gentoo (valentine's day) resync : 14.02.2021

author: V3n3RiX <venerix@redcorelinux.org> 2021-02-13 21:41:11 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2021-02-13 21:41:11 +0000
commit: c8d60dada2ec8eb48b2d2b290cd6683ccec40e39 (patch)
tree: c44943ee0563a3fa957716de909fed683117fcb9 /metadata/glsa
parent: 69051588e2f955485fe5d45d45e616bc60a2de57 (diff)
6 files changed, 183 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index f4af8e162a7d..16096ab586ee 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 500220 BLAKE2B aabc50258bfbbe2cb5f971f25f26b6c05a6f14b711c2f736db373e7c0f145f0cf5c547efb6e1ec1d43ad7c393a98fedc6e4f0b6a62a75dea9d2737f89715f3bb SHA512 66b9eade9f3337a820d760fef65a13534a76b1b7a62212ccfc6cd15a592b34f013e749b09caeb49eab79948c7489c23ae10c93f2b39bc07cd930f362aace586e
-TIMESTAMP 2021-01-31T18:08:32Z
+MANIFEST Manifest.files.gz 500540 BLAKE2B 7a48959b9c07be5fc6e9e98ffbda2d71400bbd137c089df45f7701ae5dd1ba444366d51af5a4656f0a37ca0bbed5e1b74627c57cf425e57c4516bb7194b7dc59 SHA512 e923ed887d7140a57ff660001f6646dac898bdcaefc8ab2effe01101b80e6b709f7e4d00bf72e6d181aa41f6d99fe7b4285de0597a1b60734104a3eee41ee946
+TIMESTAMP 2021-02-13T21:08:43Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmAW8iBfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmAoP9tfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCLUw//a/Gb7MGC1NQDv8asjSvpKuat2X6+ECFBpFgrp1MIfoT3Sxson1PRk0JA
-oCboXquuQg4ivZelcBcXZGo0m9sKCQfECyewwvRtRqB6SYJ/1ra+diT/qZCNidSg
-MfKMN1tHNMm6F7BpYoRiHFf95MISHJfU3mRG93ZlWzvTL+DIAbpZxtD3+kn2gxeK
-47uKL3mKFDxK6Q5LDTrPVL34S48Eftt1ODbpOFTmz1OYnIcsE6R9YELUKe+2aIDn
-Yy6akMQ9uicuQsb2wIrEHjVIMSz0awk7rIAm40DQz71AvwYOWhTr4AMhnKXxaDyg
-Y1oUWPqMOd8mn3vAo4tRmyVdyIzkl2+K//iMVIwowc1NtgtxlqLdSxBnXeHKGpRd
-HCS1u51v0/QN2YrZ6B7WJtl/nVdZgts4fxT5Z7inFqGZ7rbBPk+XPL12DIm8Qqub
-BZvh4fsM86Fuvse7ClHFmhgqIa+OoBFL7q9C9E2ZSxzy+Oz+EOp2IxpiVtrSyRKn
-M3K2UROAScnAN7/oF4MJE93un8E89OLJFOcmOKUVqXFdQ1CRMPefa1L/XdfV9XxU
-kcJZrpIpC9iuSwimKuHIoMYNsS9G2JwWupLQJueBzzBmR47FXoskDEaIn4e4vEAQ
-TwGZycOIBSrHYHZ3N3SJucm0hDrQ9nKUuk1pJwYZcYE8xv4TUMQ=
-=086J
+klAvEQ/+NU/DO3MpCK3Ff3BO396Kq46KTyWQ44yJnMXGuk799KY1/WIT1sR2WDpU
+Q6DihIj4ECX+Xrhy5zWOG04o837kT0lkSZoLLqC7d3tzELDt4raFhuovRs6OpEYa
+Iy3sAcwGBNOgfYX3rFC7bdHKrDktl14pdQz3YsBPly+S4sPv+/7L8ZoPKZxEKyNW
+K0vYXV1s7qdUMhGr5LYxi+nttNuca3YtPaRzsrtqXBQI55yf887yU4Aw/4LgJK9J
+V0k2v8TAaS2dBd9o+BEG6AyI2l0BAm6HJn9bLIzA0iHyOEqea4sQtMY5/GLgv9Uy
+wwgcMnXQDW9KAE1JrC6kMNrFAlXbXjvR4qSoHBx/+8K3MmY2RYuHq4T0aiMVeQlE
+6wZXZ3Rqbmeuo9DkKIZtXq9WuwzG7X59aY8dJ7oOrDqAfnRgCN0hAUSIylM1SBim
+H/DqdoEs5xutk+VJAMWzAm0DsSej4gl77PIYsmnB12jM6yNW+dx6AhFUF4S2EpIO
+OQyT5uK93DyU+G9HEiCgbVnJBOU1zpi8W7UhFbeJSvO+8hAn4I5J4B3K0RH2t1Xp
+QygTOROOngXqCgTZ21ucmXntZcQIgcPXT0PCB8rFXV0Xq7w9dT8X89qpm+49NgMR
+sJVBmZjm6tJkFgAhNsDK8/twNATY/SZchRqnVo6tRT7+EX7C+Bk=
+=mWiG
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 8e5c9db63e0a..5b3950946df7 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202102-01.xml b/metadata/glsa/glsa-202102-01.xml
new file mode 100644
index 000000000000..c448adf3cd6c
--- /dev/null
+++ b/metadata/glsa/glsa-202102-01.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202102-01">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2021-02-01</announced>
+  <revised count="1">2021-02-01</revised>
+  <bug>767334</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.7.0</unaffected>
+      <unaffected range="ge">85.0</unaffected>
+      <vulnerable range="lt">85.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.7.0</unaffected>
+      <unaffected range="ge">85.0</unaffected>
+      <vulnerable range="lt">85.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-78.7.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-78.7.0"
