diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-05-06 00:00:52 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-05-06 00:00:52 +0100 |
| commit | 43c2a85d4e20318dd3d35872e348707900870067 (patch) | |
| tree | f863318f1d5bf6641145c6eb96a25818842ba87f /metadata/glsa | |
| parent | b594445f39d99066071d80fc8efeba5c8f72cc35 (diff) | |
gentoo auto-resync : 06:05:2024 - 00:00:51
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 570922 -> 572034 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202405-10.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-11.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-12.xml | 46 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-13.xml | 41 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-14.xml | 57 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-15.xml | 82 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202405-16.xml | 43 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
11 files changed, 377 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index aaf7a5bc04e7..3ad882f3b545 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 570922 BLAKE2B a20ec4f24eeb6769f4fdd5bd00ff1792ccc6e26c93c1c2b08c0895fb43406379af98ff13e85b945441d8d4ea41d80e54d053815bbe1d5c815a9c908c533b9ec2 SHA512 3192be04c28f462e6f5bfedc1c7ae89ae00f7410cffe7034ebcb0ea4fa6b81201a8fe37bc2773dbb03da6a69294d537152e094d11cfa73ad0531674951e1a5cd -TIMESTAMP 2024-05-04T21:59:21Z +MANIFEST Manifest.files.gz 572034 BLAKE2B 427e26e3706e8b7f4e943727b7a276ff31555d4a18c9abd9ac389162f60f359fabc5ad44aed1e3c3f6d38991598bc3ff3e531c1f963bfd5e7d187d907fd49f1b SHA512 3e6522dfe9208dfd01f7db32abf65212808c56cc43a74fe0a9b911b441ef07605f9d1faa6262dd0396662cdf416d987dd593b2bbc769fd24d997636dfd253b01 +TIMESTAMP 2024-05-05T22:10:08Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmY2r7pfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmY4A8BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAwfQ/+JbT4B5j0YLSrfe407Dc3WmhxRsmNzhCJc0jlnnclX9lnkmbomUbFcR/1 -nrc1E8PKK7yUKG/FR02R2xYo7ehavMKywpN4pxyUElAYLY6i6lBQUV5A6YXD4PgY -hNzqQA2iKKo35VNFMmDh6gVVx+JXHaE4eeHIxSv196g5+k4ws6bl2FuxcF76vTv9 -gigjuQck7Yan3zTVOAGFqOOLKZGtAuC7niwKtZMcbE9B7l+GEOu4Q4m8b28O+nnK -neWcdj9HEDFj3/Qn00kL/jF2CJqUjSZtJCzTPBfddYIg7VnAJhlIss3mE6D+fr6S -WO9+aGWU/BFOrCZU2x8MwipbQqzqJUMHMfD1MQx0j7C9+jwpa6mGij2GPbi9aq0d -pHtZCSjXEbXUGbF7Q6iruyQ6U2NnspghaVUBNh4zr8v+61m1nY7evsexycFt3D6F -VLvBwToOeJOZMLvB4WjoY6Lmp8/FIFg/d2w++h+Jsqd3XDaKBGkREMpZQ5uqZqJy -AYFIOJdWovywnL/WzY8IsUsVVRwIrbkX6g+3haQhAm8uneuyubBDFn2yB0GznCgy -kM/hoa5K/k6s8m0qX99qFUwHyx+CZ17/FD23wmNTAM4VqGLzTQO9ZqYxQa5hfHiB -WdzV7CFI5qaYuy4WsjpUovjhqVWptD3/draoXyUSwr6e/byHL5U= -=VfOY +klB1hw/9FJWD+3z3F7GiFMQbtCpoQxH3zSbDiUwjISq74qPnkdRsaVUt+F5iB5Nc +jsB6L/H1INR2dq0Lmubx1ZoBm0FAlUr0wQ2s61lFE+Gg+3wGK193Cij8mouCTOz+ +6ne3bvKjBuAwTzk0G+gTKk0BCQyj4J24yGd3g8qnrbqC8YU4xtT4gVu9gT8WCDqM +CT26IIJFS95IDg/NFA3eeGYAt+qn+3YPQjQ5pSHVEYH1XMx/xvc1MTEC56GLx6QZ +oy2MgjjktWEY0C1CjQpG9eYf0g9iBOb1Ci68nmuwqbOmb5RRSGjNSM+F+/WHVHEA +P00orxSlZJ4XK8Et8X/Aqkhjo/lJBe9eu6UaO/A3tQvMYamVGaC9lVfYmFuzD7Sw +rtl/FWr9EWoaDyRsnvxLer9sM3YxKPygJ3WotclSCLK/oPIVxoW6L0M7mdi3rPFL +zmrBNfenghURVEa6JHcdXNDuk141JM8y5roiAcdIOOIWrHCWOfK9vRmwTZwRH0RC +VYCCOdjmO0IseXocl8XT0RFuOa0mqFT+xohViMPvAyNOsLcVjBimj9qSTFK9P5W8 +kDpQsD9+1LWuVNnIvxFNdFvGBn6yWHXb6Te7UzOSBrM/K6z76ysiqSCrcs4biQFT +YhUK33qnyxLIUoumvJPPznsaAxoUfPmdLzxomN5MYLgdybYtIaU= +=2pMK -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 46e2455f1537..2cc0ec9712c8 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202405-10.xml b/metadata/glsa/glsa-202405-10.xml new file mode 100644 index 000000000000..c087018a3ac5 --- /dev/null +++ b/metadata/glsa/glsa-202405-10.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-10"> + <title>Setuptools: Denial of Service</title> + <synopsis>A vulnerability has been discovered in Setuptools, which can lead to denial of service.</synopsis> + <product type="ebuild">setuptools</product> + <announced>2024-05-05</announced> + <revised count="1">2024-05-05</revised> + <bug>879813</bug> + <access>remote</access> + <affected> + <package name="dev-python/setuptools" auto="yes" arch="*"> + <unaffected range="ge">65.5.1</unaffected> + <vulnerable range="lt">65.5.1</vulnerable> + </package> + </affected> + <background> + <p>Setuptools is a manager for Python packages.</p> + </background> + <description> + <p>A vulnerability has been discovered in Setuptools. See the impact field.</p> + </description> + <impact type="normal"> + <p>An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom PackageIndex page.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Setuptools users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/setuptools-65.5.1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40897">CVE-2022-40897</uri> + </references> + <metadata tag="requester" timestamp="2024-05-05T06:37:49.107714Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-05T06:37:49.110409Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-11.xml b/metadata/glsa/glsa-202405-11.xml new file mode 100644 index 000000000000..8274d0a300db --- /dev/null +++ b/metadata/glsa/glsa-202405-11.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-11"> + <title>MIT krb5: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution.</synopsis> + <product type="ebuild">mit-krb5</product> + <announced>2024-05-05</announced> + <revised count="1">2024-05-05</revised> + <bug>803434</bug> + <bug>809845</bug> + <bug>879875</bug> + <bug>917464</bug> + <access>remote</access> + <affected> + <package name="app-crypt/mit-krb5" auto="yes" arch="*"> + <unaffected range="ge">1.21.2</unaffected> + <vulnerable range="lt">1.21.2</vulnerable> + </package> + </affected> + <background> + <p>MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in MIT krb5. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All MIT krb5 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.21.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36222">CVE-2021-36222</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37750">CVE-2021-37750</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42898">CVE-2022-42898</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-36054">CVE-2023-36054</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39975">CVE-2023-39975</uri> + </references> + <metadata tag="requester" timestamp="2024-05-05T07:13:18.708629Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-05T07:13:18.710959Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-12.xml b/metadata/glsa/glsa-202405-12.xml new file mode 100644 index 000000000000..8d46bab161f7 --- /dev/null +++ b/metadata/glsa/glsa-202405-12.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-12"> + <title>Pillow: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution.</synopsis> + <product type="ebuild">pillow</product> + <announced>2024-05-05</announced> + <revised count="1">2024-05-05</revised> + <bug>889594</bug> + <bug>903664</bug> + <bug>916907</bug> + <bug>922577</bug> + <access>remote</access> + <affected> + <package name="dev-python/pillow" auto="yes" arch="*"> + <unaffected range="ge">10.2.0</unaffected> + <vulnerable range="lt">10.2.0</vulnerable> + </package> + </affected> + <background> + <p>The friendly PIL fork.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Pillow users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/pillow-10.2.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44271">CVE-2023-44271</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50447">CVE-2023-50447</uri> + </references> + <metadata tag="requester" timestamp="2024-05-05T07:36:46.186094Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-05T07:36:46.190008Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-13.xml b/metadata/glsa/glsa-202405-13.xml new file mode 100644 index 000000000000..18cc95cd51f7 --- /dev/null +++ b/metadata/glsa/glsa-202405-13.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-13"> + <title>borgmatic: Shell Injection</title> + <synopsis>A vulnerability has been discovered in borgmatic, which can lead to shell injection.</synopsis> + <product type="ebuild">borgmatic</product> + <announced>2024-05-05</announced> + <revised count="1">2024-05-05</revised> + <bug>924892</bug> + <access>remote</access> + <affected> + <package name="app-backup/borgmatic" auto="yes" arch="*"> + <unaffected range="ge">1.8.8</unaffected> + <vulnerable range="lt">1.8.8</vulnerable> + </package> + </affected> + <background> + <p>borgmatic is simple, configuration-driven backup software for servers and workstations.</p> + </background> + <description> + <p>Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation.</p> + </description> + <impact type="high"> + <p>Shell injection may be used in several borgmatic backends to execute arbitrary code.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All borgmatic users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-backup/borgmatic-1.8.8" + </code> + </resolution> + <references> + </references> + <metadata tag="requester" timestamp="2024-05-05T07:55:00.732358Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-05T07:55:00.739533Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-14.xml b/metadata/glsa/glsa-202405-14.xml new file mode 100644 index 000000000000..b66d4faff83d --- /dev/null +++ b/metadata/glsa/glsa-202405-14.xml @@ -0,0 +1,57 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-14"> + <title>QtWebEngine: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.</synopsis> + <product type="ebuild">qtwebengine</product> + <announced>2024-05-05</announced> + <revised count="1">2024-05-05</revised> + <bug>927746</bug> + <access>remote</access> + <affected> + <package name="dev-qt/qtwebengine" auto="yes" arch="*"> + <unaffected range="ge">5.15.13_p20240322</unaffected> + <vulnerable range="lt">5.15.13_p20240322</vulnerable> + </package> + </affected> + <background> + <p>QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All QtWebEngine