summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin416439 -> 417232 bytes
-rw-r--r--metadata/glsa/glsa-201802-02.xml100
-rw-r--r--metadata/glsa/glsa-201802-03.xml157
-rw-r--r--metadata/glsa/glsa-201802-04.xml102
-rw-r--r--metadata/glsa/glsa-201802-05.xml50
-rw-r--r--metadata/glsa/glsa-201802-06.xml65
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
9 files changed, 491 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 01b55274e167..3edbfadb3a3d 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 416439 BLAKE2B 9451ad1983863ef867238ceaf1d2a0af002edf5e1ee38ab229eea18dec7f38c31751e2367ad2398ad5cb5d9206fec16a27ff1b7fb6ff757ea2f3b3fbb7fa275b SHA512 aa029ea036d1044bc9b418b6deb17521309312a35b209441023548e1b4be034c00928f553cefbe006eecd6d99256dc219c640bc0b04b4c49e0a78c63944b4a4b
-TIMESTAMP 2018-02-17T19:08:31Z
+MANIFEST Manifest.files.gz 417232 BLAKE2B 7256b86def71c225a3d9dc487b8217c32b8e0d58d1b9f3a1083e97e2c6b17e54c18da8cf9a71ada0833db640196a3e7d3555def34aec158a2e0c71d1765833a9 SHA512 db3950573646f27d9773367cf555ac709438501ff12e19a7fc8e548310965fa7df325bfa82b64a05710a8bd90473ce9b15232aa53f547d2525ad7fd1cbc4f804
+TIMESTAMP 2018-02-24T19:08:19Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqIfa9fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqRuCNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCr+g//aASpUg0FtXKaK1k/+DRGcRvn6m2JLRwu2nLkkWNN3mXtmvfWK/F4uO2/
-ndmOs8mj4B51JFEDe89wL4xo5SOxCPhZfJkMgB6Fgs/X3SFcRTZEFKH6pOlBK52b
-t+c4IwpcHnswytqzwqy+UuXIefUglrbnoxHD9X+3kw/f30p9xcazNp/7Fdq6aNhj
-AcD6lJkFeRO+jvt3pPrsTdGZecCwpiu5j/mTSWonFAHx5wFgO3WA0M3DogkYzzEl
-/sOBin0/GLJB5Ms+RTC15k31Gjb6ZoBmxfII6gyWjoGB5BMboRaAIH4qeiptw9mY
-dYSL8+RvnLuF2v+w3KJe/QSwhARCq4uvlV2LmbNc4JBLNmKbwXcfayPWwoUMAbKJ
-E/u5O+NnBLRFOI1reIQHtsyVMNHQ0vsZHKF76zbH43d5Lr565fPwOlJ5mtEdEzlD
-GJ2quVBcRmMwnherZu+mqp7TR5BvFsz9CxqcalYAgsEr81tg9S4rZ31X16NL+v2i
-GFyh3S0r+qncTFLmjs7/CA9XNZyhB/4X3y7GWIiY5lJ7YO6uNe11HnqovyMoUpV8
-Y+sqggczsIbzEA/4jSUiL8w6H1PIdAIehOhYukhIbq0oYLNZz0Mv4ey+dHNvlepO
-xSVI0R3IaDAsvtoWAbWzk4cpjXKRBSToq61bfe3h+CV5MXB/guU=
-=NPeb
+klAyYg/8DhMm9VjC8Ufzb9JwhVHi42WCCQBGdVhjue9gsFRZpQrj1VogmXWv149I
+BHauaB8FQk0YHIPBW4OvcCcj3ORRKztt1cK1nLJayuR1obRNxfSzADJhF/SbAgCG
+U2ZkexO/32NMMWmNGhDweRZ1dplej8qMLUTUiNi/VrGVYoM4+KbeElswVk6mOPYy
+ynfjDaC/3B6KwoPEp5hSnJl7r6EwRI0Z6zPnWWwonvuNeeFpapUpr/3zcmw78MEU
+BBMnyj6Fze9f7TmtDJT+UBvgGPLtTN91jeStvQpMDdXzuqYMrS5L+3zs6omp7uGS
+VbP4C3Nf5Fec8CSf+kv+2degBhifkXM369Q0cPjBiBbSTyBYdO6MZL07fjAuuKoa
+CJpVEW8RJWs9OGtrZu9VAGUr6+nwdq1sJIiWgd9FJSl3q2wWzlpTl5xG74TG40cM
+UqJFCZPsdJ2IXfdr1ydmmIae1YD4U1G7BFBHeGj8qTMCOR8DjeALZrB2d/AnZcGF
+Zy426JTwQ4ApwrHLegL2pXAwSXgpuv8N86BI16OrY+w6nE4jn+PqPKnH7/JBseZe
+kh/kfkYMNDd0Ko85BylC0p1R98iKu3IGrpUTJyXFJFezys55Q4M1mAUPU3mwhh5m
+YTRkowJAX3sfpBDFutAZwMwuyI3QBwWDU2mmtteOQU+dzCWtoCw=
+=MOVs
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 4bb9feddeaa4..0213826b77cc 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-201802-02.xml b/metadata/glsa/glsa-201802-02.xml
new file mode 100644
index 000000000000..98d421432384
--- /dev/null
+++ b/metadata/glsa/glsa-201802-02.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-02">
+ <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+ Chrome, the worst of which could result in the execution of arbitrary code.
