From 14866757225815b9374acfc8453518951e0f910d Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Thu, 8 Aug 2024 12:38:45 +0100
Subject: gentoo auto-resync : 08:08:2024 - 12:38:45

---
 metadata/glsa/Manifest           |  30 ++++++++++++-------------
 metadata/glsa/Manifest.files.gz  | Bin 581399 -> 582186 bytes
 metadata/glsa/glsa-202408-09.xml |  43 ++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202408-10.xml |  44 +++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202408-11.xml |  46 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202408-12.xml |  42 +++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202408-13.xml |  42 +++++++++++++++++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 9 files changed, 234 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-202408-09.xml
 create mode 100644 metadata/glsa/glsa-202408-10.xml
 create mode 100644 metadata/glsa/glsa-202408-11.xml
 create mode 100644 metadata/glsa/glsa-202408-12.xml
 create mode 100644 metadata/glsa/glsa-202408-13.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 0bce9d8e5383..56b810db7bef 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 581399 BLAKE2B 7625df02b4f1b89397b376b84cd5cd12e72dc54d210a0b50792c11bea66aa2587c55e06a1c2f8c90e2d23e53d64dd9a95abcafc93985ea6b790b31a4bee23a76 SHA512 f826de1364ea562a943d402f32d70fea336c99b3f3c98bfe1a40de213334dbdc5b757ee30a530c7c880159a52dabf6ac43651411c9359eea6e317d844dc3417b
-TIMESTAMP 2024-08-07T11:11:08Z
+MANIFEST Manifest.files.gz 582186 BLAKE2B 1a05feb8b9f4689a5bd4a3b5a194172aab19857a1b6e62bf709acb61c73ed250c6bf15cfff567f826788975e1396b0aaf59ca881f1f7eaed4538d688c5c6c312 SHA512 8c95b20c054cb4417bd4f7bc6d285dc50887b3c7f63e2a0637b969f6461508fb0ea65d4276d1116c38b4ead475746df44be5ee73b60d3d6ebf301f72d2cea382
+TIMESTAMP 2024-08-08T10:57:13Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmazVkxfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAma0pIpfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCBSBAAh8hTRHpj2s+CCBDbRsv+k+0EhgTm6ycX5wyVlVaS8ND6bw8O6/kcXk8n
-l0iAgJEZjC2gwte7tGhWUXnNf1Mmi518dmqdU8saBQ/NjoguiHfGzT38hHDFKDPz
-7GYLhRk3e3UWX6fCWbEIScyqIyW/t5qnocD/8H8BqVjtjuDrlIbxOWxyGDQMxDrI
-IWBdBlXiwQuLiANByGSOCTo0DilF6zYUrLT2wP2QWNJz3JX7kRK7iezHlIoIXW4Z
-zHuuW+T7cLyTERTpuek2kAqdYiJjESaYkfID8+hIZN2GKl3/chAuLvTVYbDnZ1by
-TLslfrvbEUAEhwrimF4NuD71cORTaNclfjf2TTRULyG7YAEi9Oky0MO50w1PCBqd
-LMSCffZHmg875Qb/nhmBSpYk3xTxtu8wYkk9Vp4AapErRi2Lr0OWVb099aXGrskf
-tu8j4T5YBnVlr5XG9d8eA32OCIfHo9CPWCw+gye0fAZKC6tlyl4Zy/D+mgq/ryhL
-vGdf5nf6ZR+Wo/OrV666C0OgXsH5zD71fdGcm0iZ6IV+SjMK4c28TANRVSFIAF9l
-V7o9VqzfSam8tmQNvGXc/krX28ZYMYxK36PDNEfyd4rNIklPDaEsrsegyKRNlDpZ
-/dzF7ZJUd4+EgZQ9Nd5p2fjmeJgeb6Lu6E72bpDQQ8UTgz4f4DE=
-=/QTK
+klCM9Q//adrfGikT/8N3ibeZxd/S/5SeBiCrKfcrWgZB8jDnkZO7TZpdW8iohdeF
+tC/EoKWBSxM5jlx/W72XN4TPyJ81cf6+99tY4YPAdrlWhCDXdg2rt8vfNiZFwD3z
+qDYa4I3NMGgq+589mr+Li4zMK7UdxjLMWhMogj70G65mshreDLUgZMHRN2VbOegO
+dMc7+xCx2FCawU+EgCpGbljCnd5Mr22O9ugpHgPxl0Q0fkDDhC85H7Or973169Ce
+ExBj7l2oZbSoDjQowJk+j988Zt5iPrvaCRjdPAEnKss/kU6TbtnPDDzlVdLVFFLx
+HTex9wgODRME2bXdNQUONGpC22kPFVXQk4xxjh8bwpg4qt3T0pHujTIJyKms4SCX
+iTljq6wksUcOZUbXENuGe4k5JbHJijj2gfhMTaI0yg11SJvwjdYk+ZYTwjqSp1sK
+JTHWrdQAnwfraz2c4A2WIt8Ep+9rJ14Q11+Ep9XjB+2qVlY7wK36u6SRySkAHiEo
+zfTjFmzfrM8hQJwUcL4qA2YiCU1pVAkUgPQvKaXtNU2XitbyBEbSqkLg5vzmgkyI
+lBHC16BT6ulynjpKduQE8COB9blq33JpdmK8E6W6OeSUiKMG5p1nekMfrNUV6u5S
+lovoUv68XKPQfbGC+9sZB75fN3IRIg3cgDScaSN7Q/oJZA35/tM=
+=zbZJ
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index be4c754dd6b1..8c8552f6c480 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202408-09.xml b/metadata/glsa/glsa-202408-09.xml
new file mode 100644
index 000000000000..128ef86c9f51
--- /dev/null
+++ b/metadata/glsa/glsa-202408-09.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-09">
+    <title>Cairo: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Cairo, the worst of which a denial of service.</synopsis>
+    <product type="ebuild">cairo</product>
+    <announced>2024-08-07</announced>
+    <revised count="1">2024-08-07</revised>
+    <bug>717778</bug>
+    <access>local</access>
+    <affected>
+        <package name="x11-libs/cairo" auto="yes" arch="*">
+            <unaffected range="ge">1.18.0</unaffected>
+            <vulnerable range="lt">1.18.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Cairo is a 2D vector graphics library with cross-device output support.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Cairo. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Cairo users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.18.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6461">CVE-2019-6461</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6462">CVE-2019-6462</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-07T11:19:32.821340Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-07T11:19:32.823921Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-10.xml b/metadata/glsa/glsa-202408-10.xml
new file mode 100644
index 000000000000..67c3d6759ddb
--- /dev/null
+++ b/metadata/glsa/glsa-202408-10.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-10">
+    <title>nghttp2: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service.</synopsis>
+    <product type="ebuild">nghttp2</product>
+    <announced>2024-08-07</announced>
+    <revised count="1">2024-08-07</revised>
+    <bug>915554</bug>
+    <bug>928541</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-libs/nghttp2" auto="yes" arch="*">
