ced..9e374ef5653f 100644 --- a/metadata/glsa/glsa-201708-08.xml +++ b/metadata/glsa/glsa-201708-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201708-08"> - <title>bzip2: Denial of Service</title> + <title>bzip2: Denial of service</title> <synopsis>An use-after-free vulnerability has been found in bzip2 that could allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201710-15.xml b/metadata/glsa/glsa-201710-15.xml index 3955bb67f151..34aff01db167 100644 --- a/metadata/glsa/glsa-201710-15.xml +++ b/metadata/glsa/glsa-201710-15.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201710-15"> - <title>GnuTLS: Denial of Service</title> + <title>GnuTLS: Denial of service</title> <synopsis>A null pointer dereference in GnuTLS might allow attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201811-03.xml b/metadata/glsa/glsa-201811-03.xml index cbf256a1d569..9da180929463 100644 --- a/metadata/glsa/glsa-201811-03.xml +++ b/metadata/glsa/glsa-201811-03.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201811-03"> - <title>OpenSSL: Denial of Service</title> + <title>OpenSSL: Denial of service</title> <synopsis>A vulnerability in OpenSSL might allow remote attackers to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201811-07.xml b/metadata/glsa/glsa-201811-07.xml index a8cd2f63051d..4980d7d7f9f6 100644 --- a/metadata/glsa/glsa-201811-07.xml +++ b/metadata/glsa/glsa-201811-07.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201811-07"> - <title>Pango: Denial of Service</title> + <title>Pango: Denial of service</title> <synopsis>A vulnerability in Pango could result in a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201903-05.xml b/metadata/glsa/glsa-201903-05.xml index 106046f3f707..6c9b92914889 100644 --- a/metadata/glsa/glsa-201903-05.xml +++ b/metadata/glsa/glsa-201903-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201903-05"> - <title>Tar: Denial of Service</title> + <title>Tar: Denial of service</title> <synopsis>A vulnerability in Tar could led to a Denial of Service condition.</synopsis> <product type="ebuild">tar</product> <announced>2019-03-10</announced> diff --git a/metadata/glsa/glsa-201904-01.xml b/metadata/glsa/glsa-201904-01.xml index 413cf96f361e..9ad5f7e37d8c 100644 --- a/metadata/glsa/glsa-201904-01.xml +++ b/metadata/glsa/glsa-201904-01.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201904-01"> - <title>Cairo: Denial of Service</title> + <title>Cairo: Denial of service</title> <synopsis>Multiple vulnerabilities were found in Cairo, the worst of which could cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201904-08.xml b/metadata/glsa/glsa-201904-08.xml index 9a634deb75e5..8f0c6a0299e7 100644 --- a/metadata/glsa/glsa-201904-08.xml +++ b/metadata/glsa/glsa-201904-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201904-08"> - <title>Subversion: Denial of Service</title> + <title>Subversion: Denial of service</title> <synopsis>A vulnerability in Subversion could lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201904-15.xml b/metadata/glsa/glsa-201904-15.xml index 5c645f5aecf1..d0357f915f4f 100644 --- a/metadata/glsa/glsa-201904-15.xml +++ b/metadata/glsa/glsa-201904-15.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201904-15"> - <title>libTIFF: Denial of Service</title> + <title>libTIFF: Denial of service</title> <synopsis>A vulnerability in libTIFF could lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-201908-25.xml b/metadata/glsa/glsa-201908-25.xml index 7f2c146a9229..700154a2602a 100644 --- a/metadata/glsa/glsa-201908-25.xml +++ b/metadata/glsa/glsa-201908-25.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="201908-25"> - <title>hostapd and wpa_supplicant: Denial of Service</title> + <title>hostapd and wpa_supplicant: Denial of service</title> <synopsis>A vulnerability in hostapd and wpa_supplicant could lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-202004-08.xml b/metadata/glsa/glsa-202004-08.xml index 2bccb96214e5..fcb9f3e073ae 100644 --- a/metadata/glsa/glsa-202004-08.xml +++ b/metadata/glsa/glsa-202004-08.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="202004-08"> - <title>libssh: Denial of Service</title> + <title>libssh: Denial of service</title> <synopsis>A vulnerability in libssh could allow a remote attacker to cause a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-202005-09.xml b/metadata/glsa/glsa-202005-09.xml index 0968323af7b0..7b7322c0b6f5 100644 --- a/metadata/glsa/glsa-202005-09.xml +++ b/metadata/glsa/glsa-202005-09.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="202005-09"> - <title>Python: Denial of Service</title> + <title>Python: Denial of service</title> <synopsis>A vulnerability in Python could lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-202011-05.xml b/metadata/glsa/glsa-202011-05.xml index 3301038aa721..e33d8909d045 100644 --- a/metadata/glsa/glsa-202011-05.xml +++ b/metadata/glsa/glsa-202011-05.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="202011-05"> - <title>libssh: Denial of Service</title> + <title>libssh: Denial of service</title> <synopsis>A vulnerability in libssh could lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-202012-21.xml b/metadata/glsa/glsa-202012-21.xml new file mode 100644 index 000000000000..3baa8cb1d47d --- /dev/null +++ b/metadata/glsa/glsa-202012-21.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202012-21"> + <title>Mozilla Network Security Service (NSS): Denial of service</title> + <synopsis>A vulnerability in NSS might allow remote attackers to cause a + Denial of Service condition. + </synopsis> + <product type="ebuild">nss</product> + <announced>2020-12-23</announced> + <revised count="1">2020-12-23</revised> + <bug>750254</bug> + <access>remote</access> + <affected> + <package name="dev-libs/nss" auto="yes" arch="*"> + <unaffected range="ge">3.58</unaffected> + <vulnerable range="lt">3.58</vulnerable> + </package> + </affected> + <background> + <p>The Mozilla Network Security Service (NSS) is a library implementing + security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS + #12, S/MIME and X.509 certificates. + </p> + </background> + <description> + <p>A flaw was found in the way Mozilla Network Security Service (NSS) + handled CCS (ChangeCipherSpec) messages in TLS 1.3. + </p> + </description> + <impact type="low"> + <p>A remote attacker could send multiple crafted CSS messages in row after + ClientHello message to a server application linked against NSS library, + possibly resulting in a Denial of Service condition. + </p> + </impact> + <workaround> + <p>Disable TLS 1.3 protocol.</p> + </workaround> + <resolution> + <p>All NSS users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.58" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25648">CVE-2020-25648</uri> + </references> + <metadata tag="requester" timestamp="2020-12-22T23:13:35Z">whissi</metadata> + <metadata tag="submitter" timestamp="2020-12-23T19:58:04Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-07.xml b/metadata/glsa/glsa-202104-07.xml index bd3937bee365..31900cf33c40 100644 --- a/metadata/glsa/glsa-202104-07.xml +++ b/metadata/glsa/glsa-202104-07.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="202104-07"> - <title>ClamAV: Denial of Service</title> + <title>ClamAV: Denial of service</title> <synopsis>A vulnerability in ClamAV could lead to a Denial of Service condition. </synopsis> diff --git a/metadata/glsa/glsa-202105-02.xml b/metadata/glsa/glsa-202105-02.xml new file mode 100644 index 000000000000..6033d073253a --- /dev/null +++ b/metadata/glsa/glsa-202105-02.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-02"> + <title>stunnel: Improper certificate validation</title> + <synopsis>Stunnel was not properly verifying TLS certificates, possibly + allowing an integrity/confidentiality compromise. + </synopsis> + <product type="ebuild">stunnel</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>772146</bug> + <access>local, remote</access> + <affected> + <package name="net-misc/stunnel" auto="yes" arch="*"> + <unaffected range="ge">5.58</unaffected> + <vulnerable range="lt">5.58</vulnerable> + </package> + </affected> + <background> + <p>The stunnel program is designed to work as an SSL/TLS encryption wrapper + between a client and a local or remote server. + </p> + </background> + <description> + <p>It was discovered that stunnel did not correctly verified the client + certificate when options “redirect” and “verifyChain” are used. + </p> + </description> + <impact type="low"> + <p>A remote attacker could send a specially crafted certificate, possibly + resulting in a breach of integrity or confidentiality. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All stunnel users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/stunnel-5.58" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20230">CVE-2021-20230</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T22:51:07Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T07:44:01Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-03.xml b/metadata/glsa/glsa-202105-03.xml new file mode 100644 index 000000000000..f866dd062401 --- /dev/null +++ b/metadata/glsa/glsa-202105-03.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-03"> + <title>GPT fdisk: Integer underflow</title> + <synopsis>An integer underflow in sgdisk from GPT fdisk package might allow + local attacker(s) to escalate privileges. + </synopsis> + <product type="ebuild">gptfdisk</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>768762</bug> + <access>local</access> + <affected> + <package name="sys-apps/gptfdisk" auto="yes" arch="*"> + <unaffected range="ge">1.0.6</unaffected> + <vulnerable range="lt">1.0.6</vulnerable> + </package> + </affected> + <background> + <p>GPT fdisk (consisting of the gdisk, cgdisk, sgdisk, and fixparts + programs) is a set of text-mode partitioning tools for Linux, FreeBSD, + Mac OS X, and Windows. + </p> + </background> + <description> + <p>It was discovered that ReadLogicalParts() function in basicmbr.cc was + missing a bounds check. + </p> + </description> + <impact type="normal"> + <p>A local attacker could entice a user to insert a malicious formatted + block device (USB stick or SD card for example), that, when processed + with sgdisk, possibly resulting in local escalation of privileges or a + Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GPT fdisk users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/gptfdisk-1.0.6" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-0308">CVE-2021-0308</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T22:34:12Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T07:45:07Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-04.xml b/metadata/glsa/glsa-202105-04.xml new file mode 100644 index 000000000000..6c92bcfc9a59 --- /dev/null +++ b/metadata/glsa/glsa-202105-04.