summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin521769 -> 522243 bytes
-rw-r--r--metadata/glsa/glsa-202208-20.xml78
-rw-r--r--metadata/glsa/glsa-202208-21.xml42
-rw-r--r--metadata/glsa/glsa-202208-22.xml44
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
7 files changed, 181 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 8d802793a81b..bca6be35cb1b 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 521769 BLAKE2B 618daa6e096a9572df836818b2ac30268d7e21c0c6e15ec9fca6adc164cc56ecf8a0b4741c28cd5db0b47317206a50ecf907cbfc5b1be89e895d3ba8ad9df239 SHA512 7ec72296681ddb7127210ebc1591e4b9fd86180622dc64d93283209387c6216549314667c68513c3998bbaf1219b2c97dbd134baee2107a96baca5b5fa956456
-TIMESTAMP 2022-08-13T18:39:44Z
+MANIFEST Manifest.files.gz 522243 BLAKE2B 1596c3af61b1a6da95c3143b9968db11001d017b9506ddce59f4bcd1b944e1b13f15bff778700b29e74a0b2dac4d906c7d152fac426efbd2dfdda0744685bc62 SHA512 712773ae7f28857d3018f0041efb6721a75332941366f343b7761b3473756a12951420fbef4c2cb89129bd36c7629d17ca51c9b4c6624c65d15ffa2d22aff11b
+TIMESTAMP 2022-08-14T00:39:38Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmL37/BfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmL4REpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAauRAAnrWhUanRFnNvEhVaRxbdCTf+CEh+pvBNE5Iedewshl5jKN6LvZBYS93p
-Bh9yb0g+/mAp8m8zlzpsT08Fgy80LIyZAYl4GeADN/yLi3jESoXy/Iu9V+ixuGtt
-N8EjMPQlRXVcIaDsBftYXFXIRYz9Zigj1UgFtJ+eBHzB/sfL11ZumiQ3132xWFxZ
-GudE52hWxfPug1taBeTie1ikZaBntxYueYRZOmfncsnJJJZ5DyijjVjdED0KiDvy
-6g+SnYx19B6Oj8cKUe4+Ff9CgXuzTowe81Yj600RV83a9okJPheffEo68OJgcele
-UVv0q3j+dAPRJmBpNokDhcHN9V+ZQgUxbwODxr8q2o8XX8Swmk1PEsG/xg/pt7Ow
-o/10TO3qG1PfzkBO8B6WV4t8Hc2ae2sBbTu0ODrZsfSqx9m1/8CbRxSqm0QZzQVU
-kw3M9LrQJa+Hls8yKTZ82vpPs+ZZS4RgtWV6Nb5E4tCpfqPeN99ftP9WDb7h5yuK
-zcst1Vmra0VMipEPAEdl7ocMnfRwNCD5KYSzbSnFYpNoMg3tlHCsnMUCnlGwvm4a
-CXufOzJ78yGLV99vOmwsE2LRo2UdI5F/g6VPBsftSgpMVEPrFksqj6XsaYWhiRby
-06PrRb8NLYn+9cIR3++ZvuTPkrPKzvxVSESF/Vr9cj53r6Lechs=
-=dx6+
+klB6QhAAlSH4DPceH/Jhj6LubZT6+rWprOBq4V06hJeC/+LudBjhwWSyB7Fful8y
+SqY+RHVkpnK4utxf3TaZ5fEvpQ702VzlPPoeI3iHaQV1/tGKZ1izDupeL6P0Jiku
+wq4/z+rcK0XfQD9xZNlyEDMxzoN/Cfjcs2uiAviDYaHbcrdG1yrXsDUhFpLdjtPh
+KwrMSkvCK3wylmww8JjStIKy8r2ac7qrOtKWXchNr/HNTB8yviubMlEJoWs9L8P4
+qWt2CA9lW4eWYjb3WY9SbqOZu+9apvXbFn15V6O9cUK8uCHO0w3pVGlnZDkapnvp
+cd585Jx9qnX5vRUkXN8WR0V5E0xT4emLI6Gq9JhZv46qaORFEUMhvKhKb8hSL1CC
+BorSjyvi0Ylxz2xOXbYZyBlaSJJfa+/WqFpO5wyNabaQlvel7FPI/o+sfYiLUYyw
+/zR3GIGTyD/3xssF3dR1t/wyrd+4a7gfL83v/KM0V6aFj5gKxidBTc1VyGjKS4Ux
+EVHePmIdVJY/J5r0Q6AYp1I5LUYvaEW+4NVhq4w7+u2iuTNf/pm2OMb9nBaDhNZQ
+JztsTM4r5wY1lZvhTtA4c/l6YQ6wtz3Y7iaWhWn6asL13xK29qML0v8L7/zSNPOS
+m6SU8Rm6BPLRyR+1Nyn9Em1jluoXUQe6Mu0cXKPYxsmqTrFrESw=
+=/B0T
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 0f12c71d137c..e7607780d7b3 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202208-20.xml b/metadata/glsa/glsa-202208-20.xml
new file mode 100644
index 000000000000..58744f5a5bc0
--- /dev/null
+++ b/metadata/glsa/glsa-202208-20.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-20">
+ <title>Apache HTTPD: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.</synopsis>
+ <product type="ebuild">apache,apache-tools</product>
+ <announced>2022-08-14</announced>
+ <revised count="1">2022-08-14</revised>
+ <bug>813429</bug>
+ <bug>816399</bug>
+ <bug>816864</bug>
+ <bug>829722</bug>
+ <bug>835131</bug>
+ <bug>850622</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-admin/apache-tools" auto="yes" arch="*">
+ <unaffected range="ge">2.4.54</unaffected>
+ <vulnerable range="lt">2.4.54</vulnerable>
+ </package>
+ <package name="www-servers/apache" auto="yes" arch="*">
+ <unaffected range="ge">2.4.54</unaffected>
+ <vulnerable range="lt">2.4.54</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The Apache HTTP server is one of the most popular web servers on the Internet.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Apache HTTPD users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
+ </code>
+