+            <unaffected range="ge">1.61.0</unaffected>
+            <vulnerable range="lt">1.61.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in nghttp2. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All nghttp2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/nghttp2-1.61.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44487">CVE-2023-44487</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-28182">CVE-2024-28182</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-07T11:37:22.663338Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-07T11:37:22.666444Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-11.xml b/metadata/glsa/glsa-202408-11.xml
new file mode 100644
index 000000000000..abd50b3cf8d4
--- /dev/null
+++ b/metadata/glsa/glsa-202408-11.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-11">
+    <title>aiohttp: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in aiohttp, the worst of which could lead to service compromise.</synopsis>
+    <product type="ebuild">aiohttp</product>
+    <announced>2024-08-07</announced>
+    <revised count="1">2024-08-07</revised>
+    <bug>918541</bug>
+    <bug>918968</bug>
+    <bug>931097</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-python/aiohttp" auto="yes" arch="*">
+            <unaffected range="ge">3.9.4</unaffected>
+            <vulnerable range="lt">3.9.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in aiohttp. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All aiohttp users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-python/aiohttp-3.9.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-47641">CVE-2023-47641</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49082">CVE-2023-49082</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-30251">CVE-2024-30251</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-07T11:59:46.382696Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-07T11:59:46.386364Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-12.xml b/metadata/glsa/glsa-202408-12.xml
new file mode 100644
index 000000000000..1f3fb6d92cb9
--- /dev/null
+++ b/metadata/glsa/glsa-202408-12.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-12">
+    <title>Bitcoin: Denial of Service</title>
+    <synopsis>A vulnerability has been discovered in Bitcoin, which can lead to a denial of service.</synopsis>
+    <product type="ebuild">bitcoind</product>
+    <announced>2024-08-07</announced>
+    <revised count="1">2024-08-07</revised>
+    <bug>908084</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-p2p/bitcoind" auto="yes" arch="*">
+            <unaffected range="ge">25.0</unaffected>
+            <vulnerable range="lt">25.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Bitcoin Core consists of both &#34;full-node&#34; software for fully validating the blockchain as well as a bitcoin wallet.</p>
+    </background>
+    <description>
+        <p>Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Bitcoin Core, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Bitcoin users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-p2p/bitcoind-25.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-33297">CVE-2023-33297</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-07T12:34:53.892565Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-07T12:34:53.895329Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-13.xml b/metadata/glsa/glsa-202408-13.xml
new file mode 100644
index 000000000000..e1fa4574c49b
--- /dev/null
+++ b/metadata/glsa/glsa-202408-13.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-13">
+    <title>Nokogiri: Denial of Service</title>
+    <synopsis>A vulnerability has been discovered in Nokogiri, which can lead to a denial of service.</synopsis>
+    <product type="ebuild">nokogiri</product>
+    <announced>2024-08-07</announced>
+    <revised count="1">2024-08-07</revised>
+    <bug>884863</bug>
+    <access>local</access>
+    <affected>
+        <package name="dev-ruby/nokogiri" auto="yes" arch="*">
+            <unaffected range="ge">1.13.10</unaffected>
+            <vulnerable range="lt">1.13.10</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Nokogiri is an HTML, XML, SAX, and Reader parser.</p>
+    </background>
+    <description>
+        <p>A denial of service vulnerability has been discovered in Nokogiri. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Nokogiri fails to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack.</p>
+    </impact>
+    <workaround>
+        <p>Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.</p>
+    </workaround>
+    <resolution>
+        <p>All Nokogiri users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-ruby/nokogiri-1.13.10"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23476">CVE-2022-23476</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-07T13:11:11.971415Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-07T13:11:11.974740Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 677c7dee70c1..7bab05b5d085 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 07 Aug 2024 11:11:03 +0000
+Thu, 08 Aug 2024 10:57:09 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 26aa9e48deab..6caf9d079811 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-e64fb777fe21714192a4f70814906be33d867172 1723028443 2024-08-07T11:00:43Z
+acc7fec53d067c43c33e830e51592868bdeb80a5 1723036283 2024-08-07T13:11:23Z
-- 
cgit v1.2.3