From f07d186050d4a6c9019e9185d7bed71727aeb1d9 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 21 Jul 2018 19:15:15 +0100 Subject: gentoo resync : 21.07.2018 --- metadata/glsa/Manifest | 30 ++++++++++++------------ metadata/glsa/Manifest.files.gz | Bin 426775 -> 426937 bytes metadata/glsa/glsa-201807-01.xml | 49 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 66 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-201807-01.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 94f5cd90626f..7190e3eb9325 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 426775 BLAKE2B 0a924e893bc7d02fb872d05ff4b63ad4d237b75711b0c6a09d632bbc7eeb1a14506448cef5b376ba25b504b6e4c16d40d6662762ee100207b8ee92abf972340d SHA512 811f8949726f5f714f93c3522b7ae6b1eb5aad37a0229ee9d5f5ee0ddb8c5273a4f3b0d4055d44a1dbeed5fc458aeb2e5620e47889961d9b7a4e961c24e5877b -TIMESTAMP 2018-07-14T19:38:37Z +MANIFEST Manifest.files.gz 426937 BLAKE2B fd40fb2cce7e8bb9b86f11cc0b67099c90238f284b3a458c8153c050be8f5f23899e2d0a85dee8371053bc572661a4ef4f721c0fbfb7976cc36ee7c7480ac631 SHA512 829750d5237ed3b11ae3dc9afdaacd5fe79e390dedf6730a47ac29c7f64e7bcce35e880cc0e44d263a4b9a9ed0186d2e6503cec484fcd93b4c19afde5af0ab31 +TIMESTAMP 2018-07-21T17:38:26Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltKUT1fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltTb5JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCKCQ/+J+S6xWydS/2LQQRpAZTOWx47DsXxJagvgnq+1xxp3Nmq07vfQ58ftq59 -nGmOZcxqr8tODbzLo4PZtpJhMp1cg8MANcp6weqFPPPvCLWhLjX/+xxihk+kQy2D -a8EG9SXTrVY5JvRE8ZNs61yiAK5+3BtxDi+JxwLK92/opvU1n36D/7UA3yPCkkkK -syONqOeh2gJHAYBrC7UN4+fk1DRyVPFjW5Pfja+MFUW/T7+PIeyQb35pCRywxeBK -GTHFBCf85bbSWUh3UoR9JCaZiNctcMJCdZ46roz13Upu2r+Gs9VJtytMrktzpGyg -dzk02LXTDXQuCHZC+W7BCKx+KLg3fJOHpwSUXFsaIzdt8SBgMdFgYhDy8uhmhSZi -LuyhSLn6IhfDfwddBsf7xjwjsk3Bq4a/MJbiaPsV1BRVrJEoyzVN5IoI/wvDUNez -KsTvoCsbqyF8Kbb8Ns2DEoX4qdxe8VqE4oEel3Wirgk58fnq2GGlbOehI3Aj2iDQ -X30eAvi1YOh0RDWeJcLiKiMKFhcsRyPr8WIU5EomKN64w1opqPYui0iKo54ZkaaH -JTLO3Ea7UX0s/9paLBokM5zq2yHQilB7Lu0kveFRUW/P3UDSTVRZi/5UKgbaicvT -l38lVChGn+U/c2VbswguoAX3bmCqHz9t9QHd4GU7Mn8hzVH5gaU= -=49RK +klDSoxAAnCXGfNS7/gfyCQn5HIvwG+CbL1A6m/KxJmulrcIdeytKv0RQ6aDlNI6t +1i5jj1ZvWlG4IaGStdmNZ5d00Qr2Fs6bCfJFHu7IPPSiW6799oEDjTsBDtj0bNJr +mCPLsAMM/SFgfs3h09a4H4+eQeE20sceP53ppicFlLGu98yUcVenmbos40Wn2+0u +vvinM8JxdwIXeVanBv/hpjiFuOGYIPQdV8Bb2TW+7+r9qacMOtmf/80y+dtoq0bt +JFPlluqlRjTz3mpmpJpkx4oIlQmI/6d5QnNnPWqRCkafk5renkiXNkuJl5SSNa1y +8uBgeC9ild8M50rHL0iFd64MnYc9mM2dyo2wRkDVlMpRK9eQmOGJWloXPafCxTg5 +OLnMlqLQz2aqMZiBEDK7YzpZXRe9rVPa0DTYUNeyJ61mdie6TpajdhyR86Wnz7H0 +ONwjOoEl+1+NwyCt719fJz/gkoZ6eVXY1Nn6BjCfHetI5iIkYcSbnN85mQ3kRLcf +V+Q0Bg7jPGbyQelNJQRlUq2LuasZyf+lUI0XBmKscTwhZ3apCN0axu4LJqe19gDP +KbZ4WT7lcv2prP7VkvdeLbLf9G3x9INCvIuPu8Y/ZwjyYQchw/AJaJ3TPui/v3tP +7H2FmjZiWPqamUVEEduTlJXOSfntzPetKOmjEyTRZWKsPtOxI6g= +=u1Ze -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index f740db1e7b5d..a924ccd14e63 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-201807-01.xml b/metadata/glsa/glsa-201807-01.xml new file mode 100644 index 000000000000..5a945f792950 --- /dev/null +++ b/metadata/glsa/glsa-201807-01.xml @@ -0,0 +1,49 @@ + + + + tqdm: Arbitrary code execution + A vulnerability in tqdm could allow remote attackers to execute + arbitrary code. + + tqdm + 2018-07-18 + 2018-07-18 + 636384 + remote + + + 4.23.3 + 4.23.3 + + + +

tqdm is a smart progress meter.

+ + +

A vulnerablility was discovered in tqdm._version that could allow a + malicious git log within the current working directory. +

+ + +

A remote attacker could execute arbitrary commands by enticing a user to + clone a crafted repo. +

+ + +

There is no known workaround at this time.

+ + +

All tqdm users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/tqdm-4.23.3" + + + + + CVE-2016-10075 + + b-man + irishluck83 + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 5beff81f2f31..9a5288812662 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 14 Jul 2018 19:38:33 +0000 +Sat, 21 Jul 2018 17:38:23 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 371b226d6874..9cf5b169a530 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -676a0a13a2c9c89e7a04d5a85550b5b48c25f9b4 1529809898 2018-06-24T03:11:38+00:00 +05c861bfc6df24f1e1d8bdfbeddfde0b268a1418 1531886373 2018-07-18T03:59:33+00:00 -- cgit v1.2.3