summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2024-01-10 19:03:44 +0000
committerV3n3RiX <venerix@koprulu.sector>2024-01-10 19:03:44 +0000
commit6a4408b9bbd9fe61dc0966f587db94081fa5f52b (patch)
treeb169c2aac67648694c722324d81d57fd34c69d23 /metadata/glsa
parent8c8f1cfd2aa9e839aad7dad6fd43b370cfbc0a1e (diff)
gentoo auto-resync : 10:01:2024 - 19:03:44
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin560271 -> 560427 bytes
-rw-r--r--metadata/glsa/glsa-202401-14.xml42
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
5 files changed, 59 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index d8c046997c8e..f6ce8b53bfab 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 560271 BLAKE2B 788d7d800c0cda76fd36e704c653a017e0745e9bb01350ea23c15bfb7c7d2ccbf2d1642309260d1234728ebba3fcb12dfa56f5a746e590036bf3b2bd162d2304 SHA512 1057c5d7357b4f952f1ae20e59f01992d95bfb67a14a419a2349e88e3ccccc40879bdf67c69b0a2d1c192af1a44dda8b074b2513672a6a571abaf442b2b628bc
-TIMESTAMP 2024-01-10T12:40:25Z
+MANIFEST Manifest.files.gz 560427 BLAKE2B 1aa508adba915695d7358b5a44f8641eae1b4e973be239d9cd27633ced5164c77d5d6ce1e66bcb3bdb57f909ef7c0a6ca1fe7b7376c59ffc9519cdfd69605a15 SHA512 dc27357ec64da2120ad016fd79a721efe77476f05ae2c6595779a8dba77147b1da9fd491d1233f4f51ec84a1ad6c67349e0bb90a424e21ba8f8579562191edea
+TIMESTAMP 2024-01-10T18:40:24Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWekDlfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWe5JhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBVAw//e/Rs5M0ailcOhkuMewVQzT1zzs6R3dsnf7x3tp4xUMtGLisQV+Y65mwc
-rYUvSuepjxxtYvUEtFBQowJkHATukuS8vBlmEgBtcUZL0zTVmBuV6VBbZUyeQMlP
-DtoHU+Y2b3A8umvvY/OKIgFU1EvKoe/XTtWfnuyb0/inN4sry9e+WaCEIhfadzgj
-RmiXUSLE0nEjYn6veBRkv2z1fzIiz0m9hL6QHIyzU+dNCLxYVIvZmjdgnPHSJcvc
-+HH2ln+MiOLhdq0iNX6/yEEp8C+YKKG7DXbveLFcnHNio7FwiR0J3LV14xYsGTKd
-0d4SFKMIgAiEyJk1PNKCS3lSlWdm6kLnHpnDJIsMrIaEX/bRtQt1F4DuPyEFwb8p
-AFWavGQ50HHjvcA07Eul97chDP6Gma1OUMZ8vB0WAJMoUHYqoxnaPO+h8Li9vcPq
-327zxYYNqDfgZn7g1JrF70x3cJDVlHNS4RcUk5O3FcTRgit2qc7Vc2uDrfdjfoB9
-fwMqOM+LqudQAUFAZ/TEzFH8O9siY/Mm0dI+v/hfMOas/e2XfyQL61noZcZlD9LK
-YJNcZXyyFgFaAQXMhWPbEYhVg9+5xcBlyzsu1PLVVh07Wkm6wjHUaYP93d2+SlMH
-reEHuSVV2GxoAf8w/VLiZ5Cwd87ikUeEzP13im09v2Y56IF7Ctk=
-=MgZs
+klD+7Q//R2xNI5oXG4/4SIYd2eTekP0QxlUe396piX4zK+9RSWUU5RMvQr1pEFEy
+Y9PW7xXeFNuCzDTGMlnCtub6eBs7NkppVA79xTTP/GBUdM4jLauY3Hy94Orv9VfJ
+tH9vwIIIo01kLqmkFtM3GhBTDVV/e1pO3y1V8jfOKY/06uuz3VjIfp59f6OPmH3/
+9AYJKor80TtvnNHpxIJMx32fUUJAnvQJCW3JxVVobKkKBITevDuO7Mouwok5BF+O
+z3rXJVK5d82+HJtfUGZNFIfX5CA8JBDpdL+tCnzL+47f/CYT4oJh5Re4S1fxhdIf
+LOQViZuSLRx77nGxZyJv7X/9WrCyHAT7UwhESF/41sSPY1z//PCG/G+VJ2FgQ1Jd
+KDdevJCj2h2IiVrrNCtrr7rJLi5xF2Qv2x9PlqBED0s3CI3OZb2Q3MaAixCGycSw
+W2mNuAspPq7MPIECV/x8nIqvb5nRD4L0yfs1ho4HfWgwYyivQV7ZS9p6SsjrMVPS
+2jTW2hQaLSGfZY0W6RCZbUBdCNU7wF7EEnrKUaGu6id3mCiQNbJShhO1++xkmyG6
+7J9Qr28qL1AKa2rd5lQlfsNN/pk6bJJFm9hIEj7GeOElqpTo9cOiSmVbEgFXz2YA
+twPyvkvqYaMHKADTrcPtxXSC+aHU+bvGlI84nCYI0fUmlhHGPqA=
+=aGfQ
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index eb8249987c2f..cde80d5e9d37 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202401-14.xml b/metadata/glsa/glsa-202401-14.xml
new file mode 100644
index 000000000000..8489fd1909cd
--- /dev/null
+++ b/metadata/glsa/glsa-202401-14.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-14">
+ <title>RedCloth: ReDoS Vulnerability</title>
+ <synopsis>A denial of service vulnerability has been found in RedCloth.</synopsis>
+ <product type="ebuild">redcloth</product>
+ <announced>2024-01-10</announced>
+ <revised count="1">2024-01-10</revised>
+ <bug>908035</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-ruby/redcloth" auto="yes" arch="*">
+ <unaffected range="ge">4.3.2-r5</unaffected>
+ <vulnerable range="lt">4.3.2-r5</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>RedCloth is a module for using Textile in Ruby</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>RedCloth is vulnerable to a regular expression denial of service (&#34;ReDoS&#34;) attack via the sanitize_html function.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All RedCloth users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/redcloth-4.3.2-r5"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31606">CVE-2023-31606</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-01-10T13:10:26.781895Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2024-01-10T13:10:26.785113Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index cd7f01691387..8751349e13e7 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 10 Jan 2024 12:40:21 +0000
+Wed, 10 Jan 2024 18:40:20 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index d342da0701b5..2e5440585ce8 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-a1eecf982df504f02f8b23c7cace982c168ea64b 1704887079 2024-01-10T11:44:39+00:00
+7333f37d680f5c423bfeb1acb9a7bf506e04e09f 1704892253 2024-01-10T13:10:53+00:00