gentoo auto-resync : 14:01:2024 - 13:14:55

5 files changed, 59 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 9007ce3f2d40..e5daaf1a5742 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 560744 BLAKE2B a2c14353dd5785d34a9849d5b67a163032b03a379f9a0801a77674b6b6541c7273d72057452f70737f90a7aef3568710066add50311a9819860af72169e41d69 SHA512 e736fc103c43ac3c49ed7838718f30e699740b25bc3e516459a55713b7774c654fa31aa11efd3c741b714d9f2e7f273bea8960aefbc6e06db9cd5fe0db0ce201
-TIMESTAMP 2024-01-14T06:40:30Z
+MANIFEST Manifest.files.gz 560905 BLAKE2B b9505da046e9692a3b481fa08a8eae179027410a2c2065865cec1df0702c2c24c28065b147fcd50163efd4a08d845ceef92739c63c5770ca44ea935b7164751f SHA512 a08b802b515e37cfb86e660dc1e116cc6dfc97ec72b82ea0f28230b169fb16caf11869e46fb805e8cf7227594dcd8901da8fcb705deeb93763b0613ca9a7b8c2
+TIMESTAMP 2024-01-14T12:39:56Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWjgd5fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWj1hxfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAcwRAApkX7nj2YoUBtF5pJSywDnZQ9BGOwiQnYrbUosiX6GRm7uXbCFFBguy61
-9+db6UVsjo/Ny8+v+lpy/ZzelYSjoAEiv2gWf56Wrj29yb7kD3khOBKb9NwsUtnA
-T6CqEssGLqi2yOGsy1e4r2qOOrFjXus8g8YzkPX4Wp/avgsbDye4YwPZuBGizZUW
-WcdcCY1GwPPNbQzhroJDt8PtTpfA77Dlyq5y5R/LfpROTk6sA8M9q9iaxy8YZoKl
-DBx5FYscnXKRC27l+0YdnnQyaXzh31xbzgH3775U4ZMA13Qk11XsuOrKTnVEAreM
-b0hRgFlG+ststLaOHWpMjThfuPQnV3pAFFYdy93fJGIeuE34/+zHgGUHsJb/1Ser
-MX1F9BVuUejUoKodaoWGJhJpPn6sNDQQvRDHNc/yEDacwogcrf31DyRLl67mZm6L
-tKecUCm4qndn/Q2LTJGMJl6d36gjYYWzxUGm0I9W0l9m001iKKFlLEzFgswF4TKU
-SpwDqv3kRYJeWyfdmzunoEmhhfKl6QQiL7CzvQweDT1Sn9Bu0278oF3Yqy017eVG
-YgDtf6TuWLOeMXYPeoHJ8tv5T8qlQY9rAxlSpSK3MpTXygiL1HfB6aVPeLU5oojg
-Xcqk+CHq8XzNfSlQlvAS62lSUrD2T7aZIJSV3JlB4oJXj+aV7/M=
-=kZco
+klCZXw/9Ejr1sCkx8j7a6xfkH8jlLP60JYwRq6WCSUP5tMRfgrhVmwdOwCo0NVxQ
+FnPuCinV5mQBWlI4hq90z1aJgykSkshYA0HbXS9Z60jqPSWMyBJfMQPWwoMRjhuR
+WXr8GRiiGtnMeXjYmz0gMP3Q9R7YYaiA8qe5m3bTAfQ+dk8fHo0Bd1+vCVu07s0g
+pGnyENL48dzd1DohG6UmlETOsDq2H7PtNpCv4mu2ZTz+Brf5HXkyJMXLwxxo6Qld
+C9Q5rJWhv+TUQrHJDVkcLglByWIu54UmIHNyD0EvNUMZt+dpJ/bQg5xQQ6eEC6O0
+g0+vU16zlU+or028fwsTz3JMsAtSNbdUJegIRFi6YYd+VZ4fTLPeZAg4Vq+yjWMV
+Ox13gyvjD0KXauWJfzRX7S/V7FMZ/qAW/XP/rOyIhGKyhwWPEbZTv86s7iJfExhB
+ODEem9gQAeuq8Lk5OAGfaSCQrzgUfjfpgtYUjLypaAIiDPzYD9yG4w0pn2Kqkc5j
+aIfBpVb2GDUTqHvnbym7vLy0PGdGyg+QgQGaftcJuMmIalqoX/5fy6psJvqe1rAC
+V5OfvSjYw/MC15jKYpb6i9AhL1VruZApJD0FiuDKsboixFVy52dEuwbGhXjOC1fG
+bECNta1dZJ0ud0FbB095EUJXp+1esvP/0SM/zq0wn/wdgFA0OtU=
+=7nb7
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 0fa2bc80a4c0..4db39261fcad 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-17.xml b/metadata/glsa/glsa-202401-17.xml
new file mode 100644
index 000000000000..ca67fc87bb68
--- /dev/null
+++ b/metadata/glsa/glsa-202401-17.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-17">
+    <title>libgit2: Privilege Escalation Vulnerability</title>
+    <synopsis>A vulnerability has been found in libgit2 which could result in privilege escalation.</synopsis>
+    <product type="ebuild">libgit2</product>
+    <announced>2024-01-14</announced>
+    <revised count="1">2024-01-14</revised>
+    <bug>857792</bug>
+    <access>local</access>
+    <affected>
+        <package name="dev-libs/libgit2" auto="yes" arch="*">
+            <unaffected range="ge">1.4.4</unaffected>
+            <vulnerable range="lt">1.4.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in libgit2. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Usages of a malicious crafted Git repository could allow the creator of the repository to elevate privileges to those of the user accessing the repository.</p>
+    </impact>
+    <workaround>
+        <p>Administrators can ensure that their usages of libgit2 only interact with repositories which have only been modified by trusted users.</p>
+    </workaround>
+    <resolution>
+        <p>All libgit2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/libgit2-1.4.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29187">CVE-2022-29187</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-14T09:13:55.679015Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-14T09:13:55.681859Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 8d5ba6059971..fbdb234bb787 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 14 Jan 2024 06:40:27 +0000
+Sun, 14 Jan 2024 12:39:51 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 68484c5d1ac2..d88faeafae8c 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-0bd76dc2009147dbb24e9f25ef0c1928a1d99371 1705060019 2024-01-12T11:46:59+00:00
+1e10dddefba8566fa926c19fd2f97c893860b8ea 1705223691 2024-01-14T09:14:51+00:00