gentoo auto-resync : 06:01:2024 - 12:54:38

5 files changed, 61 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 6e58dc212fb3..c40e10750664 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 559158 BLAKE2B 7743be6d30bedd899f1ed6ee719a2c0f78de2f732319746c264a2fa060ba8ae030e9eed586d48ebb590968099f0af93a7b2f09f029dc6458c2ee484d255bd117 SHA512 86d7b1c7f1efaf6f78995086d3e2bb0b7d8c79e5750b872b064dda4aec42c093aebaf9a1ea2161c6c56fa84d61dba2be695416159673540b4a2291892918d774
-TIMESTAMP 2024-01-06T06:10:13Z
+MANIFEST Manifest.files.gz 559317 BLAKE2B 0a4d0ed654d5a43854b9b44988bdb4643495b86920de9bd246bf46fcc345ba1a5166c2103a10a186d99db77f51e6ca2fbedd4ea9de655624a90f97185dedfe19 SHA512 68b7f9edd2e18b7c9b8cde1bd8ca0c31f75b45ec27937f49a0b172c9019da731e4182b7a6489209bd8527928ac9b72c9b7758e7a8a785bc8902893a4edadd98e
+TIMESTAMP 2024-01-06T11:09:35Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWY7sVfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWZNPBfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAYfg/+MOkupdLfzTMTtp+5Kx8n+DTJvcPH4JChl3Atze2qIWjIWoi9TaqvNRtu
-oc8uNpK5xr3f983qH5b2pv1mVbcICDoe1RR/72dXmA7CkTfscjhQeoXR50iaxABE
-gjN3elxMZo3CNNq6njRs3wXWTtPhv8kA5s6BVs/fJJmBZI2mMc/09s5ejp6Mi3Pk
-bUkK54Esc3HislAXAO4S78NarU5g/UQ1oTypouZQ161WQlLRfJqcE+jh5Od9IJlY
-FOy3EP3rbVp/cHglXjcXhjxB4qeCa9zl/2viGnSX+ny2RAt1n2Tp9D37JBsGflzt
-OUTUIXimxSxWa7T0OCk/yXW1oe9dML/h1+drB9AiO7x/gr5GUR0h9XdwNhXX3phM
-NBqvcMDcxkpSw7GdnjbeVrKiKgxLIAym83K6I3WhPKwssdpxlrnbSOcc3e2N9BYI
-szlcjkDNtne/cX62huOJC99n5XAVwAO00x6Uqcfz0NYswJ3YlHAUobDdPcxmEGZe
-dXCw8jFiegmdnVN5+WZzsOCL6MsuMf1Vm36dpF+7OVxQ7rm01yvRaRB41v0YTlMU
-Xr+fjmLkCB5TkkLsZLPhG4TcQiS6zdihjjUx20Nmnsgxwa1f77jzHpE7R3ASFff7
-+KJMqUyQMvbUhHr27+UBf1I52IwP0C3rzoOfM6zS4Qz6PIrYWTk=
-=am6P
+klDqnA//U3WBWswT4EZcziH8SW6TUHMsjQY9r6DJ/bbKDzoGk+TxzSMNdBEyCL3J
+vuj0w+aOBLwRPCGIfL7xhFF2O+R1FHKgUNI7aT2Q0I1rS1XtRZjFHLOGoYnpyjwt
+QXTxPXkRkW41vlEd83cgoRwh8dP1TAhM8DimfHmg+UBdB20FLRGT0nCdbHN7Ux/x
+xu3k3Azhdbj8Ax7a2fzduZcQpII8dYXM/GV0gz4ECUBGKT7Rd5o9rwFkrnfZ7XIA
+SbyRL+sCDChmAvPVRy776zzdBX3Q2exyldyxRLQ1WPGYKVqJy/WWWROMYJy0wAuX
+4GFW3MPFndAbTYTdOnB4GA4f969gAFzisixtITzn3f3cdgtVApN1pHsslTi+du4/
+e6POzK66I0qiZxk2xeqdJ1/pOVNqwu7OYyg3kXNLwSwQ0SfTiMlP49Aj0cvRyjvB
+dbWZn/apxe2ObA2c1P3xr1E7ucYUwDZNrizz72IJeBtuyzHJn65OzI8ZKafferg+
+LWu06AalSDMbHT70ClFD73lL1P+fvaO+N/Pi0tW5a0gQNC1ea1Y35NkgjlQyY78b
+umEafSy/VXLb7dHdEuHa7tioVGg1VhDcp2sZUKOKvU7VM6auZkZDENnDI2ocRKnw
+np8UwMqoLKbB1HzJVCMQBico4oxkxFD5UIVV9nTW6TEPe+4E7qw=
+=037z
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index bc5279c092c5..126306040cc9 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-07.xml b/metadata/glsa/glsa-202401-07.xml
new file mode 100644
index 000000000000..ff293d52a518
--- /dev/null
+++ b/metadata/glsa/glsa-202401-07.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-07">
+    <title>R: Directory Traversal</title>
+    <synopsis>A vulnerability was found in R which could allow for remote code execution.</synopsis>
+    <product type="ebuild">R</product>
+    <announced>2024-01-06</announced>
+    <revised count="1">2024-01-06</revised>
+    <bug>765361</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-lang/R" auto="yes" arch="*">
+            <unaffected range="ge">4.0.4</unaffected>
+            <vulnerable range="lt">4.0.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>R is a language and environment for statistical computing and graphics.</p>
+    </background>
+    <description>
+        <p>The native R package installation mechanisms do not sufficiently validate installed source packages for path traversal.</p>
+    </description>
+    <impact type="normal">
+        <p>Installation of a malicious R package could result in an arbitrary file overwrite which could result in arbitrary code execution, as might be seen with the overwrite of an authorized_keys file.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All R users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/R-4.0.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27637">CVE-2020-27637</uri>
+        <uri>-fno-common</uri>
+        <uri>gcc-10</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-06T09:03:55.341282Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-06T09:03:55.343880Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index d1e0077507a2..16b79886b532 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 06 Jan 2024 06:10:10 +0000
+Sat, 06 Jan 2024 11:07:55 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 066490e28f40..c6d503ae307d 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-13307cb5778acc25f47ab91c29f839443f3a4cf8 1704464830 2024-01-05T14:27:10+00:00
+6de45d78fb7f4cf3386f767a9e6b4d48cc85ce88 1704531859 2024-01-06T09:04:19+00:00