From 64602f81dd4ecc257e8c5139f42b902d3555ea78 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 18 Dec 2023 13:51:55 +0000 Subject: gentoo auto-resync : 18:12:2023 - 13:51:55 --- metadata/glsa/Manifest | 30 ++++++++++++------------ metadata/glsa/Manifest.files.gz | Bin 555493 -> 555652 bytes metadata/glsa/glsa-202312-01.xml | 49 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 66 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202312-01.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 888bf69ab04d..606f33daf004 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 555493 BLAKE2B 9b9c68f6fcd5aa241244f03965d32d2bee2397eebacb0b4742f3b5eff9058f33cdb8d4c1f96505cd2a1acaed4347077a204862e5674effe944e54b05e7466726 SHA512 bf81aa35acfc8893b8a8ffc0d57915c1a8e6b54e9400f0d03f26dd199de30e2601f7a7c1060d2185e26c3276979665ae687fb8e8a1e2b4d537df4a3270e38d43 -TIMESTAMP 2023-12-18T07:10:53Z +MANIFEST Manifest.files.gz 555652 BLAKE2B db9cf5206d9ceddaca8a68b4bf7f7ae528b88643f304cb02178e6516db789e072f19544b11fd07ca92e7c80c589b8b66ece5f49c746eb801b97383bbafd1f932 SHA512 f9958af059dd9b625daf56f6b4902011d7fc39a90ba956c342e1067f960a07cba8953dfed3f68b813916acab646a12243ae32da4878afce08b6a7142d90aa871 +TIMESTAMP 2023-12-18T13:10:30Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmV/8H1fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWARMZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBZZQ//cN1bmc3NeyHSV7hpFvWdMX/ldo3WCkViGy4Y07mldALowxWm0ciDU00i -ftZPaF+8qx1fefXBh8APnkJ/VX4KwOqiMPgqd+FiQpY1vF/h9LzBN0YdA2jKxpB+ -NLk9rT4QiqwxUXGHtjmXb6ERPcIKYYHvjB0Yvqo8bmJeMSxLbPCJ9+fp4UO5tqJ5 -D0XKccBrSEqR1JSQGVuIk+KF+yx8pYjc4qcWQrsKWfeXho1WA1L5tg8DcwfGUTSG -15Naf4fGBVhq+dksE1aYDqZ10po4yTfvLWP80/xsd87HuIE1inxlsJoOcujnwf7b -BhMSoZINFM36g1xX2xbTcsJ2BvNRvqR9jzqHFNaZmnfWS5LdHslg/rJH5Ae222G4 -ZO0TPUT9buKYlpJ606IiZKso727NPHmJZFDb9CZe0w3yF/LqqKbMPY2GgQNNWS0r -xbCAUOuciqiiW/1j932kx1a/hgUvuwlASN+5IOtASlzZshXlaN+Dl3W3qOA1CoSj -43VvFfW4J4OktyzF3vuiJiVAw8g9bt7NQZpNY4tvXa04+HnrYu21YUWMmJEDjwYl -WDEvIpunABiVW4z0BFigouuKuH5JUSBWF8OdlFgbE/Qiu+7PHW+D4+v7vn8VL7B/ -eN9NgzvPw66rT1bslvz9BKwyG+kmYIRYdG2lsXRogODsNU8QpKs= -=8jr+ +klCoBA//fyi+8Y0Qtu2MTNXDrp56nUmqhgnfj+x4mNGDf69P//DL2DAlH1vLkPUe +9qi9BXomNk1xuGzwpreEQ3RPdc9yqMlqTQYoRrkk2wwWQQO7BqBKyE86RbG6EQ4r +a9iBF3c7OgNPwSwxqANUjDWQ8B82fXKMnV9KSVZ424EIxNasc9BhNvQc3KTmIDg1 +XiQK1qZKMqYkGztgfjccCQph6VwW+hRcyKi71WnTacMKOipXZFAvSbzBvQzNyjAj +092g68ubgoAlt4u7B7x0hpvmrLFb67oGK/XFxKLFAeVaK3tJ3K/YRAQKNbr6cyKt +DS0p0dSNQkuJPYgWbGeHsj0vK4G9IzuHrbsZSig19/7p4VH+UGL5Bhim+GwC3/wk +T7dv/FqUsGNH6r8N9JsgT3C1almYfWg0QDcElzc7b0HSXW0+gwVM43NgmaUft+c0 +S4cMDzVjv4/oOOT3xRag72/SxSXFzF07coSD+vMZ7hGgoiWAr/DGR1Kna+PCwudT +qL5uonMJYsoNoH5VeaBnrxRxt9wi6Icfie/gLG17RWQWWSSt5bkhQox7NtPUZqpU +I4kB8YslTPSPctAAInpFRH5pw+NFMZ3W6+kI6o+3Zg8UmT9kWf2sBytIXR+edPL3 +GYfUmLF5uXZnzb2nnLqW0+12OSKi4OMchXm2yMUXoTdvrgfQ73s= +=tqW0 -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 0ed9dcec42d6..cb8367baa719 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202312-01.xml b/metadata/glsa/glsa-202312-01.xml new file mode 100644 index 000000000000..1508a2eaf03f --- /dev/null +++ b/metadata/glsa/glsa-202312-01.xml @@ -0,0 +1,49 @@ + + + + Leptonica: Multiple Vulnerabilities + Several vulnerabilities have been found in Leptonice, the worst of which could lead to arbitrary code execution. + leptonica + 2023-12-18 + 2023-12-18 + 649752 + 869416 + remote + + + 1.81.0 + 1.81.0 + + + +

Leptonica is a C library for image processing and analysis.

+
+ +

Multiple vulnerabilities have been discovered in Leptonica. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Leptonica users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/leptonica-1.81.0" + +
+ + CVE-2017-18196 + CVE-2018-7186 + CVE-2018-7247 + CVE-2018-7440 + CVE-2018-7441 + CVE-2018-7442 + CVE-2022-38266 + + graaff + graaff +
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 6970c4f8b7c8..cd3392460665 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Mon, 18 Dec 2023 07:10:48 +0000 +Mon, 18 Dec 2023 13:10:25 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 313f325014a1..09402fb93716 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -e8cae5eafb887bc451b4344e6de2d99b8d6e75de 1701088111 2023-11-27T12:28:31+00:00 +ae470dfa87b9f8990a63603140849dc70c320603 1702884361 2023-12-18T07:26:01+00:00 -- cgit v1.2.3