gentoo resync : 13.03.2018

5 files changed, 68 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 7905bff22ab1..b7267268126c 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 417713 BLAKE2B 5f453ee753ccefac1bad76c5778ebd5c3a7b9d23f0d9dda535879657ff3d7c89d4bc4c8048049e852be4cc25e9f91864ed97ae3dd6991c1bc05fc37320c6b805 SHA512 32c698df4a14a8dd6f33822ebc801c8f40da7ae51d5d8d66efb73ac55886769e7465cc82e8e9166c98bba1e2846832e92a392325436d2eca1c487373db893527
-TIMESTAMP 2018-03-10T18:08:33Z
+MANIFEST Manifest.files.gz 417870 BLAKE2B 5065b7b9f6a96f86bf5abd010e56c6e80ea6e4c69ded7bea498bd5905b65effbae954175f68157189d42be8287232bc8ecabbe86115cb331cde9dc1246a35750 SHA512 e1fab6a999acc784d0c5597fc2bfabdd9ef83ae65ef7b5c1a4101d3f3f8041354340f6c5964f9aae4129d9150fdf2da2ad3b336198034e9d7bd904feaab65bf6
+TIMESTAMP 2018-03-13T16:08:15Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqkHyFfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqn929fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klACOw//WLKWKlP1i8U+YAoSwNhreo3nGeGOvm3UQvdovLH2GbSROr8IEJ9o7F9+
-s+WPnLZbADtfFjFMDJm337OEoWRN5Wl4OyZ3f0YArqoaqMEoukbGK3y9vEYqOL7B
-qCs12ye3C0wUQuHmAvj7dAEZa2U/iCEU0dJLXhSYm11+0rkOwyHT3OtS/4Smxsqy
-o5N9Y8y1pBJjEZslHW8STaxwipvQfwYzkD6smV1QVQxeTW8doSjRpgbdosh6vJNY
-7olhlDf5iS/hLyfUDeEb0WfFodgdjNS8SAx0UdHFApV8FXI21bq6gacuQrw+1wKc
-kx6jDlwQKcBtPXELrT4A0M8BKSxi+Xmq4+BUkoGQyJ8rTWlmIxIkmscKHkiOI2cZ
-yEmG4lPiTbYsQIW92NTcZ9kXYO1KLGGM2xloHR99/+6oCaO6FU6ug9AgpVeULnUc
-+0JEvkeHjQDmSCBAtbxKLwf+soJlXgsGkFuRIURLf3jl4Ndu8ziFhXrgE7Pd6yKp
-DL+WDMrW944X0BLkbe0sKRkP4ZIKThW8IW7IytMOsPDw904q9/GjtZAO4mdX02Mh
-xsk1cuMLIgiz3KVfHFbzquESX0NTmfdlxxwV/qi9844pUeD3eJnxMCI3RDVxZbe7
-ECzbZbxjRfctN4y696nNRXjsCGGwn+1oLAZWUQrSiObH1aVMTXA=
-=2etf
+klDahA//b1RhsPfj9OKb4b0EylBR1I5d3grRGF1FIWcDNrOAXaIzIdTkEeNbKc4H
+QGk7VQbOKBey9cj8Kd1896KtvG1cRXiZVHsjLC2k1ToCNbDTM2lPTk3+ybQdA/nC
+fOfRdNWR0zt+TJ6n1mZE6MsNxA/WQTIs/Q8lRwdUaaHVKvsM5oEh52Cwp7WTA1lK
+FkHF9estJfWWQnZtVgDc9Qik0bI/CwZPZiSIr7Ew0yoUKhrxv3nHeqbB5me2fU+9
+w0zBW4GksEkbPlvqG2bdecuqtG2DtKOLRFegpoaQ2/UCPwICMdw3es2wIAgZViLs
+S6inH2XluDPiEgs+4D+pf1LWt2e3c3xCzIuCG+3I0iDQUzkqk5aPkHGVAXXmHoe2
+WO00h/Hosv1hEMXm1N73c7tTF9czvBRBLCvMFzuHgf7xgPVXZLJWX5Al6kQdmQiR
+H+iLGfQ9xX76lro6o+v9QWw7GuWUnrDpaqwstOTErr51pYUDR5q76W/4wwLIIEOx
+kl8bWMfEKx1uWvAgSUuIpIJRJqfaOimeFaGr7Pf5KVbvitjqDyGF6ebjwgKfZ3fF
+9wwOk6fQvpTmpC6RVJNaf0jyySf5uP02PT9jMTJeyK9e0FcPJx1oFNvqPHI8BdTR
+zpAeJfKyCc7mbVuRy2qq9DHtLAVuaJsm07x9H/ilxxt7yvPXIco=
+=PlZa
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 215602afd22e..b6ba86246c9d 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201803-04.xml b/metadata/glsa/glsa-201803-04.xml
new file mode 100644
index 000000000000..fbb8dc4ac337
--- /dev/null
+++ b/metadata/glsa/glsa-201803-04.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201803-04">
+  <title>Newsbeuter: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability in Newsbeuter may allow remote attackers to execute
+    arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">newsbeuter</product>
+  <announced>2018-03-11</announced>
+  <revised count="1">2018-03-11</revised>
+  <bug>631150</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-news/newsbeuter" auto="yes" arch="*">
+      <vulnerable range="le">2.9-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Newsbeuter is a RSS/Atom feed reader for the text console.</p>
+    
+  </background>
+  <description>
+    <p>Newsbeuter does not properly escape shell meta-characters in an RSS item
+      with a media enclosure in the podcast playback function of Podbeuter.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a feed with a specially
+      crafted media enclosure, could possibly execute arbitrary shell commands
+      with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Newsbeuter and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "net-news/newsbeuter"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14500">CVE-2017-14500</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-02-05T14:58:55Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-03-11T16:29:05Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 5c68a36284ea..0a8ed9c15796 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 10 Mar 2018 18:08:30 +0000
+Tue, 13 Mar 2018 16:08:11 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 5f1f6b8c86ad..ae3297387e20 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-de3c19ca944a942c4db36136bf5abc8983cd6a6c 1520449520 2018-03-07T19:05:20+00:00
+a3a9d59f86ebf5d6e6d86f34addc40bfcfe72e5a 1520785907 2018-03-11T16:31:47+00:00