gentoo auto-resync : 12:01:2024 - 13:08:05

6 files changed, 125 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index f198994d850d..1c9c844b7d8e 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 560427 BLAKE2B 1aa508adba915695d7358b5a44f8641eae1b4e973be239d9cd27633ced5164c77d5d6ce1e66bcb3bdb57f909ef7c0a6ca1fe7b7376c59ffc9519cdfd69605a15 SHA512 dc27357ec64da2120ad016fd79a721efe77476f05ae2c6595779a8dba77147b1da9fd491d1233f4f51ec84a1ad6c67349e0bb90a424e21ba8f8579562191edea
-TIMESTAMP 2024-01-12T06:40:35Z
+MANIFEST Manifest.files.gz 560744 BLAKE2B a2c14353dd5785d34a9849d5b67a163032b03a379f9a0801a77674b6b6541c7273d72057452f70737f90a7aef3568710066add50311a9819860af72169e41d69 SHA512 e736fc103c43ac3c49ed7838718f30e699740b25bc3e516459a55713b7774c654fa31aa11efd3c741b714d9f2e7f273bea8960aefbc6e06db9cd5fe0db0ce201
+TIMESTAMP 2024-01-12T12:40:28Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWg3uNfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWhMzxfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCBjhAAk7NCwhTUGTY/8ksAB2+c94TC1bRYoI7xydC68DdQ2GzDRz2W1hbAoCZU
-8YIN+MqtUe5gyKu0OTN9X6keKFYYAZnPYNGOGHhYMhXI3UL5fM4tNWmHZgqOBnl1
-ySwltD6YY6tG/ZLH2bM69h2OB09H/FH07TIaCK9ZSCS6pKqlLxFpF66S0IXLummk
-lyu2ddrEWKn33D9YP9eME63jsiyQt+5edzZZCVb/GToQUVn4v21ZYHY+vcRTCuh8
-NrW3WFHniu3ruFgsu4kO8yxpeX/k6jpJ7KJClPlbbY3rdNCuJS0RClVGF9Dw9CIr
-IGxf7k6Hrqlqbph1e7w/R/dIVBGwQMv73e8y1Xdu2CIcHcjZ7+y7FMoJO4QvvqBP
-HWlXqSIqyBC3Ew6uYgIIGNM6VJaL9LKD7h7t0p/oi3FhaGjwpZA+7PIsrJ6EtM1V
-yPxmylnY+d3kXvu8KMBJhnvk2ymnUWmul0hm7CK8KUbZIiSvgVihEBSr5Vrl3JPe
-dgvyAmwLkor3SNPGqDj5o7jWNESirbFpPk4CSJ3h3v13zsN0h8W1hqaaD96K7kul
-1YAZB/yZfS2zuaWt/qWHJT1pIoVvlCwql9K0yKdZjBpJoCxxSgvT+C04SR/U3qDT
-Eue5IFX6/6raiLlDwWHKtkG9kyGEUm/EMBL1P7Jw9l3pUWPUAhc=
-=+6kV
+klBlexAAgQzIhYeKm5ojOljNsMwW9wugQ9qJpWJKP/lbaGXPnXMPHmoB/ZBTdAqC
+05JaOo5+G91n3EglUxO/NO3VicAmYBZFDGSZnCjwfQKsivC+CkV3Eo47a1+yOfQc
+tsvpOANUJ9u7AxtsjkoVuu86kJrLmkk2SgdHZZHJvSPjWVbBwBFAw0CpNBFIR8CE
+7MlMwy9cSOORKtFgBwjpdRtNMg7wJGoKxWAn96CHJdZbs/U8u+r8FT1HtmAqGJOF
+rEekW+viIOfMyEVNg+enMr1DnmmcT9JlSjrA8sKxuDK4/m7mbHLAdfbr3YHWIp1I
+C41gz9x2fndFLOzQXqBWWMUbGepvtoZVaJI5H6p62XWjul2tY9k7ZMNZESb46U6+
+Qp0FNyhjYDHiDuR56QzsgOtjlyEIIriQjkZ+jznFO0ykYhVshYnAO53vzBeSlFlu
+FBLnhbWQcmxhbpCKYckgPhbOF2cpEegaoiBfU1h+Khkvy61cB4SrGfJcrPPlAvMN
+Mbm6ei83BmYyyVXkDoCif8dH3/+7kx3EJ60Jp/VNr4fccfT4CRkKZ+lEzHTWoYJa
+QdyDb3grFJSpaFDU4uPD7zuyaGK4kacqQxSOfsTRac2r9V+TcaNfn3Q5sHQQfjIY
+u+3o+IXJrK1K+SMiHjjlFuyTONfhXcPAfLLXorbptrEc3392tAg=
+=f1pF
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index cde80d5e9d37..0fa2bc80a4c0 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-15.xml b/metadata/glsa/glsa-202401-15.xml
new file mode 100644
index 000000000000..0521e2c30a82
--- /dev/null
+++ b/metadata/glsa/glsa-202401-15.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-15">
+    <title>Prometheus SNMP Exporter: Basic Authentication Bypass</title>
+    <synopsis>A vulnerability has been found in Prometheus SNMP Exporter which could allow for authentication bypass.</synopsis>
+    <product type="ebuild">snmp_exporter</product>
+    <announced>2024-01-12</announced>
+    <revised count="1">2024-01-12</revised>
+    <bug>883649</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-metrics/snmp_exporter" auto="yes" arch="*">
+            <unaffected range="ge">0.24.1</unaffected>
+            <vulnerable range="lt">0.24.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The Prometheus SNMP Exporter is the recommended way to expose SNMP data in a format which Prometheus can ingest.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Prometheus SNMP Exporter. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>A user who knows the password hash of a user capable of performing HTTP basic authentication with a vulnerable exporter can use the hash to successfully authenticate as that user via cache manipulation, without knowing the password from which the hash was derived.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Prometheus SNMP Exporter users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-metrics/snmp_exporter-0.24.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46146">CVE-2022-46146</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-12T10:52:37.002879Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-12T10:52:37.005288Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202401-16.xml b/metadata/glsa/glsa-202401-16.xml
