diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-03-13 16:55:35 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-03-13 16:55:35 +0000 |
commit | 1dde4e5c4b92d849bf1abf0a48135b2a0644f7e1 (patch) | |
tree | c99a472cce74148d499f42ada873454b0e32a42d /metadata/glsa | |
parent | da6a52f691ef980bab92d003d5df8f463c623af8 (diff) |
gentoo resync : 13.03.2018
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 417713 -> 417870 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-201803-04.xml | 51 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 68 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 7905bff22ab1..b7267268126c 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 417713 BLAKE2B 5f453ee753ccefac1bad76c5778ebd5c3a7b9d23f0d9dda535879657ff3d7c89d4bc4c8048049e852be4cc25e9f91864ed97ae3dd6991c1bc05fc37320c6b805 SHA512 32c698df4a14a8dd6f33822ebc801c8f40da7ae51d5d8d66efb73ac55886769e7465cc82e8e9166c98bba1e2846832e92a392325436d2eca1c487373db893527 -TIMESTAMP 2018-03-10T18:08:33Z +MANIFEST Manifest.files.gz 417870 BLAKE2B 5065b7b9f6a96f86bf5abd010e56c6e80ea6e4c69ded7bea498bd5905b65effbae954175f68157189d42be8287232bc8ecabbe86115cb331cde9dc1246a35750 SHA512 e1fab6a999acc784d0c5597fc2bfabdd9ef83ae65ef7b5c1a4101d3f3f8041354340f6c5964f9aae4129d9150fdf2da2ad3b336198034e9d7bd904feaab65bf6 +TIMESTAMP 2018-03-13T16:08:15Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqkHyFfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqn929fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klACOw//WLKWKlP1i8U+YAoSwNhreo3nGeGOvm3UQvdovLH2GbSROr8IEJ9o7F9+ -s+WPnLZbADtfFjFMDJm337OEoWRN5Wl4OyZ3f0YArqoaqMEoukbGK3y9vEYqOL7B -qCs12ye3C0wUQuHmAvj7dAEZa2U/iCEU0dJLXhSYm11+0rkOwyHT3OtS/4Smxsqy -o5N9Y8y1pBJjEZslHW8STaxwipvQfwYzkD6smV1QVQxeTW8doSjRpgbdosh6vJNY -7olhlDf5iS/hLyfUDeEb0WfFodgdjNS8SAx0UdHFApV8FXI21bq6gacuQrw+1wKc -kx6jDlwQKcBtPXELrT4A0M8BKSxi+Xmq4+BUkoGQyJ8rTWlmIxIkmscKHkiOI2cZ -yEmG4lPiTbYsQIW92NTcZ9kXYO1KLGGM2xloHR99/+6oCaO6FU6ug9AgpVeULnUc -+0JEvkeHjQDmSCBAtbxKLwf+soJlXgsGkFuRIURLf3jl4Ndu8ziFhXrgE7Pd6yKp -DL+WDMrW944X0BLkbe0sKRkP4ZIKThW8IW7IytMOsPDw904q9/GjtZAO4mdX02Mh -xsk1cuMLIgiz3KVfHFbzquESX0NTmfdlxxwV/qi9844pUeD3eJnxMCI3RDVxZbe7 -ECzbZbxjRfctN4y696nNRXjsCGGwn+1oLAZWUQrSiObH1aVMTXA= -=2etf +klDahA//b1RhsPfj9OKb4b0EylBR1I5d3grRGF1FIWcDNrOAXaIzIdTkEeNbKc4H +QGk7VQbOKBey9cj8Kd1896KtvG1cRXiZVHsjLC2k1ToCNbDTM2lPTk3+ybQdA/nC +fOfRdNWR0zt+TJ6n1mZE6MsNxA/WQTIs/Q8lRwdUaaHVKvsM5oEh52Cwp7WTA1lK +FkHF9estJfWWQnZtVgDc9Qik0bI/CwZPZiSIr7Ew0yoUKhrxv3nHeqbB5me2fU+9 +w0zBW4GksEkbPlvqG2bdecuqtG2DtKOLRFegpoaQ2/UCPwICMdw3es2wIAgZViLs +S6inH2XluDPiEgs+4D+pf1LWt2e3c3xCzIuCG+3I0iDQUzkqk5aPkHGVAXXmHoe2 +WO00h/Hosv1hEMXm1N73c7tTF9czvBRBLCvMFzuHgf7xgPVXZLJWX5Al6kQdmQiR +H+iLGfQ9xX76lro6o+v9QWw7GuWUnrDpaqwstOTErr51pYUDR5q76W/4wwLIIEOx +kl8bWMfEKx1uWvAgSUuIpIJRJqfaOimeFaGr7Pf5KVbvitjqDyGF6ebjwgKfZ3fF +9wwOk6fQvpTmpC6RVJNaf0jyySf5uP02PT9jMTJeyK9e0FcPJx1oFNvqPHI8BdTR +zpAeJfKyCc7mbVuRy2qq9DHtLAVuaJsm07x9H/ilxxt7yvPXIco= +=PlZa -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 215602afd22e..b6ba86246c9d 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201803-04.xml b/metadata/glsa/glsa-201803-04.xml new file mode 100644 index 000000000000..fbb8dc4ac337 --- /dev/null +++ b/metadata/glsa/glsa-201803-04.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201803-04"> + <title>Newsbeuter: User-assisted execution of arbitrary code</title> + <synopsis>A vulnerability in Newsbeuter may allow remote attackers to execute + arbitrary shell commands. + </synopsis> + <product type="ebuild">newsbeuter</product> + <announced>2018-03-11</announced> + <revised count="1">2018-03-11</revised> + <bug>631150</bug> + <access>remote</access> + <affected> + <package name="net-news/newsbeuter" auto="yes" arch="*"> + <vulnerable range="le">2.9-r3</vulnerable> + </package> + </affected> + <background> + <p>Newsbeuter is a RSS/Atom feed reader for the text console.</p> + + </background> + <description> + <p>Newsbeuter does not properly escape shell meta-characters in an RSS item + with a media enclosure in the podcast playback function of Podbeuter. + </p> + </description> + <impact type="normal"> + <p>A remote attacker, by enticing a user to open a feed with a specially + crafted media enclosure, could possibly execute arbitrary shell commands + with the privileges of the user running the application. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>Gentoo has discontinued support for Newsbeuter and recommends that users + unmerge the package: + </p> + + <code> + # emerge --unmerge "net-news/newsbeuter" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14500">CVE-2017-14500</uri> + </references> + <metadata tag="requester" timestamp="2018-02-05T14:58:55Z">chrisadr</metadata> + <metadata tag="submitter" timestamp="2018-03-11T16:29:05Z">chrisadr</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 5c68a36284ea..0a8ed9c15796 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 10 Mar 2018 18:08:30 +0000 +Tue, 13 Mar 2018 16:08:11 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 5f1f6b8c86ad..ae3297387e20 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -de3c19ca944a942c4db36136bf5abc8983cd6a6c 1520449520 2018-03-07T19:05:20+00:00 +a3a9d59f86ebf5d6e6d86f34addc40bfcfe72e5a 1520785907 2018-03-11T16:31:47+00:00 |