summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin534504 -> 534819 bytes
-rw-r--r--metadata/glsa/glsa-202210-34.xml76
-rw-r--r--metadata/glsa/glsa-202210-35.xml61
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
6 files changed, 154 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 05fac352df90..3468dca39d38 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 534504 BLAKE2B eed9bb7a29c892a3259ca2d48b64837705fe26fbd6577bad1d3cace4232a5888ce8266ed96a03aca90d23a4478a9d0f75d6461dc800cc7f82db148acbd695a6b SHA512 b0d2b680e5aca400045ea32f4ddd621ed5cc3f567357e871ab24f936146e91eb30e012ec665ed48cd6e462046ffd067c2342356ac5be65f78cc6607739b27bb0
-TIMESTAMP 2022-10-31T14:09:43Z
+MANIFEST Manifest.files.gz 534819 BLAKE2B d1b75b8595407c89720bffe60de9ef926b1b2fa554d41f72384a1ef574e8143c7b19376a3a952ce0891748b7e20ae130a308a1d484c5608ff67945bce9aced54 SHA512 8fa7a0539dd3497dd7b1179e79b7856ac1a8e5187769d1e550a5b52ec09f9738f6c5c6939fee08ddc950dc6d06c0e39438349fd56e7d1579e8b40ebbdc3f0f26
+TIMESTAMP 2022-10-31T20:09:41Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNf1ydfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNgK4VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCf6A//YaI8av4JHY+BNevy1YUxAgHdsfOnDxc9wIDiejyCzY4m+Zcm0rxweO9s
-sbUYb4KL1L5HrA077kYTvZnYb9M3mBqVTqAhUb4PLpDRp2JIYUqlVqyzJOZ1UsMF
-X/r1E2jOg9V2QVIwc4jrg28U/cf4GEmvvjMHN81NJeSNYGQbSLSLHwVQfr14Lrkq
-+jYhV2ToVRnBgQ0riR4SzYBfU+hnnbvy98SCQPbUCr2VAOvniXuXNlJF6TOi6x1h
-2+9TBwPSqrCLjVCJ2YID6O2ViFPKlmvH/qHW95fIsyvI7482C2tjS2pMgMbQgsh2
-6AKBd/Rk/C4eFPN7BWbXzaRLZNbMUsMikLty8WGywaJNOfh4y5bzJrZt9WyNaig7
-UDcoAWn5dopdIFHakdltsRp51zJazTyjfe/bSAByQvqemq8k1Y17e5MQDHDsNlNW
-33npwqZW49N0wB2CKghCuezWZIsqGWwsDYEW8FgGL99vZmVY4Dg3MQBQafScslEk
-MecvIhdD8zo0BMDLF8o0hkRcsId7fcypBfcS2zopwmpzoS+q1llX7lpfOjzmHjhd
-moC4Z+V1BVdiQOYVCTLXVRN0Q0z24q95Cn6ABdv26uYCtypc/ebfwVRPPL3MvhRF
-jKnR31KsklAP5ZP2oIQp0cscTD02/cFCMIl5cWqQciQapR9av88=
-=6uSb
+klD4IBAAjTq9SIDEgJXwRFYJyv8ml6Ww45gXq39gLz0ZsFNTAkFmqDnAt//URujz
+ONSK4M6yY1WZc+WcmLWHs5qSHBG/ed6l10AAvxV02+GlpC4QpfedZeQUjm8e2pfL
+5IWzPDzp+IzhVwDPheUmT5VS0AqGpx+stWLj7P2hkK7N5lExDtcN2BV73cV8IOVz
+DXfop0Psbp25/hmpoawqG6jOYX8fexEa0BHufRKCdQmtroPW3hWhzssl6ZM9hesJ
+Vtqr7gqtXIe0/jRKZqCGnuBgLx6+Exa0JeD2nRdUWSNpR/3a6rpMI8P23p0Lt6Vs
+8VKmPwnmg1iROnvMEQZcyVMoqjde1UTSDTzVTZ8AvbKf9FcqUqoBGMbvriXfKdl9
+3SiO7eaaTHla7EwyIGQc7C/RyvAY+E1wzrPrX3QRHDVDLfihdF6hojfDWlCVI4LQ
+7mLySE/vNcKpae071WcW9t3cT4rqAsnl3WzCdRRc826bmzaQEoVMUFIG3bic2+OJ
+5/3p4V55yoW6IkbPgmI8x5VBaTVljhQzNEGnvJyr12jKSMhOCquL2SRPhT4N2tkz
+koFIrS1djAFPCzq8pQgJr292fbjdaLoC/ATsFaA/2tOKEayZ1nCxxL2UMwc0aLs8
+xp7Q/wec31w/56bVn/WuwAx0RNfYxrkev7rAGLg0d1zNQhkK0Q0=
+=ra8K
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 393a04f741eb..8e591d03ea6d 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202210-34.xml b/metadata/glsa/glsa-202210-34.xml
new file mode 100644
index 000000000000..06c691d6f8c9
--- /dev/null
+++ b/metadata/glsa/glsa-202210-34.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-34">
+ <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">firefox,firefox-bin</product>
+ <announced>2022-10-31</announced>
+ <revised count="1">2022-10-31</revised>
+ <bug>877773</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge" slot="rapid">106.0</unaffected>
+ <unaffected range="ge" slot="esr">102.4.0</unaffected>
+ <vulnerable range="lt" slot="rapid">106.0</vulnerable>
