diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-05-15 13:19:56 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-05-15 13:19:56 +0100 |
commit | d302a5d7fc9caafba5c8a404f2891bb6ccdec311 (patch) | |
tree | 2a3ee43f080d1d0086964de8c29ccf1021fdfda7 /metadata/glsa | |
parent | ea31ad0ed5501d0bf92267c35beaf06ac016bad2 (diff) |
gentoo resync : 15.05.2018
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 423609 -> 423767 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-201805-05.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 67 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index c9eb25507932..70c0413061fd 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 423609 BLAKE2B cbd920553b52bd805c115c763e4d6e2ee3d453ad1d6dfc315556c7a37a40f6e92d25437ae0c4238712e49a25ff5de88a4a56f425e3de6b9710d55daa2faef491 SHA512 3ac6837ed015c4c2f983100055b2867a7affaa1fd0de409b6c572144638db29f44f2af6b02450bb12cf8d1d79d3f90f56519fcc92e5b499d612f1c4c59fb4481 -TIMESTAMP 2018-05-13T14:38:31Z +MANIFEST Manifest.files.gz 423767 BLAKE2B b4b02eedb610a1c6d9e2d0e9f57f61c0c0ddafb48679b275cd19d127faac6f1d44d72cf4d204e2e99bbdadfb9d1e296ea33c63e12cff5af0207e2e6247914ff9 SHA512 ba2fcf04666f32bf8235a27f099dd883ab13109b872e9d00eac03e3e02b976470b0d5a6f1b3ce76acd9005d909e8b6e04ffdfefb9cce629ec213bbe88eb4d8b4 +TIMESTAMP 2018-05-15T11:38:31Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlr4TedfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlr6xrdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDikw//UqLB7+1+uhfixHN0WqM+UPb4R61rJWeOs72/zlkkMnEW+ZNzxTp0mbNx -+a+Sn900vyQNnJQz9McuEl7+PiRUO5Io4vHQmgIkCOEIye/gOW57Bm/VLa0lda1q -os2RJGQtoA//iAInFtT3JyA5gJxkp0vNgsGdJ5JXfKaoCArsL/7rJCjqS1DNvjvW -Oyg5aYnwVv/PIonyzfZb3Je/QwicI4SAG6zHUaE4ae3kvkzT1ezw2kj+2Pdmi/Z6 -GThSMFXAxcAAf9oJGAvYMwBwpoDdr8MKENL3bE02aO2xn0Nm0LpsQRqCEBZ8bZtD -iQ7KkuVfu3nAbEp3gbs/parMTwW/MSgn6l0taGbX8nqMnIP0MMlvQdewRImby1Wt -4D58hHogGvLWd4vTfEJJvoW+Wkk0/AL0g8E3RB2FEdyrXPMMC75Lk/+LcZ8tFKV9 -XDp8F3gpf27vRjQQeuy9l49o8yBwR9wO6d5s0+hfw7ppXPbgWKx3V0dhMWlB/p8L -Gs8m+Vsi70dJRb5jq39ZOXJkq1FuW/NHsFH30og49so9IuwwEpBbLcpO/x9gTSH7 -r89iS3uXbHIX303/wWNiOAAZd7S3Biw5bXxfIaRYhLooKpubNbHoV6Rw03bKivm3 -Q0g+MwUuWyxsnf/tqu8jxveeIMpXYAX8J39cwATsTKKmQb38wIE= -=kr3z +klDvxQ/+KdmjH8O+LKuoAlSAFfhT4sIYSytSf1a8hWEPEUhwiKqDY9SYOeSU3QJ4 +BKF+phOT/J8IkK/GDvnykkTkG14HS+brzg2IKvXRIsxyxjPyu+NFzyA5EE00dZ8N +mPksBTXkoyH855LROJSkRtTCnuxLuLQ1wYiDXZQLckDyaRhUr0DLpnAIDKRXlrdb +44lAjUgEwo3vpU5cLUaDdNAnMjwhPNuG3xz5itde1DseKN2fZgWUvKGvastM0/oB +ms0amV4yQun9A3fhPi8GXtJgysecskM8DyWQ4eoHpUYSHkn3SseswQIRtoMek39Z +WqQ9do6C7kiihCXVzykUnxna2Zu7t5hDRFbxAz9xYHD7F8qsNvtH3gXGWoJy83wO +fRr6JF6lQ2sUT3I0CnnZ1dtravmK5Mto7neT2JGbKDghf9kW4ZCOTgHlTX6Cxuc2 +frEyNRoEVsqkMhyiWRTjPyNcRO8hJ40oPfhF/+QRXdBqTxaxW+AJbObl1fewSWMH +Sb9A449OsTf+tz0r0BFo1YirlojObIqvs08ZFEvf+mYdDv/HA+rGyJpI/Zs9VT9M +QSeDQ5inptMATbx6iqhrMX+7Wo+lggRb9OAeEryaACeirYUDC4Tyagkqo7/PTM0K +nvFU5LFiA2E28QDIFU+prn/eewcM8Il8Z2yBWlNqInjrol02d2U= +=wHHE -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 88517ac8974b..595bc6ad9a46 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201805-05.xml b/metadata/glsa/glsa-201805-05.xml new file mode 100644 index 000000000000..ef4b236a7e27 --- /dev/null +++ b/metadata/glsa/glsa-201805-05.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201805-05"> + <title>mpv: Remote code execution</title> + <synopsis>A vulnerability has been found in mpv that may allow a remote + attacker to execute arbitrary code. + </synopsis> + <product type="ebuild">mpv</product> + <announced>2018-05-14</announced> + <revised count="1">2018-05-14</revised> + <bug>646886</bug> + <access>local, remote</access> + <affected> + <package name="media-video/mpv" auto="yes" arch="*"> + <unaffected range="ge">0.27.2</unaffected> + <vulnerable range="lt">0.27.2</vulnerable> + </package> + </affected> + <background> + <p>Video player based on MPlayer/mplayer2</p> + </background> + <description> + <p>A vulnerability was discovered in mpv with the handling of HTML + documents containing VIDEO elements. Additionally, mpv accepts arbitrary + URLs in a src attribute without a protocol whitelist in + player/lua/ytdl_hook.lua. + </p> + </description> + <impact type="high"> + <p>A remote attacker, by enticing the user to visit a specially crafted web + site, could execute arbitrary code. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All mpv users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/mpv-0.27.2" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6360">CVE-2018-6360</uri> + </references> + <metadata tag="requester" timestamp="2018-05-07T16:02:12Z">jmbailey</metadata> + <metadata tag="submitter" timestamp="2018-05-14T23:21:56Z">jmbailey</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 0f8eba1a8fd7..f83209db3b2e 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 13 May 2018 14:38:28 +0000 +Tue, 15 May 2018 11:38:27 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 80519ec96966..2680641b2a8e 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -b65153089d9ef7671aaa737050c3a53cb35a1893 1525793297 2018-05-08T15:28:17+00:00 +40f254b177f3628d865f1e77c8fd7c94584de14e 1526340152 2018-05-14T23:22:32+00:00 |