From deba8115d2c2af26df42966b91ef04ff4dd79cde Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Thu, 14 May 2020 11:09:11 +0100 Subject: gentoo resync : 14.05.2020 --- metadata/glsa/Manifest | 30 ++++++++-------- metadata/glsa/Manifest.files.gz | Bin 462854 -> 464298 bytes metadata/glsa/glsa-202004-02.xml | 16 ++++----- metadata/glsa/glsa-202004-14.xml | 53 ++++++++++++++++++++++++++++ metadata/glsa/glsa-202004-15.xml | 51 +++++++++++++++++++++++++++ metadata/glsa/glsa-202004-16.xml | 50 +++++++++++++++++++++++++++ metadata/glsa/glsa-202004-17.xml | 60 ++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202005-01.xml | 56 ++++++++++++++++++++++++++++++ metadata/glsa/glsa-202005-02.xml | 50 +++++++++++++++++++++++++++ metadata/glsa/glsa-202005-03.xml | 72 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202005-04.xml | 72 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202005-05.xml | 53 ++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 14 files changed, 540 insertions(+), 27 deletions(-) create mode 100644 metadata/glsa/glsa-202004-14.xml create mode 100644 metadata/glsa/glsa-202004-15.xml create mode 100644 metadata/glsa/glsa-202004-16.xml create mode 100644 metadata/glsa/glsa-202004-17.xml create mode 100644 metadata/glsa/glsa-202005-01.xml create mode 100644 metadata/glsa/glsa-202005-02.xml create mode 100644 metadata/glsa/glsa-202005-03.xml create mode 100644 metadata/glsa/glsa-202005-04.xml create mode 100644 metadata/glsa/glsa-202005-05.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 33929072fc57..d049ba8837e2 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 462854 BLAKE2B 45d9c39aed70715f733b66b45dc5f1269928044878c906083c6e7a076449bf75e0a2abc6b2094fac1caf94f820d8a437f66033fe5edd3675345689e5a3f2c6d8 SHA512 cdd4cb4b70565ed751e2fc667e7560d4b3105f046b9428886b70b2d9ea0dc778c9446a4556ccea472de31ef09973c16422f77c1b2e65175f6c4833f501c93cc8 -TIMESTAMP 2020-04-25T09:38:56Z +MANIFEST Manifest.files.gz 464298 BLAKE2B 526a6ba1147d1a7dfd302a24bff7fbcd35795c074c66309f2769965fbf66a4030ab97ff6fe749f275ae27a9eb89af001a4da1c9034b77087136aaec3ef924db0 SHA512 9109f8b09544f23d56243b529abfacedcd6c96f06bd7ac30000b4fdc0fa196adcedd450a45aa34b2f3b9e39c5c79b21cf745580241e5a3dbd04444c94fd0e004 +TIMESTAMP 2020-05-14T09:08:22Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl6kBTBfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl69CoZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCcXg/7BNzMr/mNPnHYxDfDRe4oxPQRKDMr1qdDJpwbsh8OJkz5uJfc7W2wRUYJ -RGaQ9tGkZ8ih3qyETN4MyLIUU28kXcKBY+BJHQtHTlt3J+idwN+vAJJG1HZbTM6G -L4u2PxciwU2Jwnyj5Xv+R04iRpbOp03aMYk3O8vw1kE84eEWQoYzSl7rsNqVAJtO -58bQ/ez8BxFjSERAhCviFjQL8u3izCGVwWq6Ecw/rJaI/1h17s/9ps/wytgXCB1w -z1tLDdUHAlQKOdQ6F/htu6r2jS51ucRZr+asQRZ8UeamFTLW53n4Sqgw408WEb1C -fWPrxE/Q834drYte/z9lORGOjn6q+Gqw5oeNcTGCbTcN4s2VtEUjvycWeG99XJY0 -zuBgJSj4JrdNfiuEJwiaFiH9L4KqCcrGjatqzSzUA2tzjrO8W1SBXFtTLaIoYA6j -4aYutgnQqpKkjLhb+c3JblZf2BtqOFCm1Dm7C2pHDwpi/50t5w7jkKTN86sUouZw -NvwSzhLsAAdx5S3WWnMKcVDLGm8hUkA7ye9xuLr+Mm2Mm3zfNPUrcBLhd5vkfQsJ -LJqGMG9Wc5C8rJ3KztPMp6atUEMCGCXVFi+2zfk3qhXjfkV6Z1vUOnIDetPVpOhQ -n4u7WpbM9EuZwBGo1FVq32+0OJXMAkuH/oo3CX+XVKH0dLAEKxc= -=6TvA +klBPCQ/9GLnKLMxO7qpPA4LcZCXaZst+azJ4uJlD3wZnODRItV7LeqmFFCwFnZQ/ +yCnVdhTStN8MYHAaEvacNDFVL2PHmX9MJ3zNjvOOpseWnoAZMhaL7wxZY7tYU3Cx +vdYk43iTDT9RF3/WtAB/0gelTriIoz3bRtvTUCqdAwVO886edrb5q9dA+KN86X3K +NndLaIwf4S7dc7GVeW7Sipch6n0G5Qi9nVB5X6+SxagJUXJzeYSbU7rtCMvDfXi2 +DR2xTXLX6MjuCKC4iUwBK1mjTuaXPFBJuS8WfC4WueNArbEKAC+3fPPM9OwC6hkk +ZNX/x8G8LsHw31bSA0qrms0+SzKGsTugDK6PVude5BFE1yujCXzw1Q2znGXiZEch +sy+U3cGvHh1cuJQX+3I6G/NtaDmDFs+IgfxdPU+AyMHK2ms1M7gPJ+OnamHxivz7 +q3QgAjXGLH4HqqKnVykl4PLi/2WXnq5B7j9JF5uJr7qK0OrCZurcM0vKaCLvcQHW +f5o0GZmFq4zlWQ4o2kBwYtEXbQ7WMu3m5V71BCVixoZJWPXycD6YcroYUVbaBgBL +Ek9mMA0cml2tbeii/IVoYLOlKw7dV97+BKLKP+HAJNTRDp1FbfNkJ5fuj5ttvR2t +Sg6XGLfQTe31ZV0sKxaKtE2q4jGE3OmQZBdPPLqDURwNzqaa4tM= +=+xry -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index c466aa961150..1ff792f048e2 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202004-02.xml b/metadata/glsa/glsa-202004-02.xml index 33129dd64c29..479c9bbfe1f5 100644 --- a/metadata/glsa/glsa-202004-02.xml +++ b/metadata/glsa/glsa-202004-02.xml @@ -7,21 +7,17 @@ virtualbox 2020-04-01 - 2020-04-01 + 2020-04-26 714064 local, remote - 5.2.36 - 6.0.16 - 6.1.2 - 6.1.2 + 5.2.36 + 5.2.36 - 5.2.36 - 6.0.16 - 6.1.2 - 6.1.2 + 5.2.36 + 5.2.36 @@ -118,5 +114,5 @@ CVE-2020-2727 whissi - whissi + whissi diff --git a/metadata/glsa/glsa-202004-14.xml b/metadata/glsa/glsa-202004-14.xml new file mode 100644 index 000000000000..31b09f10f695 --- /dev/null +++ b/metadata/glsa/glsa-202004-14.xml @@ -0,0 +1,53 @@ + + + + FontForge: Multiple vulnerabilities + Multiple vulnerabilities have been found in FontForge, the worst of + which could result in the arbitrary execution of code. + + fontforge + 2020-04-30 + 2020-04-30 + 706778 + 715808 + local, remote + + + 20200314 + 20200314 + + + +

