From 38423c67c8a23f6a1bc42038193182e2da3116eb Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 25 Apr 2020 11:37:10 +0100 Subject: gentoo resync : 25.04.2020 --- metadata/glsa/Manifest | 30 +++++++-------- metadata/glsa/Manifest.files.gz | Bin 462212 -> 462854 bytes metadata/glsa/glsa-202003-57.xml | 20 +++++----- metadata/glsa/glsa-202004-07.xml | 17 ++------- metadata/glsa/glsa-202004-10.xml | 57 ++++++++++++++++++++++++++++ metadata/glsa/glsa-202004-11.xml | 69 ++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202004-12.xml | 75 +++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202004-13.xml | 78 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 10 files changed, 311 insertions(+), 39 deletions(-) create mode 100644 metadata/glsa/glsa-202004-10.xml create mode 100644 metadata/glsa/glsa-202004-11.xml create mode 100644 metadata/glsa/glsa-202004-12.xml create mode 100644 metadata/glsa/glsa-202004-13.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 49bc42a5cc48..33929072fc57 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 462212 BLAKE2B 5776c6001abb402454a2b47a7b9bf3bf9047598d1aece9f78d5b9c3c27b9e2beb04358067b23d0aab0fa3a39a6704dbc7989395dc50e173ff19712be407974d6 SHA512 b5ee2fe405b23fa0d01a4455e021e430490898b9d86f37bdd8cdf6f3e1e612bc5782cde9c380e6d19690d6c9d75154b7ece632c229e69202510fa1255c1cb2a6 -TIMESTAMP 2020-04-12T01:38:57Z +MANIFEST Manifest.files.gz 462854 BLAKE2B 45d9c39aed70715f733b66b45dc5f1269928044878c906083c6e7a076449bf75e0a2abc6b2094fac1caf94f820d8a437f66033fe5edd3675345689e5a3f2c6d8 SHA512 cdd4cb4b70565ed751e2fc667e7560d4b3105f046b9428886b70b2d9ea0dc778c9446a4556ccea472de31ef09973c16422f77c1b2e65175f6c4833f501c93cc8 +TIMESTAMP 2020-04-25T09:38:56Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl6ScTFfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl6kBTBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klA2DRAAiTm99vhWjrVbLyTspLIxWs+f341vqhSR6EQ84k1H/pKRoeywOosu+v3R -BdECknFaydhSJg47U8hdOxn3DDywQy//55TuTN40jUS/kWyrEIMhpiRz3PvIl7Gl -coLa52mwdV6GLywJKcsZwn1T0S3ttMDnmlBWn/EYnkOvbXV1vrn32obvcUbaUMMP -C/ha+l2syTF73FJqr1EEjzq2aFxvcJNtojuHhNqeyfwJe+PEI0juLfMehrlucSsd -7+zAk+srYuBo6p0KrOwXno5Uj4griXaT7JJhe2t78ruqwHOMwQQzF0f8l/hRHs3O -p6dKK4cyAbU03tGCfAuw9BPyCYlGCDzJbD1GPmfM5FP4ywFZxWHG+enfgoUjFwvI -Q2YiBT/sRzajy0jjbS/XZZ4CabIQPI40+WRyEatcrEx3IoiwcpMbiwngwlqVg4wf -YLAAWIGcsQiCD42TbY1UOXApUT4eVLRQHPVK/gVJGQeF8ODRh+I5Ie2kC3oi5yGN -8APaSiS1jGARXWcNc5PhVlkNUW6TtE6AWciUwVlM7S2112Hy27/2TrW4UEzHyvWX -5HMwTGblMzdSpSlerwjF2HikolBD7KbmqmFJzvPD78LbibRib2F3P+7I40v67Uoc -MP/sUqUU3ZOMwAO/YUV5tj+MDxqhESs+O/HHbXWgc89AZjGjMmk= -=PlQ9 +klCcXg/7BNzMr/mNPnHYxDfDRe4oxPQRKDMr1qdDJpwbsh8OJkz5uJfc7W2wRUYJ +RGaQ9tGkZ8ih3qyETN4MyLIUU28kXcKBY+BJHQtHTlt3J+idwN+vAJJG1HZbTM6G +L4u2PxciwU2Jwnyj5Xv+R04iRpbOp03aMYk3O8vw1kE84eEWQoYzSl7rsNqVAJtO +58bQ/ez8BxFjSERAhCviFjQL8u3izCGVwWq6Ecw/rJaI/1h17s/9ps/wytgXCB1w +z1tLDdUHAlQKOdQ6F/htu6r2jS51ucRZr+asQRZ8UeamFTLW53n4Sqgw408WEb1C +fWPrxE/Q834drYte/z9lORGOjn6q+Gqw5oeNcTGCbTcN4s2VtEUjvycWeG99XJY0 +zuBgJSj4JrdNfiuEJwiaFiH9L4KqCcrGjatqzSzUA2tzjrO8W1SBXFtTLaIoYA6j +4aYutgnQqpKkjLhb+c3JblZf2BtqOFCm1Dm7C2pHDwpi/50t5w7jkKTN86sUouZw +NvwSzhLsAAdx5S3WWnMKcVDLGm8hUkA7ye9xuLr+Mm2Mm3zfNPUrcBLhd5vkfQsJ +LJqGMG9Wc5C8rJ3KztPMp6atUEMCGCXVFi+2zfk3qhXjfkV6Z1vUOnIDetPVpOhQ +n4u7WpbM9EuZwBGo1FVq32+0OJXMAkuH/oo3CX+XVKH0dLAEKxc= +=6TvA -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index e387e538aea7..c466aa961150 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202003-57.xml b/metadata/glsa/glsa-202003-57.xml index 507ece2ce63b..a2f96097945c 100644 --- a/metadata/glsa/glsa-202003-57.xml +++ b/metadata/glsa/glsa-202003-57.xml @@ -7,7 +7,7 @@ PHP 2020-03-26 - 2020-03-26 + 2020-04-23 671872 706168 710304 @@ -15,10 +15,12 @@ local, remote - 7.2.29 - 7.3.16 - 7.4.4 - 7.4.4 + 7.2.29 + 7.3.16 + 7.4.4 + 7.2.29 + 7.3.16 + 7.4.4 @@ -44,21 +46,21 @@ # emerge --sync - # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29" + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29:7.2"

