gentoo auto-resync : 19:10:2023 - 09:49:52

5 files changed, 59 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index cb4fc9ac9251..431a161923d8 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 550894 BLAKE2B 798965263c5d46e96205dc199bf25a6ce30d8338486a9e848484a9fd5ed830d3c27c166ba202e07c36df6988d550704f299a879de8c58b3b01520f804c90e943 SHA512 f6ec462cab8043045f98a1e866ddbe0f314f470e436c8cc7e0c07b22f2f914a169ca9d6120ef606f1879badd4bf0b66721cb9a50d5074d457a8e0d58296ee3b4
-TIMESTAMP 2023-10-19T02:11:26Z
+MANIFEST Manifest.files.gz 551049 BLAKE2B 101f1e8c4fa2931de07bb12ade0d1a8f1086be636efa08e147c4c0a1ca5fbe5e5a01767f2ed884b1618e5e410a13397f54d75143f4eefe815b1be6584235614c SHA512 743e4ffacde54ecf7bc8f18d55d327e1443b9492e2ca28d9c8d3bb34f23fdf39df6d37e054b64a8068d11f93ef17d55500c5009206e44920614c53a3f5660f38
+TIMESTAMP 2023-10-19T08:10:01Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUwkE5fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUw5FlfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBM3g//Sfr7MAmWPcb+HEIl2nywR2Fv0VI+vaLFzEtOw0c3Aper/j/rE1yZIdmd
-EGSmORGCCr9nSYTy8xDOz+E2E5cIKAU7bO7+zJ22h1+viKKcrRC+QCAU8CrEmf8+
-ea0DIWcXEbQRb4rjMcKEmFSHe/wi+EiRV2fHGd8eN177wjIjTlLb40+/TKsWQrzY
-b6YQVJfKKdrYBuLp9ZzbgFwCTcei60NpqeIGu9N9cl8WZ1zknb9sDp+hFVuMxhZX
-+odJcH9sW9unJwnMj6mrIinarUVxEvS9Zh7M7Q3ozl/5kvzRXzfPJeLJyYE9NK8s
-x0qzXTvPdDUbcuZzboWsNELeF/IxmWjS+HTw8Q4bb5YhwCZHkY1vhQz/xl2n8TCH
-lKO3E+ZAQzCZiFRM0zO7d9ONjR3wtpT3QwQr/ERNKzAUFak5Iz7lFDI4T+/X8pU+
-Gn2Mk9Ftz+F/NlVh17SnNFmKWs6YRlwopsvwtn7OzjtUEgE4dodEjVfIqnIj5qWC
-mzepeh3SYU12v5F2qa5hPSohNXPYSgj1wZlunv5LtGojO2cUAWyfzysI9E1bYls/
-8JpCm3kKrVT8FL2OGKVcxp0eV6w6JFqKDV5DuYcRV1E9VGtm4IW3+FBTvJ/Fjx4r
-wnUsUo6tH1/qKybjNNJrtR1q8tv1/Q8LwFXksO3G7m4ulwLjQ8E=
-=SKPI
+klAL1RAAtCpvCMbH5rCFGfqVfVbnOBDUhnEu81tVxQiuETT65jvYtP+zJwy6wtgz
+eAf9YvILisRxsqRIxYTSyG03QsFSObyDd2ETWzhz7wveE30z2YdYhFXfDLuDf/45
+1u80Gr2E4wi+55OxGuHYIKXljVka2+m94Go0+YwTzlsGnGI2bK85Q864FCoC8ZFj
+4xatpuVyxvZBEL1A+3I0US79I7PW7O6K9vtPLxOIvkjYXpAzU9tZYDr3wSrHwrdl
+5nvYqgHgmY6+RVkeEA+xfwHBViFACNAeY5gAFE/b0XTE0Tp5UjCUhADXFVbupKlz
+a55a1xud38ekKsOqoXLQ9aDznwf8Erw2Wph6I9b3U2i7z5EL4VCch9PXKGcmtCZB
+wyENzDsnTOD0yWUppgkMu6nhy+8tAMa29FApbfZJPRTnp27J6IbMMVrxS8YR4SyF
+3qnBg+tvCQBKJ6jeKDq2bktg2d7lu74O4Llour329SRLWDe4ukfeZPzk33USctZg
+vdmpcWYIIKsFguBumEbMMw+pTDyYj1k27461CwHiiGO9ocEeQV0EQnpj+s4H5FCd
+rFClwJUP0Tf2aqNMr5QUZtj82Ref1l+A9FFAO25Zal9tE0pLNASkN75PTOBb01Ne
+HFhQ5x3awrv4Qi0anKbH/XgKEXucHNwygVymG0oiGNCYgQu0OYk=
+=2yE3
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index bd3b63d1aa86..59deb0c365fd 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202310-13.xml b/metadata/glsa/glsa-202310-13.xml
new file mode 100644
index 000000000000..0bf697889416
--- /dev/null
+++ b/metadata/glsa/glsa-202310-13.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202310-13">
+    <title>GNU Mailutils: unexpected processsing of escape sequences</title>
+    <synopsis>A vulnerability has been discovered in Mailutils where escape sequences are processed in a context where this may lead to RCE.</synopsis>
+    <product type="ebuild">mailutils</product>
+    <announced>2023-10-19</announced>
+    <revised count="1">2023-10-19</revised>
+    <bug>802867</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-mail/mailutils" auto="yes" arch="*">
+            <unaffected range="ge">3.12-r3</unaffected>
+            <vulnerable range="lt">3.12-r3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server (imap4d) and a Mail User Agent (mail).</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in GNU Mailutils. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>mail(1) from mailutils would process escape sequences (like ~! shellcommand) in message bodies piped/redirected in. This creates an RCE if some part of the message body is under an attacker&#39;s control.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mailutils users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-mail/mailutils-3.12-r3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32749">CVE-2021-32749</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-10-19T05:47:33.365385Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2023-10-19T05:47:33.367529Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 54cc8082c689..150f24a71e02 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Thu, 19 Oct 2023 02:11:24 +0000
+Thu, 19 Oct 2023 08:09:56 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index f7738e0e33eb..86e6c6831bb4 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-3dfe02046c2bc76fb7e910a04702603b72fcb98c 1697013684 2023-10-11T08:41:24+00:00
+3e4a6266341c7f754ede0bb2d3c6a7f37daef958 1697694502 2023-10-19T05:48:22+00:00