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-04"> + <title>Boost: Buffer overflow</title> + <synopsis>A buffer overflow in Boost might allow remote attacker(s) to + execute arbitrary code. + </synopsis> + <product type="ebuild">boost</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>620468</bug> + <access>local, remote</access> + <affected> + <package name="dev-libs/boost" auto="yes" arch="*"> + <unaffected range="ge">1.74.0-r2</unaffected> + <vulnerable range="lt">1.74.0-r2</vulnerable> + </package> + </affected> + <background> + <p>Boost is a set of C++ libraries, including the Boost.Regex library to + process regular expressions. + </p> + </background> + <description> + <p>It was discovered that Boost incorrectly sanitized ‘next_size’ and + ‘max_size’ parameter in ordered_malloc() function when allocating + memory. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could provide a specially crafted application-specific + file (requiring runtime memory allocation to be processed correctly), + that, when opened with an application using Boost C++ source libraries, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Boost users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/boost-1.74.0-r2" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2012-2677">CVE-2012-2677</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T22:14:01Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T07:45:40Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-05.xml b/metadata/glsa/glsa-202105-05.xml new file mode 100644 index 000000000000..1473c2d8928d --- /dev/null +++ b/metadata/glsa/glsa-202105-05.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-05"> + <title>Mutt, NeoMutt: Denial of service</title> + <synopsis>A vulnerability in Mutt and NeoMutt could lead to a Denial of + Service condition. + </synopsis> + <product type="ebuild">mutt,neomutt</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>788388</bug> + <bug>788391</bug> + <access>remote</access> + <affected> + <package name="mail-client/mutt" auto="yes" arch="*"> + <unaffected range="ge">2.0.7</unaffected> + <vulnerable range="lt">2.0.7</vulnerable> + </package> + <package name="mail-client/neomutt" auto="yes" arch="*"> + <unaffected range="ge">20210205-r1</unaffected> + <vulnerable range="lt">20210205-r1</vulnerable> + </package> + </affected> + <background> + <p>Mutt is a small but very powerful text-based mail client.</p> + + <p>NeoMutt is a command line mail reader (or MUA). It’s a fork of Mutt + with added features. + </p> + </background> + <description> + <p>It was discovered that Mutt, and NeoMutt did not properly handle certain + situations where an IMAP sequence set ends with a comma. + </p> + </description> + <impact type="low"> + <p>A remote attacker could entice a user to connect to a malicious IMAP + server to cause a Denial of Service condition, or other unspecified + impacts. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mutt users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/mutt-2.0.7" + </code> + + <p>All NeoMutt users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/neomutt-20210205-r1" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32055">CVE-2021-32055</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T22:00:56Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T07:46:31Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-06.xml b/metadata/glsa/glsa-202105-06.xml new file mode 100644 index 000000000000..84a6f01bc263 --- /dev/null +++ b/metadata/glsa/glsa-202105-06.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-06"> + <title>Smarty: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities in the Smarty template engine might allow + remote attackers to execute arbitrary PHP code. + </synopsis> + <product type="ebuild">smarty</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>772206</bug> + <access>local, remote</access> + <affected> + <package name="dev-php/smarty" auto="yes" arch="*"> + <unaffected range="ge">3.1.39</unaffected> + <vulnerable range="lt">3.1.39</vulnerable> + </package> + </affected> + <background> + <p>Smarty is a template engine for PHP.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Smarty template engine. + Please review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Smarty template engine users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-php/smarty-3.1.39" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26119">CVE-2021-26119</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26120">CVE-2021-26120</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T21:28:37Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T07:46:47Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-07.xml b/metadata/glsa/glsa-202105-07.xml new file mode 100644 index 000000000000..500983dbb936 --- /dev/null +++ b/metadata/glsa/glsa-202105-07.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-07"> + <title>Telegram: Security bypass</title> + <synopsis>An insufficient session expiration has been reported in Telegram.</synopsis> + <product type="ebuild">telegram</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>771684</bug> + <access>remote</access> + <affected> + <package name="net-im/telegram-desktop" auto="yes" arch="*"> + <unaffected range="ge">2.4.11</unaffected> + <vulnerable range="lt">2.4.11</vulnerable> + </package> + <package name="net-im/telegram-desktop-bin" auto="yes" arch="*"> + <unaffected range="ge">2.4.11</unaffected> + <vulnerable range="lt">2.4.11</vulnerable> + </package> + </affected> + <background> + <p>Telegram is a cloud-based mobile and desktop messaging app with a focus + on security and speed. + </p> + </background> + <description> + <p>It was discovered that Telegram failed to invalidate a recently active + session. + </p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Telegram users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/telegram-desktop-2.4.11" + </code> + + <p>All Telegram binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=net-im/telegram-desktop-bin-2.4.11" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27351">CVE-2021-27351</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T20:11:43Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:12:28Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-08.xml b/metadata/glsa/glsa-202105-08.xml new file mode 100644 index 000000000000..72e5c500070c --- /dev/null +++ b/metadata/glsa/glsa-202105-08.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-08"> + <title>ICU: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in ICU, the worst of which + could cause a Denial of Service condition. + </synopsis> + <product type="ebuild">icu</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>755704</bug> + <access>local, remote</access> + <affected> + <package name="dev-libs/icu" auto="yes" arch="*"> + <unaffected range="ge">68.2</unaffected> + <vulnerable range="lt">68.2</vulnerable> + </package> + </affected> + <background> + <p>ICU is a mature, widely used set of C/C++ and Java libraries providing + Unicode and Globalization support for software applications. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in ICU. Please review the + upstream bugs referenced below for details. + </p> + </description> + <impact type="low"> + <p>Remote attackers could cause a Denial of Service condition or possibly + have other unspecified impacts via unspecified vectors. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All ICU users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/icu-68.2" + </code> + + </resolution> + <references> + <uri link="https://chromium-review.googlesource.com/q/Iad839ac77d487d5e1b396bcdbc29bc7cd58a7ef8"> + Chromium Change-Id Iad839ac77d487d5e1b396bcdbc29bc7cd58a7ef8 + </uri> + <uri link="https://unicode-org.atlassian.net/browse/ICU-21383">ICU-21383</uri> + <uri link="https://unicode-org.atlassian.net/browse/ICU-21385">ICU-21385</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T16:34:40Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:13:14Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-09.xml b/metadata/glsa/glsa-202105-09.xml new file mode 100644 index 000000000000..404c19997660 --- /dev/null +++ b/metadata/glsa/glsa-202105-09.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-09"> + <title>BusyBox: Denial of service</title> + <synopsis>A vulnerability in BusyBox might allow remote attackers to cause a + Denial of Service condition. + </synopsis> + <product type="ebuild">busybox</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>777255</bug> + <access>local, remote</access> + <affected> + <package name="sys-apps/busybox" auto="yes" arch="*"> + <unaffected range="ge">1.32.1</unaffected> + <vulnerable range="lt">1.32.1</vulnerable> + </package> + </affected> + <background> + <p>BusyBox is a set of tools for embedded systems and is a replacement for + GNU Coreutils. + </p> + </background> + <description> + <p>It was discovered that BusyBox mishandled the error bit on the + huft_build result pointer when decompressing GZIP compressed data. + </p> + </description> + <impact type="low"> + <p>A remote attacker could entice a user to open a specially crafted GZIP + file using BusyBox, possibly resulting in a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All BusyBox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.32.1" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28831">CVE-2021-28831</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T01:11:14Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:14:24Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-10.xml b/metadata/glsa/glsa-202105-10.xml new file mode 100644 index 000000000000..aa151c4e9f25 --- /dev/null +++ b/metadata/glsa/glsa-202105-10.