gentoo auto-resync : 24:11:2023 - 16:33:11

7 files changed, 150 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 54730af64be9..6b168f8eb7fe 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 552954 BLAKE2B 671acecdf3b956e40593b940db3c3c4d25b604abd0c4cdd9a525b421aa0deed29e2aee66fa7fb224997743a298d8e522e0fa6422a7a980e3a08aa5605a60fcd3 SHA512 e4720971a7c42a5c5f28e5088e9d32a3a2120739479f770ecf817f49cff3b8e1d959bcac2d314db5770addfca412ff20e25845ec84ef98a44cf6b7797a85bcf0
-TIMESTAMP 2023-11-24T10:10:18Z
+MANIFEST Manifest.files.gz 553434 BLAKE2B d28f022152aeaa3165582bfaf999cec857b2bf16990bd2a3cf925ffc73039f3fe49b92d5ac37eb0294a1dffe3d289493f6cd3e45fc608dcd7156a6d499a7a1e0 SHA512 35c586f941eef43c8a0c0f04027e3292ab00d1e5abc4862a3a8ed71bad94807b472aadb345bae98a96693b331b4a6dd0a0afa55cbc3c9cb52cb53a369c0b44bf
+TIMESTAMP 2023-11-24T15:48:42Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVgdopfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVgxdtfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAGiw/9EYPsWj18dnW6XlxP/kzd+U9xmGXjlqdEzkmtDf6J9jvZGgYs2W7hgPFy
-XOHG7r1W2rTzrhmrjsq6umUiqtc+bztcVA1xFzNsGqFNLEgu32oVyvDUTZ/20Rpd
-25rZAMVLjxMF1fmlGzeZc/l+D2fwaaOMvyYaOf/BMl7SElQ8Fq4tXcLPrRIpWYv9
-UAiZXZyC7B6cLPiTMp+Iwa7+nen4iC1qh8dJBdMdCEmqaCUJ7UyQoEKwzrIRHhIP
-+Nfun07LyCU3g9DK92b3AoNcHHNO5iiot2mS5klSHmmldimTTIbRazY5gXbQ6Kkz
-lKrQRf1P8vagPvyE2uXqvSLSzsw4U9dTKRkWGufjZ7QxNwVPqdqt2c6kpNuge57A
-aZHjIlaxCmSN5PQMmiea9X+H2+wWfFEr3nfYe++IfcdveB8sKUgewnQUaSiTWnW7
-tP4VmLPEM4b+gBFAh4uOC3HCCmpoNeLi4e2KhkSDiZHrq5nPRzR7vKBVI6drPh4K
-aumq2s5U+/n61GjkARn2sBMnuFePAE8qq3zpZdfSczdzvgjCbE/1KAeKf9yT3k9H
-zNDJIL6Oz8xuUTcq/8HGbDuZjkljpEe9++GF/zuIwUzuuIu2JinBJnmLkzpSrFMg
-IkY6P3lFql6zYKojb28923cciXrXQArXimBBC7yg39ULDsNtmZ8=
-=VYXh
+klBaJw//Tn07IQ/Z/3Rc8aqgotb/R5sGVVzNeLo+5hSDdSJYSt1qGIPaYue6INZG
+DdE6J7P9nYNLTuIHt1B1Efh1zM7pIfxazQCTtXvbY/kW0V69qfY+916eZfjGUBLm
+p3j2kudH41MkHmV6Msk0HisoQBWDVRs9RuJzSoqtL3ej0wuMzpAWBmPyyKKqKsir
+RVw2S8bYTt4Nf5yumbejFVzO85lpTbFqTlX7by7iUa+xZUmIHiXYt5dlOjUOPDOi
+cyvw1yI3qeCHCk6dUhVKfT5P0fc6LKKgpd5ddNzLSB3I7fptwBXjxLOTGp7Q3LIh
+dXRixyemQ3c6pB0H1OcdH0Srne2EF38Jkon6vR5DBqY1Vg0N4mylH0rHEm4si34T
+VagjSvJSStewfVafMeNlA1xRLOf1Eh0IAEtIFhRQS3tj0kE4TF9aYszBKf86Y+Qb
+ZZGBJFtoahV3QpqSRmpSCBkuFeUZ0MA/Z+4C9aEvjn9beBstnbBtd5zs+S37KE7u
+NWgCXeu+Vl6iGD+TJoJuVhV4UW2w+1juSlOjT2TT1hdHihQx4GnxYuEKH0UZ8Rvd
+0mmwWGOE97pLsGKOMvaOMmMxAsoSDonbg1vvijwNZxP0U96tdlHLSMIOwS4rFicx
+KLf7qUzPARdnxZUBrwL84nHwJ/2X72JTSWUQ/vIG3OuPhXw4mj4=
+=XV+o
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index e64ec36a3042..0e166af9b4a6 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202311-03.xml b/metadata/glsa/glsa-202311-03.xml
new file mode 100644
index 000000000000..9c0415cf2f3b
--- /dev/null
+++ b/metadata/glsa/glsa-202311-03.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202311-03">
+    <title>SQLite: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in SQLite, the worst of which may lead to code execution.</synopsis>
+    <product type="ebuild">sqlite</product>
+    <announced>2023-11-24</announced>
+    <revised count="1">2023-11-24</revised>
+    <bug>886029</bug>
+    <bug>906114</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="dev-db/sqlite" auto="yes" arch="*">
+            <unaffected range="ge">3.42.0</unaffected>
+            <vulnerable range="lt">3.42.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>SQLite is a C library that implements an SQL database engine.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All SQLite users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.42.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31239">CVE-2021-31239</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46908">CVE-2022-46908</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-11-24T12:29:15.707023Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2023-11-24T12:29:15.709025Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202311-04.xml b/metadata/glsa/glsa-202311-04.xml
