gentoo auto-resync : 15:01:2024 - 13:18:00

5 files changed, 59 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index cc4fabbcd941..0ae966a639c7 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 560896 BLAKE2B 8c15a48bbd5eabebbba22927e63a3cc862eeecc5754e9e0ca8aa69bf36f50b87f2a58a31ac9d4cdd8038a1cd900c07b164636665ec38de65bc51dccb6c538dd7 SHA512 81aef26a69175ed1979920f616babd336fd2277ed160d474e5b5602fa9b264088907d9c34efc1436d5ce2377f19ea7692e5b40c7ef7bfd83d3e0a76cb3d0641c
-TIMESTAMP 2024-01-15T06:14:09Z
+MANIFEST Manifest.files.gz 561052 BLAKE2B 2e370baf90fdcc40ea27b2a1f0d7e6210ee747e4187243c4991ef22775123b08db937038f2d78635383232c5803c72b8a98f177b12e48fdefd33bfca9230a109 SHA512 fc1a49a1af98767621f025f1ee7184510bb281bd9e24e963c6700bc0c7aba3681caa3ebfa19bd541d1935840d01247cbbb29742d2400806b1206bcaf9bfd26a0
+TIMESTAMP 2024-01-15T12:41:01Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWkzTFfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWlJ91fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBHMQ/+L7SYFnYySCBr7+ZDM2M46GB8ZA9FRbqAaGxlTqqLf3kMSubbHjpTtRKJ
-oYYWt1fyFp95M4V2ti6RXVMOu3RXjwoao/2b06vJVp7brn63I0sU2Q+RKVFFtA05
-VTAKdlASmvEjcGc7IYADJeemn0EdjZwE2Vpo8tFn1MR3bZsambEV701Bc9MQiuh6
-YC7fJ0nCFE42wvN6LiBdYHNeTvJvUxbrf1ZgCk4FmSzJRKdM9Si+VnBT0uug6hWm
-lYxMGRSjE081gBNIgdj9PE2MwnkrU7kk0UePbdzCzpCCNfD/hdrRuZiCobWoDzaf
-xk+Kwn2Unux83jCBPbQFTeLIsRvrwgERy5FmmdXYmJZVM0YqaO64g7rdUhLkwIoE
-xG3tVbxs1TFpf3id/KGIDABnD10movKKM1TBWa0YVNvBnV0xalMcABDMc42R6k2d
-+ZNUP3zYplJ29VQNqiC/W3Jg6yFzTsnwBUNSzs0fEJk3ZXUuE/Y+XUVHt3L2FlH3
-e8UgUMCu7uBY86uif1KKdP4DuGwQEZOdabma/mYU6cWrSbxwJGD/XIO/z3uHVhyT
-l9hMzpF6llae0CkNDyoQxDPHAanmHRfjGMFRHtLNMMi8DWKwRueXC8AS+nCP4RPS
-xP3jKQWFFn0NysFdyo8zNmpKMc36c1F521HEZ9f+sJ49cq8uf9I=
-=mBMY
+klDpYQ//eSOigBbuQXnxsaIAVJ2Nb5g16vxFbibw3RdOuKLEfpYj40KS8I7Zzp3O
+/OvL249+3SRO1JrZfuZnWTFCt3LY5ZfoRgJ67TP18vuZwlTyN9BLH4q7LUn3MGkT
+NbbLhazV50SrEFxVgdpW67beIBNc64chd1fniJZWqK0RIF+4UkSohdhPsa093W+q
+DCYpoz8RLQcRNLAmArg4ZLWM9hsimJqbswxXcWiTRp1jDM6Qb7T6JLw0G4ZEphvE
+7ypUiuGyL776zy0ONOkdRT+FdiCANP+EXmCiuj/HY8UisHyd/63v4+OKuz0Z3bqs
+6SZ6dGIZ3GFHGOq/mXcGpO8wt9/RN0J6uDPW5xQ0X/vtBHZlCj3jaicyUlQWUerF
+lqJHu5S1ytCqPQ3Xki6FjVbx8Qdt3LtCxWAtHjE8yR0Ek4o1NIeVKav6Cuor6KdN
+VnAcBqGMxNDu/2GFSC8PRZYw9kB61q+rCmJ1H5/nlENjHsEaxXBuJ3u4EXIXkYq5
+5bASXHCOYF1WQmcGjlloo3JYkUwQ6Ljfx0SK8lCQg7bDe0jMH9D4miXBhi8gsuEX
+4zfziBoj5qSX+8cK5+gqMsBemCuZVrbpyJU2+4WNB97Ib10Kvrj+bV6iBpFF03xF
+kH9BmNtEXzRFhcUadSCQq0/PfgKvdNI/pcfW7V/83uxHYl7Kqf8=
+=h7SA
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 59cff6646524..150aa1571e0f 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-18.xml b/metadata/glsa/glsa-202401-18.xml
new file mode 100644
index 000000000000..73fa6e0953a0
--- /dev/null
+++ b/metadata/glsa/glsa-202401-18.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-18">
+    <title>zlib: Buffer Overflow</title>
+    <synopsis>A vulnerability has been found in zlib that can lead to a heap-based buffer overflow.</synopsis>
+    <product type="ebuild">zlib</product>
+    <announced>2024-01-15</announced>
+    <revised count="1">2024-01-15</revised>
+    <bug>916484</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-libs/zlib" auto="yes" arch="*">
+            <unaffected range="ge">1.2.13-r2</unaffected>
+            <vulnerable range="lt">1.2.13-r2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>zlib is a widely used free and patent unencumbered data compression library.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in zlib. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in ZipOpenNewFileInZip4_64 via a long filename, comment, or extra field.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All zlib users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.13-r2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45853">CVE-2023-45853</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-15T12:02:56.466413Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-01-15T12:02:56.468710Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 9dadc72a2fc6..f51938f0f188 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 15 Jan 2024 06:14:06 +0000
+Mon, 15 Jan 2024 12:40:58 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index c59670cdca46..4d92ae452f19 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-c084d1da1a61ad3d1c3cdebcb2fd0cde427e89f4 1705291358 2024-01-15T04:02:38+00:00
+93dbf80a72b6cbaffc14d3cdc8167e7cfb1c6bdd 1705320250 2024-01-15T12:04:10+00:00