From 470949042cc90856adb62f2671e04e3165fc8063 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 22 May 2023 02:55:39 +0100 Subject: gentoo auto-resync : 22:05:2023 - 02:55:39 --- metadata/glsa/Manifest | 30 +++++++++--------- metadata/glsa/Manifest.files.gz | Bin 543888 -> 544682 bytes metadata/glsa/glsa-202305-24.xml | 67 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202305-25.xml | 47 +++++++++++++++++++++++++++ metadata/glsa/glsa-202305-26.xml | 48 ++++++++++++++++++++++++++++ metadata/glsa/glsa-202305-27.xml | 42 ++++++++++++++++++++++++ metadata/glsa/glsa-202305-28.xml | 47 +++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 9 files changed, 268 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202305-24.xml create mode 100644 metadata/glsa/glsa-202305-25.xml create mode 100644 metadata/glsa/glsa-202305-26.xml create mode 100644 metadata/glsa/glsa-202305-27.xml create mode 100644 metadata/glsa/glsa-202305-28.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index d709f38a2cbd..ab810007351f 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 543888 BLAKE2B da15fb010da91c403608af1847df77a89c9a8a24b2f5c1999256191c31d7755cd7667c19867e75c2bbdd07063f4ce4dd641cf53415eb08b83e35cbb3d2cd35e2 SHA512 ac5e51b2bf8075889870e4eedfe469274eaf28945ed1e974bc76ae0576dc1aa0db2a5fdacfc15e8cfb28486195fad65b487cf50896a207c5fcad4ffae850adbc -TIMESTAMP 2023-05-21T19:09:43Z +MANIFEST Manifest.files.gz 544682 BLAKE2B 2d0195da8b9f8632be280cc22c673ff7fff3535caf55f11ce63010364ef05ef7046249f9222279107c9617f265297192eb396cd21903e1dcb3e6ce4f77059f40 SHA512 7482d2b9d4ad2b3bc6be2d636ba5864a63efe64768afe0aa8677c75c00552d068f221e24a390f8603d699f8934e71923805ce16fb9e6169e56e7803c3a048e5f +TIMESTAMP 2023-05-22T01:09:45Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmRqbHdfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmRqwNlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDnEBAAh3tmGT2qeq//wyazGujQ+IDZ2X6spbarspxHbTSGkJFGvYWtKjUgQf3i -F3zrIgyDXjcxh3A+pBe5EzEPx/1xhAZMkigIXTcegkvQxr/pYEcvtlSM+NTbRbxM -LKc9dyP3ZmIm1LREmCSZQ/vuMoUJOx+WWrmeVsBPwHZN3ZFM1xPYJTBWrLuXBAbe -Uwau86UVvwEsp2/OjEpgcrysnuq1zNakmQGyKmsW17EYpRuf3kQ9HgC3Vs7WB/Qq -NXAeimrAsZyANpyuOFjyczyI4jYLerq5uxnxYIzSYoc+Myz+6NSclsCREzBTCJOF -3i6oRF9MihrRuIDu+iWYW0HkHmUZzp6RLJicnRu4QIS2QYPNV4FKoHv/VAAOiAzo -D3Dm4P5leMzY/lIn1bDOu+a1+3NweHALuC444KLE+efib9XJOSFH3ilUBNvXHb00 -1C8k+C/q9dvrYXNVsuWlpdyR+ElrwGF/S9qMOUmFrYh3+icBvwIuZ5CwjfoGUg8K -qgkKFeLM3dCNHrCKDVW3xKeCByq1WYMZppfTft1a2uUoJtjQvoNZIWCuEwY/AcvN -zV9t0C4FaUpwUt3hynF9vY/pzgBYLlRNWhJu1BsvoaSJRu3p3H3AspfkeTqyLF2X -IRrzlPIXdYyfrmxM+X/E4s2tRffWMT/5RXOQVqeNuISU4FOy+PU= -=121W +klDjZA//f5oyspgs66+lIYbwiAHsP561e9SkDQrKwRZGOmh3YOn45gw6xETDVJGT +FOB+Wdq8FXduR0meDVYUTgwVa9QMlOxxgOlKfq1PqxO7tL7oSYuQvDqjNWdmRI2/ +jbf0tf/j0kYdicB50lD+wBBaU64Z2aX4QjrNXKsDUgR9blc0Bo2MP+zAf5o8HnCL +UseTZCVamfENlmVG5GtG8NaUMvsPTH3vFKD4YlQQclTm1zGW/3oJW7+qa7S6UiCF +O+6BBXNCF+DVpxpzDOhts0uKTDBV+gUhAa8OJG0iiNAU2M7TiiJGuKt0Y3yqio/c +Tsm2d6QbcE9GUEnekNShZwam8VJB9LTfUPB+pyeKtf43HlxektCWITurWK+nsMVl +J6v1GEPLx+eUHUaGZeHXVu0vYHRZIqevkRsM5l49aD4tBhfOrOEfQizHJZldcswX +iEpntU3YoYnfvLbXD0DZNeG7dleHun3/mq4SzO9fWYBpZXpTL1e5Pa67XehBmcUh +0csxxFBONsDDUXCMqnBTeqxZg4klAFd9CDKUSOwdz7Uh9tH9Np01T88Uxirq9gN6 +Cf/Y7mOatyrLOX4xNtLme0aS1KI8R59jklZjTjm6FTmrFaT8WGqtryufU7mvS6+G +sYzxd6hHwUlN5LtOPC11+cEfkyykH8vcbGLaAbredpcdHPt2FW8= +=ReuQ -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 9199f2f00be1..6937d2829dcd 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202305-24.xml b/metadata/glsa/glsa-202305-24.xml new file mode 100644 index 000000000000..26691b029100 --- /dev/null +++ b/metadata/glsa/glsa-202305-24.xml @@ -0,0 +1,67 @@ + + + + MediaWiki: Multiple Vulnerabilities + Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. + mediawiki + 2023-05-21 + 2023-05-21 + 815376 + 829302 + 836430 + 855965 + 873385 + 888041 + remote + + + 1.38.5 + 1.38.5 + + + +

MediaWiki is a collaborative editing software, used by big projects like Wikipedia.