+ </synopsis>
+ <product type="ebuild">chromium, google-chrome</product>
+ <announced>2018-02-19</announced>
+ <revised count="1">2018-02-19</revised>
+ <bug>647124</bug>
+ <bug>647636</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/chromium" auto="yes" arch="*">
+ <unaffected range="ge">64.0.3282.167</unaffected>
+ <vulnerable range="lt">64.0.3282.167</vulnerable>
+ </package>
+ <package name="www-client/google-chrome" auto="yes" arch="*">
+ <unaffected range="ge">64.0.3282.167</unaffected>
+ <vulnerable range="lt">64.0.3282.167</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Chromium is an open-source browser project that aims to build a safer,
+ faster, and more stable way for all users to experience the web.
+ </p>
+
+ <p>Google Chrome is one fast, simple, and secure browser for all your
+ devices.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Chromium and Google
+ Chrome. Please review the referenced CVE identifiers and Google Chrome
+ Releases for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could possibly execute arbitrary code with the
+ privileges of the process, cause a Denial of Service condition, bypass
+ content security controls, or conduct URL spoofing.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Chromium users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/chromium-64.0.3282.167"
+ </code>
+
+ <p>All Google Chrome users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/google-chrome-64.0.3282.167"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6031">CVE-2018-6031</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6032">CVE-2018-6032</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6033">CVE-2018-6033</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6034">CVE-2018-6034</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6035">CVE-2018-6035</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6036">CVE-2018-6036</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6037">CVE-2018-6037</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6038">CVE-2018-6038</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6039">CVE-2018-6039</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6040">CVE-2018-6040</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6041">CVE-2018-6041</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6042">CVE-2018-6042</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6043">CVE-2018-6043</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6045">CVE-2018-6045</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6046">CVE-2018-6046</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6047">CVE-2018-6047</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6048">CVE-2018-6048</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6049">CVE-2018-6049</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6050">CVE-2018-6050</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6051">CVE-2018-6051</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6052">CVE-2018-6052</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6053">CVE-2018-6053</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6054">CVE-2018-6054</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6056">CVE-2018-6056</uri>
+ <uri link="https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html">
+ Google Chrome Release 20180124
+ </uri>
+ <uri link="https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html">
+ Google Chrome Release 20180213
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-02-14T18:06:05Z">chrisadr</metadata>
+ <metadata tag="submitter" timestamp="2018-02-19T22:51:59Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-03.xml b/metadata/glsa/glsa-201802-03.xml
new file mode 100644
index 000000000000..210da4527cac
--- /dev/null
+++ b/metadata/glsa/glsa-201802-03.xml
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-03">
+ <title>Mozilla Firefox: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+ worst of which may allow execution of arbitrary code.
+ </synopsis>
+ <product type="ebuild">firefox</product>
+ <announced>2018-02-20</announced>
+ <revised count="1">2018-02-20</revised>
+ <bug>616030</bug>
+ <bug>621722</bug>
+ <bug>632400</bug>
+ <bug>639854</bug>
+ <bug>645510</bug>
+ <bug>648198</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge">52.6.0</unaffected>
+ <vulnerable range="lt">52.6.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge">52.6.0</unaffected>
+ <vulnerable range="lt">52.6.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+ Project.
+ </p>
+
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+ review the referenced CVE identifiers for details.
