From 56330f065f2b903d9e1b2dffc63719fef5897a45 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 6 Jan 2024 12:54:39 +0000 Subject: gentoo auto-resync : 06:01:2024 - 12:54:38 --- metadata/glsa/Manifest | 30 +++++++++++++------------- metadata/glsa/Manifest.files.gz | Bin 559158 -> 559317 bytes metadata/glsa/glsa-202401-07.xml | 44 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 61 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202401-07.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 6e58dc212fb3..c40e10750664 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 559158 BLAKE2B 7743be6d30bedd899f1ed6ee719a2c0f78de2f732319746c264a2fa060ba8ae030e9eed586d48ebb590968099f0af93a7b2f09f029dc6458c2ee484d255bd117 SHA512 86d7b1c7f1efaf6f78995086d3e2bb0b7d8c79e5750b872b064dda4aec42c093aebaf9a1ea2161c6c56fa84d61dba2be695416159673540b4a2291892918d774 -TIMESTAMP 2024-01-06T06:10:13Z +MANIFEST Manifest.files.gz 559317 BLAKE2B 0a4d0ed654d5a43854b9b44988bdb4643495b86920de9bd246bf46fcc345ba1a5166c2103a10a186d99db77f51e6ca2fbedd4ea9de655624a90f97185dedfe19 SHA512 68b7f9edd2e18b7c9b8cde1bd8ca0c31f75b45ec27937f49a0b172c9019da731e4182b7a6489209bd8527928ac9b72c9b7758e7a8a785bc8902893a4edadd98e +TIMESTAMP 2024-01-06T11:09:35Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWY7sVfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWZNPBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAYfg/+MOkupdLfzTMTtp+5Kx8n+DTJvcPH4JChl3Atze2qIWjIWoi9TaqvNRtu -oc8uNpK5xr3f983qH5b2pv1mVbcICDoe1RR/72dXmA7CkTfscjhQeoXR50iaxABE -gjN3elxMZo3CNNq6njRs3wXWTtPhv8kA5s6BVs/fJJmBZI2mMc/09s5ejp6Mi3Pk -bUkK54Esc3HislAXAO4S78NarU5g/UQ1oTypouZQ161WQlLRfJqcE+jh5Od9IJlY -FOy3EP3rbVp/cHglXjcXhjxB4qeCa9zl/2viGnSX+ny2RAt1n2Tp9D37JBsGflzt -OUTUIXimxSxWa7T0OCk/yXW1oe9dML/h1+drB9AiO7x/gr5GUR0h9XdwNhXX3phM -NBqvcMDcxkpSw7GdnjbeVrKiKgxLIAym83K6I3WhPKwssdpxlrnbSOcc3e2N9BYI -szlcjkDNtne/cX62huOJC99n5XAVwAO00x6Uqcfz0NYswJ3YlHAUobDdPcxmEGZe -dXCw8jFiegmdnVN5+WZzsOCL6MsuMf1Vm36dpF+7OVxQ7rm01yvRaRB41v0YTlMU -Xr+fjmLkCB5TkkLsZLPhG4TcQiS6zdihjjUx20Nmnsgxwa1f77jzHpE7R3ASFff7 -+KJMqUyQMvbUhHr27+UBf1I52IwP0C3rzoOfM6zS4Qz6PIrYWTk= -=am6P +klDqnA//U3WBWswT4EZcziH8SW6TUHMsjQY9r6DJ/bbKDzoGk+TxzSMNdBEyCL3J +vuj0w+aOBLwRPCGIfL7xhFF2O+R1FHKgUNI7aT2Q0I1rS1XtRZjFHLOGoYnpyjwt +QXTxPXkRkW41vlEd83cgoRwh8dP1TAhM8DimfHmg+UBdB20FLRGT0nCdbHN7Ux/x +xu3k3Azhdbj8Ax7a2fzduZcQpII8dYXM/GV0gz4ECUBGKT7Rd5o9rwFkrnfZ7XIA +SbyRL+sCDChmAvPVRy776zzdBX3Q2exyldyxRLQ1WPGYKVqJy/WWWROMYJy0wAuX +4GFW3MPFndAbTYTdOnB4GA4f969gAFzisixtITzn3f3cdgtVApN1pHsslTi+du4/ +e6POzK66I0qiZxk2xeqdJ1/pOVNqwu7OYyg3kXNLwSwQ0SfTiMlP49Aj0cvRyjvB +dbWZn/apxe2ObA2c1P3xr1E7ucYUwDZNrizz72IJeBtuyzHJn65OzI8ZKafferg+ +LWu06AalSDMbHT70ClFD73lL1P+fvaO+N/Pi0tW5a0gQNC1ea1Y35NkgjlQyY78b +umEafSy/VXLb7dHdEuHa7tioVGg1VhDcp2sZUKOKvU7VM6auZkZDENnDI2ocRKnw +np8UwMqoLKbB1HzJVCMQBico4oxkxFD5UIVV9nTW6TEPe+4E7qw= +=037z -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index bc5279c092c5..126306040cc9 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202401-07.xml b/metadata/glsa/glsa-202401-07.xml new file mode 100644 index 000000000000..ff293d52a518 --- /dev/null +++ b/metadata/glsa/glsa-202401-07.xml @@ -0,0 +1,44 @@ + + + + R: Directory Traversal + A vulnerability was found in R which could allow for remote code execution. + R + 2024-01-06 + 2024-01-06 + 765361 + remote + + + 4.0.4 + 4.0.4 + + + +

R is a language and environment for statistical computing and graphics.

+ + +

The native R package installation mechanisms do not sufficiently validate installed source packages for path traversal.

+ + +

Installation of a malicious R package could result in an arbitrary file overwrite which could result in arbitrary code execution, as might be seen with the overwrite of an authorized_keys file.

+ + +

There is no known workaround at this time.

+ + +

All R users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/R-4.0.4" + + + + CVE-2020-27637 + -fno-common + gcc-10 + + ajak + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index d1e0077507a2..16b79886b532 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sat, 06 Jan 2024 06:10:10 +0000 +Sat, 06 Jan 2024 11:07:55 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 066490e28f40..c6d503ae307d 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -13307cb5778acc25f47ab91c29f839443f3a4cf8 1704464830 2024-01-05T14:27:10+00:00 +6de45d78fb7f4cf3386f767a9e6b4d48cc85ce88 1704531859 2024-01-06T09:04:19+00:00 -- cgit v1.2.3