gentoo resync : 19.01.2018

7 files changed, 185 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index d9186c85908e..daeaccb80e55 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 415494 BLAKE2B 2f34f7614c57c1227dca4ba5e94448aaaf1c88b58bde62fd5023825ca6fa9f91eb38f3fc870e5d0d4a9f61ba5e0b405b4e56e0a0f3d0f445a310f64d9879a20c SHA512 cbaf62f7039ef26866be8def74a0d98d86a632fc08f42981aae6f6d5fefb8a9b2f798ee6b1f54c1b6175290da8a63d9dd985f66413f2f6347c1e7a0c92871051
-TIMESTAMP 2018-01-16T16:39:21Z
+MANIFEST Manifest.files.gz 415966 BLAKE2B 664ebf4d322399166469a6cd167dfeeba8ecc3b61712e950abcb3c63c18cca02140bfaa206e2eb06bb1476d73682fe2d76e35b8a94dc0228c60af02e86c19a87 SHA512 7d06c7f62e8712502202c5d9e88cc501b34d79560f0bdd5e1f5907dc55cbc791a6d1c654b9e913106a8a96545f88c154fb9731c255532e719a8a5c200a14acc3
+TIMESTAMP 2018-01-19T19:09:42Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlpeKrlfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlpiQnZfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCFQg/6AyW7ZXlYIDK+vuWTPbB4c/ZP0cgaFvhZMPkh5mSEpN/ynHrBy8V/rAe1
-eUsKterzCZdjnRZ4B7otA79bgWeleiePDSXopIfYnJaHhXx5nvyzHMpA4VJ98anQ
-sA5BG5gIgrvkalkO4vZoWxQMz5onpqpne7OqsEWaO+90XfagsDKj3UzBIeSJC9dV
-knJrvAwu4qIbZVkM68X8JoHx60xMVBEdxEgcAdllke+U15U1JEbgivKsX2IRPyRh
-S/61oYdvDYKdzl5aRztkYdJnfdeGUsn8aOgyO52h4Gs8qoJyZm3KXGRi8pAju0uC
-pkSJCEkFhOjuOGtV0cNtgUw1iH7U54osZWcJ+39MjPQOTAWGMHtH8tzKIo7BpGa9
-JNue73VqyiiRWVaVK/bzRar3s2RJMErc2kKk/IHbHOPCof5ZtV1Tsj/10Pinv3SG
-YcJqXr2niwB5sK3bMGr4jUJONF9MNRfutFnxy8V4BKwMlYEcE2mVV2XTzzVN+qYE
-xs35MaSjyYD80zpBdLw7SquSKfrCWoLk+wZ1zIzVwCfIOr850XOmA6DvN64sgVRD
-1Sg6NqWO7afYBGP1dZeALzVbwWohsCbFvbHWH/hYyLgYeXSItKwxm/H5ifSm+aHh
-aT8XS1YiFCK0HSKiJDWKAWMO2h4VUM/Wd9ATv90OKHWbyzxp4N0=
-=g+oe
+klCZ1g/+JF8u5zrOQq/Vi5JhyN2EO3Mkrn9w165pNHfU+Xo4S0Zvrxze/gWvkGOG
+ihVOcAQNQglt7AZDrp6bZuMb8rmGZ4IfvNAEPjiXl+oU6x2FAvUu4OjGOp+NHYZN
+Gf7dQ9j0fStIY2EBsMi2VjrgRy/cpj3A84J+VygxZ6g2RwXyWqJzd/Mcje70A7I9
+zcG6UoyldlbGtIcKqknAKuw/JSRiL4lGIlFHmdjU31WvVenqwYPxkC4Zx74Kzt1B
+Jy+RDGHlmJxOZyifghcAuJQAXQbcAobNieXMh3xGG3KaQsl65uqteigdcMhsS4+0
+yNW0qcn8dFQCJvwJiIXS5nvovZFpdojBUipJO2XRt5aMbercMoGJEZopw/JoHWZg
+TY9FUI8OG+shZeb1kg3hwGMA8TtJdNaQfMXG0M9OLJ9MIC3WT6k5vB1ar+BeWg9F
+HX1bfEWU2a/Vbgis0cYKBGfUKIJXI5J18FOulmg1lA0y7RPYP83US9Z7arKiFe3/
+ZNZlvO/72IT+ESGwtXLgYv3ogEJF4sPFzX2CcUmzZnWB5Wg/MeDdLGS6coP8h8Ww
+C1CNmBh71wvVcEkRt43WIezAd/ddglrQBsv28JQhixqb26wY64jDrfcTA05Wvy7t
+OUEMnuL2SMHLA4FNUQHLaK3DRmPIb8gzO1Lvg3qJPhoSLbQDp78=
+=16V8
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index e90385a46f35..f87efb13feb5 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201801-16.xml b/metadata/glsa/glsa-201801-16.xml
new file mode 100644
index 000000000000..69711dccab31
--- /dev/null
+++ b/metadata/glsa/glsa-201801-16.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-16">
+  <title>rsync: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in rsync, the worst of
+    which could allow remote attackers to bypass access restrictions.
