summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2018-05-15 13:19:56 +0100
committerV3n3RiX <venerix@redcorelinux.org>2018-05-15 13:19:56 +0100
commitd302a5d7fc9caafba5c8a404f2891bb6ccdec311 (patch)
tree2a3ee43f080d1d0086964de8c29ccf1021fdfda7 /metadata/glsa
parentea31ad0ed5501d0bf92267c35beaf06ac016bad2 (diff)
gentoo resync : 15.05.2018
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin423609 -> 423767 bytes
-rw-r--r--metadata/glsa/glsa-201805-05.xml50
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
5 files changed, 67 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index c9eb25507932..70c0413061fd 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 423609 BLAKE2B cbd920553b52bd805c115c763e4d6e2ee3d453ad1d6dfc315556c7a37a40f6e92d25437ae0c4238712e49a25ff5de88a4a56f425e3de6b9710d55daa2faef491 SHA512 3ac6837ed015c4c2f983100055b2867a7affaa1fd0de409b6c572144638db29f44f2af6b02450bb12cf8d1d79d3f90f56519fcc92e5b499d612f1c4c59fb4481
-TIMESTAMP 2018-05-13T14:38:31Z
+MANIFEST Manifest.files.gz 423767 BLAKE2B b4b02eedb610a1c6d9e2d0e9f57f61c0c0ddafb48679b275cd19d127faac6f1d44d72cf4d204e2e99bbdadfb9d1e296ea33c63e12cff5af0207e2e6247914ff9 SHA512 ba2fcf04666f32bf8235a27f099dd883ab13109b872e9d00eac03e3e02b976470b0d5a6f1b3ce76acd9005d909e8b6e04ffdfefb9cce629ec213bbe88eb4d8b4
+TIMESTAMP 2018-05-15T11:38:31Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlr4TedfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlr6xrdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDikw//UqLB7+1+uhfixHN0WqM+UPb4R61rJWeOs72/zlkkMnEW+ZNzxTp0mbNx
-+a+Sn900vyQNnJQz9McuEl7+PiRUO5Io4vHQmgIkCOEIye/gOW57Bm/VLa0lda1q
-os2RJGQtoA//iAInFtT3JyA5gJxkp0vNgsGdJ5JXfKaoCArsL/7rJCjqS1DNvjvW
-Oyg5aYnwVv/PIonyzfZb3Je/QwicI4SAG6zHUaE4ae3kvkzT1ezw2kj+2Pdmi/Z6
-GThSMFXAxcAAf9oJGAvYMwBwpoDdr8MKENL3bE02aO2xn0Nm0LpsQRqCEBZ8bZtD
-iQ7KkuVfu3nAbEp3gbs/parMTwW/MSgn6l0taGbX8nqMnIP0MMlvQdewRImby1Wt
-4D58hHogGvLWd4vTfEJJvoW+Wkk0/AL0g8E3RB2FEdyrXPMMC75Lk/+LcZ8tFKV9
-XDp8F3gpf27vRjQQeuy9l49o8yBwR9wO6d5s0+hfw7ppXPbgWKx3V0dhMWlB/p8L
-Gs8m+Vsi70dJRb5jq39ZOXJkq1FuW/NHsFH30og49so9IuwwEpBbLcpO/x9gTSH7
-r89iS3uXbHIX303/wWNiOAAZd7S3Biw5bXxfIaRYhLooKpubNbHoV6Rw03bKivm3
-Q0g+MwUuWyxsnf/tqu8jxveeIMpXYAX8J39cwATsTKKmQb38wIE=
-=kr3z
+klDvxQ/+KdmjH8O+LKuoAlSAFfhT4sIYSytSf1a8hWEPEUhwiKqDY9SYOeSU3QJ4
+BKF+phOT/J8IkK/GDvnykkTkG14HS+brzg2IKvXRIsxyxjPyu+NFzyA5EE00dZ8N
+mPksBTXkoyH855LROJSkRtTCnuxLuLQ1wYiDXZQLckDyaRhUr0DLpnAIDKRXlrdb
+44lAjUgEwo3vpU5cLUaDdNAnMjwhPNuG3xz5itde1DseKN2fZgWUvKGvastM0/oB
+ms0amV4yQun9A3fhPi8GXtJgysecskM8DyWQ4eoHpUYSHkn3SseswQIRtoMek39Z
+WqQ9do6C7kiihCXVzykUnxna2Zu7t5hDRFbxAz9xYHD7F8qsNvtH3gXGWoJy83wO
+fRr6JF6lQ2sUT3I0CnnZ1dtravmK5Mto7neT2JGbKDghf9kW4ZCOTgHlTX6Cxuc2
+frEyNRoEVsqkMhyiWRTjPyNcRO8hJ40oPfhF/+QRXdBqTxaxW+AJbObl1fewSWMH
+Sb9A449OsTf+tz0r0BFo1YirlojObIqvs08ZFEvf+mYdDv/HA+rGyJpI/Zs9VT9M
+QSeDQ5inptMATbx6iqhrMX+7Wo+lggRb9OAeEryaACeirYUDC4Tyagkqo7/PTM0K
+nvFU5LFiA2E28QDIFU+prn/eewcM8Il8Z2yBWlNqInjrol02d2U=
+=wHHE
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 88517ac8974b..595bc6ad9a46 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-201805-05.xml b/metadata/glsa/glsa-201805-05.xml
new file mode 100644
index 000000000000..ef4b236a7e27
--- /dev/null
+++ b/metadata/glsa/glsa-201805-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-05">
+ <title>mpv: Remote code execution</title>
+ <synopsis>A vulnerability has been found in mpv that may allow a remote
+ attacker to execute arbitrary code.
+ </synopsis>
+ <product type="ebuild">mpv</product>
+ <announced>2018-05-14</announced>
+ <revised count="1">2018-05-14</revised>
+ <bug>646886</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="media-video/mpv" auto="yes" arch="*">
+ <unaffected range="ge">0.27.2</unaffected>
+ <vulnerable range="lt">0.27.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Video player based on MPlayer/mplayer2</p>
+ </background>
+ <description>
+ <p>A vulnerability was discovered in mpv with the handling of HTML
+ documents containing VIDEO elements. Additionally, mpv accepts arbitrary
+ URLs in a src attribute without a protocol whitelist in
+ player/lua/ytdl_hook.lua.
+ </p>
+ </description>
+ <impact type="high">
+ <p>A remote attacker, by enticing the user to visit a specially crafted web
+ site, could execute arbitrary code.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All mpv users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=media-video/mpv-0.27.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6360">CVE-2018-6360</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-05-07T16:02:12Z">jmbailey</metadata>
+ <metadata tag="submitter" timestamp="2018-05-14T23:21:56Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 0f8eba1a8fd7..f83209db3b2e 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 13 May 2018 14:38:28 +0000
+Tue, 15 May 2018 11:38:27 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 80519ec96966..2680641b2a8e 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-b65153089d9ef7671aaa737050c3a53cb35a1893 1525793297 2018-05-08T15:28:17+00:00
+40f254b177f3628d865f1e77c8fd7c94584de14e 1526340152 2018-05-14T23:22:32+00:00