diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-08-10 11:05:14 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-08-10 11:05:14 +0100 |
| commit | fbbf0ee3d56a6fd27adf182c6907dc745623aeaa (patch) | |
| tree | 2c2869a78e5e3b6af9391df951ca217cced4608d /metadata/glsa | |
| parent | 43297a4ed0a3760bbdd0b8c286b779f174ca5368 (diff) | |
gentoo auto-resync : 10:08:2024 - 11:05:14
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 582822 -> 583779 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202408-18.xml | 53 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-19.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-20.xml | 88 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-21.xml | 258 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-22.xml | 46 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202408-23.xml | 43 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
10 files changed, 554 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 390884785f5f..c76376065bf7 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 582822 BLAKE2B 2e215e78e91b03c6a82d6bae59ed2750140f8842ad2347b812be73ba419d31f4a5d9b891fcd31445d51e011ab772ee9cf2dfcf90311fd44cd2220996caad5f29 SHA512 7a750d18ed6d4818ef40b1a94a30f8d11977898c23c44dca8860a0490495a1119f8558d638d93eebac65906c6ef7da9930c4aedfcc148e1f0b8bb1bfe0215e5c -TIMESTAMP 2024-08-09T09:40:07Z +MANIFEST Manifest.files.gz 583779 BLAKE2B f7a6642a36d557b2ff11656e5d2df283be9790dee856fde3df71020545fb0e5bd5078e1c9169112fd27921648ac36346a690f931e6e7698a5f277d90e867dfd7 SHA512 fc75832387cf7e22e9e60c39e8464789c05365093061abbd15f7b7abac14946af8cd70ec339f006eff65dd7ce57af26a9bcd3603bc95aa59e3dc113630acf2fb +TIMESTAMP 2024-08-10T09:40:26Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAma14/dfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAma3NYpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCgRA/+I4F+V2nianju2invuXGbmRVrnIBqaz2yvL4IYj5G82FiP65VcVZUuEum -t+BxWlQ9bp3CUHsb2qbjeXXlNvsPm+DOBMF7ORY/9HUjYT3s6jfQBjjYT6gSoUXu -o8OJ+ou616JlcyIJXmEobzfynogOY61q9g1+wWzIAnXF6ahSpsb62uE0jJK6B9Yd -E/l9e57oKtgg0bExEmJU7VCo3whF4SZLWPX39I5oNVyD3sp2X41fr+uFyjGyM6Tw -gYGy4Zb6F0/fJwIIhDDT79exMwl045knI81wJhGuU6eXNarBR/1YW034JgG7Ewbl -6UWPpxjPqgtgvOgwpNn+tNHzuB8sEtgvdfjgv+5yteQA2yJeqIDEFk5FfIT4RlVM -BedvmZBjjSY4flRg0uAWaJbRW3xh9GlT3hnJOb187nltQMyhabC1fmXdOcg4v2O1 -ZiJqXV0wJY5l52+ro5LLnqRrBi8gH2bx1k/OLD1MXaASJhhlxH1ez/hHs4AF+H0a -nWWH9wlRnggDvmI53AMsrtrvfoeUsACOZt/Eqn4SmcqyO5tkSi/120voyCC35htk -Kqu0robowin/bQai0HdNBFsZaZOvUWxvTGWYmt5J5kDjs5exoQaX1OanPlPprDB6 -QD88h3JCBvZZrTkJu5M/8dUo3YqY0Dejdy9ttykfYJU5HhufHbs= -=hUHI +klAtVw//T+btknyxKYOJH3QYReT9fkPb4TyG7tzX+pQmiziY8wtoQA6xhuL9ja8o +6bFAtYrQqz/UJRaj6075gPtWZYfJ4/BKaKcBdhL26OoRsRAwMpVd6ymgN9Qrvgfd +6enqg1xSoQgpanGx2mDNSa2jUSFyqG5ybJ0QTH7/QvLgI6zTuMiaQfchP01ZOpj/ +Hdi/bxbjTQpPeEZSBmEMpws7PFUkPFoNQ8Q39x8SkeojMPmmUMN4IqoAI7qidHGV +B9rTwuLYCXgdBGqDJ27tKZ9nP7VUPlrAYeiu0PFBv9yBL4yGwDuWOoYy8nek68oV +7nHJ0evbElA8c76/aXPBYuBOGLCYITRY90AFcSCFQqC8Cy08VTElCsa7wVnvuJ9w +0IoMTe7ALcyuMzsJ98h2GeG+CwVQ/FXIpkslh1/7kUxpL4opRXF05BV/BqDwbTtd +SwLvyS4jvvgKbazB6LQRUB4nOcT+eQvqH3AN0nl93a3d40Y75mQ0sPKyutpSz9JH +/GHZjQH1wKuDT1zqswxRQKGOZOVJWOxWBjEyiZ3wIxM4X2kHCMPpQk88m/1Bs8Bs +wI36fOD6DekwXLStBasn2J31lSt7Fj6UwjpIvautvB181q+y8MilwjmmAtrTG6/t +B7FbVawKOHsH/5UmJDYFlhLoWWFYjVQdXOgUqgr/ntg33+YMew8= +=NBcp -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex f6521964d678..bc4e9955b329 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202408-18.xml b/metadata/glsa/glsa-202408-18.xml new file mode 100644 index 000000000000..5de6c546b4b1 --- /dev/null +++ b/metadata/glsa/glsa-202408-18.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-18"> + <title>QEMU: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in QEMU, the worst of which could lead to a denial of service.</synopsis> + <product type="ebuild">qemu</product> + <announced>2024-08-09</announced> + <revised count="1">2024-08-09</revised> + <bug>857657</bug> + <bug>865121</bug> + <bug>883693</bug> + <bug>909542</bug> + <access>local</access> + <affected> + <package name="app-emulation/qemu" auto="yes" arch="*"> + <unaffected range="ge">8.0.0</unaffected> + <vulnerable range="lt">8.0.0</vulnerable> + </package> + </affected> + <background> + <p>QEMU is a generic and open source machine emulator and virtualizer.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All QEMU users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-8.0.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14394">CVE-2020-14394</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0216">CVE-2022-0216</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1050">CVE-2022-1050</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2962">CVE-2022-2962</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4144">CVE-2022-4144</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4172">CVE-2022-4172</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35414">CVE-2022-35414</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1544">CVE-2023-1544</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2861">CVE-2023-2861</uri> + </references> + <metadata tag="requester" timestamp="2024-08-09T09:49:28.328653Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-09T09:49:28.332697Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-19.xml b/metadata/glsa/glsa-202408-19.xml new file mode 100644 index 000000000000..423557b67ab8 --- /dev/null +++ b/metadata/glsa/glsa-202408-19.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-19"> + <title>ncurses: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in ncurses, the worst of which could lead to a denial of service.</synopsis> + <product type="ebuild">ncurses,ncurses-compat</product> + <announced>2024-08-09</announced> + <revised count="1">2024-08-09</revised> + <bug>839351</bug> + <bug>904247</bug> + <access>remote</access> + <affected> + <package name="sys-libs/ncurses" auto="yes" arch="*"> + <unaffected range="ge">6.4_p20230408</unaffected> + <vulnerable range="lt">6.4_p20230408</vulnerable> + </package> + <package name="sys-libs/ncurses-compat" auto="yes" arch="*"> + <unaffected range="ge">6.4_p20240330</unaffected> + <vulnerable range="lt">6.4_p20240330</vulnerable> + </package> + </affected> + <background> + <p>Free software emulation of curses in System V.