FontForge is a PostScript font editor and converter.

+
+ +

Multiple vulnerabilities have been discovered in FontForge. Please + review the CVE identifiers referenced below for details. +

+
+ +

A remote attacker could entice a user to open a specially crafted font + using FontForge, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +

+
+ +

There is no known workaround at this time.

+
+ +

All FontForge users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/fontforge-20200314" + + +
+ + CVE-2019-15785 + CVE-2020-5395 + CVE-2020-5496 + + whissi + whissi +
diff --git a/metadata/glsa/glsa-202004-15.xml b/metadata/glsa/glsa-202004-15.xml new file mode 100644 index 000000000000..29b4a35af54b --- /dev/null +++ b/metadata/glsa/glsa-202004-15.xml @@ -0,0 +1,51 @@ + + + + libu2f-host: Multiple vulnerabilities + Multiple vulnerabilities have been found in libu2f-host, the worst + of which could result in the execution of code. + + libu2f-host + 2020-04-30 + 2020-04-30 + 678580 + 679724 + local, remote + + + 1.1.10 + 1.1.10 + + + +

Yubico Universal 2nd Factor (U2F) Host C Library.

+
+ +

Multiple vulnerabilities have been discovered in libu2f-host. Please + review the CVE identifiers referenced below for details. +

+
+ +

A remote attacker could entice a user to plug-in a malicious USB device, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +

+
+ +

There is no known workaround at this time.

+
+ +

All libu2f-host users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/libu2f-host-1.1.10" + +
+ + CVE-2018-20340 + CVE-2019-9578 + + BlueKnight + b-man +
diff --git a/metadata/glsa/glsa-202004-16.xml b/metadata/glsa/glsa-202004-16.xml new file mode 100644 index 000000000000..247dbbc2c38b --- /dev/null +++ b/metadata/glsa/glsa-202004-16.xml @@ -0,0 +1,50 @@ + + + + Cacti: Multiple vulnerabilities + Multiple vulnerabilities have been found in Cacti, the worst of + which could result in the arbitrary execution of code. + + cacti + 2020-04-30 + 2020-04-30 + 715166 + 716406 + remote + + + 1.2.11 + 1.2.11 + + + +

Cacti is a complete frontend to rrdtool.

+
+ +

Multiple vulnerabilities have been discovered in Cacti. Please review + the CVE identifiers referenced below for details. +

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Cacti users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.11" + +
+ + CVE-2020-8813 + + Cacti 1.2.11 Release Notes + + + BlueKnight + b-man +
diff --git a/metadata/glsa/glsa-202004-17.xml b/metadata/glsa/glsa-202004-17.xml new file mode 100644 index 000000000000..48d400b6927f --- /dev/null +++ b/metadata/glsa/glsa-202004-17.xml @@ -0,0 +1,60 @@ + + + + Django: Multiple vulnerabilities + Multiple vulnerabilities have been found in Django, the worst of + which could result in privilege escalation. + + django + 2020-04-30 + 2020-04-30 + 692384 + 701744 + 706204 + 707998 + 711522 + remote + + + 2.2.11 + 2.2.11 + + + +

Django is a Python-based web framework.

+
+ +

Multiple vulnerabilities have been discovered in Django. Please review + the CVE identifiers referenced below for details. +

+
+ +

A remote attacker, by sending specially crafted input, could possibly + cause a Denial of Service condition, or alter the database. +

+
+ +

There is no known workaround at this time.

+
+ +

All Django users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-python/django-2.2.11" + +
+ + CVE-2019-12308 + CVE-2019-14232 + CVE-2019-14233 + CVE-2019-14234 + CVE-2019-14235 + CVE-2019-19118 + CVE-2019-19844 + CVE-2020-7471 + CVE-2020-9402 + + BlueKnight + b-man +
diff --git a/metadata/glsa/glsa-202005-01.xml b/metadata/glsa/glsa-202005-01.xml new file mode 100644 index 000000000000..3aab94ef2438 --- /dev/null +++ b/metadata/glsa/glsa-202005-01.xml @@ -0,0 +1,56 @@ + + + + Long Range ZIP: Multiple vulnerabilities + Multiple vulnerabilities have been found in Long Range ZIP, the + worst of which could result in a Denial of Service condition. + + lrzip + 2020-05-12 + 2020-05-12 + 617930 + 624462 + local, remote + + + 0.631_p20190619 + 0.631_p20190619 + + + +

Optimized for compressing large files

+
+ +

Multiple vulnerabilities have been discovered in Long Range ZIP. Please + review the CVE identifiers referenced below for details. +

+
+ +

A remote attacker could entice a user to open a specially crafted + archive file possibly resulting in a Denial of Service condition. +

+
+ +

There is no known workaround at this time.

