gentoo resync : 28.04.2021

author: V3n3RiX <venerix@redcorelinux.org> 2021-04-28 20:21:43 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2021-04-28 20:21:43 +0100
commit: 40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (patch)
tree: 758c221bad35c9288d0bd6df9c7dfc226728e52c /metadata/glsa
parent: 8d5dbd847cbc704a6a06405856e94b461011afe3 (diff)
8 files changed, 234 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 1f0d1da1daa3..9a40583bc91b 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 500540 BLAKE2B 7a48959b9c07be5fc6e9e98ffbda2d71400bbd137c089df45f7701ae5dd1ba444366d51af5a4656f0a37ca0bbed5e1b74627c57cf425e57c4516bb7194b7dc59 SHA512 e923ed887d7140a57ff660001f6646dac898bdcaefc8ab2effe01101b80e6b709f7e4d00bf72e6d181aa41f6d99fe7b4285de0597a1b60734104a3eee41ee946
-TIMESTAMP 2021-03-27T05:38:33Z
+MANIFEST Manifest.files.gz 501179 BLAKE2B 8497331f9dd69ca6298da2b244da7c443f558ba5b1a3fe30fd16624181c44f495f273604ef8a4cf26755eba9c949c383c797e8057c9baf45d23d874b04364a7a SHA512 1bcbdcac9faaadcbf738837161742f91747423833b925f90f520b0d3356096c18fcd1565918d664e0bf798a9b1b666a396108d3b8f84b2c2fd74cd3e730a319c
+TIMESTAMP 2021-04-28T18:38:32Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmBexNlfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmCJq6hfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAPSA//YH1Onc+kfgZBRh6tt5jLZsnFbrZlXGXnEIMOXwEBES+MvCjcZhwwLQN1
-CQT5ypSJk0MiWbNJL7UDkAJ4yvDW1PlAyI1Nzy57d+HJUfaA0o8F5xyeOrqdifLp
-P2tgmOfDuvxem/YtclK7ZcM9KZvAln4AoYguutV989yectkR3SQFb5GhdeFC0SZc
-x9J8O47FlqhhgGcFk4dfPL2YbJ249UWU/AmJ7voTEWFDskbeQYP26IDm85Wl0NsR
-TZACbSxsjD8jFFRhNjj/GstxVoRl4WP8NuDsCtHT/go5DNqd/x/Hc2O60zzKaHL7
-ZgupURL+6vyMYgEIS/NZ/zuLm44U3bmycOmj8r5prCDXjiVP/iFAAxGves/gENpX
-8MyFsgwb6Mr0UlL8ZnRVaa81dH8rygTSxdDBoVJwRNpR5eT6+kUC2wyriydSHpFY
-ZyR0p/iWnoC4tLUjJV7ak/DsSC3nFGgSZkvtg9CxASRE+YQ7aTYgrPZ34J4P38AR
-SWKQ9ZhrlIeoHw/aN/uFewsMt3Ulnb8iGPzs43ObIhE/hmL5+YIzEkjQDxoe3CVC
-Ou1S1yzJbtid9TD8+4B1on+olA0qRweGRJZfUKBLY/K+cjBVI9FDQGbwx9OfF0ep
-bFqjiRzVe0uytMbp9y0LTxEIDVpmZVEcPt1JBm1rkjWpYIUTkHg=
-=hrVd
+klB+jg//Y0TJkIxdlLVt3oHtahHk8rBYELFtI2VEeQR7dGOy8o3tzJrEEj+zcPd4
+MJhLBpiliMIBTwlamyHxWVbZ3pG14XX+nYtrWYJ2qLuglLhllZDIVjiVvSLXW7Nd
+e1noLA7C4YXuJyPDA8fkCox0EXVTsOw2RbGGKAEAfr+D/bQPG6dsvhQ4GPOfmCb1
+nFVPVl47D1ToHHFhzV67iMX26/UXjD2l0b8psJXWrj75+YZc18U1w0kaKJeTICd9
+dhnl2L9lKfiPirT3bjE76zNcS3aszK8LyT4Z7eI85f0JUMVvNsDuADlxcfclbhTF
+QeK5Hz8BSPSWtbjmegD1itAvghHn9u3Gdsrq8W6AMGsg4+M+Ir9zC+l/Th196Kip
+X1ixDf43hFwEUMecZwtznf8PXH1Wa1mvq6cke9cafP4qOxeNjlaCmxfdr/0v3yoT
+mntfRa05SZpXIGU2Ax5xW3ZkaU27p1so/CldlqSx5uYRSlLBlOYvODQgIK+F+zB0
+GTrhpvjHMw73QsyUDD5npw6ZTOd8iLLDHy3t9orPAisE3VyWnXd6VJYZCSwB7aSd
+3O+KkDm0u/FoE0nDXpCGO1yn6R2wx8o2dXs5NFP7ajZyd8b0ecvnaEFQ45aAmpIb
+mpFftQlNd90ZbSk2jpHGKkk3UcLTtE2jdKei/Q+3QQBwwCuCgF0=
+=AdQL
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 5b3950946df7..5c152816d44d 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202103-01.xml b/metadata/glsa/glsa-202103-01.xml
new file mode 100644
index 000000000000..ff3d8ebd9e83
--- /dev/null
+++ b/metadata/glsa/glsa-202103-01.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202103-01">
+  <title>Salt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Salt, the worst of
+    which could allow remote attacker to execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">salt</product>
+  <announced>2021-03-31</announced>
+  <revised count="1">2021-03-31</revised>
+  <bug>767919</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-admin/salt" auto="yes" arch="*">
+      <unaffected range="ge">3000.8</unaffected>
+      <vulnerable range="lt">3000.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Salt is a fast, intelligent and scalable automation engine.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Salt. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary commands via
+      salt-api, cause a Denial of Service condition, bypass access restrictions
+      or disclose sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Salt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/salt-3000.8"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28243">CVE-2020-28243</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28972">CVE-2020-28972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35662">CVE-2020-35662</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25281">CVE-2021-25281</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25282">CVE-2021-25282</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25283">CVE-2021-25283</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25284">CVE-2021-25284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3144">CVE-2021-3144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3148">CVE-2021-3148</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3197">CVE-2021-3197</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-03-31T11:41:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-03-31T12:14:53Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202103-02.xml b/metadata/glsa/glsa-202103-02.xml
