summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin426937 -> 427414 bytes
-rw-r--r--metadata/glsa/glsa-201807-02.xml51
-rw-r--r--metadata/glsa/glsa-201807-03.xml48
-rw-r--r--metadata/glsa/glsa-201807-04.xml50
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
7 files changed, 166 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index ea61b639badf..12934beaeb3a 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 426937 BLAKE2B fd40fb2cce7e8bb9b86f11cc0b67099c90238f284b3a458c8153c050be8f5f23899e2d0a85dee8371053bc572661a4ef4f721c0fbfb7976cc36ee7c7480ac631 SHA512 829750d5237ed3b11ae3dc9afdaacd5fe79e390dedf6730a47ac29c7f64e7bcce35e880cc0e44d263a4b9a9ed0186d2e6503cec484fcd93b4c19afde5af0ab31
-TIMESTAMP 2018-07-21T18:38:27Z
+MANIFEST Manifest.files.gz 427414 BLAKE2B 03f31e82901c67c54c9e2a393ac3d0d1d25bb342aa53f12ef4cda3b8ecae5db556d030b733bc4f3fdba54171e0a9a96a6e0e3c4ab9239061ea537618ba745ce1 SHA512 01f241123b41771420b69c122806bf7c9c1b4f6f77886ed4e9a9737364198dc0d9cc296f967c056f28a2af511a8d2680a7991527b5ca7723fbd12dcffe525a32
+TIMESTAMP 2018-08-04T07:08:39Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltTfaNfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAltlUPdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBefQ/+L9/xSV4wTVT+dMbfnOAw1fq/8IJzy8qP2qRqjV3wv/4qpgWA/1YOzQ5p
-lq5i1XkzUn8e+mJySP3deKzfjiT79vPejoy6nYDmFNCVaVND6fcxlQuJ5bNfAv+J
-w7BUtKWWtHjpXNfCQtOhuf01bKw2bauuinB8X3Oycms4rKJFISdP2YmNlnCCK7se
-OvQXj1bsvF2EU77IquxK2l3OilB/EI5GypOUlc8iBynbqozM4+el97wz8wgXRwWs
-BbwKCxB+O/t8yMgWykxuqqfcRSSAjg3XE+PY420tSlPk21tWQ7tbC0eytVQCvnsu
-kDZeuWzIrm7Bb/G6dQIck1XC+otfOufAQwoIkvjiXALvpbzONpbszzP/t75ISUf3
-vIdPPdpvFEdLKUexGHElE9Z2XZ61HYh+PhDMDAkL+PQMM2SJogaSrpHi3uSlbvET
-6TblWMprl8B0AD17hEGczi8COiGHMbAtxNUP/R1mFLhO5vj0hizJ4ssuxTze2SK9
-oZ/LEia+PZamG3nWa0A7Hq9kbR4sihpKXSggS4FTndSmxNvMOfOTjAPGBfXTHHgn
-Hg+5kIV8nlvfsrbZ2bUpr1QGOIiEUXsKIIaP2qxoQxGIxf6MyRjY9412EGhNBiAe
-jiUXtIrqC3aMHzW7MIs29Ok/cfN1KY+YSXiUFfTvTyLw5/Lh0Ro=
-=gdTN
+klDqmA/9EldPuI7gKEfkvqQ/3Ev33JZPxI9bzlXNJDvuQkpfXxlN3smXxkklQHLD
+ELay1kHbZVWjEGeOxGn4XidRBIk63s9eQxgGBfCkydMSyJF//zceHlMxUDAsSR74
+BeNPmsScuj88RFpXwiKvRH+jsUxIfpSVZiL4BgCx3loZEQC3RLsRj0fBgAX/Mjid
+q9y7x5rGNfK06vaaKEXvax0uHRA19OWaaA476R/AK6VEnB3wxXe5HE3pn4usxS1I
+RBUR5LLgSkbsimJB8XA/xhabeUnWu39CBIdWFTSjilbm1aVrnZfX+gnAe1AS7uQR
+oOVUEO8Tlmoe89KfSRQGonC1qQSl6ROv4biSN/4NSFNoH9tMIFiV/WZsraO3qc5F
+sVIP1Um+bB+l/OhVwFf1eWDgYiIj3opDKgb3E3JeBwmAR7wZ/cxRiDjq6LyutjR+
+KcWQ7yt0CENXm//I2zs17QjL0Cbr6O8nKUBD8FVPmck9VBk6Mi4jsdHk+WNOefYB
+OF51OqST9wbNjbDH9ViBED2kb9b9TTkrcb8kawSTWj03YdkqIsGJU9+FW2auvYuQ
+A1ly42q2CG0dCkhiSLhO26UaOy5EeXqOYDIVni9gz3Cn8o145XzGVaWLQv1hXJX6
+ErSxolVQb+2uukprBNLfKdeUy1vt1poQ7K/aHq88O+XidEanozs=
+=3s3j
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index a924ccd14e63..2c573718af44 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-201807-02.xml b/metadata/glsa/glsa-201807-02.xml
new file mode 100644
index 000000000000..ec691f42d00e
--- /dev/null
+++ b/metadata/glsa/glsa-201807-02.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-02">
+ <title>Passenger: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Passenger, the worst of
+ which could result in the execution of arbitrary code.
