gentoo auto-resync : 09:08:2024 - 11:04:52

author: V3n3RiX <venerix@koprulu.sector> 2024-08-09 11:04:53 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2024-08-09 11:04:53 +0100
commit: 43297a4ed0a3760bbdd0b8c286b779f174ca5368 (patch)
tree: 15b92efd455b5d5eb0ef8a4af4f5f24572c4b46b /metadata/glsa
parent: 14866757225815b9374acfc8453518951e0f910d (diff)
8 files changed, 197 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 56b810db7bef..390884785f5f 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 582186 BLAKE2B 1a05feb8b9f4689a5bd4a3b5a194172aab19857a1b6e62bf709acb61c73ed250c6bf15cfff567f826788975e1396b0aaf59ca881f1f7eaed4538d688c5c6c312 SHA512 8c95b20c054cb4417bd4f7bc6d285dc50887b3c7f63e2a0637b969f6461508fb0ea65d4276d1116c38b4ead475746df44be5ee73b60d3d6ebf301f72d2cea382
-TIMESTAMP 2024-08-08T10:57:13Z
+MANIFEST Manifest.files.gz 582822 BLAKE2B 2e215e78e91b03c6a82d6bae59ed2750140f8842ad2347b812be73ba419d31f4a5d9b891fcd31445d51e011ab772ee9cf2dfcf90311fd44cd2220996caad5f29 SHA512 7a750d18ed6d4818ef40b1a94a30f8d11977898c23c44dca8860a0490495a1119f8558d638d93eebac65906c6ef7da9930c4aedfcc148e1f0b8bb1bfe0215e5c
+TIMESTAMP 2024-08-09T09:40:07Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAma0pIpfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAma14/dfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCM9Q//adrfGikT/8N3ibeZxd/S/5SeBiCrKfcrWgZB8jDnkZO7TZpdW8iohdeF
-tC/EoKWBSxM5jlx/W72XN4TPyJ81cf6+99tY4YPAdrlWhCDXdg2rt8vfNiZFwD3z
-qDYa4I3NMGgq+589mr+Li4zMK7UdxjLMWhMogj70G65mshreDLUgZMHRN2VbOegO
-dMc7+xCx2FCawU+EgCpGbljCnd5Mr22O9ugpHgPxl0Q0fkDDhC85H7Or973169Ce
-ExBj7l2oZbSoDjQowJk+j988Zt5iPrvaCRjdPAEnKss/kU6TbtnPDDzlVdLVFFLx
-HTex9wgODRME2bXdNQUONGpC22kPFVXQk4xxjh8bwpg4qt3T0pHujTIJyKms4SCX
-iTljq6wksUcOZUbXENuGe4k5JbHJijj2gfhMTaI0yg11SJvwjdYk+ZYTwjqSp1sK
-JTHWrdQAnwfraz2c4A2WIt8Ep+9rJ14Q11+Ep9XjB+2qVlY7wK36u6SRySkAHiEo
-zfTjFmzfrM8hQJwUcL4qA2YiCU1pVAkUgPQvKaXtNU2XitbyBEbSqkLg5vzmgkyI
-lBHC16BT6ulynjpKduQE8COB9blq33JpdmK8E6W6OeSUiKMG5p1nekMfrNUV6u5S
-lovoUv68XKPQfbGC+9sZB75fN3IRIg3cgDScaSN7Q/oJZA35/tM=
-=zbZJ
+klCgRA/+I4F+V2nianju2invuXGbmRVrnIBqaz2yvL4IYj5G82FiP65VcVZUuEum
+t+BxWlQ9bp3CUHsb2qbjeXXlNvsPm+DOBMF7ORY/9HUjYT3s6jfQBjjYT6gSoUXu
+o8OJ+ou616JlcyIJXmEobzfynogOY61q9g1+wWzIAnXF6ahSpsb62uE0jJK6B9Yd
+E/l9e57oKtgg0bExEmJU7VCo3whF4SZLWPX39I5oNVyD3sp2X41fr+uFyjGyM6Tw
+gYGy4Zb6F0/fJwIIhDDT79exMwl045knI81wJhGuU6eXNarBR/1YW034JgG7Ewbl
+6UWPpxjPqgtgvOgwpNn+tNHzuB8sEtgvdfjgv+5yteQA2yJeqIDEFk5FfIT4RlVM
+BedvmZBjjSY4flRg0uAWaJbRW3xh9GlT3hnJOb187nltQMyhabC1fmXdOcg4v2O1
+ZiJqXV0wJY5l52+ro5LLnqRrBi8gH2bx1k/OLD1MXaASJhhlxH1ez/hHs4AF+H0a
+nWWH9wlRnggDvmI53AMsrtrvfoeUsACOZt/Eqn4SmcqyO5tkSi/120voyCC35htk
+Kqu0robowin/bQai0HdNBFsZaZOvUWxvTGWYmt5J5kDjs5exoQaX1OanPlPprDB6
+QD88h3JCBvZZrTkJu5M/8dUo3YqY0Dejdy9ttykfYJU5HhufHbs=
+=hUHI
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 8c8552f6c480..f6521964d678 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202408-14.xml b/metadata/glsa/glsa-202408-14.xml
new file mode 100644
index 000000000000..094f1742184f
--- /dev/null
+++ b/metadata/glsa/glsa-202408-14.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-14">
+    <title>Librsvg: Arbitrary File Read</title>
+    <synopsis>A vulnerability has been discovered in Librsvg, which can lead to arbitrary file reads.</synopsis>
+    <product type="ebuild">librsvg</product>
+    <announced>2024-08-09</announced>
+    <revised count="1">2024-08-09</revised>
+    <bug>918100</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="gnome-base/librsvg" auto="yes" arch="*">
+            <unaffected range="ge">2.56.3</unaffected>
+            <vulnerable range="lt">2.56.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Librsvg is a library to render SVG files using cairo as a rendering engine.</p>
+    </background>
+    <description>
+        <p>A directory traversal problem in the URL decoder of librsvg could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=&#34;.?../../../../../../../../../../etc/passwd&#34; in an xi:include element.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifier for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Librsvg users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=gnome-base/librsvg-2.56.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38633">CVE-2023-38633</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-09T06:49:19.778412Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-09T06:49:19.781284Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-15.xml b/metadata/glsa/glsa-202408-15.xml
new file mode 100644
index 000000000000..c1c44f043f37
--- /dev/null
+++ b/metadata/glsa/glsa-202408-15.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-15">
+    <title>Percona XtraBackup: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Percona XtraBackup, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">percona-xtrabackup,percona-xtrabackup-bin</product>
+    <announced>2024-08-09</announced>
