From 49955454c1c6f0c30ab17d37abd921ee4aba0383 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 2 Jan 2024 20:57:46 +0000 Subject: gentoo auto-resync : 02:01:2024 - 20:57:46 --- metadata/glsa/Manifest | 30 ++++++++++++------------- metadata/glsa/Manifest.files.gz | Bin 558197 -> 558359 bytes metadata/glsa/glsa-202401-01.xml | 47 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 64 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202401-01.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 5c5656946097..6b16de838a07 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 558197 BLAKE2B dde0fd5bc1749affc0b48b285b7ab9bd0a7216628f650cd3cbf0e6b2a1788ebd2dc667afbfee3491b42c071ba583d8c7e204468384a8f639b22206d6cbf47903 SHA512 6a3cf3862910d3680e54853c513e07b7a7d791fa5a5732653e79584f351498dd0ac5f7c244cf38dd9920afd7da27fd2c1e7a51770500da41d964a2a5ddd6ec92 -TIMESTAMP 2024-01-02T14:09:54Z +MANIFEST Manifest.files.gz 558359 BLAKE2B 6ff1dd9354455ed7f338ae06c477ce7dac2990bd3eb84868668c9a4fbd7666355ff69ec8cc4598c2a46dd5fe56b3f952413e3b68af3b33b6da19c6f37d97ca70 SHA512 a6deeae40717b5176fe6030ff10537898379202450dfebbf026b789aa8ed1701f446b152e2bf3cf3f8b391bac2576b9612ea9a4cf4d35ad7cc3d262e8dfa0010 +TIMESTAMP 2024-01-02T20:10:00Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWUGTJfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWUbZhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBH4BAAhVAlV/ou9s5O1/wbLMT6lxHxhmkXC1NA64nKu4fiZg20p2POZvOXS0NM -DpBMVHH0tTd0xvSSiNqFYZkx/k/LHtQSS6YwkdM+15DhhUrbB46TakVUkhFUUr2y -8JG47FlWXxcKKXcxqxdvdtNYexggyHhq2QmRPwlnxbMq98/bTSGIpzEh8pok6VeG -IrVtEVR9MZ0c+Ye4I/KuzlngCM4I61DpoHAjbPNkmGVpkBI0B+TD/7JNjewa7I8a -SshfzS26r3ZOs9TtbDM7/jsumg8Ty3Ic2eRFIqRKPiveWlx7utXlweRcHxhXsVHB -By0JQMUE2ACWCk135JQrKg4BYZe1aB0mkXoJt5outsXs+0HcWAmFiw6K61PJ9Nxj -Es7mbaeE1BYN90j7YzNOVCL6UVkiMN3QneNG7ieAIpwWAuKhUDn2bWpIgpom6k2w -ofSimSASw55lJtBPEZ5VNA0hOWbuzWQK9+x9A02iTZ1rSXrBnOXOpy2ZcJ6pCsgd -JwM7+Wfm36n4H8vyv1U93jXMtwJjq4WYUFXBkSl8Un4GFLUAZ697gdcOW+cqrTch -VSm0SM1J2OSDmffq0qK5Ou5kklkirkIJdqNXvqdxbExdzTGIYReGSaNWrsG/wiYC -WstYW1w614kisOTvq82zasBIH6dYlcNOeUHOL63s6pRCoV9AN+E= -=HJtc +klAHLRAAomZSIykxvnL3Gy2ChTZJ0GR7MwT6CghWpcnJK8IzEVfSJneesKvaM23z +7lAfp9kULbagVqDZHbu58cK30h6KJmc2qeapuiVhYoKgQts6Y3YLJjJRdPZhGzcw +oz4P3Fj6v1vb4M1UnZ75sj3CHa/yNuzrlh39E9QBsOBWUkUmkhVnCDgvxE/uRpxS +KQc4xAfXJy7ZuoU51VPyEKbnO8xMwFrUjRP2BLdPHnlpsIlSGt8DOTO0xsBO5Hta +7FkvOX+a+nFwr/psJA8VRyqtg1ZeiprbsxODAwV3MJYXWkft0p9SSwvvregg/E9h +SkofwmLtrrCh2jwX5hzKDMJjUDctqn3K26XZwDyvNBDFDGMTT5W87GpfwmVv1wup +Ivg71xkcVrsiHVbFzPz3A8NxwC88qwoznlRdYKVgneAxszHPlYGsm2FfyncvNqdT +ck6BaPiFyv/rjc0kFNWRZG6ciHi4mSK92Pm++nv74MscEKU2mJhQiVM2QgqmG5H/ +WrrYhNHTpfLw2bpPXRtUXrBeStkppZ81AD+1CcEAVDAnaUJ+2eBCACWPomxLooxW +eOai+euP0x7+WGUSGD2wH98qdISzlwkRS/yVdME4Hd8EIRukv4gBKzEOxMHZBKiM +Al/zS10i9DTmF2T8ZLjAmX/AAHRH429wMQJfjmGUFKIPl3CyJfs= +=kC8w -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index c1be36f2d992..e9d3a995cb72 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202401-01.xml b/metadata/glsa/glsa-202401-01.xml new file mode 100644 index 000000000000..0909c59e0bbf --- /dev/null +++ b/metadata/glsa/glsa-202401-01.xml @@ -0,0 +1,47 @@ + + + + Joblib: Arbitrary Code Execution + A vulnerability has been found in Joblib which allows for arbitrary code execution. + joblib + 2024-01-02 + 2024-01-02 + 873151 + remote + + + 1.2.0 + 1.2.0 + + + +

Joblib is a set of tools to provide lightweight pipelining in Python. In particular: + +1. transparent disk-caching of functions and lazy re-evaluation (memoize pattern) +2. easy simple parallel computing + +Joblib is optimized to be fast and robust on large data in particular and has specific optimizations for numpy arrays.

+ + +

A vulnerability has been discovered in Joblib. Please review the CVE identifier referenced below for details.

+ + +

Joblib is vulnerable to arbitrary code execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

+ + +

There is no known workaround at this time.

+ + +

All Joblib users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/joblib-1.2.0" + + + + CVE-2022-21797 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 6fa290cb022a..d000d28dfbe0 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Tue, 02 Jan 2024 14:09:50 +0000 +Tue, 02 Jan 2024 20:09:57 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 352527083875..4f7a75657ddb 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -3dfe782899716a3480c9481c69bca8c231c663a7 1703730129 2023-12-28T02:22:09+00:00 +086ee91647926ad5550f1443e004b5f5d1bda7fc 1704206331 2024-01-02T14:38:51+00:00 -- cgit v1.2.3