gentoo auto-resync : 15:01:2024 - 19:18:28

author: V3n3RiX <venerix@koprulu.sector> 2024-01-15 19:18:29 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2024-01-15 19:18:29 +0000
commit: 4c588f061163483deaeecd52e6a5743762d2603e (patch)
tree: b350c2c1cadf3ac9598a043421fcaf654b9e2bc7 /metadata/glsa
parent: b9d13f23ed10bb803607f6ef67f0df2f078aa70f (diff)
8 files changed, 198 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 0ae966a639c7..7253c3e7d124 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 561052 BLAKE2B 2e370baf90fdcc40ea27b2a1f0d7e6210ee747e4187243c4991ef22775123b08db937038f2d78635383232c5803c72b8a98f177b12e48fdefd33bfca9230a109 SHA512 fc1a49a1af98767621f025f1ee7184510bb281bd9e24e963c6700bc0c7aba3681caa3ebfa19bd541d1935840d01247cbbb29742d2400806b1206bcaf9bfd26a0
-TIMESTAMP 2024-01-15T12:41:01Z
+MANIFEST Manifest.files.gz 561691 BLAKE2B 6e43060375613f4e3dd8c40a3bb2f48594d6afe024617aa4079d36973378d2580bcd71be7d9251c255ea01668b9f06899743502cd8d1d2d14c66ce680967fd04 SHA512 cd6174222e897e48ed9420c05367694fcf6b82da900082de9879767a18c01c6716855f9545e9f81a0d76b089ac711084901ca3fbade24ecd36536553074eb538
+TIMESTAMP 2024-01-15T18:40:14Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWlJ91fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWlfA5fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDpYQ//eSOigBbuQXnxsaIAVJ2Nb5g16vxFbibw3RdOuKLEfpYj40KS8I7Zzp3O
-/OvL249+3SRO1JrZfuZnWTFCt3LY5ZfoRgJ67TP18vuZwlTyN9BLH4q7LUn3MGkT
-NbbLhazV50SrEFxVgdpW67beIBNc64chd1fniJZWqK0RIF+4UkSohdhPsa093W+q
-DCYpoz8RLQcRNLAmArg4ZLWM9hsimJqbswxXcWiTRp1jDM6Qb7T6JLw0G4ZEphvE
-7ypUiuGyL776zy0ONOkdRT+FdiCANP+EXmCiuj/HY8UisHyd/63v4+OKuz0Z3bqs
-6SZ6dGIZ3GFHGOq/mXcGpO8wt9/RN0J6uDPW5xQ0X/vtBHZlCj3jaicyUlQWUerF
-lqJHu5S1ytCqPQ3Xki6FjVbx8Qdt3LtCxWAtHjE8yR0Ek4o1NIeVKav6Cuor6KdN
-VnAcBqGMxNDu/2GFSC8PRZYw9kB61q+rCmJ1H5/nlENjHsEaxXBuJ3u4EXIXkYq5
-5bASXHCOYF1WQmcGjlloo3JYkUwQ6Ljfx0SK8lCQg7bDe0jMH9D4miXBhi8gsuEX
-4zfziBoj5qSX+8cK5+gqMsBemCuZVrbpyJU2+4WNB97Ib10Kvrj+bV6iBpFF03xF
-kH9BmNtEXzRFhcUadSCQq0/PfgKvdNI/pcfW7V/83uxHYl7Kqf8=
-=h7SA
+klAk0Q//YFndSP22XyZ+1oPoM+YrllLNiwFrhrOlrDYRnXo8x7R8YDhvUgtiifz/
+mPNqFopIxTB38ADjx6cVftG97t4V9w+PdI/NTwopkA+N/LRM9Ss97DN0YwCkwnlq
+bY9S1avSHiqv6h3beaiB/D1SWHaais59+I/+WFuFrGz0FoPZ7vxK1QzyIFeQzbat
+yxCWjZ9jxcVTxeRjwP42rO4VxpA+U8c2gEaph+k2b5dpzHyseveFI9heynbvySwF
+Dsact8ScnVRSfOjL3R8EqrRIpmCiFTELlAe15VsDIq/eoUjWsyxGTBKJySh50cwG
+XetcUdwAwc/BL4PRrXkyy+bzgwBaFjZi8/EGWoT228WvZAeXj6OsckRx328Rui5p
+nwk5KeRX8Pmqt7lQ8m1m+066leczhHai5SEiIuvxbtgVoV94NrKQY/TC9XTDa9qM
+1lJVmmlH+U+5KU2mfnI0z/GOc4CSIaO869x2J4PE/FQ6lIm9VgHLS/MW9N/XgkAN
+DhwRm1Ll7EWiGMtXyb5vLnt9upQu9ilhfj/oiD2yu6JSoO4OhoRN7Alsj1pBCd1q
+fxbCVGvJdsbAnhdlnZiNGqspa2lzCJGxufzqS7EKlZVRu064sMUH82S9oTucd1XO
+1FRSvIjDIsmeezdWzUNaOLC1ENV/Gj84Ys6+vmqYWZLwhyLMcys=
+=4/6o
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 150aa1571e0f..bc0cc6ee29c9 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-19.xml b/metadata/glsa/glsa-202401-19.xml
new file mode 100644
index 000000000000..c8072c96b5da
--- /dev/null
+++ b/metadata/glsa/glsa-202401-19.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-19">
+    <title>Opera: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Opera, the worst of which can lead to remote code execution.</synopsis>
+    <product type="ebuild">opera,opera-beta</product>
+    <announced>2024-01-15</announced>
+    <revised count="1">2024-01-15</revised>
+    <bug>750929</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/opera" auto="yes" arch="*">
+            <unaffected range="ge">73.0.3856.284</unaffected>
+            <vulnerable range="lt">73.0.3856.284</vulnerable>
+        </package>
+        <package name="www-client/opera-beta" auto="yes" arch="*">
+            <unaffected range="ge">73.0.3856.284</unaffected>
+            <vulnerable range="lt">73.0.3856.284</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Opera is a fast web browser that is available free of charge.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Opera users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/opera-73.0.3856.284"
+        </code>
+        
+        <p>All Opera users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/opera-beta-73.0.3856.284"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15999">CVE-2020-15999</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-15T12:40:03.932610Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-01-15T12:40:03.934835Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202401-20.xml b/metadata/glsa/glsa-202401-20.xml
new file mode 100644
index 000000000000..7600622922d9
--- /dev/null
+++ b/metadata/glsa/glsa-202401-20.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-20">
+    <title>QPDF: Buffer Overflow</title>
+    <synopsis>A vulnerability has been found in QPDF which can lead to a heap-based buffer overflow.</synopsis>