new file mode 100644
index 000000000000..8deff5eccbb9
--- /dev/null
+++ b/metadata/glsa/glsa-202401-16.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-16">
+    <title>FreeRDP: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in FreeRDP, the worst of which could result in code execution.</synopsis>
+    <product type="ebuild">freerdp</product>
+    <announced>2024-01-12</announced>
+    <revised count="1">2024-01-12</revised>
+    <bug>881525</bug>
+    <bug>918546</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/freerdp" auto="yes" arch="*">
+            <unaffected range="ge">2.11.0</unaffected>
+            <vulnerable range="lt">2.11.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>FreeRDP is a free implementation of the remote desktop protocol.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All FreeRDP users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/freerdp-2.11.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39316">CVE-2022-39316</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39317">CVE-2022-39317</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39318">CVE-2022-39318</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39319">CVE-2022-39319</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39320">CVE-2022-39320</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39347">CVE-2022-39347</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41877">CVE-2022-41877</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39350">CVE-2023-39350</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39351">CVE-2023-39351</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39352">CVE-2023-39352</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39353">CVE-2023-39353</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39354">CVE-2023-39354</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39355">CVE-2023-39355</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39356">CVE-2023-39356</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40181">CVE-2023-40181</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40186">CVE-2023-40186</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40187">CVE-2023-40187</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40188">CVE-2023-40188</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40567">CVE-2023-40567</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40569">CVE-2023-40569</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40574">CVE-2023-40574</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40575">CVE-2023-40575</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40576">CVE-2023-40576</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40589">CVE-2023-40589</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-12T11:46:37.421757Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-12T11:46:37.424087Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 538df1699701..f5a7a99f4540 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 12 Jan 2024 06:40:32 +0000
+Fri, 12 Jan 2024 12:40:24 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 2e5440585ce8..68484c5d1ac2 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-7333f37d680f5c423bfeb1acb9a7bf506e04e09f 1704892253 2024-01-10T13:10:53+00:00
+0bd76dc2009147dbb24e9f25ef0c1928a1d99371 1705060019 2024-01-12T11:46:59+00:00