summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin448529 -> 448845 bytes
-rw-r--r--metadata/glsa/glsa-201909-07.xml64
-rw-r--r--metadata/glsa/glsa-201909-08.xml49
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
6 files changed, 130 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index eba6cee644e5..08d0105c8a0a 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 448529 BLAKE2B 70fc5fdf3704f2b7ec0033da58e9dba173720d87011ed4a8c13796a79ab719c338f43528d1a392475f724b87e95f6e187b39a6f6e92d64f4882d0f0004bffa24 SHA512 53832aafadeff79f44632a74dc19ba49106055cc3a8017511025ef2e4ca2499a5d5154766e4957167240e37b7e0bfd956e305d79053c82988ad80b673f006f8c
-TIMESTAMP 2019-09-07T23:09:08Z
+MANIFEST Manifest.files.gz 448845 BLAKE2B 24feded351e2c02762000f35c6c58ac935b2383bf6acdd7450f974e16e15fe0935d3f657233d5cd4ab87639ad5f410b8ea36fd5c019b93bfbfc47983ef01dbdc SHA512 569d13495f7e4953afefd29435d7953d3afa1815ae86459c1f4f84726efaaedc5598835f415738d792d2d1060be50cf8ad9140b7fcf124dd7f9ea681a55957ab
+TIMESTAMP 2019-09-13T16:08:55Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl10OJRfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl17vxdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCN8A//SkpChS4L4qFkiOHwjHf4wtUIa7szn1dux34X7fyb3W/5uXdyyRqCarK9
-X9Y8yqKkKUWBTRP195IsRMn76nJD0AwX2v5sKvOEsJJjCMD3Ka8uxKJqb1V23JXM
-LXn0/cqFJHQCfVnZvNLQUCOg5TJEtKZQJVEojFwpicB8usWdGrvk0tuxi81bLbOB
-+1ekRMfKy3Ik2sdMWKrowEoeoicOcbYTi7yGT+z8YceVIku+pDeq0Tbj8jvfOYdf
-sdo5pPJeqYFk788zYELBpUGAfM1RkMTv3uuTdQ6bIjNnjb0cp2TP62oSoEYWOWDg
-qh2Ts+j7As00AGtxjq6zv2jQj03rugy3aiz9FvEhR7aLh+acYgD66Lale9QXnHa+
-SLiA22EOXIuACTnFZr0E/IdZGU/KG3QFr2EKCmsupUVxiUINM/Ypz73bmbi6lEIW
-7/ziqcDqYBMmxTcZg5x3gyqrOU/Na/nXEJZ3dLyA7zCtkgts+W4+oh2Iwm9Vcajn
-FTHp0D0ep4hAv505JGUEKPv8tBsU4tmcdjbcpKBXaAF10OU4bkEJd3hzvcNTqrim
-0V1YIj482yNYDWuQEOrru5yBRXrZj9nr+yAkW/sqGvH5zCSAeuMxOKTvzHlO1p1p
-tEizdnKAB6hB3tFjgiF/JMZkDxx3+pMYoTnu57m0KQUjlcVTboo=
-=V6QD
+klBbNQ//a8McyvJlHI0q6HuRWu/GStp7gF6V9y8z1NvzSUNmvghVq/G1DYwohDsV
+nzYtwREuQsASAOwJ16Vuw2OJZiIQeXv7P6O1XVDSEszPZkou6bndmtPQF7wuW4bI
+43qXor8MwqLyq9i1rBmQmwqAhNX+nX+U+u82Lgs0GCdTt9rWG/MUXurha00VYvz6
+A4RJ7EqABPqL+SblgDRp8fjzohuj/GpkDLHJ8tXPdaLASp9IQfC9Uafz+qsDDgJX
+nWi1Cvd4b10SNTvURCl99RwXt6wxXfN6aFe4NI97gWdb3HOW/tqE2pH33q+1iPPI
+OBmzSg0BQ0L6LRKNqkssmpVYF0S7vVJzR+Kp6sKat/ZC2a3jUvRxacTDDeVcLILm
+kW6/Md/C/mIFpOBOoxsOOQ7ZMx8PW+Isi5oQV7DxUidzdtH51fb1dZUw1QjZjJyO
+M38kdgzWhDvq8JHFQvxY5FHREJxMiP4upobAAG6Sq4vUrRRLXepo9X22VwugW+YY
+E9XhGviSfr+9wxzgRNcGgbybwB816t47mWo25VB46A3eCR7AXkbs/XDVe1JdEDyZ
+BUFcWne0Jyc8VsztbxgDssrNZM6ALCoJuVTjp7AbNZ5rRpcJp2e8i9SoU65k6d8o
+sWMiC+UcTg8zN5QstuEMwap5pnZfeO8YApI9I3+ZM3QxeFJLXqk=
+=41fD
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 81138f54ea78..e80a943da59d 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-201909-07.xml b/metadata/glsa/glsa-201909-07.xml
new file mode 100644
index 000000000000..a91111969542
--- /dev/null
+++ b/metadata/glsa/glsa-201909-07.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-07">
+ <title>Simple DirectMedia Layer: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Simple DirectMedia
+ Layer, the worst of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">libsdl2</product>
+ <announced>2019-09-08</announced>
+ <revised count="1">2019-09-08</revised>
+ <bug>690064</bug>
+ <bug>692392</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/libsdl2" auto="yes" arch="*">
+ <unaffected range="ge">2.0.10</unaffected>
+ <vulnerable range="lt">2.0.10</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Simple DirectMedia Layer is a cross-platform development library
