gentoo resync : 31.12.2018

6 files changed, 132 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 4ad4dd7fd115..ce7690b72a41 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 434883 BLAKE2B 437fd719358cb224888b8071f01d60b1548cd1a82f20093903aa74e9fe63671e56f03a20ed426aae11e7d6fdd7027beb57804429044781bc9dc3557ccbbcb5a8 SHA512 16828091dc592888ea79b76c0a3e0ec358317e4c345386d11d12983b85a84ed74ba2d650d8af4f0f90a313afdad1a7fd1808666df2dca69ee70f2802b663b733
-TIMESTAMP 2018-12-24T12:38:37Z
+MANIFEST Manifest.files.gz 435197 BLAKE2B 5ef1f755677fba588afa252a22622c045d099b3f39fb6b356786170399bb20e8c58212856a5ddc6f59dc6076e3f84a95376a4dc3b4d5154c7d540151a154c88a SHA512 fb541e904c3c6b5ec17c08e76f9ce1dcd0d8f0b31dee092dd3542b9a34a04890e9a1b1e6b0d78d3523fb451deb84b3316ae6b588a29aec6f4741dfb52941ecc9
+TIMESTAMP 2018-12-31T12:38:39Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlwg001fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlwqDc9fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD2fA/+Mt4p7KROekLVq9HOgIgdDD+/hFUAs5tYJr23IPJ+6LYiP4J3UyN4D13V
-lzK9GLnnuyWJDAAPZNsFCPltdO0z90YBrMegKUP1WnZe+Px0oXyPQNIlK4ccesfv
-Tr/6k31JZ18fULHCH21Zr+U1TS0Gx6J7V+P+WV6qr7OchkRAoENcnW2gJuAtbmmm
-9RCHsICYRL2lFRaGGJq2KlVHlMosLetqF6ATeQIjHWHpZDQaxXpMdYo+9JDqp7dM
-w9THEXHeiJFG6QKqaDMNvduac8zm/wTqk35Q+F4ueE7zndo4wx45tz6CJZt0eqEx
-EJ4J5GTdzqQ0LOD0dJHjbBcg93eF+dCpQQHhAQ4nqiZre196ZirDMEBka1JDeX9W
-rkeCzxKrVKfi3l3udbRxVEM88fi3DB9Mf3u4cwvR2q586KZkZRblGjSII/NMtJJW
-dLPklyjA/O1b7w1mNO3de/yiDlTz5S27/ovB/WzbBPTsCyxAUKu6Xii5Y69iqLV4
-qyx4SvGNztlf2bOs3G6o6cGfkH5C3BeIqL0GVfahqF8eti/UvAgNIDlR/uzWBwVl
-s6HmzaKioaz/Oh4vzR9WOKxtPDfnbfkNrAqA8x/AJXS3gLk5cbWmM1RKRnDq7JjU
-XlZUdy627zUiqHQ5ROz0FuvGf0ddKJTO2DNRmy0Eu4tagv+XYAk=
-=YM9t
+klB91g/+I1zWG2oYO2J9ZrbQVZVmOmmM4NoWGtpVST4yXXc0uByDdYFkroBsgCDA
+M9dWQXl/J6N7X4RQ4y/X0Bju+HTlvarQIhpKaS769SGs9St8d6KpSF+VOUy5CyvO
+5gaGt06fAroPYBgiMtvCcPiRuHRQrxrlsCighz/2PaGOkwIUa3FeuzET6QWCDFuE
++1xgH8jeY022Mfo8egKkla6+7lQczfR9a0I0PYV/b4HtlT7sGs4NPuoBPmPdjpgl
+lCxlgs3S7qLkfEnlpvnhX9XANpZt0GCRQTZJR3VsLqQU/r150E+MxnR5qKo1MNS9
+sDYzlusexF+cifGy590ilfEe5oRPb7RDDS4LeGwQk+9fMJXbBtu9tXnE3V2Hl84G
+UFaWcNXtUIY7ky6spx2AZXUjDPgGPbR26fToaygCvgukJh3zqEaSP1EN83zqchvD
+A0kJKyLI86uDBHb4ARBRlGWYi51jdjzBjhBBNY/KOi0mdqCteRs/PgNFE4dHTVRm
+d/sWVZ7hBYDRUjTrbg3BGLYknGAnVo6bYyhtAH41xNO6do8IexjGNWcjMLcda0e1
+jPBqEFFq4DjalpeQq/4M0n7YTp73cp2KLjwleseEkwOWFQlYObRL3Bct2N/BPr6l
+DbxJfrHLP7B3AmjirqZkJAscBETk623dsdjsUhqIyC4IT4ukQvg=
+=P/S9
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 5d40da810995..b87f67ec613a 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201812-10.xml b/metadata/glsa/glsa-201812-10.xml
new file mode 100644
index 000000000000..2216a3293444
--- /dev/null
+++ b/metadata/glsa/glsa-201812-10.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-10">
+  <title>GKSu: Arbitrary command execution</title>
+  <synopsis>A vulnerability in GKSu might allow attackers to execute arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">gksu</product>
+  <announced>2018-12-30</announced>
+  <revised count="1">2018-12-30</revised>
+  <bug>534540</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/gksu" auto="yes" arch="*">
+      <vulnerable range="le">2.0.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A library that provides a Gtk+ frontend to su and sudo.</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in GKSu’s gksu-run-helper.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary commands.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for GKSu and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "x11-libs/gksu"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-2886">CVE-2014-2886</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-11T17:31:55Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-30T21:10:46Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201812-11.xml b/metadata/glsa/glsa-201812-11.xml
new file mode 100644
index 000000000000..0fe3a9ab2fc5
--- /dev/null
+++ b/metadata/glsa/glsa-201812-11.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201812-11">
+  <title>Rust: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Rust, the worst which
+    may allow local attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">rust</product>
+  <announced>2018-12-30</announced>
+  <revised count="1">2018-12-30</revised>
+  <bug>662904</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/rust" auto="yes" arch="*">
+      <unaffected range="ge">1.29.1</unaffected>
+      <vulnerable range="lt">1.29.1</vulnerable>
+    </package>
+    <package name="dev-lang/rust-bin" auto="yes" arch="*">
+      <unaffected range="ge">1.29.1</unaffected>
+      <vulnerable range="lt">1.29.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A systems programming language that runs blazingly fast, prevents
+      segfaults, and guarantees thread safety.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Rust. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker able to control the value passed to Rust’s
+      str::repeat function could possibly cause a Denial of Service condition.
+    </p>
+    
+    <p>In addition, a local attacker could trick another user into executing
+      arbitrary code when using rustdoc.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Rust users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/rust-1.29.1"
+    </code>
+    
+    <p>All Rust binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/rust-bin-1.29.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000622">
+      CVE-2018-1000622
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000810">
+      CVE-2018-1000810
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-12-02T17:19:53Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-12-30T21:11:02Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index c1d7f511533e..e94cbeaac45c 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 24 Dec 2018 12:38:34 +0000
+Mon, 31 Dec 2018 12:38:35 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 15938ec9fb67..991ee1687290 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-50b59faac05c76419ff9b3a69d1e89f8a5c99678 1545393597 2018-12-21T11:59:57+00:00
+baa5a86124960e22df1f11ab63da9f282dd4cdd3 1546204642 2018-12-30T21:17:22+00:00