summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin596819 -> 596980 bytes
-rw-r--r--metadata/glsa/glsa-202504-01.xml44
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
5 files changed, 61 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 1c79d9322bc5..6fc8722feae2 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 596819 BLAKE2B 63522f06337573996c66aa3c0b81ef535020898b18e1885eee805fd1835f056debd8871c1b871e9129a2cfd9138cdf6cb96404b2859059f0e8906b7e44fbcee9 SHA512 87fcb2c073963a66ce8ec1e356d102364b832e77939304f57faeeda9b592eab9192b225eb977ad168b619ca3b7f0da1061763084ff671cea0d6a094c478551f0
-TIMESTAMP 2025-04-03T23:41:00Z
+MANIFEST Manifest.files.gz 596980 BLAKE2B eddb25532154bba44bb35623eb68543626c56c08b4a9b70673d678e12e2e9d223dee9cf4d0203ab7966bfde59e62bbac75b407365fffaffd689f74499226bdef SHA512 63607f6c6d89e0de89c2ed0d49a183cf3ebf144547b6b6c3a675072d222d42a76895e60d6f7b099c2762d742420925f50f5f0705f64f212c92b5228a8c6aac91
+TIMESTAMP 2025-04-11T06:12:14Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmfvHIxfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmf4sr5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDuFhAAo6ZMVBT/YeZ36C29NK1dWZueIVPyDmRStMi3HON8hc2iREY++TlPD2Ef
-EMtw1OiPxyzJLRKp9LhtCYUKvtF130rM+e/MBm1z5PNVETA90PBpinblRT6bWVbt
-iIhbUmpfn7NHk+CHaYoc9n5n92Kk/ODqyJ4JE12ETJ3mihkvR3ouiAiUz1gjz18+
-aeyyKRtigGAdtQL04DYAoM08S5vJcQznDAjmYgKeDzdjNdvUscKKAnY4eTEO87Z+
-IA4aJaCDGmaM6FNytSUeJ88s6CXGh9lWtGoWrHMnU84G6GdXSv8IktHPXRulDD9V
-N8xp2xV2gbHfPX+b44RPMwinkFlrwYhBhm75/3TMoRPqo7HnanBlcG4H5LXGoi5R
-y7uBipG+VaUQlXO4jAmbGYRFSvDpFXvubwURBaHl7OenyCyylSxNTA+Xwz32sVUL
-mZpKsADVdDLFC7lVzFgSQO87p7BpybyUVbWR3xUN8qBRP5DO1uPeZf0XFnWAF/Vr
-jl1jbS9GCTuK9ir9hUiqzUx/PBh/8KZWI8IzW9eTSbTjt44dphWEbf8nYnX0iwMf
-rL343twtRYnkWsvgZIbr/OmN9Ub0dtz/vhwyNo8k7nidB7ChiqwaWxyDAQ8ayxQX
-NwWNTXkZomm2Yu9hgJUwu2YfbnPR0oh7KCD6CaCZQuWBwrwbFFI=
-=N5u4
+klBNJg//YPL4jqxt0ql9ROCx5275mOQ9clpEx5Lzi1jhzsBSjv+j99ANmeIG1GKE
+JJYg6LOa2aOp4FWh2GB5Vjvmh09IIc9N5LOwWpVShuAcsFbzDoyJuRnVPI4rQ8T+
+/Ni/iEFjfsB4JgfhRYmsgZTaeZRVXyHDPlCOTYRbOvRxQIf9RpoVZJp/CDxv3uA/
+rOiDFApwptrz5KCYwh0UHuhyCSBthCBLG4MTwZN9OxTXC/CZ6H8kh9I4g7Mbb93L
+8O3n7d2Mj8sGJiJzXpHPMuRDh7H8KrzwtDb2o05WqBnFfD2WYvqxFHQbEQObemn1
+bOfNRMKfAXmHG5UpFE53C+2CkNWboBc0ggye1DN+d8/qp9AeJMtCFnqeJcVGF6Tk
+7WBuYOxyHbg1vXy1//hvh6Tllz2I9lik3VcZkeysxejYuwo/lnesAPtN01nX0Qsl
+HfX853ceceaKWeyiEXQoPoiqK3laK1lfxioI9wfl3d3nisaUly7Ls9PBERT+rOMa
+G2qFDDkfMJ+jE2RSJqD9RGal2mLfbTeCCOd+zmlhOwRB8E9zizUPu1vV9g3PDHTm
+U/PZ5IrE1u7AbLDsR/7szPhuYM8+Q7Z84KFEEce26UTkyPKcfC/BMgSIKmEIH6K7
+qSU8ajMkYyMSsMhD6x1owVPbsyzdiCQYEPn+6hicS8Tmf4eAZ7E=
+=rHyT
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 3253252d39dd..174f96b7d262 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202504-01.xml b/metadata/glsa/glsa-202504-01.xml
new file mode 100644
index 000000000000..1e80046976b4
--- /dev/null
+++ b/metadata/glsa/glsa-202504-01.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202504-01">
+ <title>XZ Utils: Use after free</title>
+ <synopsis>A vulnerability has been discovered in XZ Utils, which could lead to denial of service.</synopsis>
+ <product type="ebuild">xz-utils</product>
+ <announced>2025-04-05</announced>
+ <revised count="1">2025-04-05</revised>
+ <bug>953086</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-arch/xz-utils" auto="yes" arch="*">
+ <unaffected range="ge">5.6.4-r1</unaffected>
+ <vulnerable range="lt">5.6.4-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>XZ Utils is free general-purpose data compression software with a high compression ratio.</p>
+ </background>
+ <description>
+ <p>A use-after-free has been discovered in XZ utils. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>The multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected.
+
+It&#39;s unlikely one can achieve more than a crash if xz is built with PIE on a 64-bit system especially, as is done in Gentoo by default.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All XZ utils users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/xz-utils-5.6.4-r1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-31115">CVE-2025-31115</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-04-05T00:42:34.287919Z">sam</metadata>
+ <metadata tag="submitter" timestamp="2025-04-05T00:42:34.291736Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 76cc79917be2..99bd90e86f2a 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Thu, 03 Apr 2025 23:40:58 +0000
+Fri, 11 Apr 2025 06:12:11 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index ad34d21cfea9..d4c903585d6b 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-8c44a0fc9958fea4290f5cca3cda73137cf7786a 1743192053 2025-03-28T20:00:53Z
+da2df533a0a1b5799029686bc64ece18ac31947e 1743813771 2025-04-05T00:42:51Z
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 10:24:47 +0000