summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2024-01-10 13:02:42 +0000
committerV3n3RiX <venerix@koprulu.sector>2024-01-10 13:02:42 +0000
commit8c8f1cfd2aa9e839aad7dad6fd43b370cfbc0a1e (patch)
treef7b0f94c13a0454ed75b614028f1455e894f28d2 /metadata/glsa
parent47f05d092ef8c19b3e973f62648e58c0e1a18631 (diff)
gentoo auto-resync : 10:01:2024 - 13:02:42
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin560112 -> 560271 bytes
-rw-r--r--metadata/glsa/glsa-202401-13.xml43
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
5 files changed, 60 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index a23ab1337c83..d8c046997c8e 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 560112 BLAKE2B 62dc2af41770d5f472a21d19df2e416ad9cbe69646a24bf9063fe3c7d7b36b835148ffdf730b030db456007d5c45044793f359e00e2a253deb71569680665419 SHA512 706f92b2205286e8d0fb7e749fe17d4549d6de84ffe61cf0dffaa61b0add9252e50b48bb8087005681251c1d71bdd6ced3ceb19b36ffd7e75d1709bc3aa98712
-TIMESTAMP 2024-01-10T06:10:30Z
+MANIFEST Manifest.files.gz 560271 BLAKE2B 788d7d800c0cda76fd36e704c653a017e0745e9bb01350ea23c15bfb7c7d2ccbf2d1642309260d1234728ebba3fcb12dfa56f5a746e590036bf3b2bd162d2304 SHA512 1057c5d7357b4f952f1ae20e59f01992d95bfb67a14a419a2349e88e3ccccc40879bdf67c69b0a2d1c192af1a44dda8b074b2513672a6a571abaf442b2b628bc
+TIMESTAMP 2024-01-10T12:40:25Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWeNNZfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWekDlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAQkw/+KdpJ5gGRgm0oihKIPya0kCuJDmtQmUnScZuRSwj7B9V04Jd4SOHyjpDq
-1BnJdqYK1sGHGdpyHRvFQv2Dp9fsZh4EYgM0moOAhDwkJHoRwZR8RTgzN5xgGJRB
-YSGzqs8vJ6AeSXNfQjY4Bhw0LdadDyACplmL/6tVgGZ/0P9E5opBgni2GOvFiSAZ
-6VSlJId/zhJHLffkZPnegSSn38RwCdcNlciPZC/cZw4Q5KS/XcZ+4UJP+WkNwaGK
-JmArXSbJAoe44suOXoqcAwZHi+NxGBlAGJ0XrzlnLXNBG4jNm/xpBJg/KVnAkCxC
-N3h+/koxsaEdMnBKyKXVq4EFWC15pVJyoTa0c7hbfQY1VxmXbtMXWDxVV4hx6VEx
-RRopxLSkJhsijKUNsOm/FwsshLb07xK/uFEq8hFJcWcnuPd2D3X18Azt6ceVN9Ry
-4CcYiVtjbb6mNVEBhoje1ILlO+yP2DdMvlFuozJ6qerQ2TqKUqMyoNvJ2zwhvSxi
-p8N4xji5FnBAxm2+OOTFwO2de/3/4ieHC4sauTTjMToaJDSzADklZ6tVjqgPnkx1
-a1f2Lt3qqg8CsqZUV/DALhER8vuSipyM9Z1BJ6G3dw6CF24AjFYcwBQlFpZUiDjn
-EKtj0yeafAGBuiDxi53ahlruGTO08j3Jevd0byA0I0pHQ7J4QPk=
-=Hi6+
+klBVAw//e/Rs5M0ailcOhkuMewVQzT1zzs6R3dsnf7x3tp4xUMtGLisQV+Y65mwc
+rYUvSuepjxxtYvUEtFBQowJkHATukuS8vBlmEgBtcUZL0zTVmBuV6VBbZUyeQMlP
+DtoHU+Y2b3A8umvvY/OKIgFU1EvKoe/XTtWfnuyb0/inN4sry9e+WaCEIhfadzgj
+RmiXUSLE0nEjYn6veBRkv2z1fzIiz0m9hL6QHIyzU+dNCLxYVIvZmjdgnPHSJcvc
++HH2ln+MiOLhdq0iNX6/yEEp8C+YKKG7DXbveLFcnHNio7FwiR0J3LV14xYsGTKd
+0d4SFKMIgAiEyJk1PNKCS3lSlWdm6kLnHpnDJIsMrIaEX/bRtQt1F4DuPyEFwb8p
+AFWavGQ50HHjvcA07Eul97chDP6Gma1OUMZ8vB0WAJMoUHYqoxnaPO+h8Li9vcPq
+327zxYYNqDfgZn7g1JrF70x3cJDVlHNS4RcUk5O3FcTRgit2qc7Vc2uDrfdjfoB9
+fwMqOM+LqudQAUFAZ/TEzFH8O9siY/Mm0dI+v/hfMOas/e2XfyQL61noZcZlD9LK
+YJNcZXyyFgFaAQXMhWPbEYhVg9+5xcBlyzsu1PLVVh07Wkm6wjHUaYP93d2+SlMH
+reEHuSVV2GxoAf8w/VLiZ5Cwd87ikUeEzP13im09v2Y56IF7Ctk=
+=MgZs
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index f70ab963dbcd..eb8249987c2f 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202401-13.xml b/metadata/glsa/glsa-202401-13.xml
new file mode 100644
index 000000000000..8b6fbe173b2d
--- /dev/null
+++ b/metadata/glsa/glsa-202401-13.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-13">
+ <title>FAAD2: Multiple Vulnerabilities</title>
+ <synopsis>Multiple denial of service vulnerabilities have been found in FAAD2.</synopsis>
+ <product type="ebuild">faad2</product>
+ <announced>2024-01-10</announced>
+ <revised count="1">2024-01-10</revised>
+ <bug>918558</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/faad2" auto="yes" arch="*">
+ <unaffected range="ge">2.11.0</unaffected>
+ <vulnerable range="lt">2.11.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in FAAD2. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All FAAD2 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/faad2-2.11.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38857">CVE-2023-38857</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38858">CVE-2023-38858</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-01-10T11:43:50.951508Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2024-01-10T11:43:50.953718Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 31aef4586268..cd7f01691387 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 10 Jan 2024 06:10:24 +0000
+Wed, 10 Jan 2024 12:40:21 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index a60608a945db..d342da0701b5 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-17e2b155a748af5cd1276229d389b4641fec18c7 1704623514 2024-01-07T10:31:54+00:00
+a1eecf982df504f02f8b23c7cace982c168ea64b 1704887079 2024-01-10T11:44:39+00:00