gentoo auto-resync : 27:12:2023 - 13:40:07

author: V3n3RiX <venerix@koprulu.sector> 2023-12-27 13:40:07 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2023-12-27 13:40:07 +0000
commit: 99995c94c01b6d74165c7ee31be36275846b14b8 (patch)
tree: 1b23a90dd05f58a1075ae00f3b70fff3b20df02a /metadata/glsa
parent: d4ce53f1e327bfbbc32e193e0f495b0e826c61e5 (diff)
5 files changed, 74 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index ee87736e8028..d3a8a67bfb85 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 557720 BLAKE2B 1bc79beb7b22c2ce6b80e7677302891c872d6ac116096c06d9dbba6d7683aec51bbbcefe97cf8126dd25818fe0c936a6b25df9e1c8c1be9da6a5c9580fff46e2 SHA512 273602eb349fcbbef4c2202ec5c33b66d702f53716aad3f0abfbf14db5c7ba667dd6fefa620e348109b82427555dd8d45ab0b261320d92f551c7162d8f78de5f
-TIMESTAMP 2023-12-27T07:10:14Z
+MANIFEST Manifest.files.gz 557878 BLAKE2B d964d8dd39b9fddad347a3b0cce79b253f7c2efa5bf3bc93d19cabebf20d9a14bbbd36a5dfe2d5a69513d31fe61b4de397efeeffd9671d7eba9130b43271340d SHA512 71a312c8dd53040a02e820c56b23592dcf5a12481c051f6b1474b8597a5f01f85157f33a02bcd3982905a0457bbb5d59d3e4aca4a654b4214145ffe3cefb1883
+TIMESTAMP 2023-12-27T13:10:22Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWLzdZfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWMIj9fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAVOQ/9HdCe4+OaSgfO5mTA1Oq00W+jWdBrliKA69wqbXPefcN+BOmTZtuuc/fq
-k8hGkeVuxyf3r+tynbHxFkqCwT8ZJxC9BxXkRsHLsFSO6vJg1Cc5qHZvh5oB/WYQ
-hDeXcpbdvMeT1E99UGi7xfs3bjECRMh2+fWfH6Y1v8IN9KnAt7jJi4vtSiDen7H+
-7ZtStl3FognOBKcsaCbnYVBSdoo2SYZf72dCormh7TlEHMDhssC90sBmI41YwgIU
-grOx6a/q5QE7B9nG6S6PG5F6rq54bLMmz0/7z0yCiUbo7uVeKsu/jg1do5zipUUX
-gxjXRVQmYSaHEB5Rh0lG3EZiY87fBrA0X8JMVfE100yZ7hbj4uTtHtN//cFcCoCF
-enJ1Zk2gSy8kNbs4QS+DeL4M8EKHzBgena+aw7zmoi8QU6VZOtKrxFD5oeU+wrzb
-lJAVnofjipos9KkTOAuk2PB2fnxamxbAwXWni/O+qRKGp/WM9xG+Io3LGfTeAy9V
-GKtHSTSzumqJM0eFocJZtMSCSeg2jSdpBDQJQ9ZaLRCJwEUsdH621C7ifq5BoKLb
-Jzo/EwXnRgRhklbj/a6SD63Y4QsHSI8Gw0CfNQtB/dF71gUSf48rEIXH0CBO4rVV
-6/MNJEWxqTGTBCS29hulVXCsX+hgMRoeH6ujpBIl0mDuLdTHONs=
-=oR/1
+klABMhAAtJFpoYKTk2qqFPFOuznPXXudMk0YhQeB1xWydiwVE2LOWOVqv2sQpKnP
+zuKeQSd5tR//15yZxkphyzlskVTus7LlM8xkhxyx0IP7RJzmjmauVEecv3buFTeA
+47RqO8EhV4wd2bCPrOFSqy/N2dOq7Vt+r7DYX/GMZ/ocru93TroxSQFu+v/Ga/W4
+J+bC1zmHumFuvW71y+ULRY3JHbxW0oQ525gdvvmoQyNh+b9la7iyTfnggQ9e/F0a
+MhZ4gC0nMTfZ41ZurLvwgi41aBQxpRMiYVDx0CBSeaukh8QfUpTKLbOY8W6lbYUF
+Qh9pmPxznMgt4oRzipArPcp1MQR5rZOmS8gfXN8FZ2gPnMmsDwNkLMZ/zLnEhoZ5
+D9dmrkcVVq9nzbUCY1iCRhsVzp0nM3iQAVz2a76ej84zoIAKGhjUYKQhWvnXqiaM
++JHEp08c8IOzdFcvoVJdw2n3AkO9qS8S6fmUUJH+8/TvQqG4Y9flvxQlWBkUgmIY
+GNKb8yCfkWZ7Sv0FLFoRoAreGBLKv3E4zX5ybqybYFWSiEl05Ih06HUngTXo5Hn4
+F7D2p7yXTeKoKoJVdhy/Z2kyi4rUpaPlGRhy662zGnMV3fH2NmVDzr+Gtu4Paci8
+KR6jxNOBD8QUv9T1N26u+moSEz7JbTlizuqVtXHuDQEAzJ7HZ5w=
+=AYCc
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 0bbb2a52458b..0f851a245f9c 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202312-15.xml b/metadata/glsa/glsa-202312-15.xml
new file mode 100644
index 000000000000..0dea68901688
--- /dev/null
+++ b/metadata/glsa/glsa-202312-15.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202312-15">
+    <title>Git: Multiple Vulnerabilities</title>
+    <synopsis>Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">git</product>
+    <announced>2023-12-27</announced>
+    <revised count="1">2023-12-27</revised>
+    <bug>838127</bug>
+    <bug>857831</bug>
+    <bug>877565</bug>
+    <bug>891221</bug>
+    <bug>894472</bug>
+    <bug>905088</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-vcs/git" auto="yes" arch="*">
+            <unaffected range="ge">2.39.3</unaffected>
+            <vulnerable range="lt">2.39.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Git users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23521">CVE-2022-23521</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24765">CVE-2022-24765</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29187">CVE-2022-29187</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39253">CVE-2022-39253</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39260">CVE-2022-39260</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41903">CVE-2022-41903</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22490">CVE-2023-22490</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23946">CVE-2023-23946</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25652">CVE-2023-25652</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25815">CVE-2023-25815</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29007">CVE-2023-29007</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-12-27T07:49:08.497466Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2023-12-27T07:49:08.502279Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index ee3887eabc9e..afdb681d3380 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 27 Dec 2023 07:10:10 +0000
+Wed, 27 Dec 2023 13:10:19 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index f144ab9f3de3..96c0e8af95f4 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-054115a94fa38350f4468052ec239cbacb5b8e26 1703329649 2023-12-23T11:07:29+00:00
+2c2ec5453e20060d4ec1717825d2874f0e663f91 1703663382 2023-12-27T07:49:42+00:00
author	V3n3RiX <venerix@koprulu.sector>	2023-12-27 13:40:07 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2023-12-27 13:40:07 +0000
commit	99995c94c01b6d74165c7ee31be36275846b14b8 (patch)
tree	1b23a90dd05f58a1075ae00f3b70fff3b20df02a /metadata/glsa
parent	d4ce53f1e327bfbbc32e193e0f495b0e826c61e5 (diff)