gentoo resync : 15.12.2017

author: V3n3RiX <venerix@redcorelinux.org> 2017-12-15 17:25:28 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2017-12-15 17:25:28 +0000
commit: 6b933047f46efec1aa747570f945344254227457 (patch)
tree: a12a4b87b38f954c4de435272cf4b90d721df5e8 /metadata/glsa
parent: f45955e60d4da9b7f4a1088c98042f9c06669039 (diff)
8 files changed, 329 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 0dd53be795f1..525448a5eee4 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 412220 BLAKE2B 617f98a11422c1ee21088130d37b0366715c394e1b07542c78cc30517f3787d1a7caef3c41d798a3b476df30c0c66c05c78794ebc80ff83c5b528cbc6cfe4b21 SHA512 cd79d1d0f667c0328946b3f39635013f95ead0bdc9d55e949bdeff00c6846b73b692fe2e0db699410d94aec83dcc49b2344f458738ab9321428be107da1bc56a
-TIMESTAMP 2017-12-10T08:09:33Z
+MANIFEST Manifest.files.gz 412859 BLAKE2B 29f22611257846c43da3f994e05684673fa1caa957a4b148f39ff19bc84f3682e8490d97c111e7eccbdb376d70136a0d0906ef152ce3abf044f4fb391eb520c4 SHA512 49d32fc5be9c59d40fa5555276aaf748a6274c5421c12e450644629355174f7bb6f7e77103a5571ae8f5e28bcd53505531ac68ed8f7957c3debfc9196bd152cd
+TIMESTAMP 2017-12-15T16:38:51Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlos671fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAloz+ptfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCdIQ//UElZHAGeG5LBVrYKnyEO2yOhkl9OkUzQgyYiVT5L2ow0SjMQLqMGeUxi
-xm4irO9/PkEC8LE6lthAWanQQC0hRrBvNEHObViaUWdVvvDMdRFbpreUqT1FjTnC
-EFf3oX4EFYNc3f3K43vVnkaERdHiPZyijIOWLpn9D7eX5f/6bAHHhTWmFDgfxiIP
-QNdlZLqwGWzDvhhxDvIUumBsa5XZfzKS5Ocb61+iUw4x4mnhnw0LfKpWImpYn+sT
-E94oc+vVvSRO3bp33kgV8s616uVZU2EXv9eiGHKEJiMJRXEO/WD15UnP8SshK0vQ
-smj7MK48uEwM6s3DuZuUr5foid/XYOq3Usubvlo7a3QUJfUkXgwpTv/O2XlIUcN9
-LgbZB1uMEXTJGcKAtNi/u5KabWdXVVqL9FfUMOSfNMUR1HhZmVb+ooHw8nHh+RRc
-R4Su62S1wvazW228nw7ujj5inm5/EC8+964HCMgnVgXQHk9+LmWVKNnTyB0Rlale
-u9xG67kW3pEx58HOydtYyHXiw/9sKXBWHgBXTfzO0BTrFkmfK+XW2mwT+FmUH+Y4
-HE/HBdyvck6ReTCoV9nQZY7Ra30gQxL9JOTu/DGoAgP0gPUDKNFRKuGq+E3Awnyb
-reqtKB25Xe+UVTUBG1uZQXgQkPnaLwRRyw9a4sV8YYuE9085Plc=
-=tv0T
+klCycQ//UINb5dEsy1qRPuBO/wDfi4Gh2U3hC9W5ZZqNkCtYTeRzhdNGtyRtgqKX
+h1tEe93LGxIclmshFtzmMupZZD8DwNIrI1WYk/7lvVEi9hYMiDX3IklHHXwk0D52
+j6K+bhEpWnRg6pUlO81gbyYIx25nWQKCf6exrocCrkUW5XIY2AhYxUvuTu0RXOMl
+0DyUIpSgh+JZtkP0f3QzJW/BUZ5T+9cT0OM5JspOEvrDuToAIrT7PlW1Rrwkkf4I
+q1KP1Mt12e52uKTvbRnufSd7Fb1GNq15Y0hufP0hIf2JWMEX5lXHhM1JSf3fmiqv
+EDMQnVbVSETcpZFdp2M4P7Z9+jmgeLzLR3PJX9E198SSEhPj0y59q5QHGW15rJZD
+HSIXXOiYx0uXbCjy9IHS78qDMBQCP3rFMpz+if+IqWsGBEjknZGuCYNZKc92OBtM
+aiBPeM/rN2NHMlMpaqV3JgMYm+pIK9K8CgQ0+HBsPmrY4lNj0CpJcEf7dJdaT9TW
+4ByJnHYtT0zlZ2ET+GPu/NmjE0QR2DcuvYV7FfcFNUCWK8R6Jr5FCyEqlIjvQZcB
+OR2ioPRXNGebde1f2V2j9iqC7uE9PB1AVtE6TAVoSUBgusTOpTsIQqQ6XRqB3zIu
+NsdxI+aM1suWje+GRwF9jchcTJCqwciPQ2FrrOW6EucwmBZq8M8=
+=BZJE
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 962ae75495cc..6fc5b55366c7 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201712-01.xml b/metadata/glsa/glsa-201712-01.xml
new file mode 100644
index 000000000000..31391d02a59e
--- /dev/null
+++ b/metadata/glsa/glsa-201712-01.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201712-01">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in WebKitGTK+, the
+    worst of which may lead to arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">WebkitGTK</product>
+  <announced>2017-12-14</announced>
+  <revised>2017-12-14: 1</revised>
+  <bug>637076</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.18.3</unaffected>
+      <vulnerable range="lt">2.18.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>By enticing a victim to visit maliciously crafted web content, a remote
+      attacker could execute arbitrary code or cause a denial of service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.18.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13783">
+      CVE-2017-13783
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13784">
+      CVE-2017-13784
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13785">
+      CVE-2017-13785
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13788">
+      CVE-2017-13788
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13791">
+      CVE-2017-13791
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13792">
+      CVE-2017-13792
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13793">
+      CVE-2017-13793
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13794">
+      CVE-2017-13794
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13795">
+      CVE-2017-13795
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13796">
+      CVE-2017-13796
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13798">
+      CVE-2017-13798
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13802">
+      CVE-2017-13802
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13803">
+      CVE-2017-13803
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-12-03T01:49:25Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-12-14T16:50:30Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201712-02.xml b/metadata/glsa/glsa-201712-02.xml
new file mode 100644
index 000000000000..f0f2f8bc37f9
--- /dev/null
+++ b/metadata/glsa/glsa-201712-02.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201712-02">
+  <title>OpenCV: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in OpenCV, the worst
+    of which may result in a denial of service condition.
