From fac3cfaabc3c46bf5cb7a2492197925c7c557b42 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 19 Feb 2024 11:39:43 +0000 Subject: gentoo auto-resync : 19:02:2024 - 11:39:43 --- metadata/glsa/Manifest | 30 ++++----- metadata/glsa/Manifest.files.gz | Bin 566926 -> 568062 bytes metadata/glsa/glsa-202402-22.xml | 44 +++++++++++++ metadata/glsa/glsa-202402-23.xml | 84 +++++++++++++++++++++++++ metadata/glsa/glsa-202402-24.xml | 42 +++++++++++++ metadata/glsa/glsa-202402-25.xml | 129 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202402-26.xml | 88 ++++++++++++++++++++++++++ metadata/glsa/glsa-202402-27.xml | 42 +++++++++++++ metadata/glsa/glsa-202402-28.xml | 54 ++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 11 files changed, 500 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202402-22.xml create mode 100644 metadata/glsa/glsa-202402-23.xml create mode 100644 metadata/glsa/glsa-202402-24.xml create mode 100644 metadata/glsa/glsa-202402-25.xml create mode 100644 metadata/glsa/glsa-202402-26.xml create mode 100644 metadata/glsa/glsa-202402-27.xml create mode 100644 metadata/glsa/glsa-202402-28.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 80f56d6f4ff7..a7e9e87afe41 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 566926 BLAKE2B 662f6b629a94bee49b81ce5e7c79890f472857985014164c59582532a367c029a6006250d334fa4649ce628cfecd09ece880332a7434e27f63860495755cb92e SHA512 b38db85707ee45700d87f79d57491088f18bc5d8420212ca7f2563366ffd1783a5720d4428bca32016af1cb46ad1318a365cc1af3ee918a4b435469f68cab028 -TIMESTAMP 2024-02-19T04:49:32Z +MANIFEST Manifest.files.gz 568062 BLAKE2B 63354e36b00357ecbdd68ddac0a4e722f998e8aade0b5025f1a84caf5470d97f6b2ce7020f42bbd802a1beb63f88f2e3287b060dbc4a695da224e6ab93006e93 SHA512 106f89b00b29ed2c754a2a2fe054b6b0b6f2413fdf8d113f7ddc7bf427a1474d7f8e333da8fd87a95983c6a19f014980c8f0c2c7ae9b46e4e7091b87323240fc +TIMESTAMP 2024-02-19T11:10:01Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmXS3dxfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmXTNwlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klD57w/9Er2QEpxNcr9gQIzz8dswnUNRzqg/TWOdLS7iE9F8ri3MFBwB76i8KEfI -umEtFpUo/HeUaOgHgi7xqAVMgJEgIQj16nYj3RzrS5ommQF7+v+TX6ZAmzymQEWT -Wwk4kCgpu5dFXtf5hgCZrRTtI0w1NwlXhQ1fixGu92UfUpadE6xPhIZWSkoiZ33k -KWk3ylZxPTlZ2heQ8h9YyJ5PdQWLOA182zTB5XHApGdbyhCxli77xYZREHZYwHuq -YVmSdzjLFD8EYv8eEuhLtQZ153A0pCIkuh/aPUr9lB20UFBaFFb2hWlewezF/Rrh -4EKPY7KLXCnyYrVroeKZZwBfuQ06g41q5Fq/5yBNBVLMomSJijznhXdCeymQ6tKR -/xD4XxV7GKmNq3DGB8z3ZZ/5gvL7CumbHISvdOQqUYNoPelCxTNN9JpkdNEXsqAc -gORUG2W+bUfSiT0ckNYtVqd2nzVIfzXltkW1fc/Ud6Mxq1zptjUQLLjgh+/0Iwmu -yMnY/61vhv5yD6Dhj7rpX1lPVTtSC3qGL/iyC6tBaAQFZqXU9Ahbqjsu9xCW4GH5 -P70OPR6L9rt9LNplXf5Y72dMiujijIx+RtOIQbAtBs8r1OUQE7+9yu5XyFoAYjC9 -KR1hshC8YOYRQwVbB8MTdny4K3an5fJV/qQHt/85j9SjzHHf8vs= -=g/1f +klDX/A/+Lg9i5DbYW4Nk/NupqbjuZNeCc0qW0zIwq5Ip1fMkrXNfFBx6ghcIoYHn +HqITrkRknPeEFELx3z+J9tHIjr8aNKLMmrjX06myPzquNhmh91yWOErpfzjIKAUb +y4tpoiStxO7X1wp4OcuH2loNLTKyd9G6SwCv0cojgZMe2Zs1KnTZCPp+OyrJy6n3 +qAHr8MKTWjI0OxwglRgm6uuQ7dlENCxMM2yJjaFXWo0c6+P/b3fhRQCa7o+yJ+PI +8BIKxEn+P9oasQwD7ZRX8WFr5LNcJsb7uTlZWHU+wXUTj9/4+ExojnlFZrBKc3+A +a1XvcEYv7nzMC8bBE+C/+e/E/TtxsuVP4NAOdnR6H8xa1CygTP0qYb9lU7uSoqhw +AR1g350iSvgrS5zmREht9Fpz49jF03HD4Xw5l8j9QbhLB5iehj3D4Yn2MT+Hy7Jb +YDEdGxvp6wOr+6b5JZY8E5BHdrln2bFXnWmYhZLHojXegv95E3BuYPsq5KLMnWL8 +DvKjo3WxyhHh1ouswYkZfpN/ge0n+41AbPKR4NnqNrwK/cmvVBJEljTsMgjuBE/+ +v5rIhnOdeUAdJvzvebLry8MQqbTt9bm2/OGBbaLRuKIz0AbZLccIZAI9WlEVInx/ +fivq3Xx+JoluCNVZqCEhNnRYns4lBNV5sJwjYHXlVm1FiIJI93Y= +=LKPT -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index c628bc944922..2352cc66c21e 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202402-22.xml b/metadata/glsa/glsa-202402-22.xml new file mode 100644 index 000000000000..789dcb28159d --- /dev/null +++ b/metadata/glsa/glsa-202402-22.xml @@ -0,0 +1,44 @@ + + + + intel-microcode: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. + intel-microcode + 2024-02-19 + 2024-02-19 + 832985 + 894474 + local + + + 20230214_p20230212 + 20230214_p20230212 + + + +

