gentoo auto-resync : 29:09:2023 - 11:37:12

5 files changed, 63 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index c65c5fd18840..dece5d71dadc 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 547551 BLAKE2B 1c8a2c44712370196d7063d9129e5418e3dfa4b013e30a5e0a4b9367b2131bb0b45949b8c8d9e8433aa0d483da04220b33d15fca9118364a0fc9d95430b13e46 SHA512 d863cabfd6bbd4b1772db2994615c985318c23ec71f69d65a91382cfdfbf51e724628c09c24586716e946026cf13fc73b968032951be742049f80dc8fa300c06
-TIMESTAMP 2023-09-29T04:09:58Z
+MANIFEST Manifest.files.gz 547709 BLAKE2B d36b5eab46802d38f5dc159e9f03149513662c9854aa62da883429961b68edb038ebef040f517863c136ecc51899290cd74c9087529037a37efe40ec65601123 SHA512 76b4b80b9d0d4cbbcdde748628052fa922c089cce8eb0edfc47cfa2875923af79393a7f6b07917b9aa64c2c7d7d6fbdc509c10b177b9df02314011f74f4f5b95
+TIMESTAMP 2023-09-29T10:10:03Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUWThZfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUWontfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCbhBAApfE9NSg2m90UWY+SUp+X5isE+0a6X72zfcUDmfIBWIilbCLFiv/pGXix
-00eudt+erGEke08MfLh1v6CDVxzTzz/js6sf2B+VUOwJHzkcxKx6bzpYkhck71E6
-5QXvemBSA0eSjjpUwH4HfvXL11eB6MaJw+l8vXcFpmLoCWuPz0ziedgPZts6UV3o
-m8KRgj1XNNoFFBuZKPSX3YUK7PELD0zCXXAYIu2ZPhPK/qDG+WPsv3/hCV1UY2nD
-MedfRM/4o6a43KXcDUuY4qPZzqw1HBsrALdMyc3s+YFOiuxbNxJx6mE6soE74q3p
-dlGol2xXX/G+ReaRBMZ2rNQbEzd9BC94qwY+qabBnWLY/WEGvjY1swZEoGQtEWMh
-SOZE3jtuVHXAMv766gt6vrM3ih6YEdJ4qvh3nm2CVeuBTHCKNxrD8vRky265c1Ld
-3ss65NU3WjJ9tMJsgyVVG46NBaERs2I6JdX44qqSChMQDE6fHwJmcwhC1YGruOfe
-50kCJq9t0SD9BsD0wFsy+QW0Hu6BBBL5T/JLAAZVQrJg3HqBSLCa78Vee3E/o+pJ
-22aCU2rX03f5loTZsYgd+gWEVcaxaKbrAqhXLlO1sA55ne0yq2sLijLTyT40BPky
-RGdzxfhYPt1uy1Rh2MDy4uvKfHNEwAxkzbtWKyzTqJiChpajVK8=
-=nmfI
+klBOtxAAodmGTvzvmwCcm0LNOQWN8cgyk2rUSf6knyeoReDJlAH8IhHqwFLIeJzN
+2zFitFhWQ0Y5jLkQ2rkvt5O9XAPe27HMJIE55x4roa9+iyUSTFZHkQQcIQusU4aP
+1Y9D1TPJY18kPJ1+QnsiQYK9xm/CTS4h54e4mKow4rcMQbXtZqmtmrWOfG0rE7sW
+HrrpM5fAnFhinnCFUCIEXEYqCrm+F3rfOJIZwWkeFbFisR9OVOy2Xdm56r69S0Qt
+e+HBSxBQfKoptS0fNkHuFTQ5nwNGwqQQcGC93Gbl6y1KwYaB7UFWbC13Fg8pS3tI
+POdtsVb2LdsIb6UZ1A2LUKXP6CMYlOo2Q2D5IHTPgcqX1/oYGNDUgdNNMc7cwVU1
+rhYX7ybt4Y/Auf6hrolLPB9x4eyVDpg9ZDWyAjRdl1dBEtFvexQ79M+vkBElqZum
+RdBPxYCSTi6956OKGLLGJMG3ZMyOXjBBq3JMivF+7O/opFqhnmqJoKjc6p1DULqu
+ZZjPNvCkcdMeCd4TPLX5FR3yY2Y6JgvBCj0/kBmxr5IVoTFerOrWWTV5GxOaKMYM
+UDhW8RfaeAaaAA0wbp9yznZoPoBxdbtTqgF4clWNAmpNFjYCufn83udgsWkBEXjh
+ZeShPJ/nLVRAlb9EJS9in8JPmMgdB++8Jw3x8xSKcYYZVNuLcSY=
+=+V0X
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 9895112cb1f9..b0d4956e2ece 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202309-09.xml b/metadata/glsa/glsa-202309-09.xml
new file mode 100644
index 000000000000..aec4099dc0ba
--- /dev/null
+++ b/metadata/glsa/glsa-202309-09.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202309-09">
+    <title>Pacemaker: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Pacemaker, the worst of which could result in root privilege escalation.</synopsis>
+    <product type="ebuild">pacemaker</product>
+    <announced>2023-09-29</announced>
+    <revised count="1">2023-09-29</revised>
+    <bug>711674</bug>
+    <bug>751430</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-cluster/pacemaker" auto="yes" arch="*">
+            <unaffected range="ge">2.0.5_rc2</unaffected>
+            <vulnerable range="lt">2.0.5_rc2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Pacemaker. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Pacemaker users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-cluster/pacemaker-2.0.5_rc2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16877">CVE-2018-16877</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-16878">CVE-2018-16878</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3885">CVE-2019-3885</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25654">CVE-2020-25654</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-09-29T08:35:00.564267Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-09-29T08:35:00.566732Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 6a74158d737e..b30c199fa4e1 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 29 Sep 2023 04:09:56 +0000
+Fri, 29 Sep 2023 10:10:00 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 8c507dfb8ce9..69c6e9226e17 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-350089607fb03a112b8ef41490ac5428b2edf828 1694932402 2023-09-17T06:33:22+00:00
+1879b11c680b5a942bb283d62aff5b3aa0b78304 1695976656 2023-09-29T08:37:36+00:00