+  </synopsis>
+  <product type="ebuild">OpenCV</product>
+  <announced>2017-12-14</announced>
+  <revised>2017-12-14: 1</revised>
+  <bug>627230</bug>
+  <bug>627958</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/opencv" auto="yes" arch="*">
+      <unaffected range="ge">2.4.13-r3</unaffected>
+      <vulnerable range="lt">2.4.13-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenCV (Open Source Computer Vision Library) is an open source computer
+      vision and machine learning software library.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenCV. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker can cause a denial of service condition or conduct other
+      memory corruption attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenCV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/opencv-2.4.13-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12597">
+      CVE-2017-12597
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12598">
+      CVE-2017-12598
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12599">
+      CVE-2017-12599
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12600">
+      CVE-2017-12600
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12601">
+      CVE-2017-12601
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12602">
+      CVE-2017-12602
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12603">
+      CVE-2017-12603
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12604">
+      CVE-2017-12604
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12605">
+      CVE-2017-12605
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12606">
+      CVE-2017-12606
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12862">
+      CVE-2017-12862
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12863">
+      CVE-2017-12863
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12864">
+      CVE-2017-12864
+    </uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14136">
+      CVE-2017-14136
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-12-03T01:50:47Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-12-14T16:50:47Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201712-03.xml b/metadata/glsa/glsa-201712-03.xml
new file mode 100644
index 000000000000..2f08599410ad
--- /dev/null
+++ b/metadata/glsa/glsa-201712-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201712-03">
+  <title>OpenSSL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSL, the worst of
+    which may lead to a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2017-12-14</announced>
+  <revised>2017-12-14: 1</revised>
+  <bug>629290</bug>
+  <bug>636264</bug>
+  <bug>640172</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2n</unaffected>
+      <vulnerable range="lt">1.0.2n</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
+      Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could cause a Denial of Service condition, recover a
+      private key in unlikely circumstances, circumvent security restrictions
+      to perform unauthorized actions, or gain access to sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2n"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735">
+      CVE-2017-3735
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736">
+      CVE-2017-3736
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737">
+      CVE-2017-3737
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738">
+      CVE-2017-3738
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-22T00:36:52Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-12-14T18:16:28Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201712-04.xml b/metadata/glsa/glsa-201712-04.xml
new file mode 100644
index 000000000000..ba252c674eb0
--- /dev/null
+++ b/metadata/glsa/glsa-201712-04.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201712-04">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2017-12-14</announced>
+  <revised>2017-12-14: 1</revised>
+  <bug>633430</bug>
+  <bug>635140</bug>
+  <bug>638734</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.57.0</unaffected>
+      <vulnerable range="lt">7.57.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition, disclose
+      sensitive information or other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.57.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000254">
+      CVE-2017-1000254
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000257">
+      CVE-2017-1000257
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8816">
+      CVE-2017-8816
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8817">
+      CVE-2017-8817
+    </uri>
+    <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8818">
+      CVE-2017-8818
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2017-11-29T04:20:30Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2017-12-14T18:43:49Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index ff3017bc94cc..edad6f7e0fe4 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 10 Dec 2017 08:09:30 +0000
+Fri, 15 Dec 2017 16:38:48 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 7505100ea6ad..632542b5e138 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-31cda2f2740c70cb2f5f8b622594f6884aec1c21 1511124610 2017-11-19T20:50:10+00:00
+30b0a682c74fee092dcec1e6356f4afc7fa14625 1513277071 2017-12-14T18:44:31+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2017-12-15 17:25:28 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2017-12-15 17:25:28 +0000
commit	6b933047f46efec1aa747570f945344254227457 (patch)
tree	a12a4b87b38f954c4de435272cf4b90d721df5e8 /metadata/glsa
parent	f45955e60d4da9b7f4a1088c98042f9c06669039 (diff)