summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2018-03-13 16:55:35 +0000
committerV3n3RiX <venerix@redcorelinux.org>2018-03-13 16:55:35 +0000
commit1dde4e5c4b92d849bf1abf0a48135b2a0644f7e1 (patch)
treec99a472cce74148d499f42ada873454b0e32a42d /metadata/glsa
parentda6a52f691ef980bab92d003d5df8f463c623af8 (diff)
gentoo resync : 13.03.2018
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin417713 -> 417870 bytes
-rw-r--r--metadata/glsa/glsa-201803-04.xml51
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
5 files changed, 68 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 7905bff22ab1..b7267268126c 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 417713 BLAKE2B 5f453ee753ccefac1bad76c5778ebd5c3a7b9d23f0d9dda535879657ff3d7c89d4bc4c8048049e852be4cc25e9f91864ed97ae3dd6991c1bc05fc37320c6b805 SHA512 32c698df4a14a8dd6f33822ebc801c8f40da7ae51d5d8d66efb73ac55886769e7465cc82e8e9166c98bba1e2846832e92a392325436d2eca1c487373db893527
-TIMESTAMP 2018-03-10T18:08:33Z
+MANIFEST Manifest.files.gz 417870 BLAKE2B 5065b7b9f6a96f86bf5abd010e56c6e80ea6e4c69ded7bea498bd5905b65effbae954175f68157189d42be8287232bc8ecabbe86115cb331cde9dc1246a35750 SHA512 e1fab6a999acc784d0c5597fc2bfabdd9ef83ae65ef7b5c1a4101d3f3f8041354340f6c5964f9aae4129d9150fdf2da2ad3b336198034e9d7bd904feaab65bf6
+TIMESTAMP 2018-03-13T16:08:15Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqkHyFfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqn929fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klACOw//WLKWKlP1i8U+YAoSwNhreo3nGeGOvm3UQvdovLH2GbSROr8IEJ9o7F9+
-s+WPnLZbADtfFjFMDJm337OEoWRN5Wl4OyZ3f0YArqoaqMEoukbGK3y9vEYqOL7B
-qCs12ye3C0wUQuHmAvj7dAEZa2U/iCEU0dJLXhSYm11+0rkOwyHT3OtS/4Smxsqy
-o5N9Y8y1pBJjEZslHW8STaxwipvQfwYzkD6smV1QVQxeTW8doSjRpgbdosh6vJNY
-7olhlDf5iS/hLyfUDeEb0WfFodgdjNS8SAx0UdHFApV8FXI21bq6gacuQrw+1wKc
-kx6jDlwQKcBtPXELrT4A0M8BKSxi+Xmq4+BUkoGQyJ8rTWlmIxIkmscKHkiOI2cZ
-yEmG4lPiTbYsQIW92NTcZ9kXYO1KLGGM2xloHR99/+6oCaO6FU6ug9AgpVeULnUc
-+0JEvkeHjQDmSCBAtbxKLwf+soJlXgsGkFuRIURLf3jl4Ndu8ziFhXrgE7Pd6yKp
-DL+WDMrW944X0BLkbe0sKRkP4ZIKThW8IW7IytMOsPDw904q9/GjtZAO4mdX02Mh
-xsk1cuMLIgiz3KVfHFbzquESX0NTmfdlxxwV/qi9844pUeD3eJnxMCI3RDVxZbe7
-ECzbZbxjRfctN4y696nNRXjsCGGwn+1oLAZWUQrSiObH1aVMTXA=
-=2etf
+klDahA//b1RhsPfj9OKb4b0EylBR1I5d3grRGF1FIWcDNrOAXaIzIdTkEeNbKc4H
+QGk7VQbOKBey9cj8Kd1896KtvG1cRXiZVHsjLC2k1ToCNbDTM2lPTk3+ybQdA/nC
+fOfRdNWR0zt+TJ6n1mZE6MsNxA/WQTIs/Q8lRwdUaaHVKvsM5oEh52Cwp7WTA1lK
+FkHF9estJfWWQnZtVgDc9Qik0bI/CwZPZiSIr7Ew0yoUKhrxv3nHeqbB5me2fU+9
+w0zBW4GksEkbPlvqG2bdecuqtG2DtKOLRFegpoaQ2/UCPwICMdw3es2wIAgZViLs
+S6inH2XluDPiEgs+4D+pf1LWt2e3c3xCzIuCG+3I0iDQUzkqk5aPkHGVAXXmHoe2
+WO00h/Hosv1hEMXm1N73c7tTF9czvBRBLCvMFzuHgf7xgPVXZLJWX5Al6kQdmQiR
+H+iLGfQ9xX76lro6o+v9QWw7GuWUnrDpaqwstOTErr51pYUDR5q76W/4wwLIIEOx
+kl8bWMfEKx1uWvAgSUuIpIJRJqfaOimeFaGr7Pf5KVbvitjqDyGF6ebjwgKfZ3fF
+9wwOk6fQvpTmpC6RVJNaf0jyySf5uP02PT9jMTJeyK9e0FcPJx1oFNvqPHI8BdTR
+zpAeJfKyCc7mbVuRy2qq9DHtLAVuaJsm07x9H/ilxxt7yvPXIco=
+=PlZa
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 215602afd22e..b6ba86246c9d 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-201803-04.xml b/metadata/glsa/glsa-201803-04.xml
new file mode 100644
index 000000000000..fbb8dc4ac337
--- /dev/null
+++ b/metadata/glsa/glsa-201803-04.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-04">
+ <title>Newsbeuter: User-assisted execution of arbitrary code</title>
+ <synopsis>A vulnerability in Newsbeuter may allow remote attackers to execute
+ arbitrary shell commands.
+ </synopsis>
+ <product type="ebuild">newsbeuter</product>
+ <announced>2018-03-11</announced>
+ <revised count="1">2018-03-11</revised>
+ <bug>631150</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-news/newsbeuter" auto="yes" arch="*">
+ <vulnerable range="le">2.9-r3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Newsbeuter is a RSS/Atom feed reader for the text console.</p>
+
+ </background>
+ <description>
+ <p>Newsbeuter does not properly escape shell meta-characters in an RSS item
+ with a media enclosure in the podcast playback function of Podbeuter.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker, by enticing a user to open a feed with a specially
+ crafted media enclosure, could possibly execute arbitrary shell commands
+ with the privileges of the user running the application.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>Gentoo has discontinued support for Newsbeuter and recommends that users
+ unmerge the package:
+ </p>
+
+ <code>
+ # emerge --unmerge "net-news/newsbeuter"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14500">CVE-2017-14500</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-02-05T14:58:55Z">chrisadr</metadata>
+ <metadata tag="submitter" timestamp="2018-03-11T16:29:05Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 5c68a36284ea..0a8ed9c15796 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 10 Mar 2018 18:08:30 +0000
+Tue, 13 Mar 2018 16:08:11 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 5f1f6b8c86ad..ae3297387e20 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-de3c19ca944a942c4db36136bf5abc8983cd6a6c 1520449520 2018-03-07T19:05:20+00:00
+a3a9d59f86ebf5d6e6d86f34addc40bfcfe72e5a 1520785907 2018-03-11T16:31:47+00:00