All PHP 7.3.x users should upgrade to the latest version:

# emerge --sync - # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16" + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16:7.3"

All PHP 7.4.x users should upgrade to the latest version:

# emerge --sync - # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4" + # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4:7.4" @@ -74,5 +76,5 @@ CVE-2020-7066 whissi - whissi + whissi diff --git a/metadata/glsa/glsa-202004-07.xml b/metadata/glsa/glsa-202004-07.xml index cf8709bebe4e..bf1eb98a489f 100644 --- a/metadata/glsa/glsa-202004-07.xml +++ b/metadata/glsa/glsa-202004-07.xml @@ -7,14 +7,13 @@ firefox 2020-04-04 - 2020-04-04 + 2020-04-17 716098 remote - 68.6.1 - 74.0.1 - 74.0.1 + 68.6.1 + 68.6.1 @@ -43,14 +42,6 @@ # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.1" - -

All Mozilla Firefox users should upgrade to the latest version:

- - - # emerge --sync - # emerge --ask --oneshot --verbose ">=www-client/firefox-74.0.1" - - CVE-2020-6819 @@ -60,5 +51,5 @@ whissi - whissi + whissi diff --git a/metadata/glsa/glsa-202004-10.xml b/metadata/glsa/glsa-202004-10.xml new file mode 100644 index 000000000000..0ba5c017fafd --- /dev/null +++ b/metadata/glsa/glsa-202004-10.xml @@ -0,0 +1,57 @@ + + + + OpenSSL: Multiple vulnerabilities + Multiple vulnerabilities were found in OpenSSL, the worst of which + could allow remote attackers to cause a Denial of Service condition. + + openssl + 2020-04-23 + 2020-04-23 + 702176 + 717442 + local, remote + + + 1.1.1g + 1.1.1g + + + +

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well + as a general purpose cryptography library. +

+ + +

Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could perform a malicious crafted TLS 1.3 handshake + against an application using OpenSSL, possibly resulting in a Denial of + Service condition. +

+ +

In addition, it’s feasible that an attacker might attack DH512.