+ </p>
+
+ </description>
+ <impact type="high">
+ <p>A remote attacker could entice a user to view a specially crafted web
+ page, possibly resulting in the execution of arbitrary code with the
+ privileges of the process or a Denial of Service condition. Furthermore,
+ a remote attacker may be able to perform Man-in-the-Middle attacks,
+ obtain sensitive information, spoof the address bar, conduct clickjacking
+ attacks, bypass security restrictions and protection mechanisms, or have
+ other unspecified impact.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-52.6.0"
+ </code>
+
+ <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-52.6.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10195">CVE-2016-10195</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10196">CVE-2016-10196</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10197">CVE-2016-10197</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-6354">CVE-2016-6354</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5429">CVE-2017-5429</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5432">CVE-2017-5432</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5433">CVE-2017-5433</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5434">CVE-2017-5434</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5435">CVE-2017-5435</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5436">CVE-2017-5436</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5437">CVE-2017-5437</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5438">CVE-2017-5438</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5439">CVE-2017-5439</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5440">CVE-2017-5440</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5441">CVE-2017-5441</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5442">CVE-2017-5442</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5443">CVE-2017-5443</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5444">CVE-2017-5444</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5445">CVE-2017-5445</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5446">CVE-2017-5446</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5447">CVE-2017-5447</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5448">CVE-2017-5448</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5459">CVE-2017-5459</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5460">CVE-2017-5460</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5461">CVE-2017-5461</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5462">CVE-2017-5462</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5464">CVE-2017-5464</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5465">CVE-2017-5465</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5469">CVE-2017-5469</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5470">CVE-2017-5470</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5472">CVE-2017-5472</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7749">CVE-2017-7749</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7750">CVE-2017-7750</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7751">CVE-2017-7751</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7752">CVE-2017-7752</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7753">CVE-2017-7753</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7754">CVE-2017-7754</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7756">CVE-2017-7756</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7757">CVE-2017-7757</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7758">CVE-2017-7758</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7764">CVE-2017-7764</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7771">CVE-2017-7771</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7772">CVE-2017-7772</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7773">CVE-2017-7773</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7774">CVE-2017-7774</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7775">CVE-2017-7775</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7776">CVE-2017-7776</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7777">CVE-2017-7777</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7778">CVE-2017-7778</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7779">CVE-2017-7779</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7784">CVE-2017-7784</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7785">CVE-2017-7785</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7786">CVE-2017-7786</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7787">CVE-2017-7787</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7791">CVE-2017-7791</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7792">CVE-2017-7792</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7793">CVE-2017-7793</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7798">CVE-2017-7798</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7800">CVE-2017-7800</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7801">CVE-2017-7801</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7802">CVE-2017-7802</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7803">CVE-2017-7803</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7805">CVE-2017-7805</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7807">CVE-2017-7807</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7809">CVE-2017-7809</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7810">CVE-2017-7810</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7814">CVE-2017-7814</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7818">CVE-2017-7818</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7819">CVE-2017-7819</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7823">CVE-2017-7823</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7824">CVE-2017-7824</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7843">CVE-2017-7843</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-7844">CVE-2017-7844</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5089">CVE-2018-5089</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5091">CVE-2018-5091</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5095">CVE-2018-5095</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5096">CVE-2018-5096</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5097">CVE-2018-5097</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5098">CVE-2018-5098</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5099">CVE-2018-5099</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5102">CVE-2018-5102</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5103">CVE-2018-5103</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5104">CVE-2018-5104</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5117">CVE-2018-5117</uri>
+ </references>
+ <metadata tag="requester" timestamp="2017-09-17T20:53:31Z">chrisadr</metadata>
+ <metadata tag="submitter" timestamp="2018-02-20T00:45:47Z">chrisadr</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-04.xml b/metadata/glsa/glsa-201802-04.xml
new file mode 100644
index 000000000000..b4ff1a8057ca
--- /dev/null
+++ b/metadata/glsa/glsa-201802-04.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-04">
+ <title>MySQL: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities were found in MySQL, the worst of which
+ may allow remote execution of arbitrary code.
+ </synopsis>
+ <product type="ebuild">mysql</product>
+ <announced>2018-02-20</announced>
+ <revised count="1">2018-02-20</revised>
+ <bug>616486</bug>
+ <bug>625626</bug>
+ <bug>634652</bug>
+ <bug>644986</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="dev-db/mysql" auto="yes" arch="*">
+ <unaffected range="ge">5.6.39</unaffected>
+ <vulnerable range="lt">5.6.39</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>A fast, multi-threaded, multi-user SQL database server.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in MySQL. Please review
+ the referenced CVE identifiers for details.