Intel IA32/IA64 microcode update data.

+ + +

Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All intel-microcode users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-firmware/intel-microcode-20230214_p20230212" + + + + CVE-2021-0127 + CVE-2021-0146 + + graaff + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202402-23.xml b/metadata/glsa/glsa-202402-23.xml new file mode 100644 index 000000000000..237b585827ba --- /dev/null +++ b/metadata/glsa/glsa-202402-23.xml @@ -0,0 +1,84 @@ + + + + Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. + chromium,google-chrome,microsoft-edge + 2024-02-19 + 2024-02-19 + 922062 + 922340 + 922903 + 923370 + remote + + + 121.0.6167.139 + 121.0.6167.139 + + + 121.0.6167.139 + 121.0.6167.139 + + + 121.0.2277.83 + 121.0.2277.83 + + + +

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.

+ + +

Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/google-chrome-121.0.6167.139" + + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-121.0.6167.139" + + +

All Microsoft Edge users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-121.0.2277.83" + + + + CVE-2024-0333 + CVE-2024-0517 + CVE-2024-0518 + CVE-2024-0519 + CVE-2024-0804 + CVE-2024-0805 + CVE-2024-0806 + CVE-2024-0807 + CVE-2024-0808 + CVE-2024-0809 + CVE-2024-0810 + CVE-2024-0811 + CVE-2024-0812 + CVE-2024-0813 + CVE-2024-0814 + CVE-2024-1059 + CVE-2024-1060 + CVE-2024-1077 + + graaff + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202402-24.xml b/metadata/glsa/glsa-202402-24.xml new file mode 100644 index 000000000000..d46938afd0ac --- /dev/null +++ b/metadata/glsa/glsa-202402-24.xml @@ -0,0 +1,42 @@ + + + + Seamonkey: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution. + seamonkey + 2024-02-19 + 2024-02-19 + 767400 + 828479 + remote + + + 2.53.10.2 + 2.53.10.2 + + + +

The Seamonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla Application Suite’.

+ + +

Multiple vulnerabilities have been discovered in Seamonkey. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Seamonkey users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.10.2" + + + + + graaff + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202402-25.xml b/metadata/glsa/glsa-202402-25.xml new file mode 100644 index 000000000000..0c7703a83f08 --- /dev/null +++ b/metadata/glsa/glsa-202402-25.xml @@ -0,0 +1,129 @@ + + + + Mozilla Thunderbird: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. + thunderbird,thunderbird-bin + 2024-02-19 + 2024-02-19 + 918444 + 920508 + 924845 + remote + + + 115.7.0 + 115.7.0 + + + 115.7.0 + 115.7.0 + + + +

Mozilla Thunderbird is a popular open-source email client from the Mozilla project.

