summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin562170 -> 562328 bytes
-rw-r--r--metadata/glsa/glsa-202401-26.xml42
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
5 files changed, 59 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 6e22334e7683..938fdf5d0e7a 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 562170 BLAKE2B 13793f99b2aeb07db808adbe0b1fe69005e597c86f14ec256c0bd329f157247d0873634aeaa1ef5172fbb27f87e570da5c2f41e37c53ebba4300745897cb3960 SHA512 33976cf0e449ecc18853b813040657dd420fdf2c05dc4aff4bdff73e28ad9894a7768a1303c77eed2804fc2648a328b169039a8cc4b94656ca92b5d36f9ce3d4
-TIMESTAMP 2024-01-22T10:10:04Z
+MANIFEST Manifest.files.gz 562328 BLAKE2B f917e7f3715dafbea4631d1e8735246d5b9887c3efe70c6ba46f3209bd4352c3858fb9f3b94eddfea989436bd50ec90a84cb7490a3686cfafe856b8100fc8b3c SHA512 d02be3afe2c6c1c06c58a6413b27e2ddfa1c0d22459c4da9eb5fbc7afe9b5335376f1397c09c4bae95745e7e93f1941a58053c3f1b7dfe65b33c41f933bb9720
+TIMESTAMP 2024-01-22T16:10:14Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWuPvxfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWuk2ZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klC6nRAAtfGxYms9A607H9a1JMzKTdXjKzt6ZrVIuY6tWlrH0FXcVHaJ7FbvGk76
-zwzFVWBeQ9b/OBPrzpIuhUsavE0/rwJ0UIapBDlcV4cGt68se100Xwiyub4cevSP
-mF4oKn/BWgCSbYv0KccpsnpUj8GDWL3qEAqLh61x6j4QZQXBRVp0am33Bi8Sp9oA
-+7pLQt67ntXtswCsSYczB3uzvzMN1PMCezd4zm3oPDJo8VKkski9/lUhM/EBU2fC
-fGimq10wp3ucazxBZYgJJ4iorf09PxhTeyWBofqyDPk7vwlROgl9/FXYsIxk8ZkU
-ERIj3q57xzvsU+cWMegbj6LE1yhU2B/YhZpOlh3q2th4CEaEnS1rVlDbBMtWIcfF
-YM6cDG4nOJbdKjy45oUc3txLX+rBxSNckoFMygys5Y3xUxPn1cO9SwE0+BDCoCpi
-fJGUL2qb0Owu5fBDhEO/h+oQikha1vWaXjYawBoWroFJ3uXbuzFPzmfHLB6tZn52
-EbdJ5wrlvAtyoeKeWvxh+V9MYhfHoHBXBl+WtVFnzCRfa970f9WFACJhja14u9mU
-O8pxklUr+uhk6yeIZyJLXsTYg2YeylHyYgX2bAHy6VkIxNIlsUyZ/MJRR5f4aqd9
-i9ytoLf7ocjjlQy5FK6VvapBfHKGn0jMUQ6VfswCghaLiOHp++s=
-=EQ4b
+klCcgA/+KHqxTQPyOBKMeVrm+M6R6NGs8zuAEbNUEbmH43HkHTBIyGQtUOBXnUTP
+6JtutdlJ91Vi5y+7/EGKpN+H56au8ELCkhqnusvoRpK22nsWUqWHb7Zu6WkomeoS
+N2MM7K2QQRpF+WH/oF87XHmu6PjjJ+t1RxJALM1TG4HTnT2Qu54ZcZYgc1XM43ZZ
+BTsap0RVg3+tKUzKvYZoR+1ZCdZaL2zWs6L+vFvGzs5dbF4xOt3WWxcxVyiH76Z/
+p1bJvuXfubpOYuy097wTEBNofxypIsGpZ4ci0EZILEVkDRNY+llaUSa8/nDDq3uC
+7ko6L4v5ZN/nvbEhR7RGokhhquCv5uPWXRqtKjg/cmLo4KG3b0Hh4gl3lCv1tOZu
+tZWhrdQtegtQGhXqSzUGlFhhu8g9Q+xYsfL/rqxoOk0ieJa57TNHqginoTsGGe7w
+2Zk+f8z/k5K5k35lpq1/Yajbz3n4lQceHzf9sIus0FSPOq0yhq8RUO81Sz3w5DEK
+TuvteJ+0kRHnLqp/6Js131J/FIHOa+5w6J5aGh18JZPjf9JsXvw2lX9CW9eYAXRk
+NgjkD0YEbdxXTb6Y8KPdBlVigFRieq/SIe/Bw1bfyjo/ui/WlWEB+ZeFNGUjYRnd
+Eg2i0/C18MYUGbxIhBwUW/Q5V5S6JFHvJPDpyPyYp496w5BdTKk=
+=/Ypv
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index d4fa5e4d7562..89879b805fe9 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202401-26.xml b/metadata/glsa/glsa-202401-26.xml
new file mode 100644
index 000000000000..56b9740e67e9
--- /dev/null
+++ b/metadata/glsa/glsa-202401-26.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-26">
+ <title>Apache XML-RPC: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Apache XML-RPC, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">xmlrpc</product>
+ <announced>2024-01-22</announced>
+ <revised count="1">2024-01-22</revised>
+ <bug>713098</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-java/xmlrpc" auto="yes" arch="*">
+ <vulnerable range="le">3.1.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Apache XML-RPC (previously known as Helma XML-RPC) is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Apache XML-RPC. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>Gentoo has discontinued support for Apache XML-RPC. We recommend that users unmerge it:</p>
+
+ <code>
+ # emerge --ask --depclean "dev-java/xmlrpc"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5002">CVE-2016-5002</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-5003">CVE-2016-5003</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17570">CVE-2019-17570</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-01-22T14:37:11.898800Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2024-01-22T14:37:11.903161Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 40aa1e17f608..3b0ffe0079da 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 22 Jan 2024 10:10:00 +0000
+Mon, 22 Jan 2024 16:10:11 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 8731fa61a717..edc30d72137e 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-192b729d81f588010b67c1e39e06aa02c513b126 1705499128 2024-01-17T13:45:28+00:00
+6ee7e022f8f6a1893b71cb4e09707f9eb56fa40b 1705934279 2024-01-22T14:37:59+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 14:15:32 +0000