+ </synopsis>
+ <product type="ebuild">passenger</product>
+ <announced>2018-07-22</announced>
+ <revised count="1">2018-07-22</revised>
+ <bug>658346</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-apache/passenger" auto="yes" arch="*">
+ <unaffected range="ge">5.3.2</unaffected>
+ <vulnerable range="lt">5.3.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Passenger runs and manages your Ruby, Node.js, and Python apps.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Passenger. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could escalate privileges, execute arbitrary code,
+ cause a Denial of Service condition, or obtain sensitive information.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Passenger users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-apache/passenger-5.3.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12026">CVE-2018-12026</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12027">CVE-2018-12027</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12028">CVE-2018-12028</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12029">CVE-2018-12029</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-07-03T02:38:28Z">irishluck83</metadata>
+ <metadata tag="submitter" timestamp="2018-07-22T20:50:15Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201807-03.xml b/metadata/glsa/glsa-201807-03.xml
new file mode 100644
index 000000000000..f6a41e2fa62d
--- /dev/null
+++ b/metadata/glsa/glsa-201807-03.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-03">
+ <title>ZNC:Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in ZNC, the worst of which
+ could result in privilege escalation.
+ </synopsis>
+ <product type="ebuild">ZNC</product>
+ <announced>2018-07-29</announced>
+ <revised count="2">2018-07-29</revised>
+ <bug>661228</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-irc/znc" auto="yes" arch="*">
+ <unaffected range="ge">1.7.1</unaffected>
+ <vulnerable range="lt">1.7.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>ZNC is an advanced IRC bouncer.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in ZNC. Please review the
+ CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could read arbitary files and esclate privileges.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All ZNC users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-irc/znc-1.7.1"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14055">CVE-2018-14055</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14056">CVE-2018-14056</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-07-16T11:02:53Z">Zlogene</metadata>
+ <metadata tag="submitter" timestamp="2018-07-29T21:57:06Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201807-04.xml b/metadata/glsa/glsa-201807-04.xml
new file mode 100644
index 000000000000..38cedbc06c3c
--- /dev/null
+++ b/metadata/glsa/glsa-201807-04.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201807-04">
+ <title>cURL:Heap-based Buffer Overflow </title>
+ <synopsis>A heap-based buffer overflow in cURL might allow remote attackers
+ to execute arbitrary code.
+ </synopsis>
+ <product type="ebuild">curl</product>
+ <announced>2018-07-29</announced>
+ <revised count="1">2018-07-29</revised>
+ <bug>660894</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-misc/curl" auto="yes" arch="*">
+ <unaffected range="ge">7.61.0</unaffected>
+ <vulnerable range="lt">7.61.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>A command line tool and library for transferring data with URLs.</p>
+
+ </background>
+ <description>
+ <p>A heap-based buffer overflow was discovered in cURL’s
+ Curl_smtp_escape_eob() function.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>An attacker could cause a Denial of Service condition or execute
+ arbitrary code via SMTP connections.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All cURL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.61.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0500">CVE-2018-0500</uri>
+ </references>
+ <metadata tag="requester" timestamp="2018-07-21T22:56:00Z">irishluck83</metadata>
+ <metadata tag="submitter" timestamp="2018-07-29T22:11:16Z">irishluck83</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 12cc7817ec00..0254be2da60c 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 21 Jul 2018 18:38:24 +0000
+Sat, 04 Aug 2018 07:08:35 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 9cf5b169a530..39d5ceab637c 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-05c861bfc6df24f1e1d8bdfbeddfde0b268a1418 1531886373 2018-07-18T03:59:33+00:00
+bc003b9516bfd3c1d933c8cd919b86b13f8c5548 1532902339 2018-07-29T22:12:19+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 09:44:24 +0000