diff options
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 465570 -> 467478 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202006-01.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-02.xml | 96 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-03.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-04.xml | 54 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-05.xml | 55 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-06.xml | 56 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-07.xml | 66 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-08.xml | 61 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-09.xml | 51 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-10.xml | 48 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-11.xml | 55 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202006-12.xml | 46 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
16 files changed, 703 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 8fd58666a2c4..576d87c190a3 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 465570 BLAKE2B a62e99817e32fd8ff7f82db3f63ecd455d8d078254d12926bca9349cd7d4cb7525d19b5ca213653d7ca3a28e5f51b7e4f978944f6a7c39fec3994650ada13ff2 SHA512 ee24891578ae08c29634185ea42adbf62dff9fd502bd411c413a0b0088f0d305dd4dba72180ac6793f6d434a7cc1a30d883831d3d40443eae468994ac283a7ef -TIMESTAMP 2020-05-30T09:38:23Z +MANIFEST Manifest.files.gz 467478 BLAKE2B f84f56d6f84d28d53ec12df6c1c9b351ab47c5a1f49b61ce8622c5db679861e27d7ce25da735464bfef3bcee4dd60d3b2993b39f3e35242be74b9c6a4dd0b4bf SHA512 88d1586b65d21522de591f657953bb9f61f8b1cce30f3dadef48927eb3f8eb3a3d2f22090d280a08a48c5e888e6fdd1b407f88d87a09782817743b4b23e2c92e +TIMESTAMP 2020-06-13T09:08:29Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl7SKY9fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl7kl41fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDpWBAArRTOCjZ9aFeTFp3yciphQKhWTl4lqC33Db1d2A4lFL9c7Na5B71y98y0 -Kwur2li36+CwKKUtVqNhxGxVlM++wnF+IQQv3gMaeLmUrv73FLc0Wjme8b1Zfnz6 -JvDS0NukzNSyO1p/7YasajabpcdrQnhZ5JOsfy+2m6o0ElJx0GwQLwKT1XsiF/nX -5dovYQNmg+zo/A++wQ8R+a8mXxpkE3Ce17AuOUqHSpasRw6HFTGDsY0OWeWKehUl -zRVyP7WPiH0S7QMZpUFWnMoSvAM+r0QcmNCPDsU6WhxOzB6yKeoVFgkB4rCzej49 -q0JnSv1yz2ZiIRNaTn4qcSbFfl4zuElKO66IPZpok9kxadhHt+/TolvNrLhayIoU -bug1nHW66DSaGWrkbNYhzuicncysudYqtmbD6MvMYDmYmZskATju3nDQkr3oqhKS -MnvAWuVxiIo/B2Ukhwkhgk1YE8OzUe7CVYxBTcfTVOd2qqnqtBHAzClBnVCtwsxF -HTHJjph+lleeTvVeAvDWHO92O7255ShuoS3XWBrSbz73OBJbMwK/eNLfynC+eQzX -CeiY52tzd3UYeLMhzMZok7RCmnsmavBaieM1iC21karAWOk71yV+xLk7kphhiOm7 -JzmWmEyOoowkGA9TpnTQgjETK9pT/Cy+jGjshnjlPX+oL0vQ16k= -=4h7Y +klAmmg/+Jm295pzRFIchRjP2pTiXNnhc3h05wSjXK0IBL9I8cMNqrlHHpLEJpmSB +jcjbdsm8+xXPnRv/m1tTAeusHoGKWOfLQ0Z6F2M5/XoJfjigUlCbL2/wES7+FflM +/mKfFWtHWn4UiqouSpudqmnRqPb+2aOHPOge+NV6NY1jDIXb+v58f6OGvlcF+QUt +QyVu1IDWEBsPA1uRbsUujsRBf8L5X6HdN0glgTnTdlMNQ8eCAGqsr/NWbS0tNeTC +4CMuH++A673UiXX+M4Gh8IJ3uiO97XEFKXDQGBvuVQU9b6yBMdAmyMFzl3KWSiKe +dmqMxtohPkassGhnMf5qTQZ5jeK3lAbUYG6395h3zye/ZURNe2InbLfByr8sdhxV +kdcg5KM58/+uwXFsdNzzj4KIdTrPqe5bLYsvVeyznxc3hpvtoVKJTfeXO+wfLaP6 +dRbAdlsHd3sIDIfrkZXQHtjhtfLvrbA1hFTIirTsK++QTJyawNcf8/MiJhU4ROX3 +ax8/Mf8i/YeTBFfllkJ63uf4KgaziVJJzYKZIXfFwIVwNC5MqIspWdss/AH89G/m +PO0D8H34b2ii4Y1RY9vP1ZdpqqFKLwacILYhqKEA3Ra7MgH+9D7a5P01PVAXZ2o/ +xb67ERgTVQ/BSXgS5WhnDuMYSBQevaDfQFTCFlmCdlkiFFIHSYA= +=PMMM -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 192d458f15e0..14677ebaa92f 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202006-01.xml b/metadata/glsa/glsa-202006-01.xml new file mode 100644 index 000000000000..e8768cba05db --- /dev/null +++ b/metadata/glsa/glsa-202006-01.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-01"> + <title>GnuTLS: Information disclosure</title> + <synopsis>An information disclosure vulnerability in GnuTLS allow remote + attackers to obtain sensitive information. + </synopsis> + <product type="ebuild">gnutls</product> + <announced>2020-06-09</announced> + <revised count="1">2020-06-09</revised> + <bug>727108</bug> + <access>remote</access> + <affected> + <package name="net-libs/gnutls" auto="yes" arch="*"> + <unaffected range="ge">3.6.14</unaffected> + <vulnerable range="lt">3.6.14</vulnerable> + </package> + </affected> + <background> + <p>GnuTLS is an Open Source implementation of the TLS and SSL protocols.</p> + </background> + <description> + <p>A flaw was reported in the TLS session ticket key construction in + GnuTLS. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could recover previous conversations in TLS 1.2 and + obtain sensitive information or conduct a man-in-the-middle attack to + bypass authentication in TLS 1.3. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GnuTLS user should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.6.14" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13777">CVE-2020-13777</uri> + </references> + <metadata tag="requester" timestamp="2020-06-05T15:47:41Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-09T14:41:33Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-02.xml b/metadata/glsa/glsa-202006-02.xml new file mode 100644 index 000000000000..663d9d9029ec --- /dev/null +++ b/metadata/glsa/glsa-202006-02.xml @@ -0,0 +1,96 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-02"> + <title>Chromium, Google Chrome: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">chromium,google-chrome</product> + <announced>2020-06-10</announced> + <revised count="3">2020-06-13</revised> + <bug>724008</bug> + <access>remote</access> + <affected> + <package name="www-client/chromium" auto="yes" arch="*"> + <unaffected range="ge">83.0.4103.97</unaffected> + <vulnerable range="lt">83.0.4103.97</vulnerable> + </package> + <package name="www-client/google-chrome" auto="yes" arch="*"> + <unaffected range="ge">83.0.4103.97</unaffected> + <vulnerable range="lt">83.0.4103.97</vulnerable> + </package> + </affected> + <background> + <p>Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. + </p> + + <p>Google Chrome is one fast, simple, and secure browser for all your + devices. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All chromium users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-83.0.4103.97" + </code> + + <p>All google-chrome users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-83.0.4103.97" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6465">CVE-2020-6465</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6466">CVE-2020-6466</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6467">CVE-2020-6467</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6468">CVE-2020-6468</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6469">CVE-2020-6469</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6470">CVE-2020-6470</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6471">CVE-2020-6471</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6472">CVE-2020-6472</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6473">CVE-2020-6473</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6474">CVE-2020-6474</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6475">CVE-2020-6475</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6476">CVE-2020-6476</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6477">CVE-2020-6477</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6478">CVE-2020-6478</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6479">CVE-2020-6479</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6480">CVE-2020-6480</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6481">CVE-2020-6481</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6482">CVE-2020-6482</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6483">CVE-2020-6483</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6484">CVE-2020-6484</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6485">CVE-2020-6485</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6486">CVE-2020-6486</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6487">CVE-2020-6487</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6488">CVE-2020-6488</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6489">CVE-2020-6489</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6490">CVE-2020-6490</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6491">CVE-2020-6491</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6493">CVE-2020-6493</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6494">CVE-2020-6494</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6495">CVE-2020-6495</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6496">CVE-2020-6496</uri> + </references> + <metadata tag="requester" timestamp="2020-06-04T09:55:12Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-13T00:59:41Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-03.xml b/metadata/glsa/glsa-202006-03.xml new file mode 100644 index 000000000000..06c72762cc9c --- /dev/null +++ b/metadata/glsa/glsa-202006-03.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-03"> + <title>Perl: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Perl, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">perl</product> + <announced>2020-06-12</announced> + <revised count="1">2020-06-12</revised> + <bug>723792</bug> + <access>local, remote</access> + <affected> + <package name="dev-lang/perl" auto="yes" arch="*"> + <unaffected range="ge">5.30.3</unaffected> + <vulnerable range="lt">5.30.3</vulnerable> + </package> + </affected> + <background> + <p>Perl is a highly capable, feature-rich programming language.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Perl. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Perl users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.30.3" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10543">CVE-2020-10543</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10878">CVE-2020-10878</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12723">CVE-2020-12723</uri> + </references> + <metadata tag="requester" timestamp="2020-06-09T02:23:58Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-12T04:18:23Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-04.xml b/metadata/glsa/glsa-202006-04.xml new file mode 100644 index 000000000000..39cb805aee7a --- /dev/null +++ b/metadata/glsa/glsa-202006-04.xml @@ -0,0 +1,54 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-04"> + <title>glibc: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in glibc, the worst of + which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">glibc</product> + <announced>2020-06-13</announced> + <revised count="1">2020-06-13</revised> + <bug>677272</bug> + <bug>679044</bug> + <bug>711558</bug> + <bug>717938</bug> + <bug>719472</bug> + <access>local, remote</access> + <affected> + <package name="sys-libs/glibc" auto="yes" arch="*"> + <unaffected range="ge">2.30-r8</unaffected> + <vulnerable range="lt">2.30-r8</vulnerable> + </package> + </affected> + <background> + <p>glibc is a package that contains the GNU C library.