diff options
Diffstat (limited to 'metadata/glsa')
| -rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
| -rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 568857 -> 569335 bytes | |||
| -rw-r--r-- | metadata/glsa/glsa-202403-01.xml | 42 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202403-02.xml | 44 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202403-03.xml | 43 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
| -rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
7 files changed, 146 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index dda9fa27e085..c20c28fc931e 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 568857 BLAKE2B 3245112eec6eb35ca0b855048eea8002cf65ccd53a28c4af4110fbef17d60dd028aee42fe6b60bbf7af5eb73808427ccba2380fef9fd878a9610d3a4ac6fa768 SHA512 55c8331108f9309c5f35ec5a5b557ed996109510020ffe87fc35423b14ac96cb6fd4a34939962d28e76ac865a08a653e85827a101b97b37685b376e404c242d3 -TIMESTAMP 2024-03-03T05:10:09Z +MANIFEST Manifest.files.gz 569335 BLAKE2B 07f6153cc527f8ef0be40a2cc21b4fbdd6901249b5c3c569cd1c78321017cd55d98800cf292cc33ffbd6842d685a59c8343e534c4ede0d598730df983a8c33f4 SHA512 5d341348a510bcd14cd0388e2d6bdaccf622bfa08eed783dcee916769bbf2f8d31fa0fb57d0f3bfcce315df08c0e1c93572bfdc703a005d69ab200628e23c99b +TIMESTAMP 2024-03-03T11:10:07Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmXkBjFfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmXkWo9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBzGxAAhDspkOE1xrwSZGqpsDCd0Qj36sj1dvCGbyyEj9z0QTXmyZ3B1791WA2a -ZKqQmIC/RWAOgMs7KxF9bTaRSvGZr80hH/S+SJ0eABS714tsLdwPPsuHBZWtzo4r -OT+o4m1ujSfopdDt6xb8iqOWOC0/MDInn1S1kHnP6jnThmxV0SAh8Im+auyusCQW -jWbBp796KVjaLTeG5BAafoj1oveZdPI98tJ6skZisyVFDdgF3y40lzX8RkoicIhV -JXjMTQY0ujTfkw3eb0oSZCTnubDKLQjRsSC3P4RjO7xuDn+6vYO5X0OfaqgO2CoC -2kIKdv5EU9Yw4jnLCGuGWxo+Oja7VXNW/ZSy/7pl4QsvjgupbnLlLpQbkgk56mHs -JuLq/AnEAgLcDr8vqZ0CgYkpbxiRWWcwU04Sh6nrM+DNjAZZumgiD9hFP/lTdxnx -Vp2GJLYWSLjpcCmaEHrbOOSaUdgUmB9Ub1snybWvs6SHd42+kbPj4gO4DKDLnNC6 -jmW7VT6U0adYzYMTG1vPxrrk+H5OSJh+pZ0iMk3T0fPtUGmsLJSXnQvNM1VKTzJU -G3Bs8DnyTSc0hcNw4n1qUPsJe/YcsPpR/NccJ4aL3BMrputph9PlwI6HfXx1Mjec -wAq4fhdD+ZC32ZL3vHRNegsCFg3vuhStbO+2HNKXhwN4Er2d5G0= -=1+7n +klDprQ/+P1jdZLsbnsnEpeFKf0zP0E9ycaS9aMA+TEVbWOEGqmD8Wj7qyoBiRCjj +VPohEWoyfZsibud4boP6gMaOOZj4coPNJ1cv1bz9/tKey5AzCQeUMXg5z6enAld3 +wlc9uzWVL2091WCuqPMqfVb2sMTwCnzVcp4Q+9ixQeLE1F6fF9ErcySaVRC2AOj0 +US4xbbZaG8WKXvx25hqy/hVBohN1hOCISzEi8zmoRtjoFSFAUuHv2pjdLU0u4Y09 +NNzXq9fqM4w+9T0udcmoGEvbhMwBhX09k7grXgiK+Uu++6i9uXyAzdJl9Fdy/zyi +3nU07WIojOZJCQHFNB4FFmLFWed8vzLiyroC97mH1CyAdDiLDp/nsDrf+rHbzWyq +gRoRaBEC/99m11yYdiH2Lm77HeIxZyRYwTit/8/ubjyv4adUQbfzd6G5nyZd4x9W +JFMsUsNLGJgohkcsyB7L2oWZR+RYuBCKgMM4cF0zdgk4ReMSe5zluqz9HxUAPPts +KS8tpAptmjff5qAId+QPoUBEQP0FMiwHD+6BoSMGdcUeq463jfiwzUzAzTAAAlty +sFKLSYI6LNdjkLHhJ2oAfi55NMCTylEEfEJ1pig7niDA0FObHDAbn4vS5kgiKD4J +YeiM6nxnKhBVTihfWiJZVH7B8Czq3vqpDbUZF/Revyhoztk9eZs= +=AjQl -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex c7a067f9f4f8..772e1970b334 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-202403-01.xml b/metadata/glsa/glsa-202403-01.xml new file mode 100644 index 000000000000..ff38fb24f404 --- /dev/null +++ b/metadata/glsa/glsa-202403-01.xml @@ -0,0 +1,42 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202403-01"> + <title>Tox: Remote Code Execution</title> + <synopsis>A vulnerability has been discovered in Tox which may lead to remote code execution.</synopsis> + <product type="ebuild">tox</product> + <announced>2024-03-03</announced> + <revised count="1">2024-03-03</revised> + <bug>829650</bug> + <access>remote</access> + <affected> + <package name="net-libs/tox" auto="yes" arch="*"> + <unaffected range="ge">0.2.13</unaffected> + <vulnerable range="lt">0.2.13</vulnerable> + </package> + </affected> + <background> + <p>Tox is easy-to-use software that connects you with friends and family without anyone else listening in.