gentoo resync : 24.03.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-03-24 17:22:19 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2019-03-24 17:22:19 +0000
commit: aa3411e241a201d53a2689766fe419f2756819f3 (patch)
tree: cc19adfde0a10aab1ab566c8dfe3c1616e5cc390 /metadata/glsa
parent: b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (diff)
8 files changed, 78 insertions, 43 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 549df1977bb3..58d40981b2b9 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 437590 BLAKE2B 89b5299a2ae5909a2f126e7d079e486a46a84b314ae3fd8e955c116ff1469671110300e3034ae816a3f8d7760ff951864b0f6a2ea8e63f69093f03e040aaa3f5 SHA512 af2b9c5421b1ff957533cc161bb0347cbaa2e3e90c9069b5b7e6141ce2a943b1cc971aacd34224e34915a04db19e7b1d06ff5519de5e8c67f4753e7fc7157bf3
-TIMESTAMP 2019-03-19T10:38:40Z
+MANIFEST Manifest.files.gz 437739 BLAKE2B 986d7885b63d9903e2be51f4980361e09cfab26a44bdf1fc19180e54bbfb08e35d9b07514fdafb5d9dd61741d963d11d09f566711ba740c442f3ec1b81389888 SHA512 8939cf4eb9710559d875f85824a818d334f3f8a2240773ee7803d34445cd3328191abe522703f58520261cf19228963b4ba55f01db6f454471b7f17577f5ec60
+TIMESTAMP 2019-03-24T16:38:41Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyQxrBfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlyXspFfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDrDg//YyE6JU2ZaXcEyszFO1/7+5m21MFqI0yNLvg6NpEYpKPXydaplPlZWePP
-KwpwB/UCravezXqOive8GyGbClBKOrXI2PzX7gn+PgyNW5BQQgVgg1JKev4FCcr1
-IwrdKhLI7hi9VnGspot1SSROQfYoCq/Y367bv6t87fZ+0FLq3+Q2wJvSo0tbAWCM
-CzxtPT6j9wZll3TFTLHqccw9cOCSJkgJ1U9lhTVfn47ACO4O3AmwZA08vANyJPGA
-WBw1k9mdh6OPBXf72NauBPeEFDB9L39HHYifdCRlBhw1e/Go3ptjBcsKjqG5ZJO7
-JcVz4jtLrFpHDRlKQjtxeUZstkUTmnk3hXtKnHH9pCNUnAWWa09gFpz6iRIomEEQ
-7f4CKWJI69WtZlfj0U3FdUkO7L2TXdikJWp/rLTyQDsM4JNrBEgUqr1DnReVhijW
-A93TJ+0GrFh9717ym8XNsIJPgQlS0p5kMY+41d3e2IE+GRTDz2IOWHfnqmmOaS+/
-7pz9Gs1yjim+GnWgCPPVp3zVE/lUTq4n2w6TQZg6q6Q5AI+8z4OKwu8S5QbgsgVH
-56Jh1U7gh7y1z/3TtiFJ4fsi6LX91KtsYc8D7+J1Kq9lHkXUMRLaqnDd5zPgGG8I
-4QZ2SeDBsAb2Zu96B4fqWf8PkO9Vw97rWhWRJxux9jXzeeFpH4k=
-=Xxnn
+klDyChAAj2n+osEdeqnHSWALpY+HRZE7y8grtbeEEAjoxWr08nhm2ivaP2vPGT+W
+FseMTbEHgdgkoHlrduWXs/vnqgh5JyLWqAjeS10vzz6tZBdei28rxFLNjbgTxYH5
+ePbwe5CJAdJ/s9mOTDpq4N0wvjgG1Ncj6SICeqMhiOhHskvwKw5TfsmfratOeXiJ
+ICyDUa+Q7INdPD0LCmpGTbDXBBymX5lBoVuVhF9mW74FR6DSoWK/YNcsPe7r8ikX
+5vZTXpL5fXM8TWfV0n1rf1H5bPZjcT7sr+F67ezfs/sK6hcOGAux0TDoZd9i8/Wr
+cLWwCeduJhlI97qCvRfN69iizlx6BHmznVMo0g81pERSOgLATwrCg6pRNBplU3ka
+b0kZGQW8zNYoZi57o6bntxQL961GzGlzlNQybQErsBBV9F6NYSJkP3dNwJDdWLJt
+y9WkU9TrFTacTlLaP+BWqZyK3WH8sPh0w4vkqqICRXcPR1kVAfLiKW2V+D29Xl9d
+QF1aVVZTvkm387VqtmLbiCc6/P9fWbwQb5/Wg2VcMaSNQlsLTktFgmaUZ84iJ468
+qs+RDaLtjRlPMTn0Twg4pAg8JZSXmDkI24d9ohiEH8/ygE3L0HQIOGcktAil7jjN
+zI4i0wC4fvODybnbE3fLjY1RER6Smze2kUDoTQ3yIW167r87P24=
+=cpdK
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 01756e23b684..d33514664e8f 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201401-04.xml b/metadata/glsa/glsa-201401-04.xml
index 8783065d40fa..8455a8b2cd1c 100644
--- a/metadata/glsa/glsa-201401-04.xml
+++ b/metadata/glsa/glsa-201401-04.xml
@@ -17,23 +17,10 @@
   <access>remote</access>
   <affected>
     <package name="dev-lang/python" auto="yes" arch="*">
-      <unaffected range="rge">3.2.5-r1</unaffected>
-      <unaffected range="rge">2.6.8</unaffected>
-      <unaffected range="rge">2.7.3-r1</unaffected>
+      <unaffected range="ge">3.2.5-r1</unaffected>
+      <unaffected range="ge">2.6.8</unaffected>
+      <unaffected range="ge">2.7.3-r1</unaffected>
       <unaffected range="ge">3.3.2-r1</unaffected>
-      <unaffected range="rge">2.6.9</unaffected>
-      <unaffected range="rge">2.7.4</unaffected>
-      <unaffected range="rge">2.7.5</unaffected>
-      <unaffected range="rge">2.7.6</unaffected>
-      <unaffected range="rge">2.7.7</unaffected>
-      <unaffected range="rge">2.7.8</unaffected>
-      <unaffected range="rge">2.7.9</unaffected>
-      <unaffected range="rge">2.7.10</unaffected>
-      <unaffected range="rge">2.7.11</unaffected>
-      <unaffected range="rge">2.7.12</unaffected>
-      <unaffected range="rge">2.7.13</unaffected>
-      <unaffected range="rge">2.7.14</unaffected>