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in glibc. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All glibc users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.30-r8" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6488">CVE-2019-6488</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7309">CVE-2019-7309</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9169">CVE-2019-9169</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10029">CVE-2020-10029</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1751">CVE-2020-1751</uri> + </references> + <metadata tag="requester" timestamp="2020-05-22T01:05:58Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2020-06-13T01:03:27Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-05.xml b/metadata/glsa/glsa-202006-05.xml new file mode 100644 index 000000000000..8e2d321a301c --- /dev/null +++ b/metadata/glsa/glsa-202006-05.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-05"> + <title>Nokogiri: Command injection</title> + <synopsis>Nokogiri has a vulnerability allowing arbitrary execution of code + if a certain function is used. + </synopsis> + <product type="ebuild">Nokogiri</product> + <announced>2020-06-13</announced> + <revised count="1">2020-06-13</revised> + <bug>691974</bug> + <access>remote</access> + <affected> + <package name="dev-ruby/nokogiri" auto="yes" arch="*"> + <unaffected range="ge">1.10.4</unaffected> + <vulnerable range="lt">1.10.4</vulnerable> + </package> + </affected> + <background> + <p>Nokogiri is an HTML, XML, SAX, and Reader parser.</p> + </background> + <description> + <p>A command injection vulnerability in Nokogiri allows commands to be + executed in a subprocess by Ruby’s Kernel.open method. Processes are + vulnerable only if the undocumented method + Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input. + </p> + </description> + <impact type="normal"> + <p>A remote attacker could possibly execute arbitrary code with the + privileges of the process. + </p> + </impact> + <workaround> + <p>Avoid calling the undocumented method Nokogiri::CSS::Tokenizer#load_file + with untrusted user input. + </p> + </workaround> + <resolution> + <p>All Nokogiri users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-ruby/nokogiri-1.10.4" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5477">CVE-2019-5477</uri> + <uri link="https://github.com/sparklemotion/nokogiri/issues/1915">Upstream + bug + </uri> + </references> + <metadata tag="requester" timestamp="2020-05-22T01:52:12Z">BlueKnight</metadata> + <metadata tag="submitter" timestamp="2020-06-13T01:06:32Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-06.xml b/metadata/glsa/glsa-202006-06.xml new file mode 100644 index 000000000000..132e827b53ec --- /dev/null +++ b/metadata/glsa/glsa-202006-06.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-06"> + <title>ssvnc: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in ssvnc, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">ssvnc</product> + <announced>2020-06-13</announced> + <revised count="1">2020-06-13</revised> + <bug>701820</bug> + <access>remote</access> + <affected> + <package name="net-misc/ssvnc" auto="yes" arch="*"> + <vulnerable range="le">1.0.29-r2</vulnerable> + </package> + </affected> + <background> + <p>The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC + connections. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in ssvnc. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>Gentoo has discontinued support for ssvnc. We recommend that users + unmerge ssvnc: + </p> + + <code> + # emerge --unmerge "net-misc/ssvnc" + </code> + + <p>NOTE: The Gentoo developer(s) maintaining ssvnc have discontinued + support at this time. It may be possible that a new Gentoo developer will + update ssvnc at a later date. An alternative may be a manual SSH tunnel. + </p> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20020">CVE-2018-20020</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20021">CVE-2018-20021</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20022">CVE-2018-20022</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20024">CVE-2018-20024</uri> + </references> + <metadata tag="requester" timestamp="2020-05-24T17:26:39Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-13T01:09:16Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-07.xml b/metadata/glsa/glsa-202006-07.xml new file mode 100644 index 000000000000..9d5ea5d25600 --- /dev/null +++ b/metadata/glsa/glsa-202006-07.