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All ncurses users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-6.4_p20230408" + # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-compat-6.4_p20240330" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29458">CVE-2022-29458</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29491">CVE-2023-29491</uri> + </references> + <metadata tag="requester" timestamp="2024-08-09T11:05:25.778609Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-09T11:05:25.782155Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-20.xml b/metadata/glsa/glsa-202408-20.xml new file mode 100644 index 000000000000..3d9048c60c76 --- /dev/null +++ b/metadata/glsa/glsa-202408-20.xml @@ -0,0 +1,88 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-20"> + <title>libde265: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution.</synopsis> + <product type="ebuild">libde265</product> + <announced>2024-08-10</announced> + <revised count="1">2024-08-10</revised> + <bug>813486</bug> + <bug>889876</bug> + <access>local</access> + <affected> + <package name="media-libs/libde265" auto="yes" arch="*"> + <unaffected range="ge">1.0.11</unaffected> + <vulnerable range="lt">1.0.11</vulnerable> + </package> + </affected> + <background> + <p>Open h.265 video codec implementation.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in libde265. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All libde265 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libde265-1.0.11" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21594">CVE-2020-21594</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21595">CVE-2020-21595</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21596">CVE-2020-21596</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21597">CVE-2020-21597</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21598">CVE-2020-21598</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21599">CVE-2020-21599</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21600">CVE-2020-21600</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21601">CVE-2020-21601</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21602">CVE-2020-21602</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21603">CVE-2020-21603</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21604">CVE-2020-21604</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21605">CVE-2020-21605</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-21606">CVE-2020-21606</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35452">CVE-2021-35452</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36408">CVE-2021-36408</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36409">CVE-2021-36409</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36410">CVE-2021-36410</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36411">CVE-2021-36411</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1253">CVE-2022-1253</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43235">CVE-2022-43235</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43236">CVE-2022-43236</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43237">CVE-2022-43237</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43238">CVE-2022-43238</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43239">CVE-2022-43239</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43240">CVE-2022-43240</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43241">CVE-2022-43241</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43242">CVE-2022-43242</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43243">CVE-2022-43243</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43244">CVE-2022-43244</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43245">CVE-2022-43245</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43248">CVE-2022-43248</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43249">CVE-2022-43249</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43250">CVE-2022-43250</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43252">CVE-2022-43252</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43253">CVE-2022-43253</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47655">CVE-2022-47655</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47664">CVE-2022-47664</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47665">CVE-2022-47665</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24751">CVE-2023-24751</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24752">CVE-2023-24752</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24754">CVE-2023-24754</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24755">CVE-2023-24755</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24756">CVE-2023-24756</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24757">CVE-2023-24757</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24758">CVE-2023-24758</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25221">CVE-2023-25221</uri> + </references> + <metadata tag="requester" timestamp="2024-08-10T05:53:21.175447Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-10T05:53:21.178987Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-21.xml b/metadata/glsa/glsa-202408-21.xml new file mode 100644 index 000000000000..ec29aa5d80f1 --- /dev/null +++ b/metadata/glsa/glsa-202408-21.xml @@ -0,0 +1,258 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-21"> + <title>GPAC: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution.</synopsis> + <product type="ebuild">gpac</product> + <announced>2024-08-10</announced> + <revised count="1">2024-08-10</revised> + <bug>785649</bug> + <bug>835341</bug> + <access>remote</access> + <affected> + <package name="media-video/gpac" auto="yes" arch="*"> + <unaffected range="ge">2.2.0</unaffected> + <vulnerable range="lt">2.2.0</vulnerable> + </package> + </affected> + <background> + <p>GPAC is an implementation of the MPEG-4 Systems standard developed from scratch in ANSI C.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GPAC. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GPAC users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/gpac-2.2.