From 2891d29af8907ce881662f4a02844926d7a293c7 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 31 Dec 2018 13:43:35 +0000 Subject: gentoo resync : 31.12.2018 --- metadata/glsa/Manifest | 30 ++++++++--------- metadata/glsa/Manifest.files.gz | Bin 434883 -> 435197 bytes metadata/glsa/glsa-201812-10.xml | 44 ++++++++++++++++++++++++ metadata/glsa/glsa-201812-11.xml | 71 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 6 files changed, 132 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-201812-10.xml create mode 100644 metadata/glsa/glsa-201812-11.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 4ad4dd7fd115..ce7690b72a41 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 434883 BLAKE2B 437fd719358cb224888b8071f01d60b1548cd1a82f20093903aa74e9fe63671e56f03a20ed426aae11e7d6fdd7027beb57804429044781bc9dc3557ccbbcb5a8 SHA512 16828091dc592888ea79b76c0a3e0ec358317e4c345386d11d12983b85a84ed74ba2d650d8af4f0f90a313afdad1a7fd1808666df2dca69ee70f2802b663b733 -TIMESTAMP 2018-12-24T12:38:37Z +MANIFEST Manifest.files.gz 435197 BLAKE2B 5ef1f755677fba588afa252a22622c045d099b3f39fb6b356786170399bb20e8c58212856a5ddc6f59dc6076e3f84a95376a4dc3b4d5154c7d540151a154c88a SHA512 fb541e904c3c6b5ec17c08e76f9ce1dcd0d8f0b31dee092dd3542b9a34a04890e9a1b1e6b0d78d3523fb451deb84b3316ae6b588a29aec6f4741dfb52941ecc9 +TIMESTAMP 2018-12-31T12:38:39Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlwg001fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlwqDc9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klD2fA/+Mt4p7KROekLVq9HOgIgdDD+/hFUAs5tYJr23IPJ+6LYiP4J3UyN4D13V -lzK9GLnnuyWJDAAPZNsFCPltdO0z90YBrMegKUP1WnZe+Px0oXyPQNIlK4ccesfv -Tr/6k31JZ18fULHCH21Zr+U1TS0Gx6J7V+P+WV6qr7OchkRAoENcnW2gJuAtbmmm -9RCHsICYRL2lFRaGGJq2KlVHlMosLetqF6ATeQIjHWHpZDQaxXpMdYo+9JDqp7dM -w9THEXHeiJFG6QKqaDMNvduac8zm/wTqk35Q+F4ueE7zndo4wx45tz6CJZt0eqEx -EJ4J5GTdzqQ0LOD0dJHjbBcg93eF+dCpQQHhAQ4nqiZre196ZirDMEBka1JDeX9W -rkeCzxKrVKfi3l3udbRxVEM88fi3DB9Mf3u4cwvR2q586KZkZRblGjSII/NMtJJW -dLPklyjA/O1b7w1mNO3de/yiDlTz5S27/ovB/WzbBPTsCyxAUKu6Xii5Y69iqLV4 -qyx4SvGNztlf2bOs3G6o6cGfkH5C3BeIqL0GVfahqF8eti/UvAgNIDlR/uzWBwVl -s6HmzaKioaz/Oh4vzR9WOKxtPDfnbfkNrAqA8x/AJXS3gLk5cbWmM1RKRnDq7JjU -XlZUdy627zUiqHQ5ROz0FuvGf0ddKJTO2DNRmy0Eu4tagv+XYAk= -=YM9t +klB91g/+I1zWG2oYO2J9ZrbQVZVmOmmM4NoWGtpVST4yXXc0uByDdYFkroBsgCDA +M9dWQXl/J6N7X4RQ4y/X0Bju+HTlvarQIhpKaS769SGs9St8d6KpSF+VOUy5CyvO +5gaGt06fAroPYBgiMtvCcPiRuHRQrxrlsCighz/2PaGOkwIUa3FeuzET6QWCDFuE ++1xgH8jeY022Mfo8egKkla6+7lQczfR9a0I0PYV/b4HtlT7sGs4NPuoBPmPdjpgl +lCxlgs3S7qLkfEnlpvnhX9XANpZt0GCRQTZJR3VsLqQU/r150E+MxnR5qKo1MNS9 +sDYzlusexF+cifGy590ilfEe5oRPb7RDDS4LeGwQk+9fMJXbBtu9tXnE3V2Hl84G +UFaWcNXtUIY7ky6spx2AZXUjDPgGPbR26fToaygCvgukJh3zqEaSP1EN83zqchvD +A0kJKyLI86uDBHb4ARBRlGWYi51jdjzBjhBBNY/KOi0mdqCteRs/PgNFE4dHTVRm +d/sWVZ7hBYDRUjTrbg3BGLYknGAnVo6bYyhtAH41xNO6do8IexjGNWcjMLcda0e1 +jPBqEFFq4DjalpeQq/4M0n7YTp73cp2KLjwleseEkwOWFQlYObRL3Bct2N/BPr6l +DbxJfrHLP7B3AmjirqZkJAscBETk623dsdjsUhqIyC4IT4ukQvg= +=P/S9 -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 5d40da810995..b87f67ec613a 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-201812-10.xml b/metadata/glsa/glsa-201812-10.xml new file mode 100644 index 000000000000..2216a3293444 --- /dev/null +++ b/metadata/glsa/glsa-201812-10.xml @@ -0,0 +1,44 @@ + + + + GKSu: Arbitrary command execution + A vulnerability in GKSu might allow attackers to execute arbitrary + commands. + + gksu + 2018-12-30 + 2018-12-30 + 534540 + remote + + + 2.0.2 + + + +