+    <product type="ebuild">qpdf</product>
+    <announced>2024-01-15</announced>
+    <revised count="1">2024-01-15</revised>
+    <bug>803110</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-text/qpdf" auto="yes" arch="*">
+            <unaffected range="ge">10.1.0</unaffected>
+            <vulnerable range="lt">10.1.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>QPDF: A content-preserving PDF document transformer.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in QPDF. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>QPDF has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All QPDF users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/qpdf-10.1.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36978">CVE-2021-36978</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-15T13:05:16.102082Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-01-15T13:05:16.105037Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202401-21.xml b/metadata/glsa/glsa-202401-21.xml
new file mode 100644
index 000000000000..1ceef006bdf6
--- /dev/null
+++ b/metadata/glsa/glsa-202401-21.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-21">
+    <title>KTextEditor: Arbitrary Local Code Execution</title>
+    <synopsis>A vulnerability has been found in KTextEditor where local code can be executed without user interaction.</synopsis>
+    <product type="ebuild">ktexteditor</product>
+    <announced>2024-01-15</announced>
+    <revised count="1">2024-01-15</revised>
+    <bug>832447</bug>
+    <access>remote</access>
+    <affected>
+        <package name="kde-frameworks/ktexteditor" auto="yes" arch="*">
+            <unaffected range="ge">5.90.0-r2</unaffected>
+            <vulnerable range="lt">5.90.0-r2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Framework providing a full text editor component for KDE.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in KTextEditor. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>KTextEditor executes binaries without user interaction in a few cases, e.g. KTextEditor will try to check on external file modification via invoking the &#34;git&#34; binary if the file is known in the repository with the new content.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All KTextEditor users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=kde-frameworks/ktexteditor-5.90.0-r2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23853">CVE-2022-23853</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-15T15:42:22.100996Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-01-15T15:42:22.106940Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202401-22.xml b/metadata/glsa/glsa-202401-22.xml
new file mode 100644
index 000000000000..bbffaf3089c5
--- /dev/null
+++ b/metadata/glsa/glsa-202401-22.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-22">
+    <title>libspf2: Multiple vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution.</synopsis>
+    <product type="ebuild">libspf2</product>
+    <announced>2024-01-15</announced>
+    <revised count="1">2024-01-15</revised>
+    <bug>807739</bug>
+    <access>remote</access>
+    <affected>
+        <package name="mail-filter/libspf2" auto="yes" arch="*">
+            <unaffected range="ge">1.2.11</unaffected>
+            <vulnerable range="lt">1.2.11</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in libspf2. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Various buffer overflows have been identified that can lead to denial of service and possibly arbitrary code execution.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libspf2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.11"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20314">CVE-2021-20314</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33912">CVE-2021-33912</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33913">CVE-2021-33913</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-15T15:55:54.972939Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-01-15T15:55:54.975403Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index f51938f0f188..9e54adef4b5b 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 15 Jan 2024 12:40:58 +0000
+Mon, 15 Jan 2024 18:40:05 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 4d92ae452f19..4420bdea32e0 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-93dbf80a72b6cbaffc14d3cdc8167e7cfb1c6bdd 1705320250 2024-01-15T12:04:10+00:00
+9cdf086497a5ec3652db4ca75fc899675aa0af77 1705334181 2024-01-15T15:56:21+00:00
author	V3n3RiX <venerix@koprulu.sector>	2024-01-15 19:18:29 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2024-01-15 19:18:29 +0000
commit	4c588f061163483deaeecd52e6a5743762d2603e (patch)
tree	b350c2c1cadf3ac9598a043421fcaf654b9e2bc7 /metadata/glsa
parent	b9d13f23ed10bb803607f6ef67f0df2f078aa70f (diff)