-      <unaffected range="rge">2.7.15</unaffected>
       <vulnerable range="lt">3.3.2-r1</vulnerable>
     </package>
   </affected>
diff --git a/metadata/glsa/glsa-201503-10.xml b/metadata/glsa/glsa-201503-10.xml
index b1968049e389..52c86ad82e0e 100644
--- a/metadata/glsa/glsa-201503-10.xml
+++ b/metadata/glsa/glsa-201503-10.xml
@@ -19,13 +19,7 @@
   <affected>
     <package name="dev-lang/python" auto="yes" arch="*">
       <unaffected range="ge">3.3.5-r1</unaffected>
-      <unaffected range="rge">2.7.9-r1</unaffected>
-      <unaffected range="rge">2.7.10</unaffected>
-      <unaffected range="rge">2.7.11</unaffected>
-      <unaffected range="rge">2.7.12</unaffected>
-      <unaffected range="rge">2.7.13</unaffected>
-      <unaffected range="rge">2.7.14</unaffected>
-      <unaffected range="rge">2.7.15</unaffected>
+      <unaffected range="ge">2.7.9-r1</unaffected>
       <vulnerable range="lt">3.3.5-r1</vulnerable>
     </package>
   </affected>
diff --git a/metadata/glsa/glsa-201811-02.xml b/metadata/glsa/glsa-201811-02.xml
index 6ba1bc458393..ce9a6b6e7109 100644
--- a/metadata/glsa/glsa-201811-02.xml
+++ b/metadata/glsa/glsa-201811-02.xml
@@ -12,8 +12,8 @@
   <access>remote</access>
   <affected>
     <package name="dev-lang/python" auto="yes" arch="*">
-      <unaffected range="ge">2.7.15</unaffected>
-      <vulnerable range="lt">2.7.15</vulnerable>
+      <unaffected range="ge" slot="2.7">2.7.15</unaffected>
+      <vulnerable range="lt" slot="2.7">2.7.15</vulnerable>
     </package>
   </affected>
   <background>
@@ -39,7 +39,7 @@
     
     <code>
       # emerge --sync
-      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.15"
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.15:2.7"
     </code>
     
   </resolution>
diff --git a/metadata/glsa/glsa-201903-16.xml b/metadata/glsa/glsa-201903-16.xml
new file mode 100644
index 000000000000..7e9889dc2827
--- /dev/null
+++ b/metadata/glsa/glsa-201903-16.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201903-16">
+  <title>OpenSSH: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of
+    which could allow a remote attacker to gain unauthorized access.
+  </synopsis>
+  <product type="ebuild">openssh</product>
+  <announced>2019-03-20</announced>
+  <revised count="1">2019-03-20</revised>
+  <bug>675520</bug>
+  <bug>675522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/openssh" auto="yes" arch="*">
+      <unaffected range="ge">7.9_p1-r4</unaffected>
+      <vulnerable range="lt">7.9_p1-r4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSH is a complete SSH protocol implementation that includes SFTP
+      client and server support.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could overwrite arbitrary files, transfer malicious
+      files, or gain unauthorized access.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSH users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/openssh-7.9_p1-r4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20685">CVE-2018-20685</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6109">CVE-2019-6109</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6110">CVE-2019-6110</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6111">CVE-2019-6111</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-03-10T21:55:11Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2019-03-20T13:35:05Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index e93b41aac52e..0d6da7d59058 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 19 Mar 2019 10:38:37 +0000
+Sun, 24 Mar 2019 16:38:38 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 98bcf26d91f9..32ede4730464 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-0a72c299702ffceee8f32f22b9d7b2c33e5140a0 1552965642 2019-03-19T03:20:42+00:00
+739370ce577c724f8ff13c4c2ea63220b9561f7c 1553128397 2019-03-21T00:33:17+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2019-03-24 17:22:19 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2019-03-24 17:22:19 +0000
commit	aa3411e241a201d53a2689766fe419f2756819f3 (patch)
tree	cc19adfde0a10aab1ab566c8dfe3c1616e5cc390 /metadata/glsa
parent	b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a (diff)