A library that provides a Gtk+ frontend to su and sudo.

+ + +

A vulnerability was discovered in GKSu’s gksu-run-helper.

+ + +

An attacker could execute arbitrary commands.

+ + +

There is no known workaround at this time.

+ + +

Gentoo has discontinued support for GKSu and recommends that users + unmerge the package: +

+ + + # emerge --unmerge "x11-libs/gksu" + + + + CVE-2014-2886 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201812-11.xml b/metadata/glsa/glsa-201812-11.xml new file mode 100644 index 000000000000..0fe3a9ab2fc5 --- /dev/null +++ b/metadata/glsa/glsa-201812-11.xml @@ -0,0 +1,71 @@ + + + + Rust: Multiple vulnerabilities + Multiple vulnerabilities have been found in Rust, the worst which + may allow local attackers to execute arbitrary code. + + rust + 2018-12-30 + 2018-12-30 + 662904 + local, remote + + + 1.29.1 + 1.29.1 + + + 1.29.1 + 1.29.1 + + + +

A systems programming language that runs blazingly fast, prevents + segfaults, and guarantees thread safety. +

+ + +

Multiple vulnerabilities have been discovered in Rust. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker able to control the value passed to Rust’s + str::repeat function could possibly cause a Denial of Service condition. +

+ +

In addition, a local attacker could trick another user into executing + arbitrary code when using rustdoc. +

+ + +

There is no known workaround at this time.

+ + +

All Rust users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/rust-1.29.1" + + +

All Rust binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/rust-bin-1.29.1" + + + + + + CVE-2018-1000622 + + + CVE-2018-1000810 + + + b-man + b-man + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index c1d7f511533e..e94cbeaac45c 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Mon, 24 Dec 2018 12:38:34 +0000 +Mon, 31 Dec 2018 12:38:35 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 15938ec9fb67..991ee1687290 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -50b59faac05c76419ff9b3a69d1e89f8a5c99678 1545393597 2018-12-21T11:59:57+00:00 +baa5a86124960e22df1f11ab63da9f282dd4cdd3 1546204642 2018-12-30T21:17:22+00:00 -- cgit v1.2.3