+    </code>
+    
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-85.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-85.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23953">CVE-2021-23953</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23954">CVE-2021-23954</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23955">CVE-2021-23955</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23956">CVE-2021-23956</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23958">CVE-2021-23958</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23960">CVE-2021-23960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23961">CVE-2021-23961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23962">CVE-2021-23962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23963">CVE-2021-23963</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23964">CVE-2021-23964</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23965">CVE-2021-23965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26976">CVE-2021-26976</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/">
+      Upstream advisory (MFSA-2021-03)
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/">
+      Upstream advisory (MFSA-2021-04)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-27T04:40:38Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-02-01T01:39:52Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202102-02.xml b/metadata/glsa/glsa-202102-02.xml
new file mode 100644
index 000000000000..69f0cc482a4d
--- /dev/null
+++ b/metadata/glsa/glsa-202102-02.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202102-02">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2021-02-01</announced>
+  <revised count="1">2021-02-01</revised>
+  <bug>767394</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.7.0</unaffected>
+      <vulnerable range="lt">78.7.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.7.0</unaffected>
+      <vulnerable range="lt">78.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.7.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.7.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15685">CVE-2020-15685</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26976">CVE-2020-26976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23953">CVE-2021-23953</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23954">CVE-2021-23954</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23960">CVE-2021-23960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23964">CVE-2021-23964</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/">
+      Upstream advisory (MFSA-2021-05)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-27T04:56:17Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-02-01T01:42:49Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index b41d1dbaad98..014e91410990 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 31 Jan 2021 18:08:28 +0000
+Sat, 13 Feb 2021 21:08:40 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 67da988a6843..ae6b487559e5 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-efd0aa32fd2ca278747b075a2c8f414bb8aadead 1611878727 2021-01-29T00:05:27+00:00
+ad25bb1223098eee6704824c258e1e4aec82f809 1612143785 2021-02-01T01:43:05+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2021-02-13 21:41:11 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2021-02-13 21:41:11 +0000
commit	c8d60dada2ec8eb48b2d2b290cd6683ccec40e39 (patch)
tree	c44943ee0563a3fa957716de909fed683117fcb9 /metadata/glsa
parent	69051588e2f955485fe5d45d45e616bc60a2de57 (diff)