+ + +

Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All MediaWiki users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.38.5" + + + + CVE-2021-41798 + CVE-2021-41799 + CVE-2021-41800 + CVE-2021-44854 + CVE-2021-44855 + CVE-2021-44856 + CVE-2021-44857 + CVE-2021-44858 + CVE-2021-45038 + CVE-2022-28202 + CVE-2022-28205 + CVE-2022-28206 + CVE-2022-28209 + CVE-2022-31090 + CVE-2022-31091 + CVE-2022-34911 + CVE-2022-34912 + CVE-2022-41765 + CVE-2022-41766 + CVE-2022-41767 + CVE-2022-47927 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202305-25.xml b/metadata/glsa/glsa-202305-25.xml new file mode 100644 index 000000000000..c4eecf0252aa --- /dev/null +++ b/metadata/glsa/glsa-202305-25.xml @@ -0,0 +1,47 @@ + + + + OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in ModSecurity Core Rule Set, the worst of which could result in bypassing the WAF. + modsecurity-crs + 2023-05-21 + 2023-05-21 + 822003 + 872077 + remote + + + 3.3.4 + 3.3.4 + + + +

Modsecurity Core Rule Set is the OWASP ModSecurity Core Rule Set.

+ + +

Multiple vulnerabilities have been discovered in OWASP ModSecurity Core Rule Set. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All OWASP ModSecurity Core Rule Set users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apache/modsecurity-crs-3.3.4" + + + + CVE-2021-35368 + CVE-2022-39955 + CVE-2022-39956 + CVE-2022-39957 + CVE-2022-39958 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202305-26.xml b/metadata/glsa/glsa-202305-26.xml new file mode 100644 index 000000000000..2d1baf019b1b --- /dev/null +++ b/metadata/glsa/glsa-202305-26.xml @@ -0,0 +1,48 @@ + + + + LibreCAD: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in LibreCAD, the worst of which could result in denial of service. + librecad + 2023-05-21 + 2023-05-21 + 825362 + 832210 + remote + + + 2.1.3-r7 + 2.1.3-r7 + + + +

LibreCAD is a generic 2D CAD program.

+ + +

Multiple vulnerabilities have been discovered in LibreCAD. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All LibreCAD users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/librecad-2.1.3-r7" + + + + CVE-2021-21898 + CVE-2021-21899 + CVE-2021-21900 + CVE-2021-45341 + CVE-2021-45342 + CVE-2021-45343 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202305-27.xml b/metadata/glsa/glsa-202305-27.xml new file mode 100644 index 000000000000..4880ff970c78 --- /dev/null +++ b/metadata/glsa/glsa-202305-27.xml @@ -0,0 +1,42 @@ + + + + Tinyproxy: Memory Disclosure + A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure. + tinyproxy + 2023-05-21 + 2023-05-21 + 871924 + remote + + + 1.11.1_p20220908 + 1.11.1_p20220908 + + + +

Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems.

+ + +

Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages.

+ + +

Contents of the Tinyproxy server's memory could be disclosed via generated error pages.

+ + +

There is no known workaround at this time.

+ + +

All Tinyproxy users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.11.1_p20220908" + + + + CVE-2022-40468 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/glsa-202305-28.xml b/metadata/glsa/glsa-202305-28.xml new file mode 100644 index 000000000000..a49a0f610781 --- /dev/null +++ b/metadata/glsa/glsa-202305-28.xml @@ -0,0 +1,47 @@ + + + + snakeyaml: Multiple Vulnerabilities + Multiple vulnerabilities have been found in snakeyaml, the worst of which could result in denial of service. + snakeyaml + 2023-05-21 + 2023-05-21 + 776796 + 868621 + remote + + + 1.33 + 1.33 + + + +

snakeyaml is a YAML 1.1 parser and emitter for Java.

+ + +

Multiple vulnerabilities have been discovered in snakeyaml. Please review the CVE identifiers referenced below for details.

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All snakeyaml users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/snakeyaml-1.33" + + + + CVE-2017-18640 + CVE-2022-38749 + CVE-2022-38750 + CVE-2022-38751 + CVE-2022-38752 + + ajak + ajak + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 58c09034afba..ae6cb2e0b6b7 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 21 May 2023 19:09:41 +0000 +Mon, 22 May 2023 01:09:41 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 0d82af0d51df..346d0911b1e8 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -732f6cefb4a1e4884e3fa3048d18faa0babd014a 1683183984 2023-05-04T07:06:24+00:00 +980b750f6ebc25adc36501cfe47c72ab672b5e9b 1684698697 2023-05-21T19:51:37+00:00 -- cgit v1.2.3