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-07"> + <title>Mozilla Firefox: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the + worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">firefox</product> + <announced>2020-06-13</announced> + <revised count="2">2020-06-13</revised> + <bug>726844</bug> + <access>remote</access> + <affected> + <package name="www-client/firefox" auto="yes" arch="*"> + <unaffected range="ge">68.9.0</unaffected> + <vulnerable range="lt">68.9.0</vulnerable> + </package> + <package name="www-client/firefox-bin" auto="yes" arch="*"> + <unaffected range="ge">68.9.0</unaffected> + <vulnerable range="lt">68.9.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-68.9.0" + </code> + + <p>All Mozilla Firefox binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.9.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12405">CVE-2020-12405</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12406">CVE-2020-12406</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12407">CVE-2020-12407</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12408">CVE-2020-12408</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12409">CVE-2020-12409</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12410">CVE-2020-12410</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12411">CVE-2020-12411</uri> + </references> + <metadata tag="requester" timestamp="2020-06-04T09:53:31Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-13T01:14:36Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-08.xml b/metadata/glsa/glsa-202006-08.xml new file mode 100644 index 000000000000..e6a391fc9c30 --- /dev/null +++ b/metadata/glsa/glsa-202006-08.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-08"> + <title>WebKitGTK+: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst + of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">webkitgtk+</product> + <announced>2020-06-13</announced> + <revised count="1">2020-06-13</revised> + <bug>712260</bug> + <access>remote</access> + <affected> + <package name="net-libs/webkit-gtk" auto="yes" arch="*"> + <unaffected range="ge">2.28.2</unaffected> + <vulnerable range="lt">2.28.2</vulnerable> + </package> + </affected> + <background> + <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, from hybrid + HTML/CSS applications to full-fledged web browsers. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All WebKitGTK+ users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.28.2" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10018">CVE-2020-10018</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10018">CVE-2020-10018</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11793">CVE-2020-11793</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11793">CVE-2020-11793</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3885">CVE-2020-3885</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3894">CVE-2020-3894</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3895">CVE-2020-3895</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3897">CVE-2020-3897</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3899">CVE-2020-3899</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3900">CVE-2020-3900</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3901">CVE-2020-3901</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3902">CVE-2020-3902</uri> + </references> + <metadata tag="requester" timestamp="2020-05-14T21:48:07Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-13T01:41:16Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-09.xml b/metadata/glsa/glsa-202006-09.xml new file mode 100644 index 000000000000..8943a422203f --- /dev/null +++ b/metadata/glsa/glsa-202006-09.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-09"> + <title>Adobe Flash Player: Arbitrary code execution</title> + <synopsis>A flaw in Adobe Flash Player may allow local or remote attacker(s) + to execute arbitrary code. + </synopsis> + <product type="ebuild">adobe-flash</product> + <announced>2020-06-13</announced> + <revised count="1">2020-06-13</revised> + <bug>727812</bug> + <access>remote</access> + <affected> + <package name="www-plugins/adobe-flash" auto="yes" arch="*"> + <unaffected range="ge">32.0.0.387</unaffected> + <vulnerable range="lt">32.0.0.387</vulnerable> + </package> + </affected> + <background> + <p>The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. + </p> + </background> + <description> + <p>An unspecified flaw has been discovered in Adobe Flash Player.</p> + </description> + <impact type="normal"> + <p>This flaw can be exploited by attackers for remote code execution.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Adobe Flash Player users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-32.0.0.387" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9633">CVE-2020-9633</uri> + <uri link="https://helpx.adobe.com/security/products/flash-player/apsb20-30.html"> + Upstream advisory (APSB20-30) + </uri> + </references> + <metadata tag="requester" timestamp="2020-06-11T00:59:03Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-13T01:44:33Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-10.xml b/metadata/glsa/glsa-202006-10.xml new file mode 100644 index 000000000000..0291e53cf3e5 --- /dev/null +++ b/metadata/glsa/glsa-202006-10.