gentoo auto-resync : 09:02:2024 - 11:33:56

author: V3n3RiX <venerix@koprulu.sector> 2024-02-09 11:33:56 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2024-02-09 11:33:56 +0000
commit: dbed051da899bbf15bd223d4aa40e913cc3c5b0f (patch)
tree: d3c3e2621a817c0f200ff2a904810fa11b2b2a04 /metadata/glsa
parent: 4b63fd37a73007a6502ac56db4fc2c1c25c335fb (diff)
5 files changed, 72 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 7f7fe641b91a..3ca8a237d60a 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 565188 BLAKE2B 35f53a7f251713df50fcb7686e05bd9d32b5212c332acfb4f78810cfda409c59230202499f72410dca6d258aada2515c2e918fad341cbf357376890fc5ded7c1 SHA512 fad70ec1cb0f5ab8ebcba04d8007ecba54af8d22cd82a30f9a41b2ab8881ca037e0bb21c2fed295cb035a2ed0547d37975ced7975eba62e289894d58e57cb379
-TIMESTAMP 2024-02-09T03:10:12Z
+MANIFEST Manifest.files.gz 565345 BLAKE2B 1fbe9353523b9cd6f4873acac72def7cd205ef6bf788193681314c1985f36e90edcc33239ff25df0c9af17acc27aca72171bd923dd1674094202ab8effd3c970 SHA512 2c08b34daf44727ce643bc8b45c50d332fb8f4fba4b5bff8c9fe76a04e0528b52b9211b6a000475c670debe9a84f1bbc512e636e01a6a450f72d8314638578e4
+TIMESTAMP 2024-02-09T11:10:17Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmXFl5RfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmXGCBlfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBcLA//RNQBBuFEU68O1KqJWePxR7mp06XXD69Fgz6dtzdpCklGlOYiLpM+MrqD
-AYlz+AFYgusDy6r8xNOLGO0fq9nGVqTm3rlq8ywPl2sM15E63hb2iaPXTxJpvvnO
-Qhzs2Z4Lk4eGVAIpynSlzPQHemVmdVGqGAD6LyDwHJQqgbxPXbpgiNNpyK0etnRn
-LDlupCxFu7qnzowkRc2vaqUbvYEphrbJkvXpomv4aHxNO3jYtKYjVXN+QJnBYPUQ
-m/Xla5ILFM4VMWvvE612dUKlf+kR25SuBOJnRGfLRcDNrypLx+nja9IG9swVo5UT
-UaDBA1uOHbhs9HaNFNNMx2ttONtCrGfq+a6zUdOfsSOCAOt11V0y0lMBgy4I8Icj
-cAoRlwz9W+1+Q5AdqIZj2aTto4j3YcNB27PUihXzgsx7wMgDRulLFRf7JlMdzoih
-vKda3kTPk4qgSE1LoMBGl+wDeX/bTorEE5rQ85cAxZJCZZbIGo+uzl3DRLT4PgID
-6lVjLz53hNzdsAET98izqf9Xd3T6jeri62iucCKeTiaIPC420TEJFVNjXnPusW7s
-1kNB5Kvu6kImSkH2U0dUKmdPfIMjiXt/ysg9ba6i4eKTGSEGryxHCY89LyYjGw/W
-lt5bFodBfLuxS2UAykqZd0sQ3I0ivEsZGZL4TPhwxwjpS/iEM5g=
-=4vuO
+klD3wA//ex4Z5mCyg3FTcZfY01DJAfoUAS0gxv8wJm+2fYUwsRm0O2yDHh1VDW4i
+pBxXxHJmxQUNWhZLpQo0yHHQGWwiw/FoYCqexRnsp7Z/Sy6Odi/xmUDJ38taeTm6
+v1I/gwlX2EHxqV83/ybeJt5m5JUheZCNQFlWRs/gQtG+63t6S/h3F5+ZzCiam/NE
+dF5BFHoYb5f3YtiltOMdcr7joo3rqLIPCZCwMkwReJLfCNYvGpR2e2TR8s4YkAOi
+6WhDCAw70W3ND9v91lX7+PyoX+9gGQAmO2bVO8KCR3r0/IsSf1shLbqCKt6AYNI5
+oT+uw4vW854aobifsChxsHirf4Mlf8AvY4TRb44T0UrxDCbs8iSnkaqfgfjy6Aao
+5SPr3+x8Vks90gH3VLSEsgubgbzCP17Lwy8T7syRG5o1Cj1v9Tk5ixoeuwkkffpo
+gDMcv6+acG3K79iQ/dRQj8m049J4o868/u1gprXQa4ZWgj+m0dYREN5P37jj3MmZ
+jR/Y1M+o93vfV0sa7mkdbZAIL3iEfXi97aIwVQ6jnfvIsQDWN20FSNXPPt6su26D
+tR1+8wLMNBmK22j8liqlRU57bF0MB+1SDYyYJeEcVkxppGyjW5VvpCDG6SRtH2S6
+FTzxWxIRreGrt4phYB+MKDH/TvyCagI/ACy4pLqOMKpjrOptjJQ=
+=NLPF
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 3ef3b069a1bd..58f85a4a107b 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202402-11.xml b/metadata/glsa/glsa-202402-11.xml
new file mode 100644
index 000000000000..27cc1d01a72b
--- /dev/null
+++ b/metadata/glsa/glsa-202402-11.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-11">
+    <title>libxml2: Multiple Vulnerabilities</title>
+    <synopsis>Multiple denial of service vulnerabilities have been found in libxml2.</synopsis>
+    <product type="ebuild">libxml2</product>
+    <announced>2024-02-09</announced>
+    <revised count="1">2024-02-09</revised>
+    <bug>904202</bug>
+    <bug>905399</bug>
+    <bug>915351</bug>
+    <bug>923806</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-libs/libxml2" auto="yes" arch="*">
+            <unaffected range="ge">2.12.5</unaffected>
+            <vulnerable range="lt">2.12.5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libxml2 is the XML C parser and toolkit developed for the GNOME project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libxml2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.12.5"
+        </code>
+        
+        <p>If you cannot update to libxml2-2.12 yet you can update to the latest 2.11 version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.11.7 =dev-libs/libxml2-2.11*"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28484">CVE-2023-28484</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29469">CVE-2023-29469</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45322">CVE-2023-45322</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-25062">CVE-2024-25062</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-02-09T09:36:35.975755Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-02-09T09:36:35.978152Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index b04ff49dfe8e..a101c1ef04d6 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 09 Feb 2024 03:10:08 +0000
+Fri, 09 Feb 2024 11:10:13 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 54415f85eec3..cb1f66cb3cb8 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-c7a3936d7b9a6b4a836663710ca581880d4d5130 1707039950 2024-02-04T09:45:50+00:00
+e85e47ba7c520c0a553d527c33c5c297cb8ff286 1707471442 2024-02-09T09:37:22+00:00
author	V3n3RiX <venerix@koprulu.sector>	2024-02-09 11:33:56 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2024-02-09 11:33:56 +0000
commit	dbed051da899bbf15bd223d4aa40e913cc3c5b0f (patch)
tree	d3c3e2621a817c0f200ff2a904810fa11b2b2a04 /metadata/glsa
parent	4b63fd37a73007a6502ac56db4fc2c1c25c335fb (diff)