+ <p>All Apache HTTPD tools users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33193">CVE-2021-33193</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34798">CVE-2021-34798</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36160">CVE-2021-36160</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39275">CVE-2021-39275</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40438">CVE-2021-40438</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41524">CVE-2021-41524</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41773">CVE-2021-41773</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42013">CVE-2021-42013</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44224">CVE-2021-44224</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44790">CVE-2021-44790</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22719">CVE-2022-22719</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22720">CVE-2022-22720</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22721">CVE-2022-22721</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23943">CVE-2022-23943</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26377">CVE-2022-26377</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28614">CVE-2022-28614</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28615">CVE-2022-28615</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29404">CVE-2022-29404</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30522">CVE-2022-30522</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30556">CVE-2022-30556</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31813">CVE-2022-31813</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-08-14T00:09:33.469438Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-08-14T00:09:33.474207Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202208-21.xml b/metadata/glsa/glsa-202208-21.xml
new file mode 100644
index 000000000000..3f883725ca03
--- /dev/null
+++ b/metadata/glsa/glsa-202208-21.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-21">
+ <title>libebml: Heap buffer overflow vulnerability</title>
+ <synopsis>A heap-based buffer overflow in libeml might allow attackers to execute arbitrary code.</synopsis>
+ <product type="ebuild">libebml</product>
+ <announced>2022-08-14</announced>
+ <revised count="1">2022-08-14</revised>
+ <bug>772272</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/libebml" auto="yes" arch="arm,ppc,sparc,x86">
+ <unaffected range="ge">1.4.2</unaffected>
+ <vulnerable range="lt">1.4.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libebml is a C++ library to parse EBML files.</p>
+ </background>
+ <description>
+ <p>On 32bit builds of libebml, the length of a string is miscalculated, potentially leading to an exploitable heap overflow.</p>
+ </description>
+ <impact type="high">
+ <p>An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>Users of libebml on 32 bit architectures should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libebml-1.4.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3405">CVE-2021-3405</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-08-14T00:09:54.090013Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-08-14T00:09:54.093255Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202208-22.xml b/metadata/glsa/glsa-202208-22.xml
new file mode 100644
index 000000000000..5e5f67c9185e
--- /dev/null
+++ b/metadata/glsa/glsa-202208-22.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-22">
+ <title>xterm: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in xterm, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">xterm</product>
+ <announced>2022-08-14</announced>
+ <revised count="1">2022-08-14</revised>
+ <bug>769839</bug>
+ <bug>832409</bug>
+ <access>remote</access>
+ <affected>
+ <package name="x11-terms/xterm" auto="yes" arch="*">
+ <unaffected range="ge">371</unaffected>
+ <vulnerable range="lt">371</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>xterm is a terminal emulator for the X Window system.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in xterm. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All xterm users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-terms/xterm-371"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27135">CVE-2021-27135</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24130">CVE-2022-24130</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-08-14T00:10:06.372997Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-08-14T00:10:06.379758Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index bc5ec47e1cff..da92d450cd0e 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 13 Aug 2022 18:39:40 +0000
+Sun, 14 Aug 2022 00:39:35 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 25017bbcaa81..fa30ed48ee4f 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-58da0854b008b45c9a0063959668eb2fa9fc0b96 1660357610 2022-08-13T02:26:50+00:00
+60298a368732a5fdf5e926ec4c59811f482e73b5 1660435906 2022-08-14T00:11:46+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 07:33:36 +0000