+    <revised count="1">2024-08-09</revised>
+    <bug>849389</bug>
+    <bug>908033</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-db/percona-xtrabackup" auto="yes" arch="*">
+            <unaffected range="ge">8.0.29.22</unaffected>
+            <vulnerable range="lt">8.0.29.22</vulnerable>
+        </package>
+        <package name="dev-db/percona-xtrabackup-bin" auto="yes" arch="*">
+            <vulnerable range="lt">8.0.29.22</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Percona XtraBackup is a complete and open source online backup solution for all versions of MySQL.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Percona XtraBackup. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Percona XtraBackup users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-db/percona-xtrabackup-8.0.29.22"
+        </code>
+        
+        <p>Gentoo has discontinued support for the binary package. Users should remove this from their system:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --verbose --depclean "dev-db/percona-xtrabackup-bin"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-25834">CVE-2022-25834</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26944">CVE-2022-26944</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-09T06:59:52.845544Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-09T06:59:52.849111Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-16.xml b/metadata/glsa/glsa-202408-16.xml
new file mode 100644
index 000000000000..ad2e807cf89f
--- /dev/null
+++ b/metadata/glsa/glsa-202408-16.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-16">
+    <title>re2c: Denial of Service</title>
+    <synopsis>A vulnerability has been discovered in re2c, which can lead to a denial of service.</synopsis>
+    <product type="ebuild">re2c</product>
+    <announced>2024-08-09</announced>
+    <revised count="1">2024-08-09</revised>
+    <bug>719872</bug>
+    <access>local</access>
+    <affected>
+        <package name="dev-util/re2c" auto="yes" arch="*">
+            <unaffected range="ge">2.0</unaffected>
+            <vulnerable range="lt">2.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>re2c is a tool for generating C-based recognizers from regular expressions.</p>
+    </background>
+    <description>
+        <p>Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the CVE identifier referenced below for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All re2c users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-util/re2c-2.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-21232">CVE-2018-21232</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-09T07:09:13.470150Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-09T07:09:13.473932Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-17.xml b/metadata/glsa/glsa-202408-17.xml
new file mode 100644
index 000000000000..40b55f8c2384
--- /dev/null
+++ b/metadata/glsa/glsa-202408-17.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-17">
+    <title>Nautilus: Denial of Service</title>
+    <synopsis>A vulnerability has been discovered in Nautilus, which can lead to a denial of service.</synopsis>
+    <product type="ebuild">nautilus</product>
+    <announced>2024-08-09</announced>
+    <revised count="1">2024-08-09</revised>
+    <bug>881509</bug>
+    <access>local</access>
+    <affected>
+        <package name="gnome-base/nautilus" auto="yes" arch="*">
+            <unaffected range="ge">44.0</unaffected>
+            <vulnerable range="lt">44.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Default file manager for the GNOME desktop</p>
+    </background>
+    <description>
+        <p>Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>GNOME Nautilus allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Nautilus users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=gnome-base/nautilus-44.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37290">CVE-2022-37290</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-09T09:22:03.162678Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-09T09:22:03.165420Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 7bab05b5d085..3d5a09b65cb5 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Thu, 08 Aug 2024 10:57:09 +0000
+Fri, 09 Aug 2024 09:40:04 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 6caf9d079811..6cc93267f0d8 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-acc7fec53d067c43c33e830e51592868bdeb80a5 1723036283 2024-08-07T13:11:23Z
+dafd1a18a8a8ccc232fbe240a01ee69809299ebd 1723195345 2024-08-09T09:22:25Z
author	V3n3RiX <venerix@koprulu.sector>	2024-08-09 11:04:53 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2024-08-09 11:04:53 +0100
commit	43297a4ed0a3760bbdd0b8c286b779f174ca5368 (patch)
tree	15b92efd455b5d5eb0ef8a4af4f5f24572c4b46b /metadata/glsa
parent	14866757225815b9374acfc8453518951e0f910d (diff)