users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.13_p20240322" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0804">CVE-2024-0804</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0805">CVE-2024-0805</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0806">CVE-2024-0806</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0807">CVE-2024-0807</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0808">CVE-2024-0808</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0809">CVE-2024-0809</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0810">CVE-2024-0810</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0811">CVE-2024-0811</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0812">CVE-2024-0812</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0813">CVE-2024-0813</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0814">CVE-2024-0814</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1059">CVE-2024-1059</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1060">CVE-2024-1060</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1077">CVE-2024-1077</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1283">CVE-2024-1283</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1284">CVE-2024-1284</uri> + </references> + <metadata tag="requester" timestamp="2024-05-05T08:20:02.905138Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-05T08:20:02.908263Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-15.xml b/metadata/glsa/glsa-202405-15.xml new file mode 100644 index 000000000000..3e9f5e37a085 --- /dev/null +++ b/metadata/glsa/glsa-202405-15.xml @@ -0,0 +1,82 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-15"> + <title>Mozilla Firefox: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution.</synopsis> + <product type="ebuild">firefox,firefox-bin</product> + <announced>2024-05-05</announced> + <revised count="1">2024-05-05</revised> + <bug>925122</bug> + <access>remote</access> + <affected> + <package name="www-client/firefox" auto="yes" arch="*"> + <unaffected range="ge" slot="rapid">123.0</unaffected> + <unaffected range="ge" slot="esr">115.8.0</unaffected> + <vulnerable range="lt">123.0</vulnerable> + <vulnerable range="lt" slot="esr">115.8.0</vulnerable> + </package> + <package name="www-client/firefox-bin" auto="yes" arch="*"> + <unaffected range="ge" slot="rapid">123.0</unaffected> + <unaffected range="ge" slot="esr">115.8.0</unaffected> + <vulnerable range="lt">123.0</vulnerable> + <vulnerable range="lt" slot="esr">115.8.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Firefox rapid release users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-123.0" + </code> + + <p>All Mozilla Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-123.0" + </code> + + <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.8.0:esr" + </code> + + <p>All Mozilla Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-115.8.0:esr" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1546">CVE-2024-1546</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1547">CVE-2024-1547</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1548">CVE-2024-1548</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1549">CVE-2024-1549</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1550">CVE-2024-1550</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1551">CVE-2024-1551</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1552">CVE-2024-1552</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1553">CVE-2024-1553</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1554">CVE-2024-1554</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1555">CVE-2024-1555</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1556">CVE-2024-1556</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1557">CVE-2024-1557</uri> + </references> + <metadata tag="requester" timestamp="2024-05-05T08:35:38.912286Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-05T08:35:38.915811Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202405-16.xml b/metadata/glsa/glsa-202405-16.xml new file mode 100644 index 000000000000..04da4682d8dd --- /dev/null +++ b/metadata/glsa/glsa-202405-16.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202405-16"> + <title>Apache Commons BCEL: Remote Code Execution</title> + <synopsis>A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution.</synopsis> + <product type="ebuild">bcel</product> + <announced>2024-05-05</announced> + <revised count="1">2024-05-05</revised> + <bug>880447</bug> + <access>remote</access> + <affected> + <package name="dev-java/bcel" auto="yes" arch="*"> + <unaffected range="ge">6.6.0</unaffected> + <vulnerable range="lt">6.6.0</vulnerable> + </package> + </affected> + <background> + <p>The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class).</p> + </background> + <description> + <p>A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifier for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Apache Commons BCEL users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/bcel-6.6.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34169">CVE-2022-34169</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42920">CVE-2022-42920</uri> + </references> + <metadata tag="requester" timestamp="2024-05-05T08:54:04.174105Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-05-05T08:54:04.177186Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 8ecc7a1cbe74..49b43657b5bd 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 04 May 2024 21:59:17 +0000 +Sun, 05 May 2024 22:10:03 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 53aa7d984b53..5f16a0b231ca 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -3f0835df81643a2316838781489d1870a408b6c9 1714814889 2024-05-04T09:28:09+00:00 +c767a7641029f069d1d45e5c732d96ab77a03a45 1714899266 2024-05-05T08:54:26+00:00 |