From 1dde4e5c4b92d849bf1abf0a48135b2a0644f7e1 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 13 Mar 2018 16:55:35 +0000 Subject: gentoo resync : 13.03.2018 --- metadata/glsa/Manifest | 30 +++++++++++------------ metadata/glsa/Manifest.files.gz | Bin 417713 -> 417870 bytes metadata/glsa/glsa-201803-04.xml | 51 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 68 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-201803-04.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 7905bff22ab1..b7267268126c 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 417713 BLAKE2B 5f453ee753ccefac1bad76c5778ebd5c3a7b9d23f0d9dda535879657ff3d7c89d4bc4c8048049e852be4cc25e9f91864ed97ae3dd6991c1bc05fc37320c6b805 SHA512 32c698df4a14a8dd6f33822ebc801c8f40da7ae51d5d8d66efb73ac55886769e7465cc82e8e9166c98bba1e2846832e92a392325436d2eca1c487373db893527 -TIMESTAMP 2018-03-10T18:08:33Z +MANIFEST Manifest.files.gz 417870 BLAKE2B 5065b7b9f6a96f86bf5abd010e56c6e80ea6e4c69ded7bea498bd5905b65effbae954175f68157189d42be8287232bc8ecabbe86115cb331cde9dc1246a35750 SHA512 e1fab6a999acc784d0c5597fc2bfabdd9ef83ae65ef7b5c1a4101d3f3f8041354340f6c5964f9aae4129d9150fdf2da2ad3b336198034e9d7bd904feaab65bf6 +TIMESTAMP 2018-03-13T16:08:15Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqkHyFfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlqn929fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klACOw//WLKWKlP1i8U+YAoSwNhreo3nGeGOvm3UQvdovLH2GbSROr8IEJ9o7F9+ -s+WPnLZbADtfFjFMDJm337OEoWRN5Wl4OyZ3f0YArqoaqMEoukbGK3y9vEYqOL7B -qCs12ye3C0wUQuHmAvj7dAEZa2U/iCEU0dJLXhSYm11+0rkOwyHT3OtS/4Smxsqy -o5N9Y8y1pBJjEZslHW8STaxwipvQfwYzkD6smV1QVQxeTW8doSjRpgbdosh6vJNY -7olhlDf5iS/hLyfUDeEb0WfFodgdjNS8SAx0UdHFApV8FXI21bq6gacuQrw+1wKc -kx6jDlwQKcBtPXELrT4A0M8BKSxi+Xmq4+BUkoGQyJ8rTWlmIxIkmscKHkiOI2cZ -yEmG4lPiTbYsQIW92NTcZ9kXYO1KLGGM2xloHR99/+6oCaO6FU6ug9AgpVeULnUc -+0JEvkeHjQDmSCBAtbxKLwf+soJlXgsGkFuRIURLf3jl4Ndu8ziFhXrgE7Pd6yKp -DL+WDMrW944X0BLkbe0sKRkP4ZIKThW8IW7IytMOsPDw904q9/GjtZAO4mdX02Mh -xsk1cuMLIgiz3KVfHFbzquESX0NTmfdlxxwV/qi9844pUeD3eJnxMCI3RDVxZbe7 -ECzbZbxjRfctN4y696nNRXjsCGGwn+1oLAZWUQrSiObH1aVMTXA= -=2etf +klDahA//b1RhsPfj9OKb4b0EylBR1I5d3grRGF1FIWcDNrOAXaIzIdTkEeNbKc4H +QGk7VQbOKBey9cj8Kd1896KtvG1cRXiZVHsjLC2k1ToCNbDTM2lPTk3+ybQdA/nC +fOfRdNWR0zt+TJ6n1mZE6MsNxA/WQTIs/Q8lRwdUaaHVKvsM5oEh52Cwp7WTA1lK +FkHF9estJfWWQnZtVgDc9Qik0bI/CwZPZiSIr7Ew0yoUKhrxv3nHeqbB5me2fU+9 +w0zBW4GksEkbPlvqG2bdecuqtG2DtKOLRFegpoaQ2/UCPwICMdw3es2wIAgZViLs +S6inH2XluDPiEgs+4D+pf1LWt2e3c3xCzIuCG+3I0iDQUzkqk5aPkHGVAXXmHoe2 +WO00h/Hosv1hEMXm1N73c7tTF9czvBRBLCvMFzuHgf7xgPVXZLJWX5Al6kQdmQiR +H+iLGfQ9xX76lro6o+v9QWw7GuWUnrDpaqwstOTErr51pYUDR5q76W/4wwLIIEOx +kl8bWMfEKx1uWvAgSUuIpIJRJqfaOimeFaGr7Pf5KVbvitjqDyGF6ebjwgKfZ3fF +9wwOk6fQvpTmpC6RVJNaf0jyySf5uP02PT9jMTJeyK9e0FcPJx1oFNvqPHI8BdTR +zpAeJfKyCc7mbVuRy2qq9DHtLAVuaJsm07x9H/ilxxt7yvPXIco= +=PlZa -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 215602afd22e..b6ba86246c9d 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-201803-04.xml b/metadata/glsa/glsa-201803-04.xml new file mode 100644 index 000000000000..fbb8dc4ac337 --- /dev/null +++ b/metadata/glsa/glsa-201803-04.xml @@ -0,0 +1,51 @@ + + + + Newsbeuter: User-assisted execution of arbitrary code + A vulnerability in Newsbeuter may allow remote attackers to execute + arbitrary shell commands. + + newsbeuter + 2018-03-11 + 2018-03-11 + 631150 + remote + + + 2.9-r3 + + + +

Newsbeuter is a RSS/Atom feed reader for the text console.

+ +
+ +

Newsbeuter does not properly escape shell meta-characters in an RSS item + with a media enclosure in the podcast playback function of Podbeuter. +

+
+ +

A remote attacker, by enticing a user to open a feed with a specially + crafted media enclosure, could possibly execute arbitrary shell commands + with the privileges of the user running the application. +

+
+ +

There is no known workaround at this time.

+
+ +

Gentoo has discontinued support for Newsbeuter and recommends that users + unmerge the package: +

+ + + # emerge --unmerge "net-news/newsbeuter" + + +
+ + CVE-2017-14500 + + chrisadr + chrisadr +
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 5c68a36284ea..0a8ed9c15796 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 10 Mar 2018 18:08:30 +0000 +Tue, 13 Mar 2018 16:08:11 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 5f1f6b8c86ad..ae3297387e20 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -de3c19ca944a942c4db36136bf5abc8983cd6a6c 1520449520 2018-03-07T19:05:20+00:00 +a3a9d59f86ebf5d6e6d86f34addc40bfcfe72e5a 1520785907 2018-03-11T16:31:47+00:00 -- cgit v1.2.3