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-10"> + <title>GNOME Autoar: User-assisted execution of arbitrary code</title> + <synopsis>A vulnerability has been found in GNOME Autoar that could allow a + remote attacker to execute arbitrary code. + </synopsis> + <product type="ebuild">gnome-autoar</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>768828</bug> + <bug>777126</bug> + <access>local, remote</access> + <affected> + <package name="app-arch/gnome-autoar" auto="yes" arch="*"> + <unaffected range="ge">0.3.1</unaffected> + <vulnerable range="lt">0.3.1</vulnerable> + </package> + </affected> + <background> + <p>GNOME Autoar provides functions and widgets for GNOME applications which + want to use archives as a method to transfer directories over the + internet. + </p> + </background> + <description> + <p>It was discovered that GNOME Autoar could extract files outside of the + intended directory. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to open a specially crafted + archive using GNOME Autoar, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GNOME Autoar users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/gnome-autoar-0.3.1" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36241">CVE-2020-36241</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28650">CVE-2021-28650</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T21:19:21Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:14:43Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-11.xml b/metadata/glsa/glsa-202105-11.xml new file mode 100644 index 000000000000..548f498d4d3a --- /dev/null +++ b/metadata/glsa/glsa-202105-11.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-11"> + <title>GNU Screen: User-assisted execution of arbitrary code</title> + <synopsis>A vulnerability in GNU screen may allow a remote attacker to + execute arbitrary code. + </synopsis> + <product type="ebuild">screen</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>769770</bug> + <access>local, remote</access> + <affected> + <package name="app-misc/screen" auto="yes" arch="*"> + <unaffected range="ge">4.8.0-r2</unaffected> + <vulnerable range="lt">4.8.0-r2</vulnerable> + </package> + </affected> + <background> + <p>GNU Screen is a full-screen window manager that multiplexes a physical + terminal between several processes, typically interactive shells. + </p> + </background> + <description> + <p>It was discovered that GNU screen did not properly handle certain UTF-8 + character sequences. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to run a program where attacker + controls the output inside a GNU screen session, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. + </p> + </impact> + <workaround> + <p>This vulnerability can be mitigated by disabling UTF-8 processing in + .screenrc. + </p> + </workaround> + <resolution> + <p>All GNU screen users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/screen-4.8.0-r2" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26937">CVE-2021-26937</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T21:07:51Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:14:58Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-12.xml b/metadata/glsa/glsa-202105-12.xml new file mode 100644 index 000000000000..ad904d7afd3b --- /dev/null +++ b/metadata/glsa/glsa-202105-12.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-12"> + <title>OpenSMTPD: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in OpenSMTPD, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">opensmtpd</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>761945</bug> + <access>local, remote</access> + <affected> + <package name="mail-mta/opensmtpd" auto="yes" arch="*"> + <unaffected range="ge">6.8.0_p2</unaffected> + <vulnerable range="lt">6.8.0_p2</vulnerable> + </package> + </affected> + <background> + <p>OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in OpenSMTPD. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>A remote attacker, by connecting to the SMTP listener daemon, could + possibly cause a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All OpenSMTPD users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/opensmtpd-6.8.0_p2" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35679">CVE-2020-35679</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35680">CVE-2020-35680</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T20:46:15Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:15:16Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-13.xml b/metadata/glsa/glsa-202105-13.xml new file mode 100644 index 000000000000..6638a5a6dd58 --- /dev/null +++ b/metadata/glsa/glsa-202105-13.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-13"> + <title>Mumble: User-assisted execution of arbitrary code</title> + <synopsis>A vulnerability has been found in Mumble that could allow a remote + attacker to execute arbitrary code. + </synopsis> + <product type="ebuild">mumble</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>770973</bug> + <access>remote</access> + <affected> + <package name="media-sound/mumble" auto="yes" arch="*"> + <unaffected range="ge">1.3.4</unaffected> + <vulnerable range="lt">1.3.4</vulnerable> + </package> + </affected> + <background> + <p>Mumble is low-latency voice chat software intended for use with gaming.</p> + </background> + <description> + <p>Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to open a specially crafted server + list (web page) using Mumble, possibly resulting in execution of + arbitrary code with the privileges of the process or a Denial of Service + condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mumble users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-sound/mumble-1.3.4" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27229">CVE-2021-27229</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T20:52:52Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:36:32Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-14.xml b/metadata/glsa/glsa-202105-14.xml new file mode 100644 index 000000000000..2469e2a8a654 --- /dev/null +++ b/metadata/glsa/glsa-202105-14.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-14"> + <title>Squid: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Squid, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">squid</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>775194</bug> + <bug>789309</bug> + <access>remote</access> + <affected> + <package name="net-proxy/squid" auto="yes" arch="*"> + <unaffected range="ge">4.15</unaffected> + <vulnerable range="lt">4.15</vulnerable> + </package> + </affected> + <background> + <p>Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Squid. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could send a specially crafted request, possibly + resulting in a Denial of Service condition or information leak. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Squid users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-4.15" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25097">CVE-2020-25097</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28116">CVE-2021-28116</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28651">CVE-2021-28651</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28652">CVE-2021-28652</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28662">CVE-2021-28662</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31806">CVE-2021-31806</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31807">CVE-2021-31807</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31808">CVE-2021-31808</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T16:14:31Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:37:04Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-15.xml b/metadata/glsa/glsa-202105-15.xml new file mode 100644 index 000000000000..5f2b4e50cd67 --- /dev/null +++ b/metadata/glsa/glsa-202105-15.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-15"> + <title>Prosŏdy IM: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Prosŏdy IM, the worst + of which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">prosody</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>771144</bug> + <bug>789969</bug> + <access>remote</access> + <affected> + <package name="net-im/prosody" auto="yes" arch="*"> + <unaffected range="ge">0.11.9</unaffected> + <vulnerable range="lt">0.11.9</vulnerable> + </package> + </affected> + <background> + <p>Prosŏdy IM is a modern XMPP communication server. It aims to be easy to + set up and configure, and efficient with system resources. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Prosŏdy IM. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Prosŏdy IM users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-im/prosody-0.11.9" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32917">CVE-2021-32917</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32918">CVE-2021-32918</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32919">CVE-2021-32919</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32920">CVE-2021-32920</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32921">CVE-2021-32921</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T16:08:26Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:37:19Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-16.xml b/metadata/glsa/glsa-202105-16.xml new file mode 100644 index 000000000000..7d7d41ac76c5 --- /dev/null +++ b/metadata/glsa/glsa-202105-16.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-16"> + <title>X.Org X11 library: Denial of service</title> + <synopsis>A vulnerability in X.Org X11 library could lead to a Denial of + Service condition. + </synopsis> + <product type="ebuild">libx11</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>790824</bug> + <access>remote</access> + <affected> + <package name="x11-libs/libX11" auto="yes" arch="*"> + <unaffected range="ge">1.7.1</unaffected> + <vulnerable range="lt">1.7.1</vulnerable> + </package> + </affected> + <background> + <p>X.Org is an implementation of the X Window System. The X.Org X11 library + provides the X11 protocol library files. + </p> + </background> + <description> + <p>It was discovered that XLookupColor() and other X.Org X11 library + functions lacked proper validation of the length of their string + parameters. + </p> + </description> + <impact type="low"> + <p>An attacker could emit arbitrary X protocol requests to the X server + through malicious crafted string parameters in applications linked + against X.Org X11 library. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All X.Org X11 library users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.7.1" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31535">CVE-2021-31535</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T15:55:58Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:37:54Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-17.xml b/metadata/glsa/glsa-202105-17.xml new file mode 100644 index 000000000000..17d191c8e5a6 --- /dev/null +++ b/metadata/glsa/glsa-202105-17.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-17"> + <title>rxvt-unicode: User-assisted execution of arbitrary code</title> + <synopsis>A vulnerability in rxvt-unicode may allow a remote attacker to + execute arbitrary code. + </synopsis> + <product type="ebuild">rxvt-unicode</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>790782</bug> + <access>local, remote</access> + <affected> + <package name="x11-terms/rxvt-unicode" auto="yes" arch="*"> + <unaffected range="ge">9.22-r9</unaffected> + <vulnerable range="lt">9.22-r9</vulnerable> + </package> + </affected> + <background> + <p>rxvt-unicode (urxvt) is a clone of the rxvt terminal emulator.</p> + </background> + <description> + <p>It was discovered that rxvt-unicode did not properly handle certain + escape sequences. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to run a program where attacker + controls the output inside a rxvt terminal window, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All rxvt-unicode users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.22-r9" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33477">CVE-2021-33477</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T15:13:20Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:38:12Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-18.xml b/metadata/glsa/glsa-202105-18.xml new file mode 100644 index 000000000000..4e7c5707c1f1 --- /dev/null +++ b/metadata/glsa/glsa-202105-18.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-18"> + <title>LittleCMS: User-assisted execution of arbitrary code</title> + <synopsis>A heap-based buffer overflow in LittleCMS might allow remote + attackers to execute arbitrary code. + </synopsis> + <product type="ebuild">lcms</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>761418</bug> + <access>local, remote</access> + <affected> + <package name="media-libs/lcms" auto="yes" arch="*"> + <unaffected range="ge">2.10</unaffected> + <vulnerable range="lt">2.10</vulnerable> + </package> + </affected> + <background> + <p>LittleCMS, or short lcms, is a color management system for working with + ICC profiles. It is used by many applications including GIMP, Firefox and + Chromium. + </p> + </background> + <description> + <p>It was discovered that LittleCMS (aka Little Color Management System) + had an integer overflow in the AllocateDataSet function in cmscgats.c. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user or automated system to open a + specially crafted file containing malicious color data, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All LittleCMS users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/lcms-2.10" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16435">CVE-2018-16435</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T14:14:12Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:38:28Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-19.xml b/metadata/glsa/glsa-202105-19.xml new file mode 100644 index 000000000000..79e89f0c9fe9 --- /dev/null +++ b/metadata/glsa/glsa-202105-19.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-19"> + <title>Firejail: Privilege escalation</title> + <synopsis>A vulnerability was discovered in Firejail which may allow local + attackers to gain root privileges. + </synopsis> + <product type="ebuild">firejail</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>769542</bug> + <access>local</access> + <affected> + <package name="sys-apps/firejail" auto="yes" arch="*"> + <unaffected range="ge">0.9.64.4</unaffected> + <vulnerable range="lt">0.9.64.4</vulnerable> + </package> + </affected> + <background> + <p>A SUID program that reduces the risk of security breaches by restricting + the running environment of untrusted applications using Linux namespaces + and seccomp-bpf. + </p> + </background> + <description> + <p>It was discovered that a flaw in Firejail’s OverlayFS code allowed + restricted programs to escape sandbox. + </p> + </description> + <impact type="high"> + <p>A local attacker could obtain arbitrary file system access via an + application running within a Firejail sandbox, possibly resulting in + privilege escalation. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Firejail users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.64.4" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26910">CVE-2021-26910</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T20:22:19Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:38:46Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-20.xml b/metadata/glsa/glsa-202105-20.xml new file mode 100644 index 000000000000..359b42aa3759 --- /dev/null +++ b/metadata/glsa/glsa-202105-20.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-20"> + <title>Dnsmasq: DNS cache poisoning</title> + <synopsis>Use of insufficient randomness in Dnsmasq might lead to DNS Cache + Poisoning. + </synopsis> + <product type="ebuild">dnsmasq</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>782130</bug> + <access>local, remote</access> + <affected> + <package name="net-dns/dnsmasq" auto="yes" arch="*"> + <unaffected range="ge">2.85</unaffected> + <vulnerable range="lt">2.85</vulnerable> + </package> + </affected> + <background> + <p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP + server. + </p> + </background> + <description> + <p>It was discovered that Dnsmasq, when configured with + --server=<address>@<interface> or similar (e.g. through dbus), + configured a fixed UDP port for all outgoing queries to the specified + upstream DNS server. + </interface> + </p> + </description> + <impact type="low"> + <p>An attacker, by sending malicious crafted DNS responses, could perform a + DNS Cache Poisoning attack. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Dnsmasq users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.85" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3448">CVE-2021-3448</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T13:34:22Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T08:39:11Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-21.xml b/metadata/glsa/glsa-202105-21.xml new file mode 100644 index 000000000000..899bd2ffa0eb --- /dev/null +++ b/metadata/glsa/glsa-202105-21.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-21"> + <title>Tcpreplay: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Tcpreplay, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">tcpreplay</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>750344</bug> + <access>local</access> + <affected> + <package name="net-analyzer/tcpreplay" auto="yes" arch="*"> + <unaffected range="ge">4.3.4</unaffected> + <vulnerable range="lt">4.3.4</vulnerable> + </package> + </affected> + <background> + <p>Tcpreplay is a suite of utilities for UNIX systems for editing and + replaying network traffic which was previously captured by tools like + tcpdump and ethereal/wireshark. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Tcpreplay. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>A remote attacker could entice a user to open a specially crafted + network capture file using Tcpreplay, possibly resulting in a Denial of + Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Tcpreplay users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/tcpreplay-4.3.4" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24265">CVE-2020-24265</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24266">CVE-2020-24266</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T14:01:52Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T09:28:42Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-22.xml b/metadata/glsa/glsa-202105-22.xml new file mode 100644 index 000000000000..3d44f02e434e --- /dev/null +++ b/metadata/glsa/glsa-202105-22.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-22"> + <title>Samba: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Samba, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">samba</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>778026</bug> + <bug>786825</bug> + <access>local, remote</access> + <affected> + <package name="net-fs/samba" auto="yes" arch="*"> + <unaffected range="ge">4.13.8</unaffected> + <vulnerable range="lt">4.13.8</vulnerable> + </package> + </affected> + <background> + <p>Samba is a suite of SMB and CIFS client/server programs.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Samba. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Samba users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-4.13.8" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27840">CVE-2020-27840</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20254">CVE-2021-20254</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20277">CVE-2021-20277</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T13:25:24Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T09:29:08Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-23.xml b/metadata/glsa/glsa-202105-23.xml new file mode 100644 index 000000000000..a763f0658803 --- /dev/null +++ b/metadata/glsa/glsa-202105-23.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-23"> + <title>PHP: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which + could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">php</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>764314</bug> + <bug>768756</bug> + <bug>788892</bug> + <access>local, remote</access> + <affected> + <package name="dev-lang/php" auto="yes" arch="*"> + <unaffected range="ge" slot="7.3">7.3.28</unaffected> + <unaffected range="ge" slot="7.4">7.4.19</unaffected> + <unaffected range="ge" slot="8.0">8.0.6</unaffected> + <vulnerable range="lt">8.0.6</vulnerable> + </package> + </affected> + <background> + <p>PHP is an open source general-purpose scripting language that is + especially suited for web development. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in PHP. Please review the + CVE identifiers and bugs referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers and bugs for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All PHP 7.3.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.28:7.3" + </code> + + <p>All PHP 7.4.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.19:7.4" + </code> + + <p>All PHP 8.0.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/php-8.0.6:8.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7071">CVE-2020-7071</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21702">CVE-2021-21702</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T13:47:47Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T09:29:31Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-24.xml b/metadata/glsa/glsa-202105-24.xml new file mode 100644 index 000000000000..8075a96b41bf --- /dev/null +++ b/metadata/glsa/glsa-202105-24.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-24"> + <title>FFmpeg: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in FFmpeg, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">ffmpeg</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>763315</bug> + <bug>781146</bug> + <access>local, remote</access> + <affected> + <package name="media-video/ffmpeg" auto="yes" arch="*"> + <unaffected range="ge">4.4</unaffected> + <vulnerable range="lt">4.4</vulnerable> + </package> + </affected> + <background> + <p>FFmpeg is a complete, cross-platform solution to record, convert and + stream audio and video. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in FFmpeg. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to open a specially crafted media + file using FFmpeg, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All FFmpeg users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-4.4" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35964">CVE-2020-35964</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35965">CVE-2020-35965</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30123">CVE-2021-30123</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T00:07:14Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T09:29:48Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-25.xml b/metadata/glsa/glsa-202105-25.xml new file mode 100644 index 000000000000..da213f1833fc --- /dev/null +++ b/metadata/glsa/glsa-202105-25.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-25"> + <title>OpenVPN: Authentication bypass</title> + <synopsis>A vulnerability has been found in OpenVPN, allowing attackers to + bypass the authentication process. + </synopsis> + <product type="ebuild">openvpn</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>785115</bug> + <access>remote</access> + <affected> + <package name="net-vpn/openvpn" auto="yes" arch="*"> + <unaffected range="ge">2.5.2</unaffected> + <vulnerable range="lt">2.5.2</vulnerable> + </package> + </affected> + <background> + <p>OpenVPN is a multi-platform, full-featured SSL VPN solution.</p> + </background> + <description> + <p>It was discovered that OpenVPN incorrectly handled deferred + authentication. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could bypass authentication and access control channel + data and trigger further information leaks. + </p> + </impact> + <workaround> + <p>Configure OpenVPN server to not use deferred authentication.</p> + </workaround> + <resolution> + <p>All OpenVPN users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-vpn/openvpn-2.5.2" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15078">CVE-2020-15078</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T01:22:05Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T09:30:05Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-26.xml b/metadata/glsa/glsa-202105-26.xml new file mode 100644 index 000000000000..70c75a3efabd --- /dev/null +++ b/metadata/glsa/glsa-202105-26.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-26"> + <title>SpamAssassin: Arbitrary command execution</title> + <synopsis>A vulnerability in SpamAssassin might allow remote attackers to + execute arbitrary commands. + </synopsis> + <product type="ebuild">SpamAssassin</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>778002</bug> + <access>local, remote</access> + <affected> + <package name="mail-filter/spamassassin" auto="yes" arch="*"> + <unaffected range="ge">3.4.5</unaffected> + <vulnerable range="lt">3.4.5</vulnerable> + </package> + </affected> + <background> + <p>SpamAssassin is an extensible email filter used to identify junk email.</p> + </background> + <description> + <p>It was discovered that SpamAssassin incorrectly handled certain CF + files. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user or automated system to process a + specially crafted CF file using SpamAssassin, possibly resulting in + execution of arbitrary commands with the privileges of the process or a + Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All SpamAssassin users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.4.5" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1946">CVE-2020-1946</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T01:30:56Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T09:30:23Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-27.xml b/metadata/glsa/glsa-202105-27.xml new file mode 100644 index 000000000000..030bb9ed2a0a --- /dev/null +++ b/metadata/glsa/glsa-202105-27.xml @@ -0,0 +1,247 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-27"> + <title>MySQL: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in MySQL, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">mysql</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>699876</bug> + <bug>708090</bug> + <bug>717628</bug> + <bug>732974</bug> + <bug>766339</bug> + <bug>789243</bug> + <access>local, remote</access> + <affected> + <package name="dev-db/mysql" auto="yes" arch="*"> + <unaffected range="ge" slot="5.7">5.7.34</unaffected> + <unaffected range="ge">8.0.24</unaffected> + <vulnerable range="lt">8.0.24</vulnerable> + </package> + <package name="dev-db/mysql-connector-c" auto="yes" arch="*"> + <unaffected range="ge">8.0.24</unaffected> + <vulnerable range="lt">8.0.24</vulnerable> + </package> + </affected> + <background> + <p>MySQL is a popular multi-threaded, multi-user SQL server.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in MySQL. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>An attacker could possibly execute arbitrary code with the privileges of + the process, escalate privileges, gain access to critical data or + complete access to all MySQL server accessible data, or cause a Denial of + Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All MySQL users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.7.34" + </code> + + <p>All mysql users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-8.0.24" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2938">CVE-2019-2938</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-2974">CVE-2019-2974</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14539">CVE-2020-14539</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14540">CVE-2020-14540</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14547">CVE-2020-14547</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14550">CVE-2020-14550</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14553">CVE-2020-14553</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14559">CVE-2020-14559</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14564">CVE-2020-14564</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14567">CVE-2020-14567</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14568">CVE-2020-14568</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14575">CVE-2020-14575</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14576">CVE-2020-14576</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14586">CVE-2020-14586</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14591">CVE-2020-14591</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14597">CVE-2020-14597</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14614">CVE-2020-14614</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14619">CVE-2020-14619</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14620">CVE-2020-14620</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14623">CVE-2020-14623</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14624">CVE-2020-14624</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14626">CVE-2020-14626</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14631">CVE-2020-14631</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14632">CVE-2020-14632</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14633">CVE-2020-14633</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14634">CVE-2020-14634</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14641">CVE-2020-14641</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14643">CVE-2020-14643</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14651">CVE-2020-14651</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14654">CVE-2020-14654</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14656">CVE-2020-14656</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14663">CVE-2020-14663</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14672">CVE-2020-14672</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14678">CVE-2020-14678</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14680">CVE-2020-14680</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14697">CVE-2020-14697</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14702">CVE-2020-14702</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14725">CVE-2020-14725</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14760">CVE-2020-14760</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14765