</p> + </background> + <description> + <p>A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below for details.</p> + </description> + <impact type="normal"> + <p>A stack-based buffer overflow allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Tox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/tox-0.2.13" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44847">CVE-2021-44847</uri> + </references> + <metadata tag="requester" timestamp="2024-03-03T10:05:56.740887Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-03-03T10:05:56.742991Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202403-02.xml b/metadata/glsa/glsa-202403-02.xml new file mode 100644 index 000000000000..9d8b742fb374 --- /dev/null +++ b/metadata/glsa/glsa-202403-02.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202403-02"> + <title>Blender: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.</synopsis> + <product type="ebuild">blender</product> + <announced>2024-03-03</announced> + <revised count="1">2024-03-03</revised> + <bug>834011</bug> + <access>remote</access> + <affected> + <package name="media-gfx/blender" auto="yes" arch="*"> + <unaffected range="ge">3.1.0</unaffected> + <vulnerable range="lt">3.1.0</vulnerable> + </package> + </affected> + <background> + <p>Blender is a 3D Creation/Animation/Publishing System.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Blender. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Blender users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/blender-3.1.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0544">CVE-2022-0544</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0545">CVE-2022-0545</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0546">CVE-2022-0546</uri> + </references> + <metadata tag="requester" timestamp="2024-03-03T10:35:38.708571Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-03-03T10:35:38.710453Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/glsa-202403-03.xml b/metadata/glsa/glsa-202403-03.xml new file mode 100644 index 000000000000..3e441fbc8a28 --- /dev/null +++ b/metadata/glsa/glsa-202403-03.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202403-03"> + <title>UltraJSON: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting.</synopsis> + <product type="ebuild">ujson</product> + <announced>2024-03-03</announced> + <revised count="1">2024-03-03</revised> + <bug>855689</bug> + <access>remote</access> + <affected> + <package name="dev-python/ujson" auto="yes" arch="*"> + <unaffected range="ge">5.4.0</unaffected> + <vulnerable range="lt">5.4.0</vulnerable> + </package> + </affected> + <background> + <p>UltraJSON is an ultra fast JSON encoder and decoder written in pure C with bindings for Python 3.8+.</p> + </background> + <description> + <p>Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output.</p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All UltraJSON users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/ujson-5.4.0" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31116">CVE-2022-31116</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31117">CVE-2022-31117</uri> + </references> + <metadata tag="requester" timestamp="2024-03-03T10:43:37.084240Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-03-03T10:43:37.087046Z">graaff</metadata> +</glsa>
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 870641f6d0be..b1272ed41947 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 03 Mar 2024 05:10:05 +0000 +Sun, 03 Mar 2024 11:10:05 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 639d43ccf0d3..f5bb639f3fe0 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -e549b151411e283e5129e0b82b21b1fc7c93bcd7 1708962306 2024-02-26T15:45:06+00:00 +cdd0be6e1942f6fd398390a7d40b198b4617986a 1709462639 2024-03-03T10:43:59+00:00 |