gentoo auto-resync : 10:11:2022 - 21:28:32

5 files changed, 59 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index ccc7624b2487..e8d48dd81e77 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 536084 BLAKE2B c89e49fb5e75661a7da4bc1a8267e8936701fe518e99a96ea46c267fe11ac6fcc34a3029874ea964f0a67189423224c5aba6dc5cc7a56cf0d5889ea2d47d781f SHA512 75913d485440890ef20577369af3828f92411599dd916f9c5792517c2a36a196afc4bb5153abea2e3a2bc4b763ff2159dd5b7d79a6de88fdec6368ba79776c6f
-TIMESTAMP 2022-11-10T14:39:41Z
+MANIFEST Manifest.files.gz 536244 BLAKE2B 47908e9e54099299278f14e5112b789aac78178d7406b6880e3986163e8e2aeec411757dbe131202da7291c508ea72a7d158f7fe08facf6e36a23a28a992a7d8 SHA512 ef16d73b0d889ec01efae4d55e398ba1b384a7b46066c129d82b336f46e8804d0dd1765c65c49d93842dc829696efc67759ac790655f316a70359fb8847d9e4e
+TIMESTAMP 2022-11-10T20:39:41Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNtDS1fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNtYY1fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAdaBAAoaQX9MyESReWt0mMfVcKwUs8+0jb2OO2U41338h7TDUbIQ5MSUFYJUuR
-IQmK8Sn3rbL6cmaEuQfitWqyDH0jx8OX7oRZLUzLgWeb4zdCCSnY8us74DO0F7yW
-0wzXBVtSkdEg4jRWWP/96Ux5e5sgK+o0yaWaj2rCJu1FkC4gMECg/LIIvJX+QT9X
-ov8q7kS1HFbD5gJNtEFSFTY/ayLJditkuK6h6CxSdjFXq9wgo0q5eO7/AUXrLLsw
-eg4Y1Hw+VEIXHvy8zFFGov+6Jv1R36Ti6BD+Qx97f944nQDRTu3axlyWUjpl4wj6
-ljdTl9zVRBVh0/hWjCc0kxNEcPVcBzCwhUJzNi04sFt7eo5FpwlX5te0/xlAZM3I
-2zSmw/7o0E2lMGI5fnMvPUTCCcIvwjbymGiKZqlHnx96XbBlpwA/ndK9OjYpU/57
-dgGqj7tshjNhksTFdxK/oi1YetRjd9t9Hw2ysh8EP/zim59jhtfKYxIIBeV8CTLI
-0HJa81pavl5D78LiXP5vogHr2CxCwWlmM49Z9xxxHkJKbPOiFO57wtop4dmjnEH7
-KneB/d3nDnLgEqfC+Tk58WO8xNG71zQrfUEEyu1LmeUPA+wExZkc0gVKIou01xqw
-Glx9IbT53loOu6Qi8vHIfDa0Les6CBtc37xTDnWoDIFiu85D+Bs=
-=wxo+
+klDeMBAAmyWADY+pjEhMDjms5vR3loNY526fja5W8AsDmh6DMDPXtZP8FXI5iTRy
+uVmI+ZDsd0SaU90AiC1IGPq29VjDcz+p4fZgkmUSL07q8gg5EM4b0nfCCv9SpyK5
+fxYIzqKu8FcdQFe/LIHfVBHWzAOcdo2TRQAKAZOCMY/bqiBWKDHNdMqVit3xKZL9
+d3Kv5IL88cbOL6BdtUqA7o3XBRCocLu4dWklMPzoMFIAvS52M9ZPtVPgKfUKg2Ky
+vvdD/Y6yYl8wOPSxfeW21111Bqvx6b3s8RlWGC8zegX3zPFsydYjBWpcEEeSnoPJ
+Qm8E/jQeWO4UxfSJypWGqlUWsqNyau3RbMQADWCiVkxg0kcG2xJogP7BQAircwdL
+HzxmRTp4Hb+eF2HqNrSql7GaLbNVfAnvXdw2/VRcKtfp4rRDuGXNS5HyxggDsqTT
+Qp4pW3ZTKte4Tj78K6IBbehSlFMg1ms/F6erq6hthENYLKHVXjjH4jq8L7y7Utt/
+dwq1dK8mSuM2tNzlCqXx+vstfAJT2I2TNhj1Lu1zHtMu9l6htCiEDu4D1xCg1N4o
+MZPKvShleyc5lRPMD6lpwZGl7COcst7bHxsJadLROfe71a8EgPev2L6U2pMsYyUv
+nd3FDzJOx+FvjF1U4Sr7MQghAzQ71X5wLHcwYY7rnyp721c9DoY=
+=55z0
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index a99bb4c6d887..1a4f9ff8d224 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202211-02.xml b/metadata/glsa/glsa-202211-02.xml
new file mode 100644
index 000000000000..982dbfe367b2
--- /dev/null
+++ b/metadata/glsa/glsa-202211-02.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202211-02">
+    <title>lesspipe: Arbitrary Code Exeecution</title>
+    <synopsis>A vulnerability has been found in lesspipe which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">lesspipe</product>
+    <announced>2022-11-10</announced>
+    <revised count="1">2022-11-10</revised>
+    <bug>865631</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-text/lesspipe" auto="yes" arch="*">
+            <unaffected range="ge">2.06</unaffected>
+            <vulnerable range="lt">2.06</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>lesspipe is a preprocessor for less.</p>
+    </background>
+    <description>
+        <p>lesspipe has support for parsing Perl storable (&#34;PST&#34;) files,</p>
+    </description>
+    <impact type="normal">
+        <p>A crafted Perl storable file which is passed into lesspipe could result in arbitrary code execution.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All lesspipe users should update to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/lesspipe-2.06"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44542">CVE-2022-44542</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-11-10T16:33:11.165769Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-11-10T16:33:11.170829Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index cf84bc4548e0..29dcd93db7e2 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Thu, 10 Nov 2022 14:39:38 +0000
+Thu, 10 Nov 2022 20:39:38 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 75b2cb040a5f..856b1311a2d5 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-273d516e3c9a0078775979649ecc570e7186f050 1667339933 2022-11-01T21:58:53+00:00
+d2caa7d73160aa5b9c9cda07665068a8b25fa730 1668098162 2022-11-10T16:36:02+00:00