From 35d60f48c1e8e3d48626e53a1933c55805177d20 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 10 Oct 2023 12:09:13 +0100 Subject: gentoo auto-resync : 10:10:2023 - 12:09:13 --- metadata/glsa/Manifest | 30 +++++++++++++------------- metadata/glsa/Manifest.files.gz | Bin 550416 -> 550735 bytes metadata/glsa/glsa-202310-10.xml | 44 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202310-11.xml | 42 +++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 6 files changed, 103 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202310-10.xml create mode 100644 metadata/glsa/glsa-202310-11.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index d2cd00580441..b14540d262ad 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 550416 BLAKE2B 8daa7d9fd115f3b8248d5fb12e0f3047ff161fdf5d6ff06f848034f145e6c2f0f1765efe15949bf8eff4a3b2178b4d8b9a1abe65c9694fc27bf198a8004c89a5 SHA512 e812335526c7fc4f64e02c36ba94af59187ddf08798353595dbad095830168de4147fac9000185628bdd4a237896ae327812a50a084262aef0296d0d1f2280d8 -TIMESTAMP 2023-10-10T04:40:27Z +MANIFEST Manifest.files.gz 550735 BLAKE2B 0ffdf66125d12ddafd79b21352a7848ed151bbaa4f8c797ef790338276b38510c23426e30ee3924d383730dfa4aff331e8e665ad71671a58cdc8dc2ba36724d6 SHA512 29d9cf4a64855f0c558f495d9ba0287f8770ab6d72cdb317acbfc7b3da68122d06491a11d071b3f9fdf2b3e5f7670668f8ebb4c085ef0d18335dd4f217c6f247 +TIMESTAMP 2023-10-10T10:39:48Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUk1btfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUlKfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klB+XxAAqS6ci2jD05HZ4Nns+W3hYR+a6ZfNI/cRoGdFmev5n2rB2yO9i3bB1hAN -MoiE6aF4c8fSs7BQ0+XnzUO+sCpdluKFEWZB4d10VSOj7XMeynpeU8pH88RBQoHB -vY79oHz4rE3GL3ByrwfKze8m2/e4Y1EwoFf7bHPbgVxsND22TpRjYwJlyQ+kFfuJ -YT2RllMiQRMWXk00NdtolmVI8bo5QUjq/jw4HJBm9HX8e80E4i4bYHFmBm8NLmKL -kd1UYj35bdEaH5GS1n+4N8KJwygufXFMHl5sjntX29g/aoNn/cOP+5/uoGcEMhLe -oIL7mxChYOlWhxynr9CNCiTKN1q8oDnxU201kE5dsOvYA1Fxhyz40WqVk7Zl+WTG -mMgrThDyCj/t7zT2c/7RED2ybUz3Kb/uhgcsrJq6UfCJVqq1O0ZtYjTwohiDRLXf -cA783XKwI5X0adGZMltbWVlBN9F983S+uklGh7J/ZlLF1+5/zk7U7eE/d8TlicoP -MHl2ajqvQWMRgy+FEdXt2aC4V6axeQGK4DprxUn0Kp6S3xDnUw+/jzThyKLv75uH -dxOpthVsm0qqwvmOmt/S6BF+qLXC5RcqUmtYPOxMlzy6hgdt2EtBer9C8k9sSMwR -urWKwulmsKUnVv8JeeoSoNr3qHuVTmyyKzZVXUHQbwRVHvoZKdo= -=ZMV+ +klAPHQ/+JHIVqf2WSL4Y5g+Hrlx++ITzcaIOHIFk+IeFPI+jDdZKhujoGTqNk+05 +LeTPNow4+HtHDmavGu8A/1+GdIiwLTbTCximCGRplbUw5Yv0U+TZlj8bxh5+E427 +BW7suCve7EKwHPs7usy5lnYzkU0gLDQ0Sbw8VxnJUPoG0NvZkgE2T6LQs1qkQVn1 +3Fy2sMTqqOyS60R0zebZ1AvOdlm2/NYn6xa/bPipR0Z8MJTOJL/5q+mjC+Sq1wal +rJMU0g1Yu8i/V3HlK0QZwA4Kkc9N3iag8tHTJCNjA6Tyt/AymJF3fIelOi+enQti +Pel7iROmJ4m3MUd0pdM5gQfZrgEcrg3bYOsiIjaimsKPWEtirJFXzyfCbWo7fK6h +UmPAJCilQ56cShQBdnn5SUodMsm17l+kNPoyElLS751q7N7TFIEVH7LT4lxp6dES +aKsyd2l4ukR46MLbFfkFACA1keTgbMDXhUaKB62AFLD9ewZL4PIBHoH3pjOe6P9g +PrATtBLmViJxF7Nn5MN+KqUS0EsavwPC1A2eSdhRFMfAN5gD4vv0zrKoUsnAe8ow +UkQ57i4oGx1DHTk1/BNOJg/ePBG2FK5HEJS4U4sLYrLABDY6+D9kHJ8bhZGXPZUq +vfjIntxz9L/UtUeH2HbbchC7Ta3+yuU4xg3X2osQT8EoNW/0KCA= +=jjx9 -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 35a0f4a48909..f82bbccb50b8 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202310-10.xml b/metadata/glsa/glsa-202310-10.xml new file mode 100644 index 000000000000..5846410c4634 --- /dev/null +++ b/metadata/glsa/glsa-202310-10.xml @@ -0,0 +1,44 @@ + + + + libcue: Arbitrary Code Execution + A vulnerability has been discovered in libcue which could allow for arbitrary code execution. + libcue + 2023-10-10 + 2023-10-10 + 915500 + remote + + + 2.2.1-r1 + 2.2.1-r1 + + + +

libcue is a CUE Sheet Parser Library.

+ + +

libcue does not check bounds in a loop and suffers from an integer overflow flaw which can be exploited to take over the program.

+ + +

Untrusted CUE sheet files can lead to arbitrary code execution. + +app-misc/tracker-miners[cue] uses libcue to index CUE Sheet files in directories. It is possible that downloading a malicious CUE Sheet file into a directory indexed by tracker-miners could lead to remote code execution.

+ + +

There is no known workaround at this time.

+ + +

All libcue users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libcue-2.2.1-r1" + + + + CVE-2023-43641 + + sam + sam + \ No newline at end of file diff --git a/metadata/glsa/glsa-202310-11.xml b/metadata/glsa/glsa-202310-11.xml new file mode 100644 index 000000000000..2a27923059c7 --- /dev/null +++ b/metadata/glsa/glsa-202310-11.xml @@ -0,0 +1,42 @@ + + + + less: Denial of service + A filtering bypass in less may allow denial of service. + less + 2023-10-10 + 2023-10-10 + 893530 + remote + + + 608-r2 + 608-r2 + + + +

less is a pager and text file viewer.

+ + +

less suffered from a flaw in its terminal escape sequence handling which made its filtering incomplete.

+ + +

Malicious input could clear the terminal output or otherwise manipulate it with faked interactions.

+ + +

There is no known workaround at this time.

+ + +

All less users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-apps/less-608-r2" + + + + CVE-2022-46663 + + sam + sam + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 34ece6d5fb96..4488f0dcef1f 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 10 Oct 2023 04:40:22 +0000 +Tue, 10 Oct 2023 10:39:44 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 8595f147afc5..ed19c04acb3a 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -e13b4705e37d564cf7d1830379f6550fae91f021 1696750201 2023-10-08T07:30:01+00:00 +e4a47f747e38bf26733ce68c8e1a738f3e70725d 1696919294 2023-10-10T06:28:14+00:00 -- cgit v1.2.3