+ <vulnerable range="lt" slot="esr">102.4.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="rapid">106.0</unaffected>
+ <unaffected range="ge" slot="esr">102.4.0</unaffected>
+ <vulnerable range="lt" slot="rapid">106.0</vulnerable>
+ <vulnerable range="lt" slot="esr">102.4.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-102.4.0"
+ </code>
+
+ <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.4.0"
+ </code>
+
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-106.0"
+ </code>
+
+ <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-106.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42927">CVE-2022-42927</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42928">CVE-2022-42928</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42929">CVE-2022-42929</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42930">CVE-2022-42930</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42931">CVE-2022-42931</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42932">CVE-2022-42932</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-31T19:59:56.977107Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-31T19:59:56.986876Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-35.xml b/metadata/glsa/glsa-202210-35.xml
new file mode 100644
index 000000000000..386fe8be2916
--- /dev/null
+++ b/metadata/glsa/glsa-202210-35.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-35">
+ <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">thunderbird,thunderbird-bin</product>
+ <announced>2022-10-31</announced>
+ <revised count="1">2022-10-31</revised>
+ <bug>873667</bug>
+ <bug>878315</bug>
+ <access>remote</access>
+ <affected>
+ <package name="mail-client/thunderbird" auto="yes" arch="*">
+ <unaffected range="ge">102.4.0</unaffected>
+ <vulnerable range="lt">102.4.0</vulnerable>
+ </package>
+ <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+ <unaffected range="ge">102.4.0</unaffected>
+ <vulnerable range="lt">102.4.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.4.0"
+ </code>
+
+ <p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.4.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39236">CVE-2022-39236</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39249">CVE-2022-39249</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39250">CVE-2022-39250</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39251">CVE-2022-39251</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42927">CVE-2022-42927</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42928">CVE-2022-42928</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42929">CVE-2022-42929</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42932">CVE-2022-42932</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-31T20:00:20.605903Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-31T20:00:20.611766Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 970a2781a2a0..334485abf617 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 31 Oct 2022 14:09:40 +0000
+Mon, 31 Oct 2022 20:09:38 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 990214d62d77..7d73b3116d6b 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-5144637cf49194493c452aae3f7a7b07bf677d9b 1667180477 2022-10-31T01:41:17+00:00
+794e005ddee1af19fec133f96c714f4b8786a377 1667246504 2022-10-31T20:01:44+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-03 10:35:44 +0000