diff options
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 517009 -> 517807 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-202107-51.xml | 47 | ||||
-rw-r--r-- | metadata/glsa/glsa-202107-52.xml | 47 | ||||
-rw-r--r-- | metadata/glsa/glsa-202107-53.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/glsa-202107-54.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/glsa-202107-55.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
9 files changed, 261 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 233040c09ae1..2b69c03a9c4d 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 517009 BLAKE2B 7dfe2c6f0d3c02fd13a4ff92c8b43527ed90bc991cb77cf23a6b6f4d95a096baf241470cf7a0758af0ac5a10a8c455ea6117a88ca56d9619752cbe7f94a48887 SHA512 a547d3f7e4ce6646a0fd7f1bbc0c170ce1ad5c251ff3df4af3717aeb9fe49d0376f58f7a94715f226b5ed2e9b7f27692afb69b78d807ec8b830b728935a0bcbd -TIMESTAMP 2021-07-24T00:39:02Z +MANIFEST Manifest.files.gz 517807 BLAKE2B 2ecdb63e9cfe1a1b71d23ab4fe58b057928be5a410ab9012b87ec1e7c917af227099229248e5b2c7dc5b25edb96e4adad920259d956349d0ecbb204178f8da2c SHA512 4ca9cc06a8ae7d4eefdd8a435b92f1f4e675295b618afdb11cf1d7f45b49f0fd5137f7f0c81b60933a8b942fe25de9928a9f4ffe0d5968bae8eae39c95a7da50 +TIMESTAMP 2021-07-24T10:39:00Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmD7YSZfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmD77cRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klC5Mw/9GsZ9wpwdz+PbVdusr4HHAV59IT+qhg3/55VhmeVfPaFMIsfVpxbhZPtj -EjaHeBD/iOblkKhN7ctyFMe3Vf/r63bMmhT6ERpV3mKu8h43LsHN5qcjQ4TlvCvD -kT+IJiMI3LfxdRlYQMGr572aclA/xd194LiPJyUj4j0p2slbrbtzp3OEKTO+BI/a -6ZVULgMrMowWbAZTeqqusOK1RC5z4URqhAHun+7piyBmtc3tph3KcpQKRpBon2Kv -+6ONA1LzmHrbvEJnjsuTSx1irS1b5prQgU8CPJ6h9Y6QObDDxjmut4JHfC0MBXeI -RUaIQHxgqfcetTh+WwjY9mGVxVS2NlgCeOUQU5pgKZJ40mWQDbFId2BYs4ih8WzU -YFl5zbzie3mxyFoo5ssc8/Q/HOoOU+sG6Ld8M8Wu9BwP1us7GE8dRaVrW+xSKkDc -7Fj09YZbKpD7HiQZOyjf3xK3D6W80ZPs5VujslWE+YPuV/V4sy516hJ2QmYJlFvI -mrjk3mwocKx/Zyhm45z+g5AkRCA8g2leHNX5SwF38+ZkOXTtIiQdbrO2IT6MoO/Q -/ticUcLzITIDwfsN5fXUSO1hOAXl3FzDLsUvKw+yPmbIhXIK5bwgHPk5QE/ACdpo -j0PRo+XX2V1BYzJg1n3aU4M8nVuYaKEah7vp3GhvPiLKxMB9msg= -=EP+w +klDkyBAAmRqjylEIbuXdVXNAAONSpgaE5SdtjXCcN9xG0Co4IaUqqD6nTxme8Urj +doE5xAKmxII/K1T1knbbo41gqantFqcZe7KTGBiOvheDs0Y9r6EGQy0AQkYpKAhc +1WOp2sBU1YTeFZjVwPfPeeVKdUtbk7r3wRltHyy0hmEWJCnii2J0xFBYOlDvD/H6 +gft4/FzuYu3ddBmTnEpoeZL+p2pKWbE1bwbrraRNKSKgrA9WHvKKZ6KnX3i1UyMA +HdKGD7IyEKo16OMvIz6JC1gjpW/15PEf0sh6CS8/k4L6Nz/AwIl5a+GSmqAwyoJe +VDHDEx93w7k7qipf34c/rnSoGM5o7RxNnoINKNmjdccVNMAAPremPiEigtHEqm3y +EzLMmHcCOF8ozP0krArbEsivinB35mYSbOdr5/Axs9ziBodh5aHJXFNdc4v+PtZx +KL57ok/lo54B0mNTRe7YFcGUSK3ANWYc8wWIYXj4LnUzKrdnVGYGSZkHvGmvA2Z7 +NO3ig8iQImG7QdzwUKo63xBfFyT1r3rQO0F51C9w/sY5JW7dhucGZIwyi+C/XaNn +7YArDP4VOvjFHOGsTFkCDEco1IqKI0pE2gezJhG0ScVPvPPnwEeEmVxEQsdD/Ffi +fCgZ/yKXdgMb5uhNEVeRSETxUiwKp54NuHEtIP0evHELNT2tI9Y= +=XN4T -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 7f2ba8300b23..fb3d67f1010c 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202107-51.xml b/metadata/glsa/glsa-202107-51.xml new file mode 100644 index 000000000000..0b667aeb20d2 --- /dev/null +++ b/metadata/glsa/glsa-202107-51.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-51"> + <title>IcedTeaWeb: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in IcedTeaWeb, the worst + of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">icedtea-web</product> + <announced>2021-07-23</announced> + <revised count="1">2021-07-23</revised> + <bug>711392</bug> + <access>remote</access> + <affected> + <package name="dev-java/icedtea-web" auto="yes" arch="*"> + <unaffected range="ge">1.8.4-r1</unaffected> + <vulnerable range="lt">1.8.4-r1</vulnerable> + </package> + </affected> + <background> + <p>FOSS Java browser plugin and Web Start implementation.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in IcedTeaWeb. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All IcedTeaWeb users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/icedtea-web-1.8.4-r1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10181">CVE-2019-10181</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10185">CVE-2019-10185</uri> + </references> + <metadata tag="requester" timestamp="2021-07-22T03:54:46Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-23T02:56:17Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-52.xml b/metadata/glsa/glsa-202107-52.xml new file mode 100644 index 000000000000..bab0fae4e8c3 --- /dev/null +++ b/metadata/glsa/glsa-202107-52.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-52"> + <title>Apache Velocity: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Apache Velocity, the + worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">velocity</product> + <announced>2021-07-23</announced> + <revised count="1">2021-07-23</revised> + <bug>775248</bug> + <access>remote</access> + <affected> + <package name="dev-java/velocity" auto="yes" arch="*"> + <unaffected range="ge">2.3</unaffected> + <vulnerable range="lt">2.3</vulnerable> + </package> + </affected> + <background> + <p>Apache Velocity is a general purpose template engine.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Apache Velocity. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Apache Velocity users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/velocity-2.3" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13936">CVE-2020-13936</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13959">CVE-2020-13959</uri> + </references> + <metadata tag="requester" timestamp="2021-07-23T01:34:53Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-23T03:03:07Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-53.xml b/metadata/glsa/glsa-202107-53.xml new file mode 100644 index 000000000000..5b93e892e55b --- /dev/null +++ b/metadata/glsa/glsa-202107-53.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-53"> + <title>Leptonica: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Leptonica, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">leptonica</product> + <announced>2021-07-24</announced> + <revised count="3">2021-07-24</revised> + <bug>775629</bug> + <access>remote</access> + <affected> + <package name="media-libs/leptonica" auto="yes" arch="*"> + <unaffected range="ge">1.80.0</unaffected> + <vulnerable range="lt">1.80.0</vulnerable> + </package> + </affected> + <background> + <p>Leptonica is a C library for image processing and analysis.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Leptonica. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Leptonica users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/leptonica-1.80.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36277">CVE-2020-36277</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36278">CVE-2020-36278</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36279">CVE-2020-36279</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36280">CVE-2020-36280</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36281">CVE-2020-36281</uri> + </references> + <metadata tag="requester" timestamp="2021-07-24T02:43:34Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-24T03:05:56Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-54.xml b/metadata/glsa/glsa-202107-54.xml new file mode 100644 index 000000000000..83bb578e119b --- /dev/null +++ b/metadata/glsa/glsa-202107-54.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-54"> + <title>libyang: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in libyang, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">libyang</product> + <announced>2021-07-24</announced> + <revised count="1">2021-07-24</revised> + <bug>791373</bug> + <access>remote</access> + <affected> + <package name="net-libs/libyang" auto="yes" arch="*"> + <unaffected range="ge">1.0.236</unaffected> + <vulnerable range="lt">1.0.236</vulnerable> + </package> + </affected> + <background> + <p>YANG data modeling language library.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in libyang. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All libyang users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libyang-1.0.236" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28902">CVE-2021-28902</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28903">CVE-2021-28903</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28904">CVE-2021-28904</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28905">CVE-2021-28905</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28906">CVE-2021-28906</uri> + </references> + <metadata tag="requester" timestamp="2021-07-24T02:37:39Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-24T03:07:13Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202107-55.xml b/metadata/glsa/glsa-202107-55.xml new file mode 100644 index 000000000000..15738c120ba6 --- /dev/null +++ b/metadata/glsa/glsa-202107-55.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202107-55"> + <title>SDL 2: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in libsdl2, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">libsdl2</product> + <announced>2021-07-24</announced> + <revised count="1">2021-07-24</revised> + <bug>766204</bug> + <access>remote</access> + <affected> + <package name="media-libs/libsdl2" auto="yes" arch="*"> + <unaffected range="ge">2.0.14-r1</unaffected> + <vulnerable range="lt">2.0.14-r1</vulnerable> + </package> + </affected> + <background> + <p>Simple DirectMedia Layer is a cross-platform development library + designed to provide low level access to audio, keyboard, mouse, joystick, + and graphics hardware via OpenGL and Direct3D. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in SDL 2. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All SDL 2 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libsdl2-2.0.14-r1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14409">CVE-2020-14409</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14410">CVE-2020-14410</uri> + </references> + <metadata tag="requester" timestamp="2021-07-24T02:31:25Z">ajak</metadata> + <metadata tag="submitter" timestamp="2021-07-24T03:07:52Z">ajak</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 33f7bb267cb6..36c501de0268 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 24 Jul 2021 00:38:58 +0000 +Sat, 24 Jul 2021 10:38:56 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 5a39cf9d5775..bbcaf950a9ce 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -b771364599953f210f7a780b5aacba265c26034b 1626929656 2021-07-22T04:54:16+00:00 +7b9e3c731523fe15934efc37e813384c70ecd7b6 1627096087 2021-07-24T03:08:07+00:00 |