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22673">CVE-2020-22673</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22674">CVE-2020-22674</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22675">CVE-2020-22675</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22677">CVE-2020-22677</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22678">CVE-2020-22678</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-22679">CVE-2020-22679</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25427">CVE-2020-25427</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35979">CVE-2020-35979</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35980">CVE-2020-35980</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35981">CVE-2020-35981</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35982">CVE-2020-35982</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4043">CVE-2021-4043</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21834">CVE-2021-21834</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21835">CVE-2021-21835</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21836">CVE-2021-21836</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21837">CVE-2021-21837</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21838">CVE-2021-21838</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21839">CVE-2021-21839</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21840">CVE-2021-21840</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21841">CVE-2021-21841</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21842">CVE-2021-21842</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21843">CVE-2021-21843</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21844">CVE-2021-21844</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21845">CVE-2021-21845</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21846">CVE-2021-21846</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21847">CVE-2021-21847</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21848">CVE-2021-21848</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21849">CVE-2021-21849</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21850">CVE-2021-21850</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21851">CVE-2021-21851</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21852">CVE-2021-21852</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21853">CVE-2021-21853</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21854">CVE-2021-21854</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21855">CVE-2021-21855</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21856">CVE-2021-21856</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21857">CVE-2021-21857</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21858">CVE-2021-21858</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21859">CVE-2021-21859</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21860">CVE-2021-21860</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21861">CVE-2021-21861</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21862">CVE-2021-21862</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30014">CVE-2021-30014</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30015">CVE-2021-30015</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30019">CVE-2021-30019</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30020">CVE-2021-30020</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30022">CVE-2021-30022</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30199">CVE-2021-30199</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31254">CVE-2021-31254</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31255">CVE-2021-31255</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31256">CVE-2021-31256</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31257">CVE-2021-31257</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31258">CVE-2021-31258</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31259">CVE-2021-31259</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31260">CVE-2021-31260</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31261">CVE-2021-31261</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31262">CVE-2021-31262</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32132">CVE-2021-32132</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32134">CVE-2021-32134</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32135">CVE-2021-32135</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32136">CVE-2021-32136</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32137">CVE-2021-32137</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32138">CVE-2021-32138</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32139">CVE-2021-32139</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32437">CVE-2021-32437</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32438">CVE-2021-32438</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32439">CVE-2021-32439</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32440">CVE-2021-32440</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33361">CVE-2021-33361</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33362">CVE-2021-33362</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33363">CVE-2021-33363</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33364">CVE-2021-33364</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33365">CVE-2021-33365</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33366">CVE-2021-33366</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36412">CVE-2021-36412</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36414">CVE-2021-36414</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36417">CVE-2021-36417</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36584">CVE-2021-36584</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40559">CVE-2021-40559</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40562">CVE-2021-40562</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40563">CVE-2021-40563</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40564">CVE-2021-40564</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40565">CVE-2021-40565</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40566">CVE-2021-40566</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40567">CVE-2021-40567</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40568">CVE-2021-40568</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40569">CVE-2021-40569</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40570">CVE-2021-40570</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40571">CVE-2021-40571</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40572