+
+ +

All Long Range ZIP users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/lrzip-0.631_p20190619" + +
+ + CVE-2017-8842 + CVE-2017-8843 + CVE-2017-8844 + CVE-2017-8845 + CVE-2017-8846 + CVE-2017-8847 + CVE-2017-9928 + CVE-2017-9929 + + BlueKnight + b-man +
diff --git a/metadata/glsa/glsa-202005-02.xml b/metadata/glsa/glsa-202005-02.xml new file mode 100644 index 000000000000..10428dc5ea6c --- /dev/null +++ b/metadata/glsa/glsa-202005-02.xml @@ -0,0 +1,50 @@ + + + + QEMU: Multiple vulnerabilities + Multiple vulnerabilities have been found in QEMU, the worst of + which could result in the arbitrary execution of code. + + qemu + 2020-05-12 + 2020-05-12 + 716518 + 717154 + 717770 + local + + + 4.2.0-r5 + 4.2.0-r5 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+
+ +

Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-4.2.0-r5" + +
+ + CVE-2020-11102 + CVE-2020-1711 + CVE-2020-7039 + + b-man + b-man +
diff --git a/metadata/glsa/glsa-202005-03.xml b/metadata/glsa/glsa-202005-03.xml new file mode 100644 index 000000000000..0311ac6901f8 --- /dev/null +++ b/metadata/glsa/glsa-202005-03.xml @@ -0,0 +1,72 @@ + + + + Mozilla Thunderbird: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Thunderbird, + the worst of which could result in the arbitrary execution of code. + + thunderbird + 2020-05-12 + 2020-05-12 + 721324 + remote + + + 68.8.0 + 68.8.0 + + + 68.8.0 + 68.8.0 + + + +

Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +

+
+ +

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the CVE identifiers referenced below for details. +

+
+ +

A remote attacker may be able to execute arbitrary code, cause a Denial + of Service condition or spoof sender email address. +

+
+ +

There is no known workaround at this time.

+
+ +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-68.8.0" + + +

All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-68.8.0" + + +
+ + CVE-2020-12387 + CVE-2020-12392 + CVE-2020-12395 + CVE-2020-12397 + CVE-2020-6831 + + MFSA-2020-18 + + + sam_c + sam_c +
diff --git a/metadata/glsa/glsa-202005-04.xml b/metadata/glsa/glsa-202005-04.xml new file mode 100644 index 000000000000..d5c267fdd883 --- /dev/null +++ b/metadata/glsa/glsa-202005-04.xml @@ -0,0 +1,72 @@ + + + + Mozilla Firefox: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox, the + worst of which could result in the arbitrary execution of code. + + firefox + 2020-05-12 + 2020-05-12 + 721090 + remote + + + 68.8.0 + 68.8.0 + + + 68.8.0 + 68.8.0 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +

+
+ +

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +

+
+ +

A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process, an information leak or a Denial of Service + condition. +

+
+ +

There is no known workaround at this time.

+
+ +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-68.8.0" + + +

All Mozilla Firefox binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.8.0" + + +
+ + CVE-2020-12387 + CVE-2020-12392 + CVE-2020-12394 + CVE-2020-12395 + CVE-2020-12396 + CVE-2020-6831 + + MFSA-2020-17 + + + sam_c + sam_c +
diff --git a/metadata/glsa/glsa-202005-05.xml b/metadata/glsa/glsa-202005-05.xml new file mode 100644 index 000000000000..3e3855c771f2 --- /dev/null +++ b/metadata/glsa/glsa-202005-05.xml @@ -0,0 +1,53 @@ + + + + Squid: Multiple vulnerabilities + Multiple vulnerabilities have been found in Squid, the worst of + which could result in the arbitrary execution of code. + + squid + 2020-05-12 + 2020-05-12 + 719046 + remote + + + 4.11 + 4.11 + + + +

Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. +

+
+ +

Multiple vulnerabilities have been discovered in Squid. Please review + the CVE identifiers referenced below for details. +

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Squid users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-proxy/squid-4.11" + + +
+ + CVE-2019-12519 + CVE-2019-12521 + CVE-2020-11945 + + sam_c + sam_c +
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 64d6d4b98f8d..a8a4210fb03b 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 25 Apr 2020 09:38:53 +0000 +Thu, 14 May 2020 09:08:19 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index eab48bd233f7..42d3e919a17e 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -5f514a6bc0b6082d08328fcc290cbba6761ee102 1587655514 2020-04-23T15:25:14+00:00 +87a3185d1d1560e7d00df11c54ac0f9e63c64368 1589326875 2020-05-12T23:41:15+00:00 -- cgit v1.2.3