gentoo auto-resync : 18:12:2023 - 13:51:55

5 files changed, 66 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 888bf69ab04d..606f33daf004 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 555493 BLAKE2B 9b9c68f6fcd5aa241244f03965d32d2bee2397eebacb0b4742f3b5eff9058f33cdb8d4c1f96505cd2a1acaed4347077a204862e5674effe944e54b05e7466726 SHA512 bf81aa35acfc8893b8a8ffc0d57915c1a8e6b54e9400f0d03f26dd199de30e2601f7a7c1060d2185e26c3276979665ae687fb8e8a1e2b4d537df4a3270e38d43
-TIMESTAMP 2023-12-18T07:10:53Z
+MANIFEST Manifest.files.gz 555652 BLAKE2B db9cf5206d9ceddaca8a68b4bf7f7ae528b88643f304cb02178e6516db789e072f19544b11fd07ca92e7c80c589b8b66ece5f49c746eb801b97383bbafd1f932 SHA512 f9958af059dd9b625daf56f6b4902011d7fc39a90ba956c342e1067f960a07cba8953dfed3f68b813916acab646a12243ae32da4878afce08b6a7142d90aa871
+TIMESTAMP 2023-12-18T13:10:30Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmV/8H1fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWARMZfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBZZQ//cN1bmc3NeyHSV7hpFvWdMX/ldo3WCkViGy4Y07mldALowxWm0ciDU00i
-ftZPaF+8qx1fefXBh8APnkJ/VX4KwOqiMPgqd+FiQpY1vF/h9LzBN0YdA2jKxpB+
-NLk9rT4QiqwxUXGHtjmXb6ERPcIKYYHvjB0Yvqo8bmJeMSxLbPCJ9+fp4UO5tqJ5
-D0XKccBrSEqR1JSQGVuIk+KF+yx8pYjc4qcWQrsKWfeXho1WA1L5tg8DcwfGUTSG
-15Naf4fGBVhq+dksE1aYDqZ10po4yTfvLWP80/xsd87HuIE1inxlsJoOcujnwf7b
-BhMSoZINFM36g1xX2xbTcsJ2BvNRvqR9jzqHFNaZmnfWS5LdHslg/rJH5Ae222G4
-ZO0TPUT9buKYlpJ606IiZKso727NPHmJZFDb9CZe0w3yF/LqqKbMPY2GgQNNWS0r
-xbCAUOuciqiiW/1j932kx1a/hgUvuwlASN+5IOtASlzZshXlaN+Dl3W3qOA1CoSj
-43VvFfW4J4OktyzF3vuiJiVAw8g9bt7NQZpNY4tvXa04+HnrYu21YUWMmJEDjwYl
-WDEvIpunABiVW4z0BFigouuKuH5JUSBWF8OdlFgbE/Qiu+7PHW+D4+v7vn8VL7B/
-eN9NgzvPw66rT1bslvz9BKwyG+kmYIRYdG2lsXRogODsNU8QpKs=
-=8jr+
+klCoBA//fyi+8Y0Qtu2MTNXDrp56nUmqhgnfj+x4mNGDf69P//DL2DAlH1vLkPUe
+9qi9BXomNk1xuGzwpreEQ3RPdc9yqMlqTQYoRrkk2wwWQQO7BqBKyE86RbG6EQ4r
+a9iBF3c7OgNPwSwxqANUjDWQ8B82fXKMnV9KSVZ424EIxNasc9BhNvQc3KTmIDg1
+XiQK1qZKMqYkGztgfjccCQph6VwW+hRcyKi71WnTacMKOipXZFAvSbzBvQzNyjAj
+092g68ubgoAlt4u7B7x0hpvmrLFb67oGK/XFxKLFAeVaK3tJ3K/YRAQKNbr6cyKt
+DS0p0dSNQkuJPYgWbGeHsj0vK4G9IzuHrbsZSig19/7p4VH+UGL5Bhim+GwC3/wk
+T7dv/FqUsGNH6r8N9JsgT3C1almYfWg0QDcElzc7b0HSXW0+gwVM43NgmaUft+c0
+S4cMDzVjv4/oOOT3xRag72/SxSXFzF07coSD+vMZ7hGgoiWAr/DGR1Kna+PCwudT
+qL5uonMJYsoNoH5VeaBnrxRxt9wi6Icfie/gLG17RWQWWSSt5bkhQox7NtPUZqpU
+I4kB8YslTPSPctAAInpFRH5pw+NFMZ3W6+kI6o+3Zg8UmT9kWf2sBytIXR+edPL3
+GYfUmLF5uXZnzb2nnLqW0+12OSKi4OMchXm2yMUXoTdvrgfQ73s=
+=tqW0
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 0ed9dcec42d6..cb8367baa719 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202312-01.xml b/metadata/glsa/glsa-202312-01.xml
new file mode 100644
index 000000000000..1508a2eaf03f
--- /dev/null
+++ b/metadata/glsa/glsa-202312-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202312-01">
+    <title>Leptonica: Multiple Vulnerabilities</title>
+    <synopsis>Several vulnerabilities have been found in Leptonice, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">leptonica</product>
+    <announced>2023-12-18</announced>
+    <revised count="1">2023-12-18</revised>
+    <bug>649752</bug>
+    <bug>869416</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/leptonica" auto="yes" arch="*">
+            <unaffected range="ge">1.81.0</unaffected>
+            <vulnerable range="lt">1.81.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Leptonica is a C library for image processing and analysis.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Leptonica. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Leptonica users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/leptonica-1.81.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18196">CVE-2017-18196</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7186">CVE-2018-7186</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7247">CVE-2018-7247</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7440">CVE-2018-7440</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7441">CVE-2018-7441</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7442">CVE-2018-7442</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38266">CVE-2022-38266</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-12-18T07:24:40.079677Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2023-12-18T07:24:40.083318Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 6970c4f8b7c8..cd3392460665 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 18 Dec 2023 07:10:48 +0000
+Mon, 18 Dec 2023 13:10:25 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 313f325014a1..09402fb93716 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-e8cae5eafb887bc451b4344e6de2d99b8d6e75de 1701088111 2023-11-27T12:28:31+00:00
+ae470dfa87b9f8990a63603140849dc70c320603 1702884361 2023-12-18T07:26:01+00:00