+  </synopsis>
+  <product type="ebuild">rsync</product>
+  <announced>2018-01-17</announced>
+  <revised count="3">2018-01-17</revised>
+  <bug>636714</bug>
+  <bug>640570</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/rsync" auto="yes" arch="*">
+      <unaffected range="ge">3.1.2-r2</unaffected>
+      <vulnerable range="lt">3.1.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>File transfer program to keep remote files into sync.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in rsync. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could bypass intended access restrictions or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All rsync users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/rsync-3.1.2-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16548">CVE-2017-16548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17433">CVE-2017-17433</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17434">CVE-2017-17434</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-01-16T12:20:06Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-01-17T03:06:21Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-17.xml b/metadata/glsa/glsa-201801-17.xml
new file mode 100644
index 000000000000..962f1b086bbd
--- /dev/null
+++ b/metadata/glsa/glsa-201801-17.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-17">
+  <title>Poppler: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Poppler, the worst of
+    which could allow the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2018-01-17</announced>
+  <revised count="1">2018-01-17</revised>
+  <bug>619558</bug>
+  <bug>620198</bug>
+  <bug>622430</bug>
+  <bug>624708</bug>
+  <bug>627390</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.57.0-r1</unaffected>
+      <vulnerable range="lt">0.57.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Poppler. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted PDF,
+      could execute arbitrary code or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Poppler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.57.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-2820">CVE-2017-2820</uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7511">
+      CVE-2017-7511
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9083">
+      CVE-2017-9083
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9406">
+      CVE-2017-9406
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9408">
+      CVE-2017-9408
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9865">
+      CVE-2017-9865
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-24T14:30:16Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-01-17T13:41:30Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201801-18.xml b/metadata/glsa/glsa-201801-18.xml
new file mode 100644
index 000000000000..9dbf130f7b33
--- /dev/null
+++ b/metadata/glsa/glsa-201801-18.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201801-18">
+  <title>Newsbeuter: User-assisted execution of arbitrary code</title>
+  <synopsis>Insufficient input validation in Newsbeuter may allow remote
+    attackers to execute arbitrary shell commands.
+  </synopsis>
+  <product type="ebuild">newsbeuter</product>
+  <announced>2018-01-17</announced>
+  <revised count="1">2018-01-17</revised>
+  <bug>628796</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-news/newsbeuter" auto="yes" arch="*">
+      <unaffected range="ge">2.9-r3</unaffected>
+      <vulnerable range="lt">2.9-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Newsbeuter is a RSS/Atom feed reader for the text console.</p>
+  </background>
+  <description>
+    <p>Newsbeuter does not properly escape shell meta-characters in the title
+      and description of RSS feeds when bookmarking.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a feed with specially
+      crafted URLs, could possibly execute arbitrary shell commands with the
+      privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Newsbeuter users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-news/newsbeuter-2.9-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-12904">CVE-2017-12904</uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-09-12T02:38:59Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-01-17T13:45:37Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index f124a8652ca5..1d456a31cef8 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 16 Jan 2018 16:39:18 +0000
+Fri, 19 Jan 2018 19:09:38 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 185f121a6f0f..473792849815 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-bda98067f603838195635d005adb1554327dd24e 1515990330 2018-01-15T04:25:30+00:00
+1f7488673c3108de82dfc31b7c1132230e991834 1516196748 2018-01-17T13:45:48+00:00