new file mode 100644
index 000000000000..0dc5e402d914
--- /dev/null
+++ b/metadata/glsa/glsa-202103-02.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202103-02">
+  <title>Redis: Remote code execution</title>
+  <synopsis>A vulnerability in Redis could lead to remote code execution.</synopsis>
+  <product type="ebuild">redis</product>
+  <announced>2021-03-31</announced>
+  <revised count="1">2021-03-31</revised>
+  <bug>773328</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/redis" auto="yes" arch="*">
+      <unaffected range="ge">5.0.12</unaffected>
+      <unaffected range="ge">6.0.12</unaffected>
+      <vulnerable range="lt">6.0.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Redis is an open source (BSD licensed), in-memory data structure store,
+      used as a database, cache and message broker.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that there were a number of integer overflow issues in
+      Redis.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, able to connect to a Redis instance, could send a
+      malicious crafted large request possibly resulting in the execution of
+      arbitrary code with the privileges of the process or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Redis 5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-5.0.12"
+    </code>
+    
+    <p>All Redis 6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-6.0.12"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21309">CVE-2021-21309</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-03-31T11:56:33Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-03-31T12:15:15Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202103-03.xml b/metadata/glsa/glsa-202103-03.xml
new file mode 100644
index 000000000000..2fc78d7a7bc3
--- /dev/null
+++ b/metadata/glsa/glsa-202103-03.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202103-03">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
+    which could allow remote attackers to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2021-03-31</announced>
+  <revised count="1">2021-03-31</revised>
+  <bug>769785</bug>
+  <bug>777681</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.1.1k</unaffected>
+      <vulnerable range="lt">1.1.1k</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well
+      as a general purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.1.1k"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23840">CVE-2021-23840</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23841">CVE-2021-23841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3449">CVE-2021-3449</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3450">CVE-2021-3450</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-03-31T11:28:32Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-03-31T12:15:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202103-04.xml b/metadata/glsa/glsa-202103-04.xml
new file mode 100644
index 000000000000..35516875df4c
--- /dev/null
+++ b/metadata/glsa/glsa-202103-04.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202103-04">
+  <title>SQLite: Remote code execution</title>
+  <synopsis>A vulnerability in SQLite could lead to remote code execution.</synopsis>
+  <product type="ebuild">sqlite</product>
+  <announced>2021-03-31</announced>
+  <revised count="1">2021-03-31</revised>
+  <bug>777990</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/sqlite" auto="yes" arch="*">
+      <unaffected range="ge">3.34.1</unaffected>
+      <vulnerable range="lt">3.34.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>SQLite is a C library that implements an SQL database engine.</p>
+  </background>
+  <description>
+    <p>It was discovered that SQLite incorrectly handled certain sub-queries.</p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SQLite users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/sqlite-3.34.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20227">CVE-2021-20227</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-03-31T12:07:59Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-03-31T12:15:38Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index a3b5b3678207..8e00199f4a7a 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 27 Mar 2021 05:38:29 +0000
+Wed, 28 Apr 2021 18:38:28 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index ae6b487559e5..212cb4faf828 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-ad25bb1223098eee6704824c258e1e4aec82f809 1612143785 2021-02-01T01:43:05+00:00
+9df841975125d76bb458214192472faedfc1d3f7 1617193334 2021-03-31T12:22:14+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2021-04-28 20:21:43 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2021-04-28 20:21:43 +0100
commit	40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (patch)
tree	758c221bad35c9288d0bd6df9c7dfc226728e52c /metadata/glsa
parent	8d5dbd847cbc704a6a06405856e94b461011afe3 (diff)