">CVE-2020-14765</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14769">CVE-2020-14769</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14771">CVE-2020-14771</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14773">CVE-2020-14773</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14775">CVE-2020-14775</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14776">CVE-2020-14776</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14777">CVE-2020-14777</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14785">CVE-2020-14785</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14786">CVE-2020-14786</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14789">CVE-2020-14789</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14790">CVE-2020-14790</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14791">CVE-2020-14791</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14793">CVE-2020-14793</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14794">CVE-2020-14794</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14799">CVE-2020-14799</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14800">CVE-2020-14800</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14804">CVE-2020-14804</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14809">CVE-2020-14809</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14812">CVE-2020-14812</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14814">CVE-2020-14814</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14821">CVE-2020-14821</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14827">CVE-2020-14827</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14828">CVE-2020-14828</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14829">CVE-2020-14829</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14830">CVE-2020-14830</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14836">CVE-2020-14836</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14837">CVE-2020-14837</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14838">CVE-2020-14838</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14839">CVE-2020-14839</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14844">CVE-2020-14844</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14845">CVE-2020-14845</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14846">CVE-2020-14846</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14848">CVE-2020-14848</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14852">CVE-2020-14852</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14853">CVE-2020-14853</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14860">CVE-2020-14860</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14861">CVE-2020-14861</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14866">CVE-2020-14866</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14867">CVE-2020-14867</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14868">CVE-2020-14868</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14869">CVE-2020-14869</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14870">CVE-2020-14870</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14873">CVE-2020-14873</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14878">CVE-2020-14878</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14888">CVE-2020-14888</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14891">CVE-2020-14891</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14893">CVE-2020-14893</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2570">CVE-2020-2570</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2572">CVE-2020-2572</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2573">CVE-2020-2573</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2574">CVE-2020-2574</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2577">CVE-2020-2577</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2579">CVE-2020-2579</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2580">CVE-2020-2580</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2584">CVE-2020-2584</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2588">CVE-2020-2588</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2589">CVE-2020-2589</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2627">CVE-2020-2627</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2660">CVE-2020-2660</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2679">CVE-2020-2679</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2686">CVE-2020-2686</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2694">CVE-2020-2694</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2752">CVE-2020-2752</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2759">CVE-2020-2759</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2760">CVE-2020-2760</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2761">CVE-2020-2761</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2762">CVE-2020-2762</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2763">CVE-2020-2763</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2765">CVE-2020-2765</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2768">CVE-2020-2768</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2770">CVE-2020-2770</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2774">CVE-2020-2774</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2779">CVE-2020-2779</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2780">CVE-2020-2780</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2790">CVE-2020-2790</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2804">CVE-2020-2804</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2806">CVE-2020-2806</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2812">CVE-2020-2812</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2814">CVE-2020-2814</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2853">CVE-2020-2853</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2875">CVE-2020-2875</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2892">CVE-2020-2892</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2893">CVE-2020-2893</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2895">CVE-2020-2895</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2896">CVE-2020-2896</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2897">CVE-2020-2897</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2898">CVE-2020-2898</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2901">CVE-2020-2901</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2903">CVE-2020-2903</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2904">CVE-2020-2904</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2921">CVE-2020-2921</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2922">CVE-2020-2922</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2923">CVE-2020-2923</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2924">CVE-2020-2924</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2925">CVE-2020-2925</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2926">CVE-2020-2926</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2928">CVE-2020-2928</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2930">CVE-2020-2930</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2933">CVE-2020-2933</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2934">CVE-2020-2934</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1998">CVE-2021-1998</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2001">CVE-2021-2001</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2002">CVE-2021-2002</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2006">CVE-2021-2006</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2007">CVE-2021-2007</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2009">CVE-2021-2009</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2010">CVE-2021-2010</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2011">CVE-2021-2011</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2012">CVE-2021-2012</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2014">CVE-2021-2014</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2016">CVE-2021-2016</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2019">CVE-2021-2019</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2020">CVE-2021-2020</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2021">CVE-2021-2021</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2022">CVE-2021-2022</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2024">CVE-2021-2024</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2028">CVE-2021-2028</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2030">CVE-2021-2030</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2031">CVE-2021-2031</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2032">CVE-2021-2032</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2036">CVE-2021-2036</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2038">CVE-2021-2038</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2042">CVE-2021-2042</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2046">CVE-2021-2046</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2048">CVE-2021-2048</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2055">CVE-2021-2055</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2056">CVE-2021-2056</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2058">CVE-2021-2058</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2060">CVE-2021-2060</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2061">CVE-2021-2061</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2065">CVE-2021-2065</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2070">CVE-2021-2070</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2072">CVE-2021-2072</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2076">CVE-2021-2076</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2081">CVE-2021-2081</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2087">CVE-2021-2087</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2088">CVE-2021-2088</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2122">CVE-2021-2122</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2154">CVE-2021-2154</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2166">CVE-2021-2166</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2180">CVE-2021-2180</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T18:09:59Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T09:30:48Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-28.xml b/metadata/glsa/glsa-202105-28.xml new file mode 100644 index 000000000000..f020be913511 --- /dev/null +++ b/metadata/glsa/glsa-202105-28.xml @@ -0,0 +1,75 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-28"> + <title>MariaDB: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in MariaDB, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">mariadb</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>777786</bug> + <bug>789240</bug> + <access>local, remote</access> + <affected> + <package name="dev-db/mariadb" auto="yes" arch="*"> + <unaffected range="ge" slot="10.2">10.2.38</unaffected> + <unaffected range="ge" slot="10.3">10.3.29</unaffected> + <unaffected range="ge" slot="10.4">10.4.19</unaffected> + <unaffected range="ge" slot="10.5">10.5.10</unaffected> + <vulnerable range="lt">10.5.10</vulnerable> + </package> + </affected> + <background> + <p>MariaDB is an enhanced, drop-in replacement for MySQL.