">CVE-2021-40572</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40573">CVE-2021-40573</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40574">CVE-2021-40574</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40575">CVE-2021-40575</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40576">CVE-2021-40576</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40592">CVE-2021-40592</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40606">CVE-2021-40606</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40607">CVE-2021-40607</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40608">CVE-2021-40608</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40609">CVE-2021-40609</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40942">CVE-2021-40942</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40944">CVE-2021-40944</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41456">CVE-2021-41456</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41457">CVE-2021-41457</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41458">CVE-2021-41458</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41459">CVE-2021-41459</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44918">CVE-2021-44918</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44919">CVE-2021-44919</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44920">CVE-2021-44920</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44921">CVE-2021-44921</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44922">CVE-2021-44922</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44923">CVE-2021-44923</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44924">CVE-2021-44924</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44925">CVE-2021-44925</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44926">CVE-2021-44926</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44927">CVE-2021-44927</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45258">CVE-2021-45258</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45259">CVE-2021-45259</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45260">CVE-2021-45260</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45262">CVE-2021-45262</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45263">CVE-2021-45263</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45266">CVE-2021-45266</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45267">CVE-2021-45267</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45288">CVE-2021-45288</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45289">CVE-2021-45289</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45291">CVE-2021-45291</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45292">CVE-2021-45292</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45297">CVE-2021-45297</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45760">CVE-2021-45760</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45762">CVE-2021-45762</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45763">CVE-2021-45763</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45764">CVE-2021-45764</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45767">CVE-2021-45767</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45831">CVE-2021-45831</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46038">CVE-2021-46038</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46039">CVE-2021-46039</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46040">CVE-2021-46040</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46041">CVE-2021-46041</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46042">CVE-2021-46042</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46043">CVE-2021-46043</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46044">CVE-2021-46044</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46045">CVE-2021-46045</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46046">CVE-2021-46046</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46047">CVE-2021-46047</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46049">CVE-2021-46049</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46051">CVE-2021-46051</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46234">CVE-2021-46234</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46236">CVE-2021-46236</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46237">CVE-2021-46237</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46238">CVE-2021-46238</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46239">CVE-2021-46239</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46240">CVE-2021-46240</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46311">CVE-2021-46311</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46313">CVE-2021-46313</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1035">CVE-2022-1035</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1172">CVE-2022-1172</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1222">CVE-2022-1222</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1441">CVE-2022-1441</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1795">CVE-2022-1795</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2453">CVE-2022-2453</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2454">CVE-2022-2454</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2549">CVE-2022-2549</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3178">CVE-2022-3178</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3222">CVE-2022-3222</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3957">CVE-2022-3957</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4202">CVE-2022-4202</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24249">CVE-2022-24249</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24574">CVE-2022-24574</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24575">CVE-2022-24575</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24576">CVE-2022-24576</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24577">CVE-2022-24577</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24578">CVE-2022-24578</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26967">CVE-2022-26967</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27145">CVE-2022-27145</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27146">CVE-2022-27146</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