new file mode 100644
index 000000000000..dccee512670b
--- /dev/null
+++ b/metadata/glsa/glsa-202311-04.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202311-04">
+    <title>Zeppelin: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Zeppelin, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">zeppelin-bin</product>
+    <announced>2023-11-24</announced>
+    <revised count="1">2023-11-24</revised>
+    <bug>811447</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-apps/zeppelin-bin" auto="yes" arch="*">
+            <unaffected range="ge">0.10.1</unaffected>
+            <vulnerable range="lt">0.10.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Apache Zeppelin is a web-based notebook that enables data-driven, interactive data analytics and collaborative documents with SQL, Scala, Python, R and more.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Zeppelin. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Zeppelin users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-apps/zeppelin-bin-0.10.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10095">CVE-2019-10095</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13929">CVE-2020-13929</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27578">CVE-2021-27578</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-11-24T13:19:41.936818Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2023-11-24T13:19:41.939030Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202311-05.xml b/metadata/glsa/glsa-202311-05.xml
new file mode 100644
index 000000000000..b4e5105241e0
--- /dev/null
+++ b/metadata/glsa/glsa-202311-05.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202311-05">
+    <title>LinuxCIFS utils: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in LinuxCIFS utils, the worst of which can lead to local root privilege escalation.</synopsis>
+    <product type="ebuild">cifs-utils</product>
+    <announced>2023-11-24</announced>
+    <revised count="1">2023-11-24</revised>
+    <bug>842234</bug>
+    <access>local</access>
+    <affected>
+        <package name="net-fs/cifs-utils" auto="yes" arch="*">
+            <unaffected range="ge">6.15</unaffected>
+            <vulnerable range="lt">6.15</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in LinuxCIFS utils. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>A stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

+

+When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains &#39;=&#39; signs.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All LinuxCIFS utils users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.15"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27239">CVE-2022-27239</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29869">CVE-2022-29869</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-11-24T14:19:44.552258Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2023-11-24T14:19:44.554584Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 6170b7fd3dbd..a9e201624cd7 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 24 Nov 2023 10:10:15 +0000
+Fri, 24 Nov 2023 15:48:39 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 3a6d169c5142..07716573eb8d 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-c9c5667418b482993cc73092e63caaffa8554c8f 1698850018 2023-11-01T14:46:58+00:00
+c99aedd76d916c7d282282c93b43664f35bccf07 1700835611 2023-11-24T14:20:11+00:00