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in MariaDB. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All MariaDB 10.2.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.2.38:10.2" + </code> + + <p>All MariaDB 10.3.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.3.29:10.3" + </code> + + <p>All MariaDB 10.3.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.4.19:10.4" + </code> + + <p>All MariaDB 10.5.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.5.10:10.5" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2154">CVE-2021-2154</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2166">CVE-2021-2166</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2180">CVE-2021-2180</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27928">CVE-2021-27928</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T01:47:51Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T09:31:09Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-29.xml b/metadata/glsa/glsa-202105-29.xml new file mode 100644 index 000000000000..e2507b22b90b --- /dev/null +++ b/metadata/glsa/glsa-202105-29.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-29"> + <title>Tar: Denial of service</title> + <synopsis>A vulnerability in Tar could lead to a Denial of Service condition.</synopsis> + <product type="ebuild">tar</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>778548</bug> + <access>local, remote</access> + <affected> + <package name="app-arch/tar" auto="yes" arch="*"> + <unaffected range="ge">1.34</unaffected> + <vulnerable range="lt">1.34</vulnerable> + </package> + </affected> + <background> + <p>The Tar program provides the ability to create and manipulate tar + archives. + </p> + </background> + <description> + <p>It was discovered that GNU Tar had a memory leak when processing archive + headers. + </p> + </description> + <impact type="low"> + <p>A remote attacker could entice a user to open a specially crafted + archive using Tar, possibly resulting in a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Tar users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/tar-1.34" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20193">CVE-2021-20193</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T01:03:25Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T10:11:52Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-30.xml b/metadata/glsa/glsa-202105-30.xml new file mode 100644 index 000000000000..4cbf0070e7eb --- /dev/null +++ b/metadata/glsa/glsa-202105-30.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-30"> + <title>MuPDF: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in MuPDF, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">mupdf</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>747151</bug> + <bug>772311</bug> + <access>local, remote</access> + <affected> + <package name="app-text/mupdf" auto="yes" arch="*"> + <unaffected range="ge">1.18.0-r3</unaffected> + <vulnerable range="lt">1.18.0-r3</vulnerable> + </package> + </affected> + <background> + <p>MuPDF is a lightweight PDF viewer and toolkit written in portable C.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in MuPDF. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>A remote attacker could entice a user to open a specially crafted PDF + document using MuPDF, possibly resulting in a Denial of Service condition + or have other unspecified impact. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All MuPDF users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.18.0-r3" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26519">CVE-2020-26519</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3407">CVE-2021-3407</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T21:00:36Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T10:12:11Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-31.xml b/metadata/glsa/glsa-202105-31.xml new file mode 100644 index 000000000000..05d9ce89b585 --- /dev/null +++ b/metadata/glsa/glsa-202105-31.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-31"> + <title>Nettle: Denial of service</title> + <synopsis>A vulnerability in Nettle could lead to a Denial of Service + condition. + </synopsis> + <product type="ebuild">nettle</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>780483</bug> + <access>local, remote</access> + <affected> + <package name="dev-libs/nettle" auto="yes" arch="*"> + <unaffected range="ge">3.7.2</unaffected> + <vulnerable range="lt">3.7.2</vulnerable> + </package> + </affected> + <background> + <p>Nettle is a cryptographic library that is designed to fit easily in + almost any context: In cryptographic toolkits for object-oriented + languages, such as C++, Python, or Pike, in applications like lsh or + GnuPG, or even in kernel space. + </p> + </background> + <description> + <p>It was discovered that Nettle incorrectly handled signature + verification. + </p> + </description> + <impact type="low"> + <p>A remote attacker could send a specially crafted valid-looking input + signature, possibly resulting in a Denial of Service condition or force + an invalid signature. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Nettle users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nettle-3.7.2" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20305">CVE-2021-20305</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T20:00:54Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T10:12:28Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-32.xml b/metadata/glsa/glsa-202105-32.xml new file mode 100644 index 000000000000..44edeaa40bfd --- /dev/null +++ b/metadata/glsa/glsa-202105-32.xml @@ -0,0 +1,92 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-32"> + <title>PostgreSQL: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst + of which could result in information disclosure. + </synopsis> + <product type="ebuild">postgresql</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>771942</bug> + <access>local, remote</access> + <affected> + <package name="dev-db/postgresql" auto="yes" arch="*"> + <unaffected range="ge" slot="9.5">9.5.25</unaffected> + <unaffected range="ge" slot="9.6">9.6.21</unaffected> + <unaffected range="ge" slot="10">10.16</unaffected> + <unaffected range="ge" slot="11">11.11</unaffected> + <unaffected range="ge" slot="12">12.6</unaffected> + <unaffected range="ge" slot="13">13.2</unaffected> + <vulnerable range="lt">13.2</vulnerable> + </package> + </affected> + <background> + <p>PostgreSQL is an open source object-relational database management + system. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>An authenticated remote attacker, by executing malicious crafted + queries, could possibly disclose sensitive information. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All PostgreSQL 9.5.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.25:9.5" + </code> + + <p>All PostgreSQL 9.6.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.21:9.6" + </code> + + <p>All PostgreSQL 10.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.16:10" + </code> + + <p>All PostgreSQL 11.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.11:11" + </code> + + <p>All PostgreSQL 12.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.6:12" + </code> + + <p>All PostgreSQL 13.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/postgresql-13.2:13" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20229">CVE-2021-20229</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3393">CVE-2021-3393</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T18:56:02Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T10:12:52Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-33.xml b/metadata/glsa/glsa-202105-33.xml new file mode 100644 index 000000000000..dddf99d66910 --- /dev/null +++ b/metadata/glsa/glsa-202105-33.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-33"> + <title>containerd: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in containerd, the worst + of which could result in privilege escalation. + </synopsis> + <product type="ebuild">containerd</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>758137</bug> + <bug>775329</bug> + <access>local</access> + <affected> + <package name="app-emulation/containerd" auto="yes" arch="*"> + <unaffected range="ge">1.4.4</unaffected> + <vulnerable range="lt">1.4.4</vulnerable> + </package> + </affected> + <background> + <p>Containerd is a daemon with an API and a command line client, to manage + containers on one machine. It uses runC to run containers according to + the OCI specification. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in containerd. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="high"> + <p>A local attacker, able to run a malicious container in the same network + namespace as the shim, could possibly escalate privileges. Furthermore, + an attacker could disclose sensitive information. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All containerd users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/containerd-1.4.4" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15257">CVE-2020-15257</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21334">CVE-2021-21334</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T19:40:34Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T10:13:09Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-34.xml b/metadata/glsa/glsa-202105-34.xml new file mode 100644 index 000000000000..31c7e3ef7065 --- /dev/null +++ b/metadata/glsa/glsa-202105-34.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-34"> + <title>Bash: Privilege escalation</title> + <synopsis>A vulnerability in Bash may allow users to escalate privileges.</synopsis> + <product type="ebuild">bash</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>702488</bug> + <access>local</access> + <affected> + <package name="app-shells/bash" auto="yes" arch="*"> + <unaffected range="ge">5.0_p11-r1</unaffected> + <vulnerable range="lt">5.0_p11-r1</vulnerable> + </package> + </affected> + <background> + <p>Bash is the standard GNU Bourne Again SHell.</p> + </background> + <description> + <p>It was discovered that Bash incorrectly dropped privileges by setting + its effective UID to its real UID. + </p> + </description> + <impact type="normal"> + <p>A local attacker could possibly escalate privileges.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Bash users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-shells/bash-5.0_p11-r1" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18276">CVE-2019-18276</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T19:22:45Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T10:13:27Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-35.xml b/metadata/glsa/glsa-202105-35.xml new file mode 100644 index 000000000000..33ff95b8cb20 --- /dev/null +++ b/metadata/glsa/glsa-202105-35.xml @@ -0,0 +1,57 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-35"> + <title>OpenSSH: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of + which could allow a remote attacker to execute arbitrary code. + </synopsis> + <product type="ebuild">openssh</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>763048</bug> + <bug>774090</bug> + <access>local, remote</access> + <affected> + <package name="net-misc/openssh" auto="yes" arch="*"> + <unaffected range="ge">8.5_p1</unaffected> + <vulnerable range="lt">8.5_p1</vulnerable> + </package> + </affected> + <background> + <p>OpenSSH is a complete SSH protocol implementation that includes SFTP + client and server support. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker, able to access the socket of the forwarding agent, + might be able to execute arbitrary code with the privileges of the + process or cause a Denial of Service condition. + Furthermore, a remote attacker might conduct a man-in-the-middle attack + targeting initial connection attempts where no host key for the server + has been cached by client yet. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All OpenSSH users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-8.5_p1" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14145">CVE-2020-14145</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28041">CVE-2021-28041</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T00:47:38Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T10:35:06Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-36.xml b/metadata/glsa/glsa-202105-36.xml new file mode 100644 index 000000000000..21839569513f --- /dev/null +++ b/metadata/glsa/glsa-202105-36.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-36"> + <title>cURL: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in cURL, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">curl</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>779535</bug> + <bug>792192</bug> + <access>local, remote</access> + <affected> + <package name="net-misc/curl" auto="yes" arch="*"> + <unaffected range="ge">7.77.0</unaffected> + <vulnerable range="lt">7.77.0</vulnerable> + </package> + </affected> + <background> + <p>A command line tool and library for transferring data with URLs.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All cURL users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-7.77.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22876">CVE-2021-22876</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22890">CVE-2021-22890</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22898">CVE-2021-22898</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22901">CVE-2021-22901</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T01:59:03Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T12:37:53Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-37.xml b/metadata/glsa/glsa-202105-37.xml new file mode 100644 index 000000000000..207f833941a9 --- /dev/null +++ b/metadata/glsa/glsa-202105-37.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-37"> + <title>Nextcloud Desktop Client: User-assisted execution of arbitrary code</title> + <synopsis>A vulnerability in Nextcloud Desktop Client could allow a remote + attacker to execute arbitrary commands. + </synopsis> + <product type="ebuild">nextcloud-client</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>783531</bug> + <access>remote</access> + <affected> + <package name="net-misc/nextcloud-client" auto="yes" arch="*"> + <unaffected range="ge">3.1.3</unaffected> + <vulnerable range="lt">3.1.3</vulnerable> + </package> + </affected> + <background> + <p>The Nextcloud Desktop Client is a tool to synchronize files from + Nextcloud Server with your computer. + </p> + </background> + <description> + <p>It was discovered that Nextcloud Desktop Client did not validate URLs.</p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to connect to a malicious + Nextcloud server to cause the execution of arbitrary commands with the + privileges of the user running the Nextcloud Desktop Client application. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Nextcloud Desktop Client users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/nextcloud-client-3.1.3" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22879">CVE-2021-22879</uri> + </references> + <metadata tag="requester" timestamp="2021-05-25T14:10:09Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T13:19:22Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-38.xml b/metadata/glsa/glsa-202105-38.xml new file mode 100644 index 000000000000..d5c53fccdbba --- /dev/null +++ b/metadata/glsa/glsa-202105-38.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-38"> + <title>nginx: Remote code execution</title> + <synopsis>A vulnerability in nginx could lead to remote code execution.</synopsis> + <product type="ebuild">nginx</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>792087</bug> + <access>remote</access> + <affected> + <package name="www-servers/nginx" auto="yes" arch="*"> + <unaffected range="ge" slot="0">1.20.1</unaffected> + <unaffected range="ge" slot="mainline">1.21.0</unaffected> + <vulnerable range="lt">1.21.0</vulnerable> + </package> + </affected> + <background> + <p>nginx is a robust, small, and high performance HTTP and reverse proxy + server. + </p> + </background> + <description> + <p>It was discovered that nginx did not properly handle DNS responses when + “resolver” directive is used. + </p> + </description> + <impact type="high"> + <p>A remote attacker, able to provide DNS responses to a nginx instance, + could cause the execution of arbitrary code with the privileges of the + process or a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All nginx users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.20.1" + </code> + + <p>All nginx mainline users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-servers/nginx-1.21.0:mainline" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23017">CVE-2021-23017</uri> + </references> + <metadata tag="requester" timestamp="2021-05-26T17:05:23Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T17:40:33Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202105-39.xml b/metadata/glsa/glsa-202105-39.xml new file mode 100644 index 000000000000..83c8ceab4fca --- /dev/null +++ b/metadata/glsa/glsa-202105-39.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202105-39"> + <title>Ceph: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Ceph, the worst of + which could result in privilege escalation. + </synopsis> + <product type="ebuild">ceph</product> + <announced>2021-05-26</announced> + <revised count="1">2021-05-26</revised> + <bug>760824</bug> + <bug>761969</bug> + <bug>783486</bug> + <bug>791253</bug> + <access>remote</access> + <affected> + <package name="sys-cluster/ceph" auto="yes" arch="*"> + <unaffected range="ge">14.2.21</unaffected> + <vulnerable range="lt">14.2.21</vulnerable> + </package> + </affected> + <background> + <p>Ceph is a distributed network file system designed to provide excellent + performance, reliability, and scalability. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Ceph. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Ceph users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-cluster/ceph-14.2.21" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10753">CVE-2020-10753</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1759">CVE-2020-1759</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1760">CVE-2020-1760</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25660">CVE-2020-25660</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25678">CVE-2020-25678</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27781">CVE-2020-27781</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20288">CVE-2021-20288</uri> + </references> + <metadata tag="requester" timestamp="2021-05-24T14:51:24Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-05-26T20:56:21Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 8244f040aa63..54a66ae57890 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 22 May 2021 06:08:53 +0000 +Mon, 31 May 2021 19:38:54 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 785900450f6b..46585d116878 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -ce41c6125acff2a3d4d5dec0069d73d86997778a 1620156660 2021-05-04T19:31:00+00:00 +7711e73ed3ea72c507190aff24d27f011094dffd 1622062693 2021-05-26T20:58:13+00:00 |