+ designed to provide low level access to audio, keyboard, mouse, joystick,
+ and graphics hardware via OpenGL and Direct3D.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Simple DirectMedia
+ Layer. Please review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could entice a user to process a specially crafted
+ audio or video, possibly resulting in execution of arbitrary code with
+ the privileges of the process or a Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Simple DirectMedia Layer users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=media-libs/libsdl2-2.0.10"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13626">CVE-2019-13626</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7572">CVE-2019-7572</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7573">CVE-2019-7573</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7574">CVE-2019-7574</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7575">CVE-2019-7575</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7576">CVE-2019-7576</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7577">CVE-2019-7577</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7578">CVE-2019-7578</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7635">CVE-2019-7635</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7636">CVE-2019-7636</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7638">CVE-2019-7638</uri>
+ </references>
+ <metadata tag="requester" timestamp="2019-09-07T00:08:23Z">b-man</metadata>
+ <metadata tag="submitter" timestamp="2019-09-08T17:40:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-08.xml b/metadata/glsa/glsa-201909-08.xml
new file mode 100644
index 000000000000..7f2b35906305
--- /dev/null
+++ b/metadata/glsa/glsa-201909-08.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-08">
+ <title>D-Bus: Authentication bypass</title>
+ <synopsis>An authentication bypass was discovered in D-Bus.</synopsis>
+ <product type="ebuild">dbus</product>
+ <announced>2019-09-08</announced>
+ <revised count="1">2019-09-08</revised>
+ <bug>687900</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-apps/dbus" auto="yes" arch="*">
+ <unaffected range="ge">1.12.16</unaffected>
+ <vulnerable range="lt">1.12.16</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>D-Bus is a message bus system which processes can use to talk to each
+ other.
+ </p>
+ </background>
+ <description>
+ <p>It was discovered that a local attacker could manipulate symbolic links
+ in their own home directory to bypass authentication and connect to a
+ DBusServer with elevated privileges.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A local attacker can bypass authentication mechanisms and elevate
+ privileges.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All D-Bus users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.12.16"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12749">CVE-2019-12749</uri>
+ </references>
+ <metadata tag="requester" timestamp="2019-09-07T17:12:55Z">b-man</metadata>
+ <metadata tag="submitter" timestamp="2019-09-08T17:40:45Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 36c3392d5556..4897696602c8 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 07 Sep 2019 23:09:04 +0000
+Fri, 13 Sep 2019 16:08:52 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 82f2e1957979..933a7041a478 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-68b71b2cbc79a9ef9e8701eb09586b9f2f9eb7b2 1567815781 2019-09-07T00:23:01+00:00
+0d8b041795d355b2f8da9b84725a62150a91dc13 1567964538 2019-09-08T17:42:18+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 04:36:32 +0000