diff options
author | V3n3RiX <venerix@koprulu.sector> | 2024-01-06 12:54:39 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2024-01-06 12:54:39 +0000 |
commit | 56330f065f2b903d9e1b2dffc63719fef5897a45 (patch) | |
tree | 659a7ebca7cb9f7504b018c1484df84ba4f9ab01 /metadata/glsa | |
parent | 1774f0a748546cbd792bf1eb44757b63be2e0114 (diff) |
gentoo auto-resync : 06:01:2024 - 12:54:38
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 559158 -> 559317 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-202401-07.xml | 44 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 61 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 6e58dc212fb3..c40e10750664 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 559158 BLAKE2B 7743be6d30bedd899f1ed6ee719a2c0f78de2f732319746c264a2fa060ba8ae030e9eed586d48ebb590968099f0af93a7b2f09f029dc6458c2ee484d255bd117 SHA512 86d7b1c7f1efaf6f78995086d3e2bb0b7d8c79e5750b872b064dda4aec42c093aebaf9a1ea2161c6c56fa84d61dba2be695416159673540b4a2291892918d774 -TIMESTAMP 2024-01-06T06:10:13Z +MANIFEST Manifest.files.gz 559317 BLAKE2B 0a4d0ed654d5a43854b9b44988bdb4643495b86920de9bd246bf46fcc345ba1a5166c2103a10a186d99db77f51e6ca2fbedd4ea9de655624a90f97185dedfe19 SHA512 68b7f9edd2e18b7c9b8cde1bd8ca0c31f75b45ec27937f49a0b172c9019da731e4182b7a6489209bd8527928ac9b72c9b7758e7a8a785bc8902893a4edadd98e +TIMESTAMP 2024-01-06T11:09:35Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWY7sVfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWZNPBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAYfg/+MOkupdLfzTMTtp+5Kx8n+DTJvcPH4JChl3Atze2qIWjIWoi9TaqvNRtu -oc8uNpK5xr3f983qH5b2pv1mVbcICDoe1RR/72dXmA7CkTfscjhQeoXR50iaxABE -gjN3elxMZo3CNNq6njRs3wXWTtPhv8kA5s6BVs/fJJmBZI2mMc/09s5ejp6Mi3Pk -bUkK54Esc3HislAXAO4S78NarU5g/UQ1oTypouZQ161WQlLRfJqcE+jh5Od9IJlY -FOy3EP3rbVp/cHglXjcXhjxB4qeCa9zl/2viGnSX+ny2RAt1n2Tp9D37JBsGflzt -OUTUIXimxSxWa7T0OCk/yXW1oe9dML/h1+drB9AiO7x/gr5GUR0h9XdwNhXX3phM -NBqvcMDcxkpSw7GdnjbeVrKiKgxLIAym83K6I3WhPKwssdpxlrnbSOcc3e2N9BYI -szlcjkDNtne/cX62huOJC99n5XAVwAO00x6Uqcfz0NYswJ3YlHAUobDdPcxmEGZe -dXCw8jFiegmdnVN5+WZzsOCL6MsuMf1Vm36dpF+7OVxQ7rm01yvRaRB41v0YTlMU -Xr+fjmLkCB5TkkLsZLPhG4TcQiS6zdihjjUx20Nmnsgxwa1f77jzHpE7R3ASFff7 -+KJMqUyQMvbUhHr27+UBf1I52IwP0C3rzoOfM6zS4Qz6PIrYWTk= -=am6P +klDqnA//U3WBWswT4EZcziH8SW6TUHMsjQY9r6DJ/bbKDzoGk+TxzSMNdBEyCL3J +vuj0w+aOBLwRPCGIfL7xhFF2O+R1FHKgUNI7aT2Q0I1rS1XtRZjFHLOGoYnpyjwt +QXTxPXkRkW41vlEd83cgoRwh8dP1TAhM8DimfHmg+UBdB20FLRGT0nCdbHN7Ux/x +xu3k3Azhdbj8Ax7a2fzduZcQpII8dYXM/GV0gz4ECUBGKT7Rd5o9rwFkrnfZ7XIA +SbyRL+sCDChmAvPVRy776zzdBX3Q2exyldyxRLQ1WPGYKVqJy/WWWROMYJy0wAuX +4GFW3MPFndAbTYTdOnB4GA4f969gAFzisixtITzn3f3cdgtVApN1pHsslTi+du4/ +e6POzK66I0qiZxk2xeqdJ1/pOVNqwu7OYyg3kXNLwSwQ0SfTiMlP49Aj0cvRyjvB +dbWZn/apxe2ObA2c1P3xr1E7ucYUwDZNrizz72IJeBtuyzHJn65OzI8ZKafferg+ +LWu06AalSDMbHT70ClFD73lL1P+fvaO+N/Pi0tW5a0gQNC1ea1Y35NkgjlQyY78b +umEafSy/VXLb7dHdEuHa7tioVGg1VhDcp2sZUKOKvU7VM6auZkZDENnDI2ocRKnw +np8UwMqoLKbB1HzJVCMQBico4oxkxFD5UIVV9nTW6TEPe+4E7qw= +=037z -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex bc5279c092c5..126306040cc9 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202401-07.xml b/metadata/glsa/glsa-202401-07.xml new file mode 100644 index 000000000000..ff293d52a518 --- /dev/null +++ b/metadata/glsa/glsa-202401-07.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202401-07"> + <title>R: Directory Traversal</title> + <synopsis>A vulnerability was found in R which could allow for remote code execution.</synopsis> + <product type="ebuild">R</product> + <announced>2024-01-06</announced> + <revised count="1">2024-01-06</revised> + <bug>765361</bug> + <access>remote</access> + <affected> + <package name="dev-lang/R" auto="yes" arch="*"> + <unaffected range="ge">4.0.4</unaffected> + <vulnerable range="lt">4.0.4</vulnerable> + </package> + </affected> + <background> + <p>R is a language and environment for statistical computing and graphics.</p> + </background> + <description> + <p>The native R package installation mechanisms do not sufficiently validate installed source packages for path traversal.</p> + </description> + <impact type="normal"> + <p>Installation of a malicious R package could result in an arbitrary file overwrite which could result in arbitrary code execution, as might be seen with the overwrite of an authorized_keys file.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All R users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/R-4.0.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27637">CVE-2020-27637</uri> + <uri>-fno-common</uri> + <uri>gcc-10</uri> + </references> + <metadata tag="requester" timestamp="2024-01-06T09:03:55.341282Z">ajak</metadata> + <metadata tag="submitter" timestamp="2024-01-06T09:03:55.343880Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index d1e0077507a2..16b79886b532 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 06 Jan 2024 06:10:10 +0000 +Sat, 06 Jan 2024 11:07:55 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 066490e28f40..c6d503ae307d 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -13307cb5778acc25f47ab91c29f839443f3a4cf8 1704464830 2024-01-05T14:27:10+00:00 +6de45d78fb7f4cf3386f767a9e6b4d48cc85ce88 1704531859 2024-01-06T09:04:19+00:00 |