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-10"> + <title>GNU Readline: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in GNU Readline, the worst + of which could result in a Denial of Service condition. + </synopsis> + <product type="ebuild">readline</product> + <announced>2020-06-13</announced> + <revised count="1">2020-06-13</revised> + <bug>717924</bug> + <access>local</access> + <affected> + <package name="sys-libs/readline" auto="yes" arch="*"> + <unaffected range="ge">8.0</unaffected> + <vulnerable range="lt">8.0</vulnerable> + </package> + </affected> + <background> + <p>The GNU Readline library provides a set of functions for use by + applications that allow users to edit command lines as they are typed in. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GNU Readline. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="low"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GNU Readline users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/readline-8.0" + </code> + + </resolution> + <references> + </references> + <metadata tag="requester" timestamp="2020-05-21T23:21:08Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-13T01:47:15Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-11.xml b/metadata/glsa/glsa-202006-11.xml new file mode 100644 index 000000000000..39a9974e3ffd --- /dev/null +++ b/metadata/glsa/glsa-202006-11.xml @@ -0,0 +1,55 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-11"> + <title>Ansible: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Ansible, the worst of + which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">ansible</product> + <announced>2020-06-13</announced> + <revised count="1">2020-06-13</revised> + <bug>711974</bug> + <access>remote</access> + <affected> + <package name="app-admin/ansible" auto="yes" arch="*"> + <unaffected range="ge">2.9.7</unaffected> + <vulnerable range="lt">2.9.7</vulnerable> + </package> + </affected> + <background> + <p>Ansible is a radically simple IT automation platform.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Ansible. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Ansible users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/ansible-2.9.7" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10684">CVE-2020-10684</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10685">CVE-2020-10685</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1733">CVE-2020-1733</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1735">CVE-2020-1735</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1736">CVE-2020-1736</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1737">CVE-2020-1737</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1738">CVE-2020-1738</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1740">CVE-2020-1740</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1753">CVE-2020-1753</uri> + </references> + <metadata tag="requester" timestamp="2020-05-15T14:41:54Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-13T01:49:30Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202006-12.xml b/metadata/glsa/glsa-202006-12.xml new file mode 100644 index 000000000000..d55a1902c21c --- /dev/null +++ b/metadata/glsa/glsa-202006-12.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202006-12"> + <title>GNU Mailutils: Privilege escalation</title> + <synopsis>A vulnerability has been found in GNU Mailutils allowing privilege + escalation. + </synopsis> + <product type="ebuild">mailutils</product> + <announced>2020-06-13</announced> + <revised count="1">2020-06-13</revised> + <bug>700806</bug> + <access>local</access> + <affected> + <package name="net-mail/mailutils" auto="yes" arch="*"> + <unaffected range="ge">3.8</unaffected> + <vulnerable range="lt">3.8</vulnerable> + </package> + </affected> + <background> + <p>The GNU Mailutils are a collection of mail-related utilities, including + an IMAP4 server (imap4d). + </p> + </background> + <description> + <p>GNU Mailutils runs maidag by default with setuid root permissions.</p> + </description> + <impact type="high"> + <p>An attacker can use this to write to arbitrary files as root.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GNU Mailutils users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-mail/mailutils-3.8" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18862">CVE-2019-18862</uri> + </references> + <metadata tag="requester" timestamp="2020-05-12T21:52:25Z">sam_c</metadata> + <metadata tag="submitter" timestamp="2020-06-13T01:51:38Z">sam_c</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index ec5ba1b6a782..88cdcb72a7ae 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 30 May 2020 09:38:20 +0000 +Sat, 13 Jun 2020 09:08:26 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 1e05047643a2..ee8db8673cd1 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -8f997a18382e6fd1fe9722aff738fb088141123c 1589546660 2020-05-15T12:44:20+00:00 +d201bee5ad23e8472de3397c356e66a559081d7f 1592013107 2020-06-13T01:51:47+00:00 |