diff options
Diffstat (limited to 'metadata/glsa')
-rw-r--r-- | metadata/glsa/Manifest | 30 | ||||
-rw-r--r-- | metadata/glsa/Manifest.files.gz | bin | 421225 -> 421384 bytes | |||
-rw-r--r-- | metadata/glsa/glsa-201804-12.xml | 50 | ||||
-rw-r--r-- | metadata/glsa/timestamp.chk | 2 | ||||
-rw-r--r-- | metadata/glsa/timestamp.commit | 2 |
5 files changed, 67 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index b0172a3a6dca..dfc8ee5bad2f 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 421225 BLAKE2B 3ea0f2afdb7fa11952c73e1802a82ddcb4bbe95b75606861aa9d94acba35691b97854b65d7d3bec40e0f5f2ef206de903696db876b0bd6db34bb27aaac0696b0 SHA512 76fd57544ae0eee9baf3d5b9e8ef3b04f05195897cba1f495609eaed7c83e275ffa678d92f50587d688bf40cbb1147872efee9d9634b6c45b00f94da4fa7cdc0 -TIMESTAMP 2018-04-13T23:08:32Z +MANIFEST Manifest.files.gz 421384 BLAKE2B bfbe5e356f9fb5467472e01b9ffa4c7ab788e49c049d40c7633dfa4d2ebb5c4bf4f92a4fa43049b85dad5d10c593ecd0e243ea7c1975e84055fc34386f72a4e8 SHA512 f0c1e1729862aec592153456994003bbdbb8f9bff919d3e8a74ef963808bc6065be99f22297469abc9678fd65da4c09918d0a860c5e2f27c193f04efea6f9560 +TIMESTAMP 2018-04-16T15:08:35Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrROHBfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrUvHNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAE4w/+PF7xO8QJUYsybzrs5McZdWx5a55vucu4rWgu22UravTxNi+zYx/rbOcA -0KC5I8lcDaF6RHxhLYWaXYn857htwcwHjuV1l/gk1hch4+Vj5EbvMSTmpyIbHZHI -IcImx05DmETrdPzd61jSPby5056vzdqbQn0w1Ap0X8Vojh8csZ+q34azTahIlH84 -/mTbq3ZmZ9AVbda6ML7yIBoEJz5Epku9tVl4rCHcRVq3VIHNZeNgUspLqEoGU0JQ -GUI8AOHGS+/F8LzcKzk4Gqj/Z+EVIWRQjWJDcyadS+yphLk2Y1OzSJ1zx0SJqsd5 -V/6ONBmOoCteY5G/asdGh07pIxPuZG6Nni1H8ZcX2ikj/Wgtab9g0rp3EtTcd1nF -to/7VPbK5suXtjVcFl56Qk2uGmdDucNB16p6FCxv51xmf7OIQq0Vq1Wb7U1PtqDf -YB8wlVYnYvTHclmwrUIapfOK3Aiu+Pc0RqP7Z9iN8uPVxNFgpROOvjrEfYD25ekC -qymxYpdzIzSfI0+ubVb+6FMzym47I5caUifO95leXdY+/HNQfR+sKAobX0hters+ -j+2pi4rQhkQ8mpmyeq0GvyiMKU/DkrObVuw1UAOR+64Ypia14X0ip+dIt0C9ufVr -eZO8fcPYaihUF+tMrahdpku6vjr2jAABdxUn6YhhF96t4di3Ek4= -=iXP5 +klCY0BAAqZNm01XKR8+NAmnCrYYtSCAwaCaF0Nb3iffw+a2VlxGqYBBxMF/P5NSg +asnD9IITG4Kl8FNGk2+DkqstEKdEjrcNxvavbtWX0PjVVlqyzmsLOCK3b6v41y/I +S4XOcJx4TJdQWaLiLXKXPAl6kZ65fSsx8GA2wHE3/L7unZB2xfH4ykHYS5TlpLEO +sRSx2kPJySsG4SB0Uc/Q4woEcOJlcKQAxAP+j+iBcrGR8T8ZEZRO6oyxcjvHM6yG +PZRZOkq3m4BCy0sL0eqq4ITeyAu2LNXRf4o80k3rvmf+n86YLl0yi3/+LU4GW73W +AkA/LNEJXxaxpB+NHkSkQnjXOxExUCCtoIHQMAwj8jejDurIvImEB5OV/DRcfgme +V8IcWxhQFRblhUfNQ8g9KDqPwWCHf9Py1OSz8ywlHaHFUpim7BlqdFrw2z+Ic+/D +jzvqOkgdv5HX1/bxPQA8q531mcWQ8N8QnnC52S2FsfSPhgdGXOl71G31rKGJBB56 +W6hxomPk++9F848S5vqC7lnEjEs0HeiF8M+CKr9ol8F11LHKpJ0rd/AlDDfM8zQz +/6YZnLX9WzcQ2LKWOPIfxjnA4Yuckmn7IlfjPcM3kRadPBuNeNET+/bfq9XOOQRS +DKA+D5qZWVX5F3O9cZWCsT1J7z4QgbBVROTs2kwbbgsfjpuUTEg= +=AlW9 -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz Binary files differindex 2e79d14541e9..88a05be6bc96 100644 --- a/metadata/glsa/Manifest.files.gz +++ b/metadata/glsa/Manifest.files.gz diff --git a/metadata/glsa/glsa-201804-12.xml b/metadata/glsa/glsa-201804-12.xml new file mode 100644 index 000000000000..097160fddf87 --- /dev/null +++ b/metadata/glsa/glsa-201804-12.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201804-12"> + <title>Go: Arbitrary code execution</title> + <synopsis>A vulnerability in Go allows remote attackers to execute arbitrary + commands. + </synopsis> + <product type="ebuild">go</product> + <announced>2018-04-15</announced> + <revised count="1">2018-04-15</revised> + <bug>650014</bug> + <access>remote</access> + <affected> + <package name="dev-lang/go" auto="yes" arch="*"> + <unaffected range="ge">1.10.1</unaffected> + <vulnerable range="lt">1.10.1</vulnerable> + </package> + </affected> + <background> + <p>Go is an open source programming language that makes it easy to build + simple, reliable, and efficient software. + </p> + </background> + <description> + <p>A vulnerability in Go was discovered which does not validate the import + path of remote repositories. + </p> + </description> + <impact type="normal"> + <p>Remote attackers, by enticing a user to import from a crafted website, + could execute arbitrary commands. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Go users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/go-1.10.1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7187">CVE-2018-7187</uri> + </references> + <metadata tag="requester" timestamp="2018-04-14T16:24:01Z">b-man</metadata> + <metadata tag="submitter" timestamp="2018-04-15T23:23:53Z">b-man</metadata> +</glsa> diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index d573ad74ec83..1686faf69c07 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 13 Apr 2018 23:08:28 +0000 +Mon, 16 Apr 2018 15:08:31 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 154e4764a7e2..3c4f54fe8d44 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -61614754c5c47e19e67ecfbc5307d90c6d8b3d1f 1523477362 2018-04-11T20:09:22+00:00 +aa26a212e36fbca3a9091a00250a459fd6576eae 1523834733 2018-04-15T23:25:33+00:00 |