+ + +

There is no known workaround at this time.

+ + +

All OpenSSL users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1g" + + + + + CVE-2019-1551 + CVE-2020-1967 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202004-11.xml b/metadata/glsa/glsa-202004-11.xml new file mode 100644 index 000000000000..93f4d50ba835 --- /dev/null +++ b/metadata/glsa/glsa-202004-11.xml @@ -0,0 +1,69 @@ + + + + Mozilla Firefox: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox, the + worst of which could result in the arbitrary execution of code. + + firefox + 2020-04-23 + 2020-04-23 + 716644 + local, remote + + + 68.7.0 + 68.7.0 + + + 68.7.0 + 68.7.0 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process, an information leak or a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-68.7.0" + + +

All Mozilla Firefox binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.7.0" + + + + + CVE-2020-6821 + CVE-2020-6822 + CVE-2020-6823 + CVE-2020-6824 + CVE-2020-6825 + CVE-2020-6826 + + BlueKnight + whissi + diff --git a/metadata/glsa/glsa-202004-12.xml b/metadata/glsa/glsa-202004-12.xml new file mode 100644 index 000000000000..62bf7158b755 --- /dev/null +++ b/metadata/glsa/glsa-202004-12.xml @@ -0,0 +1,75 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could allow remote attackers to execute + arbitrary code. + + chromium,google-chrome + 2020-04-23 + 2020-04-23 + 717652 + 718826 + local, remote + + + 81.0.4044.122 + 81.0.4044.122 + + + 81.0.4044.122 + 81.0.4044.122 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one fast, simple, and secure browser for all your + devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers for details. +

+ + +

A remote attacker could entice a user to open a specially crafted HTML + or multimedia file using Chromium or Google Chrome, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-81.0.4044.122" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-81.0.4044.122" + + + + + CVE-2020-6457 + CVE-2020-6458 + CVE-2020-6459 + CVE-2020-6460 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202004-13.xml b/metadata/glsa/glsa-202004-13.xml new file mode 100644 index 000000000000..35827af3016e --- /dev/null +++ b/metadata/glsa/glsa-202004-13.xml @@ -0,0 +1,78 @@ + + + + Git: Information disclosure + Multiple vulnerabilities have been found in Git which might all + allow attackers to access sensitive information. + + git + 2020-04-23 + 2020-04-23 + 717156 + 718710 + remote + + + 2.23.3 + 2.24.3 + 2.25.4 + 2.26.2 + 2.26.2 + + + +

Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +

+ + +

Multiple vulnerabilities have been discovered in Git. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker, by providing a specially crafted URL, could possibly + trick Git into returning credential information for a wrong host. +

+ + +

Disabling credential helpers will prevent this vulnerability.

+ + +

All Git 2.23.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.23.3" + + +

All Git 2.24.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.24.3" + + +

All Git 2.25.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.25.4" + + +

All Git 2.26.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.26.2" + + + + + CVE-2020-11008 + CVE-2020-5260 + + whissi + whissi + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 5259482477da..64d6d4b98f8d 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 12 Apr 2020 01:38:54 +0000 +Sat, 25 Apr 2020 09:38:53 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index e60cae01f3fc..eab48bd233f7 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -f2cb9b0eb0e16fd065838568dbe36727be807027 1586556154 2020-04-10T22:02:34+00:00 +5f514a6bc0b6082d08328fcc290cbba6761ee102 1587655514 2020-04-23T15:25:14+00:00 -- cgit v1.2.3