gentoo auto-resync : 10:01:2024 - 19:03:44

5 files changed, 59 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index d8c046997c8e..f6ce8b53bfab 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 560271 BLAKE2B 788d7d800c0cda76fd36e704c653a017e0745e9bb01350ea23c15bfb7c7d2ccbf2d1642309260d1234728ebba3fcb12dfa56f5a746e590036bf3b2bd162d2304 SHA512 1057c5d7357b4f952f1ae20e59f01992d95bfb67a14a419a2349e88e3ccccc40879bdf67c69b0a2d1c192af1a44dda8b074b2513672a6a571abaf442b2b628bc
-TIMESTAMP 2024-01-10T12:40:25Z
+MANIFEST Manifest.files.gz 560427 BLAKE2B 1aa508adba915695d7358b5a44f8641eae1b4e973be239d9cd27633ced5164c77d5d6ce1e66bcb3bdb57f909ef7c0a6ca1fe7b7376c59ffc9519cdfd69605a15 SHA512 dc27357ec64da2120ad016fd79a721efe77476f05ae2c6595779a8dba77147b1da9fd491d1233f4f51ec84a1ad6c67349e0bb90a424e21ba8f8579562191edea
+TIMESTAMP 2024-01-10T18:40:24Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWekDlfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWe5JhfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBVAw//e/Rs5M0ailcOhkuMewVQzT1zzs6R3dsnf7x3tp4xUMtGLisQV+Y65mwc
-rYUvSuepjxxtYvUEtFBQowJkHATukuS8vBlmEgBtcUZL0zTVmBuV6VBbZUyeQMlP
-DtoHU+Y2b3A8umvvY/OKIgFU1EvKoe/XTtWfnuyb0/inN4sry9e+WaCEIhfadzgj
-RmiXUSLE0nEjYn6veBRkv2z1fzIiz0m9hL6QHIyzU+dNCLxYVIvZmjdgnPHSJcvc
-+HH2ln+MiOLhdq0iNX6/yEEp8C+YKKG7DXbveLFcnHNio7FwiR0J3LV14xYsGTKd
-0d4SFKMIgAiEyJk1PNKCS3lSlWdm6kLnHpnDJIsMrIaEX/bRtQt1F4DuPyEFwb8p
-AFWavGQ50HHjvcA07Eul97chDP6Gma1OUMZ8vB0WAJMoUHYqoxnaPO+h8Li9vcPq
-327zxYYNqDfgZn7g1JrF70x3cJDVlHNS4RcUk5O3FcTRgit2qc7Vc2uDrfdjfoB9
-fwMqOM+LqudQAUFAZ/TEzFH8O9siY/Mm0dI+v/hfMOas/e2XfyQL61noZcZlD9LK
-YJNcZXyyFgFaAQXMhWPbEYhVg9+5xcBlyzsu1PLVVh07Wkm6wjHUaYP93d2+SlMH
-reEHuSVV2GxoAf8w/VLiZ5Cwd87ikUeEzP13im09v2Y56IF7Ctk=
-=MgZs
+klD+7Q//R2xNI5oXG4/4SIYd2eTekP0QxlUe396piX4zK+9RSWUU5RMvQr1pEFEy
+Y9PW7xXeFNuCzDTGMlnCtub6eBs7NkppVA79xTTP/GBUdM4jLauY3Hy94Orv9VfJ
+tH9vwIIIo01kLqmkFtM3GhBTDVV/e1pO3y1V8jfOKY/06uuz3VjIfp59f6OPmH3/
+9AYJKor80TtvnNHpxIJMx32fUUJAnvQJCW3JxVVobKkKBITevDuO7Mouwok5BF+O
+z3rXJVK5d82+HJtfUGZNFIfX5CA8JBDpdL+tCnzL+47f/CYT4oJh5Re4S1fxhdIf
+LOQViZuSLRx77nGxZyJv7X/9WrCyHAT7UwhESF/41sSPY1z//PCG/G+VJ2FgQ1Jd
+KDdevJCj2h2IiVrrNCtrr7rJLi5xF2Qv2x9PlqBED0s3CI3OZb2Q3MaAixCGycSw
+W2mNuAspPq7MPIECV/x8nIqvb5nRD4L0yfs1ho4HfWgwYyivQV7ZS9p6SsjrMVPS
+2jTW2hQaLSGfZY0W6RCZbUBdCNU7wF7EEnrKUaGu6id3mCiQNbJShhO1++xkmyG6
+7J9Qr28qL1AKa2rd5lQlfsNN/pk6bJJFm9hIEj7GeOElqpTo9cOiSmVbEgFXz2YA
+twPyvkvqYaMHKADTrcPtxXSC+aHU+bvGlI84nCYI0fUmlhHGPqA=
+=aGfQ
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index eb8249987c2f..cde80d5e9d37 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-14.xml b/metadata/glsa/glsa-202401-14.xml
new file mode 100644
index 000000000000..8489fd1909cd
--- /dev/null
+++ b/metadata/glsa/glsa-202401-14.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-14">
+    <title>RedCloth: ReDoS Vulnerability</title>
+    <synopsis>A denial of service vulnerability has been found in RedCloth.</synopsis>
+    <product type="ebuild">redcloth</product>
+    <announced>2024-01-10</announced>
+    <revised count="1">2024-01-10</revised>
+    <bug>908035</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-ruby/redcloth" auto="yes" arch="*">
+            <unaffected range="ge">4.3.2-r5</unaffected>
+            <vulnerable range="lt">4.3.2-r5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>RedCloth is a module for using Textile in Ruby</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>RedCloth is vulnerable to a regular expression denial of service (&#34;ReDoS&#34;) attack via the sanitize_html function.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All RedCloth users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-ruby/redcloth-4.3.2-r5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31606">CVE-2023-31606</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-10T13:10:26.781895Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-10T13:10:26.785113Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index cd7f01691387..8751349e13e7 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 10 Jan 2024 12:40:21 +0000
+Wed, 10 Jan 2024 18:40:20 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index d342da0701b5..2e5440585ce8 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-a1eecf982df504f02f8b23c7cace982c168ea64b 1704887079 2024-01-10T11:44:39+00:00
+7333f37d680f5c423bfeb1acb9a7bf506e04e09f 1704892253 2024-01-10T13:10:53+00:00