gentoo auto-resync : 02:11:2022 - 03:08:46

5 files changed, 60 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 03ceb1dc9579..e1124918a50e 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 535926 BLAKE2B 7e9b114515adc37e042d0429c05c612bcd37904f6b0e36bb719022725a4c1368a02f1c681914401ccbd4e7d79b897cc0a5bc5cba7a40b3414033dc0ad825e3ad SHA512 9eb1f214127edcde3efe4a83f3f692a941753cc1403b9d080cffc6f566f30dbc3f8933ceb8f23653cbe17e6341f056577f75cf8eb955ad5c636486da9f629092
-TIMESTAMP 2022-11-01T20:09:44Z
+MANIFEST Manifest.files.gz 536084 BLAKE2B c89e49fb5e75661a7da4bc1a8267e8936701fe518e99a96ea46c267fe11ac6fcc34a3029874ea964f0a67189423224c5aba6dc5cc7a56cf0d5889ea2d47d781f SHA512 75913d485440890ef20577369af3828f92411599dd916f9c5792517c2a36a196afc4bb5153abea2e3a2bc4b763ff2159dd5b7d79a6de88fdec6368ba79776c6f
+TIMESTAMP 2022-11-02T02:10:39Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNhfQhfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNh0Z9fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBTTA/+LgfGJsfb+QBt/HDBalLB2KMq13b8E28HEflZN4cG7N9dFsl4jJFDcDmP
-YXgKTBJ58Ab9gVV5EKen6K2+vNJJ5ZL87Yd6XBbrKBV5CZnwTv/5KunAitYs4hJI
-/TTk45//faGrtWo7qrZu/zbyKx3wuox7cBo9MkTPCEjJu/jJOdKbQ/Jgb3dUzURM
-j2gMJCDWdwghSc79+bPCpRP/Nml+Hi1vZbbjkVX16XdSC2xyTWzN3wF3WRi7MlPj
-tL+92FNgPB4wThPoG9l0K/XtwUtEddNQve2GY7K0ltYsbsEWWtw20RViQ9gcii39
-vXTWwg/fJxttkTc1fxrsTzjUdH6kOe81ZE56rW+oiDwsApSlFjIy/0Cv0IWuTqcZ
-0/9ezjQpgrr6Cp6Ug4b0ULrbvMvRkw6YKOgjOlwH7DANGMVfE0yoP+yRx5BmbTCy
-IZlki0mOgXtwCrdFlW7ZNS5JFf8XSAgfZtJIiEbMwE0Gy3q1ouRq0fZjU7TgPzu2
-B6H/Ss1WZ9JIawiD2fPudrS8ysvEj7jjUIBBUCjOsev52jyI7pv7bHUVSNFg2ZGS
-jdlcEY87xNRUvc/VE6v5kTAkMfm5Y361dyNQZ8T5fSjG7SgUVn55aBGxSEsK61/u
-Bh8sANJlgL6h21jdbVBGWULZgXpuw/Nv317GmQ4srxRDf9wjkl4=
-=JTok
+klDkYw//SnRKdjRn3NPSgsDAxT6Sv8lRPrJtv2Sl3C6MAU2KEqzCqYRwMZ18gH4X
+5/tYBqXC9iRwFFJZ1zWOuM3wCFKEyC8Tx11AHPly0HbhTVqGyalrVrywKNLyEgOv
+XB1v4XyFjMVL1g6xHg80MhzZANjfw9IjorfZLosVEuXu8I0rCKF1AZ1ZnHRtMW8m
+CiojkUdnnCRMvhnDzs8C1ONgh1Mn/gAu7vPY8Xmp7IFwk9urwThf8e9FlqA5xvLN
+nFNKVj5ynJNGzHZb5JdBZa7V2b9Td4cyf5elkKxpXVoGWHKcRsadOa42S/+yZ93F
+518kHchGztFjdcJ6S+rbgUQA7lIb/XQZgkPVk64NYqvfPxq5xlXcH4WhXKMP2ak6
+rOIRxBsxGDYdnfRxITgY6dDFAX7lMc8fDxNO9QjJO4uUHN70tThXuhpH9533WtZE
+glOtpma9jA3P28rcroqeczb4r3AksdJvXounFQvREuW78giv7MkWegkzAhUIuswP
+g2Q73bYdy4K1lNQti/WCDAiZ4j8zZ4v+K7QN4lXyhOdCTqSuMFNW/flBgwhDyC0T
+SuLe936HnsgNU9DVT5T/X6k/sTlP0dUmEM9aTIJ35PwLbkTtGuUHZoZDlP8JUi6q
+GhlAa927BBRUOHaUTYAYl43tYJakB2VfZ0fLBj/Gom3L7AQ4i3E=
+=8jjh
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 5dae7a8bf4e8..a99bb4c6d887 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202211-01.xml b/metadata/glsa/glsa-202211-01.xml
new file mode 100644
index 000000000000..b95d1a1de5ac
--- /dev/null
+++ b/metadata/glsa/glsa-202211-01.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202211-01">
+    <title>OpenSSL: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">openssl</product>
+    <announced>2022-11-01</announced>
+    <revised count="1">2022-11-01</revised>
+    <bug>878269</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-libs/openssl" auto="yes" arch="*">
+            <unaffected range="ge" slot="0/3">3.0.7</unaffected>
+            <vulnerable range="lt" slot="0/3">3.0.7</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.</p>
+    </background>
+    <description>
+        <p>Multiple buffer overflows exist in OpenSSL&#39;s handling of TLS certificates for client authentication.</p>
+    </description>
+    <impact type="normal">
+        <p>It is believed that, while unlikely, code execution is possible in certain system configurations.</p>
+    </impact>
+    <workaround>
+        <p>Users operating TLS servers may consider disabling TLS client authentication, if it is being used, until fixes are applied.</p>
+    </workaround>
+    <resolution>
+        <p>All OpenSSL 3 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.7"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3602">CVE-2022-3602</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3786">CVE-2022-3786</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-11-01T21:56:08.734256Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-11-01T21:56:08.739212Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 497ed50409c8..a38a0aa5d930 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 01 Nov 2022 20:09:41 +0000
+Wed, 02 Nov 2022 02:10:36 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 1ed7e2bb76fb..75b2cb040a5f 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-19befd853907b89ff1a5ea81ae63b19dbb1d7655 1667248658 2022-10-31T20:37:38+00:00
+273d516e3c9a0078775979649ecc570e7186f050 1667339933 2022-11-01T21:58:53+00:00