+ </p>
+ </description>
+ <impact type="high">
+ <p>A remote attacker could execute arbitrary code without authentication or
+ cause a partial denial of service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There are no known workarounds at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All MySQL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-db/mysql-5.6.39"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10155">CVE-2017-10155</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10227">CVE-2017-10227</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10268">CVE-2017-10268</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10276">CVE-2017-10276</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10283">CVE-2017-10283</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10286">CVE-2017-10286</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10294">CVE-2017-10294</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10314">CVE-2017-10314</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10378">CVE-2017-10378</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10379">CVE-2017-10379</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-10384">CVE-2017-10384</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3308">CVE-2017-3308</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3309">CVE-2017-3309</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3329">CVE-2017-3329</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3450">CVE-2017-3450</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3452">CVE-2017-3452</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3453">CVE-2017-3453</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3456">CVE-2017-3456</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3461">CVE-2017-3461</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3462">CVE-2017-3462</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3463">CVE-2017-3463</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3464">CVE-2017-3464</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3599">CVE-2017-3599</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3600">CVE-2017-3600</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3633">CVE-2017-3633</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3634">CVE-2017-3634</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3635">CVE-2017-3635</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3636">CVE-2017-3636</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3637">CVE-2017-3637</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3641">CVE-2017-3641</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3647">CVE-2017-3647</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3648">CVE-2017-3648</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3649">CVE-2017-3649</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3651">CVE-2017-3651</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3652">CVE-2017-3652</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3653">CVE-2017-3653</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3732">CVE-2017-3732</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2562">CVE-2018-2562</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2573">CVE-2018-2573</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2583">CVE-2018-2583</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2590">CVE-2018-2590</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2591">CVE-2018-2591</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2612">CVE-2018-2612</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2622">CVE-2018-2622</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2640">CVE-2018-2640</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2645">CVE-2018-2645</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2647">CVE-2018-2647</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2665">CVE-2018-2665</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2668">CVE-2018-2668</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2696">CVE-2018-2696</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-2703">CVE-2018-2703</uri>
+ </references>
+ <metadata tag="requester" timestamp="2017-10-18T02:30:08Z">jmbailey</metadata>
+ <metadata tag="submitter" timestamp="2018-02-20T00:45:52Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-05.xml b/metadata/glsa/glsa-201802-05.xml
new file mode 100644
index 000000000000..c4bb063a7a66
--- /dev/null
+++ b/metadata/glsa/glsa-201802-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-05">
+ <title>Ruby: Command injection</title>
+ <synopsis>A vulnerability has been found in Ruby which may allow for
+ arbitrary command execution.
+ </synopsis>
+ <product type="ebuild">ruby</product>
+ <announced>2018-02-20</announced>
+ <revised count="1">2018-02-20</revised>
+ <bug>641090</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-lang/ruby" auto="yes" arch="*">
+ <unaffected range="ge" slot="2.2">2.2.9</unaffected>
+ <vulnerable range="lt" slot="2.2">2.2.9</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Ruby is an interpreted object-oriented programming language. The
+ elaborate standard library includes an HTTP server (“WEBRick”) and a
+ class for XML parsing (“REXML”).
+ </p>
+ </background>
+ <description>
+ <p>A command injection flaw was discovered in Net::FTP which impacts Ruby.</p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker, by enticing a user to download and open a crafted
+ file from a malicious FTP server, could execute arbitrary commands with
+ the privileges of the process.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Ruby users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-lang/ruby-2.2.9:2.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17405">CVE-2017-17405</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-01-29T21:08:51Z">b-man</metadata>
+ <metadata tag="submitter" timestamp="2018-02-20T00:47:06Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201802-06.xml b/metadata/glsa/glsa-201802-06.xml
new file mode 100644
index 000000000000..6fac07cb5001
--- /dev/null
+++ b/metadata/glsa/glsa-201802-06.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201802-06">
+ <title>LibreOffice: Information disclosure</title>
+ <synopsis>A vulnerability in LibreOffice might allow remote attackers to read
+ arbitrary files.
+ </synopsis>
+ <product type="ebuild">libreoffice</product>
+ <announced>2018-02-20</announced>
+ <revised count="1">2018-02-20</revised>
+ <bug>647186</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-office/libreoffice" auto="yes" arch="*">
+ <unaffected range="ge">5.4.5.1</unaffected>
+ <vulnerable range="lt">5.4.5.1</vulnerable>
+ </package>
+ <package name="app-office/libreoffice-bin" auto="yes" arch="*">
+ <unaffected range="ge">5.4.5.1</unaffected>
+ <vulnerable range="lt">5.4.5.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>LibreOffice is a powerful office suite; its clean interface and powerful
+ tools let you unleash your creativity and grow your productivity.
+ </p>
+ </background>
+ <description>
+ <p>It was discovered that missing restrictions in the implementation of the
+ WEBSERVICE function in LibreOffice could result in the disclosure of
+ arbitrary files.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could entice a user to open a specially crafted
+ document using LibreOffice, possibly resulting in the disclosure of
+ arbitrary files readable by the victim.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All LibreOffice users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-5.4.5.1"
+ </code>
+
+ <p>All LibreOffice binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=app-office/libreoffice-bin-5.4.5.1"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6871">CVE-2018-6871</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-02-20T00:31:59Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2018-02-20T00:47:14Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index b9761b376e5e..8e922ecb8237 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 17 Feb 2018 19:08:28 +0000
+Sat, 24 Feb 2018 19:08:15 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 7a2b7b5b3ad6..d1f392f9d339 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-64ce437d0a7b7134c3694879d7b9648fad09b8b3 1518388633 2018-02-11T22:37:13+00:00
+833e0ea6039b5542c98c5bf95bfb7c09615ed1b8 1519087823 2018-02-20T00:50:23+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 04:52:13 +0000