diff options
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 426775 -> 426937 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-201807-01.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 66 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 94f5cd90626f..7190e3eb9325 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 426775 BLAKE2B 0a924e893bc7d02fb872d05ff4b63ad4d237b75711b0c6a09d632bbc7eeb1a14506448cef5b376ba25b504b6e4c16d40d6662762ee100207b8ee92abf972340d SHA512 811f8949726f5f714f93c3522b7ae6b1eb5aad37a0229ee9d5f5ee0ddb8c5273a4f3b0d4055d44a1dbeed5fc458aeb2e5620e47889961d9b7a4e961c24e5877b -TIMESTAMP 2018-07-14T19:38:37Z +MANIFEST Manifest.files.gz 426937 BLAKE2B fd40fb2cce7e8bb9b86f11cc0b67099c90238f284b3a458c8153c050be8f5f23899e2d0a85dee8371053bc572661a4ef4f721c0fbfb7976cc36ee7c7480ac631 SHA512 829750d5237ed3b11ae3dc9afdaacd5fe79e390dedf6730a47ac29c7f64e7bcce35e880cc0e44d263a4b9a9ed0186d2e6503cec484fcd93b4c19afde5af0ab31 +TIMESTAMP 2018-07-21T17:38:26Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltKUT1fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltTb5JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCKCQ/+J+S6xWydS/2LQQRpAZTOWx47DsXxJagvgnq+1xxp3Nmq07vfQ58ftq59 -nGmOZcxqr8tODbzLo4PZtpJhMp1cg8MANcp6weqFPPPvCLWhLjX/+xxihk+kQy2D -a8EG9SXTrVY5JvRE8ZNs61yiAK5+3BtxDi+JxwLK92/opvU1n36D/7UA3yPCkkkK -syONqOeh2gJHAYBrC7UN4+fk1DRyVPFjW5Pfja+MFUW/T7+PIeyQb35pCRywxeBK -GTHFBCf85bbSWUh3UoR9JCaZiNctcMJCdZ46roz13Upu2r+Gs9VJtytMrktzpGyg -dzk02LXTDXQuCHZC+W7BCKx+KLg3fJOHpwSUXFsaIzdt8SBgMdFgYhDy8uhmhSZi -LuyhSLn6IhfDfwddBsf7xjwjsk3Bq4a/MJbiaPsV1BRVrJEoyzVN5IoI/wvDUNez -KsTvoCsbqyF8Kbb8Ns2DEoX4qdxe8VqE4oEel3Wirgk58fnq2GGlbOehI3Aj2iDQ -X30eAvi1YOh0RDWeJcLiKiMKFhcsRyPr8WIU5EomKN64w1opqPYui0iKo54ZkaaH -JTLO3Ea7UX0s/9paLBokM5zq2yHQilB7Lu0kveFRUW/P3UDSTVRZi/5UKgbaicvT -l38lVChGn+U/c2VbswguoAX3bmCqHz9t9QHd4GU7Mn8hzVH5gaU= -=49RK +klDSoxAAnCXGfNS7/gfyCQn5HIvwG+CbL1A6m/KxJmulrcIdeytKv0RQ6aDlNI6t +1i5jj1ZvWlG4IaGStdmNZ5d00Qr2Fs6bCfJFHu7IPPSiW6799oEDjTsBDtj0bNJr +mCPLsAMM/SFgfs3h09a4H4+eQeE20sceP53ppicFlLGu98yUcVenmbos40Wn2+0u +vvinM8JxdwIXeVanBv/hpjiFuOGYIPQdV8Bb2TW+7+r9qacMOtmf/80y+dtoq0bt +JFPlluqlRjTz3mpmpJpkx4oIlQmI/6d5QnNnPWqRCkafk5renkiXNkuJl5SSNa1y +8uBgeC9ild8M50rHL0iFd64MnYc9mM2dyo2wRkDVlMpRK9eQmOGJWloXPafCxTg5 +OLnMlqLQz2aqMZiBEDK7YzpZXRe9rVPa0DTYUNeyJ61mdie6TpajdhyR86Wnz7H0 +ONwjOoEl+1+NwyCt719fJz/gkoZ6eVXY1Nn6BjCfHetI5iIkYcSbnN85mQ3kRLcf +V+Q0Bg7jPGbyQelNJQRlUq2LuasZyf+lUI0XBmKscTwhZ3apCN0axu4LJqe19gDP +KbZ4WT7lcv2prP7VkvdeLbLf9G3x9INCvIuPu8Y/ZwjyYQchw/AJaJ3TPui/v3tP +7H2FmjZiWPqamUVEEduTlJXOSfntzPetKOmjEyTRZWKsPtOxI6g= +=u1Ze -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex f740db1e7b5d..a924ccd14e63 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201807-01.xml b/metadata/glsa/glsa-201807-01.xml new file mode 100644 index 000000000000..5a945f792950 --- /dev/null +++ b/metadata/glsa/glsa-201807-01.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201807-01"> + <title>tqdm: Arbitrary code execution</title> + <synopsis>A vulnerability in tqdm could allow remote attackers to execute + arbitrary code. + </synopsis> + <product type="ebuild">tqdm</product> + <announced>2018-07-18</announced> + <revised count="1">2018-07-18</revised> + <bug>636384</bug> + <access>remote</access> + <affected> + <package name="dev-python/tqdm" auto="yes" arch="*"> + <unaffected range="ge">4.23.3</unaffected> + <vulnerable range="lt">4.23.3</vulnerable> + </package> + </affected> + <background> + <p>tqdm is a smart progress meter.</p> + </background> + <description> + <p>A vulnerablility was discovered in tqdm._version that could allow a + malicious git log within the current working directory. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could execute arbitrary commands by enticing a user to + clone a crafted repo. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All tqdm users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/tqdm-4.23.3" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10075">CVE-2016-10075</uri> + </references> + <metadata tag="requester" timestamp="2018-07-02T03:06:02Z">b-man</metadata> + <metadata tag="submitter" timestamp="2018-07-18T03:57:26Z">irishluck83</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 5beff81f2f31..9a5288812662 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 14 Jul 2018 19:38:33 +0000 +Sat, 21 Jul 2018 17:38:23 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 371b226d6874..9cf5b169a530 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -676a0a13a2c9c89e7a04d5a85550b5b48c25f9b4 1529809898 2018-06-24T03:11:38+00:00 +05c861bfc6df24f1e1d8bdfbeddfde0b268a1418 1531886373 2018-07-18T03:59:33+00:00 |