gentoo resync : 21.07.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-07-21 19:15:15 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-07-21 19:15:15 +0100
commit: f07d186050d4a6c9019e9185d7bed71727aeb1d9 (patch)
tree: 10fefdb5de5a290696e324758bb330128716a875 /metadata/glsa
parent: 2606f1ec8b3e37af376172c66b5ba13d35599b8b (diff)
5 files changed, 66 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 94f5cd90626f..7190e3eb9325 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 426775 BLAKE2B 0a924e893bc7d02fb872d05ff4b63ad4d237b75711b0c6a09d632bbc7eeb1a14506448cef5b376ba25b504b6e4c16d40d6662762ee100207b8ee92abf972340d SHA512 811f8949726f5f714f93c3522b7ae6b1eb5aad37a0229ee9d5f5ee0ddb8c5273a4f3b0d4055d44a1dbeed5fc458aeb2e5620e47889961d9b7a4e961c24e5877b
-TIMESTAMP 2018-07-14T19:38:37Z
+MANIFEST Manifest.files.gz 426937 BLAKE2B fd40fb2cce7e8bb9b86f11cc0b67099c90238f284b3a458c8153c050be8f5f23899e2d0a85dee8371053bc572661a4ef4f721c0fbfb7976cc36ee7c7480ac631 SHA512 829750d5237ed3b11ae3dc9afdaacd5fe79e390dedf6730a47ac29c7f64e7bcce35e880cc0e44d263a4b9a9ed0186d2e6503cec484fcd93b4c19afde5af0ab31
+TIMESTAMP 2018-07-21T17:38:26Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltKUT1fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltTb5JfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCKCQ/+J+S6xWydS/2LQQRpAZTOWx47DsXxJagvgnq+1xxp3Nmq07vfQ58ftq59
-nGmOZcxqr8tODbzLo4PZtpJhMp1cg8MANcp6weqFPPPvCLWhLjX/+xxihk+kQy2D
-a8EG9SXTrVY5JvRE8ZNs61yiAK5+3BtxDi+JxwLK92/opvU1n36D/7UA3yPCkkkK
-syONqOeh2gJHAYBrC7UN4+fk1DRyVPFjW5Pfja+MFUW/T7+PIeyQb35pCRywxeBK
-GTHFBCf85bbSWUh3UoR9JCaZiNctcMJCdZ46roz13Upu2r+Gs9VJtytMrktzpGyg
-dzk02LXTDXQuCHZC+W7BCKx+KLg3fJOHpwSUXFsaIzdt8SBgMdFgYhDy8uhmhSZi
-LuyhSLn6IhfDfwddBsf7xjwjsk3Bq4a/MJbiaPsV1BRVrJEoyzVN5IoI/wvDUNez
-KsTvoCsbqyF8Kbb8Ns2DEoX4qdxe8VqE4oEel3Wirgk58fnq2GGlbOehI3Aj2iDQ
-X30eAvi1YOh0RDWeJcLiKiMKFhcsRyPr8WIU5EomKN64w1opqPYui0iKo54ZkaaH
-JTLO3Ea7UX0s/9paLBokM5zq2yHQilB7Lu0kveFRUW/P3UDSTVRZi/5UKgbaicvT
-l38lVChGn+U/c2VbswguoAX3bmCqHz9t9QHd4GU7Mn8hzVH5gaU=
-=49RK
+klDSoxAAnCXGfNS7/gfyCQn5HIvwG+CbL1A6m/KxJmulrcIdeytKv0RQ6aDlNI6t
+1i5jj1ZvWlG4IaGStdmNZ5d00Qr2Fs6bCfJFHu7IPPSiW6799oEDjTsBDtj0bNJr
+mCPLsAMM/SFgfs3h09a4H4+eQeE20sceP53ppicFlLGu98yUcVenmbos40Wn2+0u
+vvinM8JxdwIXeVanBv/hpjiFuOGYIPQdV8Bb2TW+7+r9qacMOtmf/80y+dtoq0bt
+JFPlluqlRjTz3mpmpJpkx4oIlQmI/6d5QnNnPWqRCkafk5renkiXNkuJl5SSNa1y
+8uBgeC9ild8M50rHL0iFd64MnYc9mM2dyo2wRkDVlMpRK9eQmOGJWloXPafCxTg5
+OLnMlqLQz2aqMZiBEDK7YzpZXRe9rVPa0DTYUNeyJ61mdie6TpajdhyR86Wnz7H0
+ONwjOoEl+1+NwyCt719fJz/gkoZ6eVXY1Nn6BjCfHetI5iIkYcSbnN85mQ3kRLcf
+V+Q0Bg7jPGbyQelNJQRlUq2LuasZyf+lUI0XBmKscTwhZ3apCN0axu4LJqe19gDP
+KbZ4WT7lcv2prP7VkvdeLbLf9G3x9INCvIuPu8Y/ZwjyYQchw/AJaJ3TPui/v3tP
+7H2FmjZiWPqamUVEEduTlJXOSfntzPetKOmjEyTRZWKsPtOxI6g=
+=u1Ze
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index f740db1e7b5d..a924ccd14e63 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201807-01.xml b/metadata/glsa/glsa-201807-01.xml
new file mode 100644
index 000000000000..5a945f792950
--- /dev/null
+++ b/metadata/glsa/glsa-201807-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-01">
+  <title>tqdm: Arbitrary code execution</title>
+  <synopsis>A vulnerability in tqdm could allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">tqdm</product>
+  <announced>2018-07-18</announced>
+  <revised count="1">2018-07-18</revised>
+  <bug>636384</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/tqdm" auto="yes" arch="*">
+      <unaffected range="ge">4.23.3</unaffected>
+      <vulnerable range="lt">4.23.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>tqdm is a smart progress meter.</p>
+  </background>
+  <description>
+    <p>A vulnerablility was discovered in tqdm._version that could allow a
+      malicious git log within the current working directory.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary commands by enticing a user to
+      clone a crafted repo.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tqdm users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/tqdm-4.23.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10075">CVE-2016-10075</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-07-02T03:06:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-07-18T03:57:26Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 5beff81f2f31..9a5288812662 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 14 Jul 2018 19:38:33 +0000
+Sat, 21 Jul 2018 17:38:23 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 371b226d6874..9cf5b169a530 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-676a0a13a2c9c89e7a04d5a85550b5b48c25f9b4 1529809898 2018-06-24T03:11:38+00:00
+05c861bfc6df24f1e1d8bdfbeddfde0b268a1418 1531886373 2018-07-18T03:59:33+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2018-07-21 19:15:15 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-07-21 19:15:15 +0100
commit	f07d186050d4a6c9019e9185d7bed71727aeb1d9 (patch)
tree	10fefdb5de5a290696e324758bb330128716a875 /metadata/glsa
parent	2606f1ec8b3e37af376172c66b5ba13d35599b8b (diff)