diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-08-08 12:38:45 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-08-08 12:38:45 +0100 |
| commit | 14866757225815b9374acfc8453518951e0f910d (patch) | |
| tree | 3fc69d84de25c5d40515dc05fdf5c5934ed69955 /metadata/glsa | |
| parent | b8c7370a682e4e29cda623222d17a790c01c3642 (diff) | |
gentoo auto-resync : 08:08:2024 - 12:38:45
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 581399 -> 582186 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202408-09.xml | 43 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-10.xml | 44 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-11.xml | 46 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-12.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-13.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
9 files changed, 234 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 0bce9d8e5383..56b810db7bef 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 581399 BLAKE2B 7625df02b4f1b89397b376b84cd5cd12e72dc54d210a0b50792c11bea66aa2587c55e06a1c2f8c90e2d23e53d64dd9a95abcafc93985ea6b790b31a4bee23a76 SHA512 f826de1364ea562a943d402f32d70fea336c99b3f3c98bfe1a40de213334dbdc5b757ee30a530c7c880159a52dabf6ac43651411c9359eea6e317d844dc3417b -TIMESTAMP 2024-08-07T11:11:08Z +MANIFEST Manifest.files.gz 582186 BLAKE2B 1a05feb8b9f4689a5bd4a3b5a194172aab19857a1b6e62bf709acb61c73ed250c6bf15cfff567f826788975e1396b0aaf59ca881f1f7eaed4538d688c5c6c312 SHA512 8c95b20c054cb4417bd4f7bc6d285dc50887b3c7f63e2a0637b969f6461508fb0ea65d4276d1116c38b4ead475746df44be5ee73b60d3d6ebf301f72d2cea382 +TIMESTAMP 2024-08-08T10:57:13Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmazVkxfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAma0pIpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCBSBAAh8hTRHpj2s+CCBDbRsv+k+0EhgTm6ycX5wyVlVaS8ND6bw8O6/kcXk8n -l0iAgJEZjC2gwte7tGhWUXnNf1Mmi518dmqdU8saBQ/NjoguiHfGzT38hHDFKDPz -7GYLhRk3e3UWX6fCWbEIScyqIyW/t5qnocD/8H8BqVjtjuDrlIbxOWxyGDQMxDrI -IWBdBlXiwQuLiANByGSOCTo0DilF6zYUrLT2wP2QWNJz3JX7kRK7iezHlIoIXW4Z -zHuuW+T7cLyTERTpuek2kAqdYiJjESaYkfID8+hIZN2GKl3/chAuLvTVYbDnZ1by -TLslfrvbEUAEhwrimF4NuD71cORTaNclfjf2TTRULyG7YAEi9Oky0MO50w1PCBqd -LMSCffZHmg875Qb/nhmBSpYk3xTxtu8wYkk9Vp4AapErRi2Lr0OWVb099aXGrskf -tu8j4T5YBnVlr5XG9d8eA32OCIfHo9CPWCw+gye0fAZKC6tlyl4Zy/D+mgq/ryhL -vGdf5nf6ZR+Wo/OrV666C0OgXsH5zD71fdGcm0iZ6IV+SjMK4c28TANRVSFIAF9l -V7o9VqzfSam8tmQNvGXc/krX28ZYMYxK36PDNEfyd4rNIklPDaEsrsegyKRNlDpZ -/dzF7ZJUd4+EgZQ9Nd5p2fjmeJgeb6Lu6E72bpDQQ8UTgz4f4DE= -=/QTK +klCM9Q//adrfGikT/8N3ibeZxd/S/5SeBiCrKfcrWgZB8jDnkZO7TZpdW8iohdeF +tC/EoKWBSxM5jlx/W72XN4TPyJ81cf6+99tY4YPAdrlWhCDXdg2rt8vfNiZFwD3z +qDYa4I3NMGgq+589mr+Li4zMK7UdxjLMWhMogj70G65mshreDLUgZMHRN2VbOegO +dMc7+xCx2FCawU+EgCpGbljCnd5Mr22O9ugpHgPxl0Q0fkDDhC85H7Or973169Ce +ExBj7l2oZbSoDjQowJk+j988Zt5iPrvaCRjdPAEnKss/kU6TbtnPDDzlVdLVFFLx +HTex9wgODRME2bXdNQUONGpC22kPFVXQk4xxjh8bwpg4qt3T0pHujTIJyKms4SCX +iTljq6wksUcOZUbXENuGe4k5JbHJijj2gfhMTaI0yg11SJvwjdYk+ZYTwjqSp1sK +JTHWrdQAnwfraz2c4A2WIt8Ep+9rJ14Q11+Ep9XjB+2qVlY7wK36u6SRySkAHiEo +zfTjFmzfrM8hQJwUcL4qA2YiCU1pVAkUgPQvKaXtNU2XitbyBEbSqkLg5vzmgkyI +lBHC16BT6ulynjpKduQE8COB9blq33JpdmK8E6W6OeSUiKMG5p1nekMfrNUV6u5S +lovoUv68XKPQfbGC+9sZB75fN3IRIg3cgDScaSN7Q/oJZA35/tM= +=zbZJ -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex be4c754dd6b1..8c8552f6c480 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202408-09.xml b/metadata/glsa/glsa-202408-09.xml new file mode 100644 index 000000000000..128ef86c9f51 --- /dev/null +++ b/metadata/glsa/glsa-202408-09.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-09"> + <title>Cairo: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Cairo, the worst of which a denial of service.</synopsis> + <product type="ebuild">cairo</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>717778</bug> + <access>local</access> + <affected> + <package name="x11-libs/cairo" auto="yes" arch="*"> + <unaffected range="ge">1.18.0</unaffected> + <vulnerable range="lt">1.18.0</vulnerable> + </package> + </affected> + <background> + <p>Cairo is a 2D vector graphics library with cross-device output support.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Cairo. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Cairo users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.18.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6461">CVE-2019-6461</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6462">CVE-2019-6462</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T11:19:32.821340Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T11:19:32.823921Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-10.xml b/metadata/glsa/glsa-202408-10.xml new file mode 100644 index 000000000000..67c3d6759ddb --- /dev/null +++ b/metadata/glsa/glsa-202408-10.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-10"> + <title>nghttp2: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service.</synopsis> + <product type="ebuild">nghttp2</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>915554</bug> + <bug>928541</bug> + <access>remote</access> + <affected> + <package name="net-libs/nghttp2" auto="yes" arch="*"> + <unaffected range="ge">1.61.0</unaffected> + <vulnerable range="lt">1.61.0</vulnerable> + </package> + </affected> + <background> + <p>Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in nghttp2. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All nghttp2 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/nghttp2-1.61.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44487">CVE-2023-44487</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-28182">CVE-2024-28182</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T11:37:22.663338Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T11:37:22.666444Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-11.xml b/metadata/glsa/glsa-202408-11.xml new file mode 100644 index 000000000000..abd50b3cf8d4 --- /dev/null +++ b/metadata/glsa/glsa-202408-11.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-11"> + <title>aiohttp: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in aiohttp, the worst of which could lead to service compromise.</synopsis> + <product type="ebuild">aiohttp</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>918541</bug> + <bug>918968</bug> + <bug>931097</bug> + <access>remote</access> + <affected> + <package name="dev-python/aiohttp" auto="yes" arch="*"> + <unaffected range="ge">3.9.4</unaffected> + <vulnerable range="lt">3.9.4</vulnerable> + </package> + </affected> + <background> + <p>aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All aiohttp users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/aiohttp-3.9.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-47641">CVE-2023-47641</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49082">CVE-2023-49082</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-30251">CVE-2024-30251</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T11:59:46.382696Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T11:59:46.386364Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-12.xml b/metadata/glsa/glsa-202408-12.xml new file mode 100644 index 000000000000..1f3fb6d92cb9 --- /dev/null +++ b/metadata/glsa/glsa-202408-12.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-12"> + <title>Bitcoin: Denial of Service</title> + <synopsis>A vulnerability has been discovered in Bitcoin, which can lead to a denial of service.</synopsis> + <product type="ebuild">bitcoind</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>908084</bug> + <access>remote</access> + <affected> + <package name="net-p2p/bitcoind" auto="yes" arch="*"> + <unaffected range="ge">25.0</unaffected> + <vulnerable range="lt">25.0</vulnerable> + </package> + </affected> + <background> + <p>Bitcoin Core consists of both "full-node" software for fully validating the blockchain as well as a bitcoin wallet.</p> + </background> + <description> + <p>Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>Bitcoin Core, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Bitcoin users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-p2p/bitcoind-25.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-33297">CVE-2023-33297</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T12:34:53.892565Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T12:34:53.895329Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-13.xml b/metadata/glsa/glsa-202408-13.xml new file mode 100644 index 000000000000..e1fa4574c49b --- /dev/null +++ b/metadata/glsa/glsa-202408-13.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-13"> + <title>Nokogiri: Denial of Service</title> + <synopsis>A vulnerability has been discovered in Nokogiri, which can lead to a denial of service.</synopsis> + <product type="ebuild">nokogiri</product> + <announced>2024-08-07</announced> + <revised count="1">2024-08-07</revised> + <bug>884863</bug> + <access>local</access> + <affected> + <package name="dev-ruby/nokogiri" auto="yes" arch="*"> + <unaffected range="ge">1.13.10</unaffected> + <vulnerable range="lt">1.13.10</vulnerable> + </package> + </affected> + <background> + <p>Nokogiri is an HTML, XML, SAX, and Reader parser.</p> + </background> + <description> + <p>A denial of service vulnerability has been discovered in Nokogiri. Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>Nokogiri fails to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack.</p> + </impact> + <workaround> + <p>Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.</p> + </workaround> + <resolution> + <p>All Nokogiri users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/nokogiri-1.13.10" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23476">CVE-2022-23476</uri> + </references> + <metadata tag="requester" timestamp="2024-08-07T13:11:11.971415Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-07T13:11:11.974740Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 677c7dee70c1..7bab05b5d085 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 07 Aug 2024 11:11:03 +0000 +Thu, 08 Aug 2024 10:57:09 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 26aa9e48deab..6caf9d079811 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -e64fb777fe21714192a4f70814906be33d867172 1723028443 2024-08-07T11:00:43Z +acc7fec53d067c43c33e830e51592868bdeb80a5 1723036283 2024-08-07T13:11:23Z |