gentoo auto-resync : 10:01:2024 - 13:02:42

5 files changed, 60 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index a23ab1337c83..d8c046997c8e 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 560112 BLAKE2B 62dc2af41770d5f472a21d19df2e416ad9cbe69646a24bf9063fe3c7d7b36b835148ffdf730b030db456007d5c45044793f359e00e2a253deb71569680665419 SHA512 706f92b2205286e8d0fb7e749fe17d4549d6de84ffe61cf0dffaa61b0add9252e50b48bb8087005681251c1d71bdd6ced3ceb19b36ffd7e75d1709bc3aa98712
-TIMESTAMP 2024-01-10T06:10:30Z
+MANIFEST Manifest.files.gz 560271 BLAKE2B 788d7d800c0cda76fd36e704c653a017e0745e9bb01350ea23c15bfb7c7d2ccbf2d1642309260d1234728ebba3fcb12dfa56f5a746e590036bf3b2bd162d2304 SHA512 1057c5d7357b4f952f1ae20e59f01992d95bfb67a14a419a2349e88e3ccccc40879bdf67c69b0a2d1c192af1a44dda8b074b2513672a6a571abaf442b2b628bc
+TIMESTAMP 2024-01-10T12:40:25Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWeNNZfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWekDlfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAQkw/+KdpJ5gGRgm0oihKIPya0kCuJDmtQmUnScZuRSwj7B9V04Jd4SOHyjpDq
-1BnJdqYK1sGHGdpyHRvFQv2Dp9fsZh4EYgM0moOAhDwkJHoRwZR8RTgzN5xgGJRB
-YSGzqs8vJ6AeSXNfQjY4Bhw0LdadDyACplmL/6tVgGZ/0P9E5opBgni2GOvFiSAZ
-6VSlJId/zhJHLffkZPnegSSn38RwCdcNlciPZC/cZw4Q5KS/XcZ+4UJP+WkNwaGK
-JmArXSbJAoe44suOXoqcAwZHi+NxGBlAGJ0XrzlnLXNBG4jNm/xpBJg/KVnAkCxC
-N3h+/koxsaEdMnBKyKXVq4EFWC15pVJyoTa0c7hbfQY1VxmXbtMXWDxVV4hx6VEx
-RRopxLSkJhsijKUNsOm/FwsshLb07xK/uFEq8hFJcWcnuPd2D3X18Azt6ceVN9Ry
-4CcYiVtjbb6mNVEBhoje1ILlO+yP2DdMvlFuozJ6qerQ2TqKUqMyoNvJ2zwhvSxi
-p8N4xji5FnBAxm2+OOTFwO2de/3/4ieHC4sauTTjMToaJDSzADklZ6tVjqgPnkx1
-a1f2Lt3qqg8CsqZUV/DALhER8vuSipyM9Z1BJ6G3dw6CF24AjFYcwBQlFpZUiDjn
-EKtj0yeafAGBuiDxi53ahlruGTO08j3Jevd0byA0I0pHQ7J4QPk=
-=Hi6+
+klBVAw//e/Rs5M0ailcOhkuMewVQzT1zzs6R3dsnf7x3tp4xUMtGLisQV+Y65mwc
+rYUvSuepjxxtYvUEtFBQowJkHATukuS8vBlmEgBtcUZL0zTVmBuV6VBbZUyeQMlP
+DtoHU+Y2b3A8umvvY/OKIgFU1EvKoe/XTtWfnuyb0/inN4sry9e+WaCEIhfadzgj
+RmiXUSLE0nEjYn6veBRkv2z1fzIiz0m9hL6QHIyzU+dNCLxYVIvZmjdgnPHSJcvc
++HH2ln+MiOLhdq0iNX6/yEEp8C+YKKG7DXbveLFcnHNio7FwiR0J3LV14xYsGTKd
+0d4SFKMIgAiEyJk1PNKCS3lSlWdm6kLnHpnDJIsMrIaEX/bRtQt1F4DuPyEFwb8p
+AFWavGQ50HHjvcA07Eul97chDP6Gma1OUMZ8vB0WAJMoUHYqoxnaPO+h8Li9vcPq
+327zxYYNqDfgZn7g1JrF70x3cJDVlHNS4RcUk5O3FcTRgit2qc7Vc2uDrfdjfoB9
+fwMqOM+LqudQAUFAZ/TEzFH8O9siY/Mm0dI+v/hfMOas/e2XfyQL61noZcZlD9LK
+YJNcZXyyFgFaAQXMhWPbEYhVg9+5xcBlyzsu1PLVVh07Wkm6wjHUaYP93d2+SlMH
+reEHuSVV2GxoAf8w/VLiZ5Cwd87ikUeEzP13im09v2Y56IF7Ctk=
+=MgZs
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index f70ab963dbcd..eb8249987c2f 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-13.xml b/metadata/glsa/glsa-202401-13.xml
new file mode 100644
index 000000000000..8b6fbe173b2d
--- /dev/null
+++ b/metadata/glsa/glsa-202401-13.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-13">
+    <title>FAAD2: Multiple Vulnerabilities</title>
+    <synopsis>Multiple denial of service vulnerabilities have been found in FAAD2.</synopsis>
+    <product type="ebuild">faad2</product>
+    <announced>2024-01-10</announced>
+    <revised count="1">2024-01-10</revised>
+    <bug>918558</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/faad2" auto="yes" arch="*">
+            <unaffected range="ge">2.11.0</unaffected>
+            <vulnerable range="lt">2.11.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in FAAD2. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All FAAD2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/faad2-2.11.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38857">CVE-2023-38857</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38858">CVE-2023-38858</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-10T11:43:50.951508Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-10T11:43:50.953718Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 31aef4586268..cd7f01691387 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 10 Jan 2024 06:10:24 +0000
+Wed, 10 Jan 2024 12:40:21 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index a60608a945db..d342da0701b5 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-17e2b155a748af5cd1276229d389b4641fec18c7 1704623514 2024-01-07T10:31:54+00:00
+a1eecf982df504f02f8b23c7cace982c168ea64b 1704887079 2024-01-10T11:44:39+00:00