gentoo auto-resync : 05:01:2024 - 20:03:55

5 files changed, 60 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 2d1addbbb2a7..af3a45a1145b 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 558999 BLAKE2B f0c255a4e931f6e5af7a60afe1dd2a2134f94e6fdb52bdcaf5c4c3919a59809263aa708951de0a4a6138329cd50ff30e21be7208e33dfdde8f09c4b83d1a1de1 SHA512 824cc6b813cbd1a1b2bde4676c1222a5e50c277df9746acfacc3a65ea993f00b1e7a47e6250173eeec46ef4fb8ee9e86fbf6ae53f464be92ed08d25cd9fcd208
-TIMESTAMP 2024-01-05T13:40:09Z
+MANIFEST Manifest.files.gz 559158 BLAKE2B 7743be6d30bedd899f1ed6ee719a2c0f78de2f732319746c264a2fa060ba8ae030e9eed586d48ebb590968099f0af93a7b2f09f029dc6458c2ee484d255bd117 SHA512 86d7b1c7f1efaf6f78995086d3e2bb0b7d8c79e5750b872b064dda4aec42c093aebaf9a1ea2161c6c56fa84d61dba2be695416159673540b4a2291892918d774
+TIMESTAMP 2024-01-05T19:40:04Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWYBrlfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWYWxRfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBn2Q//UGhYDlIZEfkSj2Ehx93sDXslta/ePc2p09IZZM5wQOX0ofom+l3sXi+U
-oAuP0FvnYJ902vm2P/dj23Hkeh8Wuag3PI47f+pTyRTDPe6oJViIlwYLCeF9nArb
-G87jcJCKJ33QWdlKKnULWp40NBEmtYOGTiQTT56GUYJgzpnLwgBeLRvPzKcZe3IP
-qNyRGssB5hzeCmpMkQ7+tlWcDUjGxliWohW13nBRY0lQHQIf2Mpw2ASzrS1JJJpr
-upOejssDxynCouiQu9jXU7EdWt9OHC7gyuMvEPHiUlAL/0upUKIAQh9AG2ju28X+
-toM7AhF2WlpsNni38J2yvgW0+67OAO+OqSXYlALweI5jcy9zlKxG1JOJ5yIZljTN
-xwFUauGiKPlcUtoBDWrXafY5uC29GBPvhMxoEzeOIRP75L2l10ipuTbhw3OEpxBd
-ik6TcVprq5SjEDSMmjpZOYYd6qZVai13iDlnR1G1UAHiX8CS3aU7VFPAIYtZMIPK
-WOZ8paoawNt8bS613sfW1GGtQZa6AMD5SIsu+1yfQsvJOGi3Jk7Pv3jQakD9bLbL
-HNrca2+rEb6TLQEkyA2QWu0r3W6XAUQaGd8TJ7mt+p/13nG9ewA3wMjgXTtIM3MV
-00ZzElDHIcJN3oVM6oWQ+m83VkmGqMdl+acy+KZE582xNfXJvpg=
-=oxCS
+klC/tBAAt1MIPnzDtjlOvGzy8HKkp1tB7+LFwTGM6yDZhRkkSP1TVIvbwym9jEtg
+fVHJIjdAofkk5b6rGvKELpb1YG1GCbnodrFb2CueiomDKBbhN6H78MLVti4AV2B3
+NDKLXemyWo/Nxa1NSotASJiQIZNBTkvU6olddCxtOXmCv0esgXHtJln+XN4FVbFr
+8YBADMNfpBoIyWj5nd8xi0kJDE6I7kQVFNbbdjEK53xo3SqGQW/9/uHVzFbrtgju
+YE3gGvlVbtkbxSkSewa2jwITyHJaJAcYYRYwyQn327Z2Ja2bRp11HxiCCYeDQWdJ
+77uKQX67bMZraJKkMMPWFNDe+e8lKBQDVjQ3/mMXchkelIe1erAEQm/rIrFHZaxJ
+Hu7JantYN8WCiX04MtleiLSbNu/na9VMKxyYIpeGQfi/ZI6OuiXV4Je5MGKyh4hs
+61qZPVvI0MJiIhIhDav2acK3TNLhmdALUDMiCj99FO4oSSfiqRjAb3TldCHR1FDc
+wFEyH17CWqv6XLCxWSAnjKgc8Ok1m5SN5LuCy9X5VrT8AtNRJ4Cd6Tfym1CtRYS2
+wLoACwDQvF8eURBAJZ98I9Py2/uPTlbpk8LiKFXvSx6Yxm+7pwl8u1ZLdm+i9rZK
+jnseaSQo86uxp3IA2TW+Nevyuvb6v0DB7BjKR6HZwMZWK9Fi8ow=
+=9d9j
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 73ff6dfcb9b5..bc5279c092c5 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-06.xml b/metadata/glsa/glsa-202401-06.xml
new file mode 100644
index 000000000000..0fccef02e6b8
--- /dev/null
+++ b/metadata/glsa/glsa-202401-06.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-06">
+    <title>CUPS filters: Remote Code Execution</title>
+    <synopsis>A vulnerability has been found in CUPS filters where remote code execution is possible via the beh filter.</synopsis>
+    <product type="ebuild">cups-filters</product>
+    <announced>2024-01-05</announced>
+    <revised count="1">2024-01-05</revised>
+    <bug>906944</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-print/cups-filters" auto="yes" arch="*">
+            <unaffected range="ge">1.28.17-r2</unaffected>
+            <vulnerable range="lt">1.28.17-r2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>CUPS filters provides backends, filters, and other software that was once part of the core CUPS distribution.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in cups-filters. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>If you use beh to create an accessible network printer, this security vulnerability can cause remote code execution.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All cups-filters users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-print/cups-filters-1.28.17-r2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24805">CVE-2023-24805</uri>
+        <uri>GHSA-gpxc-v2m8-fr3x</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-05T14:26:44.306186Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-01-05T14:26:44.308150Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 4bf5a1d534b2..ec8aae821f50 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 05 Jan 2024 13:40:06 +0000
+Fri, 05 Jan 2024 19:40:01 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 0200e3e095e8..066490e28f40 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-18540d77b43283bbeb478e2efd181954f507ac07 1704461679 2024-01-05T13:34:39+00:00
+13307cb5778acc25f47ab91c29f839443f3a4cf8 1704464830 2024-01-05T14:27:10+00:00