27147">CVE-2022-27147</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27148">CVE-2022-27148</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29339">CVE-2022-29339</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29340">CVE-2022-29340</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29537">CVE-2022-29537</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30976">CVE-2022-30976</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36186">CVE-2022-36186</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36190">CVE-2022-36190</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36191">CVE-2022-36191</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38530">CVE-2022-38530</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43039">CVE-2022-43039</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43040">CVE-2022-43040</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43042">CVE-2022-43042</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43043">CVE-2022-43043</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43044">CVE-2022-43044</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43045">CVE-2022-43045</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43254">CVE-2022-43254</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43255">CVE-2022-43255</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45202">CVE-2022-45202</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45204">CVE-2022-45204</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45283">CVE-2022-45283</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45343">CVE-2022-45343</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46489">CVE-2022-46489</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46490">CVE-2022-46490</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47086">CVE-2022-47086</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47087">CVE-2022-47087</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47088">CVE-2022-47088</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47089">CVE-2022-47089</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47091">CVE-2022-47091</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47092">CVE-2022-47092</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47093">CVE-2022-47093</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47094">CVE-2022-47094</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47095">CVE-2022-47095</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47653">CVE-2022-47653</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47654">CVE-2022-47654</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47656">CVE-2022-47656</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47657">CVE-2022-47657</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47658">CVE-2022-47658</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47659">CVE-2022-47659</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47660">CVE-2022-47660</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47661">CVE-2022-47661</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47662">CVE-2022-47662</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47663">CVE-2022-47663</uri> + </references> + <metadata tag="requester" timestamp="2024-08-10T05:56:40.883624Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-10T05:56:40.887094Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-22.xml b/metadata/glsa/glsa-202408-22.xml new file mode 100644 index 000000000000..f80765466515 --- /dev/null +++ b/metadata/glsa/glsa-202408-22.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-22"> + <title>Bundler: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Bundler, the worst of which could lead to arbitrary code execution.</synopsis> + <product type="ebuild">bundler</product> + <announced>2024-08-10</announced> + <revised count="1">2024-08-10</revised> + <bug>743214</bug> + <bug>798135</bug> + <bug>828884</bug> + <access>local and remote</access> + <affected> + <package name="dev-ruby/bundler" auto="yes" arch="*"> + <unaffected range="ge">2.2.33</unaffected> + <vulnerable range="lt">2.2.33</vulnerable> + </package> + </affected> + <background> + <p>Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Bundler users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/bundler-2.2.33" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-3881">CVE-2019-3881</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36327">CVE-2020-36327</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43809">CVE-2021-43809</uri> + </references> + <metadata tag="requester" timestamp="2024-08-10T08:23:41.517666Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-10T08:23:41.520457Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202408-23.xml b/metadata/glsa/glsa-202408-23.xml new file mode 100644 index 000000000000..eacb91286bf0 --- /dev/null +++ b/metadata/glsa/glsa-202408-23.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202408-23"> + <title>GnuPG: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in GnuPG, the worst of which could lead to signature spoofing.</synopsis> + <product type="ebuild">gnupg</product> + <announced>2024-08-10</announced> + <revised count="1">2024-08-10</revised> + <bug>855395</bug> + <bug>923248</bug> + <access>remote</access> + <affected> + <package name="app-crypt/gnupg" auto="yes" arch="*"> + <unaffected range="ge">2.4.4</unaffected> + <vulnerable range="lt">2.4.4</vulnerable> + </package> + </affected> + <background> + <p>The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GnuPG. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GnuPG users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.4.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34903">CVE-2022-34903</uri> + </references> + <metadata tag="requester" timestamp="2024-08-10T08:41:19.748264Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-08-10T08:41:19.752993Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 3d5a09b65cb5..45325f0ee3fd 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 09 Aug 2024 09:40:04 +0000 +Sat, 10 Aug 2024 09:40:23 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 6cc93267f0d8..a20abfa97c4f 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -dafd1a18a8a8ccc232fbe240a01ee69809299ebd 1723195345 2024-08-09T09:22:25Z +edaa82dbe986586c12f7d0e15ccfaa2e8c17c4d2 1723279289 2024-08-10T08:41:29Z |