+ + +

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Thunderbird binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.7.0" + + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.7.0" + + + + CVE-2023-3417 + CVE-2023-3600 + CVE-2023-4045 + CVE-2023-4046 + CVE-2023-4047 + CVE-2023-4048 + CVE-2023-4049 + CVE-2023-4050 + CVE-2023-4051 + CVE-2023-4052 + CVE-2023-4053 + CVE-2023-4054 + CVE-2023-4055 + CVE-2023-4056 + CVE-2023-4057 + CVE-2023-4573 + CVE-2023-4574 + CVE-2023-4575 + CVE-2023-4576 + CVE-2023-4577 + CVE-2023-4578 + CVE-2023-4580 + CVE-2023-4581 + CVE-2023-4582 + CVE-2023-4583 + CVE-2023-4584 + CVE-2023-4585 + CVE-2023-5168 + CVE-2023-5169 + CVE-2023-5171 + CVE-2023-5174 + CVE-2023-5176 + CVE-2023-5721 + CVE-2023-5724 + CVE-2023-5725 + CVE-2023-5726 + CVE-2023-5727 + CVE-2023-5728 + CVE-2023-5730 + CVE-2023-5732 + CVE-2023-6204 + CVE-2023-6205 + CVE-2023-6206 + CVE-2023-6207 + CVE-2023-6208 + CVE-2023-6209 + CVE-2023-6212 + CVE-2023-6856 + CVE-2023-6857 + CVE-2023-6858 + CVE-2023-6859 + CVE-2023-6860 + CVE-2023-6861 + CVE-2023-6862 + CVE-2023-6863 + CVE-2023-6864 + CVE-2023-37201 + CVE-2023-37202 + CVE-2023-37207 + CVE-2023-37208 + CVE-2023-37211 + CVE-2023-50761 + CVE-2023-50762 + CVE-2024-0741 + CVE-2024-0742 + CVE-2024-0746 + CVE-2024-0747 + CVE-2024-0749 + CVE-2024-0750 + CVE-2024-0751 + CVE-2024-0753 + CVE-2024-0755 + MFSA-2024-01 + MFSA-2024-02 + MFSA-2024-04 + + graaff + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202402-26.xml b/metadata/glsa/glsa-202402-26.xml new file mode 100644 index 000000000000..07596137d7e3 --- /dev/null +++ b/metadata/glsa/glsa-202402-26.xml @@ -0,0 +1,88 @@ + + + + Mozilla Firefox: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. + firefox,firefox-bin + 2024-02-19 + 2024-02-19 + 924844 + remote + + + 122.0 + 115.7.0 + 122.0 + 115.7.0 + + + 122.0 + 115.7.0 + 122.0 + 115.7.0 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla project.

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox ESR users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-115.7.0:esr" + + +

All Mozilla Firefox ESR binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.7.0:esr" + + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-122.0:rapid" + + +

All Mozilla Firefox binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-122.0:rapid" + + + + CVE-2024-0741 + CVE-2024-0742 + CVE-2024-0743 + CVE-2024-0744 + CVE-2024-0745 + CVE-2024-0746 + CVE-2024-0747 + CVE-2024-0748 + CVE-2024-0749 + CVE-2024-0750 + CVE-2024-0751 + CVE-2024-0752 + CVE-2024-0753 + CVE-2024-0754 + CVE-2024-0755 + MFSA-2024-01 + MFSA-2024-02 + MFSA-2024-04 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202402-27.xml b/metadata/glsa/glsa-202402-27.xml new file mode 100644 index 000000000000..4fd31aef7a5c --- /dev/null +++ b/metadata/glsa/glsa-202402-27.xml @@ -0,0 +1,42 @@ + + + + Glade: Denial of Service + A vulnerability has been discovered in Glade which can lead to a denial of service. + glade + 2024-02-19 + 2024-02-19 + 747451 + local and remote + + + 3.38.2 + 3.38.2 + + + +

Glade is a RAD tool to enable quick & easy development of user interfaces for the GTK+ toolkit (Version 3 only) and the GNOME desktop environment.

+ + +

A vulnerability has been found in Glade which can lead to a denial of service when working with specific glade files.

+ + +

A crafted file may lead to crashes in Glade.

+ + +

There is no known workaround at this time.

+ + +

All Glade users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-util/glade-3.38.2" + + + + CVE-2020-36774 + + graaff + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202402-28.xml b/metadata/glsa/glsa-202402-28.xml new file mode 100644 index 000000000000..f8a410fa3a7e --- /dev/null +++ b/metadata/glsa/glsa-202402-28.xml @@ -0,0 +1,54 @@ + + + + Samba: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. + samba + 2024-02-19 + 2024-02-19 + 891267 + 910606 + 915556 + remote + + + 4.18.9 + 4.18.9 + + + +

Samba is a suite of SMB and CIFS client/server programs.

+ + +

Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Samba users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/samba-4.18.9" + + + + CVE-2018-14628 + CVE-2022-2127 + CVE-2023-3347 + CVE-2023-3961 + CVE-2023-4091 + CVE-2023-4154 + CVE-2023-34966 + CVE-2023-34967 + CVE-2023-34968 + CVE-2023-42669 + CVE-2023-42670 + + graaff + ajak + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 73d4d4c144fa..bdd15cd7a11b 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Mon, 19 Feb 2024 04:49:28 +0000 +Mon, 19 Feb 2024 11:09:57 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 65f7aa0e9c6c..970b20578ebf 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -6b93b2b9cf3ff334a58b58d960113c71066c1748 1708303300 2024-02-19T00:41:40+00:00 +9df376ebb50854c82bdbbc1e4f71d408e449fc54 1708323022 2024-02-19T06:10:22+00:00 -- cgit v1.2.3