From 5d8ffbc273ca664e15618d557ced3e02de1a884b Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sun, 7 Jul 2024 12:24:47 +0100
Subject: gentoo auto-resync : 07:07:2024 - 12:24:46

---
 metadata/glsa/Manifest           |  30 ++++++++--------
 metadata/glsa/Manifest.files.gz  | Bin 578695 -> 579171 bytes
 metadata/glsa/glsa-202407-20.xml |  48 ++++++++++++++++++++++++++
 metadata/glsa/glsa-202407-21.xml |  49 ++++++++++++++++++++++++++
 metadata/glsa/glsa-202407-22.xml |  72 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 7 files changed, 186 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-202407-20.xml
 create mode 100644 metadata/glsa/glsa-202407-21.xml
 create mode 100644 metadata/glsa/glsa-202407-22.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 32b9633dac07..5d85a4afca48 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 578695 BLAKE2B 83336190b9db8ef17789198cdcd94b93ded8e3517f2a97f1c20b8822eed5e6b0b5eb3ced060bb3507ec84b889e927fc798f66d29cbf9eb6e887b9965946a290d SHA512 0f0e20bf349c4697ccf022b03425f130dde9817f7156836e59ab595a116902b21ef17cfdaa931f7d352c2e0cef6812f8551245ae1736d423ae95d1dbfc08592f
-TIMESTAMP 2024-07-06T06:40:23Z
+MANIFEST Manifest.files.gz 579171 BLAKE2B c503f3149ac98a81a2a72d2364a46176b3c285a1621a8af77978b4ede84a80db1977b0d8f154263b7c2bcc353216537aa1b1e8484ae4df3253f17c00c81c0761 SHA512 74d7e8c7054b78d2f3183d3c0366fa4a3d83835c364cd7b13c4eaf7bde990556a6cb8101a1ea11386306381222e788d3c418bebff9f98a1b2d701dcad1904056
+TIMESTAMP 2024-07-07T10:40:42Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaI5tdfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaKcKpfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD3RhAAp3CNXg4364FSyD1tR0sC2kBodwKOzSLobUMQQxe1L8aHmx0WDCQoJ0t6
-mL7WXtDH+o4JdFXt2NVLDYriML8NgKyi32GD4hohJGdftiUvu8YAogRuuIMPqfz9
-5jZ3K5BntuS4nHAGR7dlfGWl2endPZ/efKoWvm+44k/rJxJddnFZHZSZzAYZR6vp
-/RKhvxDXIiZHyt4AdxITAt2TNJXksVF+/RnJwl+3UyKJWzzrfnbXlP0xTIAQ5iax
-kBBk2PyQkRlRq6jckHx4Hp90uuc7QVqZSswSQjMGUaGM75ej2mdjFrIPIqBqHQPe
-3qmZYCe3jm55sUuh4IPr6A2h7FbjdD/NEP6Ql8bHY/wNMTkBFbfDGkTScsJ37c2b
-rcsWIQX3qAL8uaKRuz4SjFeBbPqFShhnxgLSIlVKO2wQWE149IeAkkxnPpDfABcz
-ZRvRodlfeHnH/EvIkhr8XshtueOiQIdvi0YiLErhkFS5hKw7gKUuTsHOBb1O6oI1
-gHCWwopdGJT11V/pKkzTSXsWhf+RauYkXxElccQ0R8AseAlXwGoP2jgye5w6Y2pp
-dZNCuA4ScCM1+f+CvlhVuuRxcMhSBhklWG3MdrXS1asOkcjNTW8i/2i404qrALPp
-0M9vO0V8WpF7jFt+hje97sLywtWrIdQD4VxoQVsN4/0j7PXn5zU=
-=XqTJ
+klB7JA//Vz/aDpU3vcwNrnp1YDhKaXbbkUfsa8qX3m2GPDeUhEmocgBtdpbNl/Qq
+2JfYEyo46Lp0b9oW0A5Fx7Y1mzM05Wq66NuLdl9G5n9Os8iPam1gfe45lQt+tb7s
+KDJuxspijGKP8lkXq/diMk5FPtbDeMPqBglvKkHply6ecSuv1hO1hCnfde2W8F4r
+R6ou6KLg1Lvv8by6TJNxo5STUedSHBjqNoThErnSytd2voPdk29oprasZNoJeZx2
+pV8w948xR77FhYV7FfCZByCDUk+YeA5B5QyzXs5fQGLZhFPqU+vcDRS5pEvy5wJI
+XA8DkNCEVAUxWIEUTfuQGUzbBhOPltWlswbQ90ycThmqJ03hS20Nia1FZAWkWw2K
+6HtSw75sFSBLBpbhFrKKZo1fibRqowzAVmf+YbASyd0OgyighrUbC04i4E57VDRR
++AZjTjspcwbUzQT6bOug3k1rxmawWtqLUxvwkWL1V0DvofY2AY41APJuKcJnfl3r
+g1QdHHAqY5JPnPGIQQ60Y/XUQNMOd8tP0+lwOjryD9O4lFXd1L8GVMTj/6/PZA73
+E302Mq2CNtC1jIf595FHzkVztsCFFE6kgX8YupB9lC4SS/PdCG1t4eOTT2bRovu7
+hGEBybuoX2QW1lQxCelNB83LSu0fj+levNQ3B8cxLpLnIHYf8fQ=
+=dml0
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 26ad6b20cf0b..d4c1d9b1a29b 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202407-20.xml b/metadata/glsa/glsa-202407-20.xml
new file mode 100644
index 000000000000..84856ba8345c
--- /dev/null
+++ b/metadata/glsa/glsa-202407-20.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-20">
+    <title>KDE Plasma Workspaces: Privilege Escalation</title>
+    <synopsis>A vulnerability has been discovered in KDE Plasma Workspaces, which can lead to privilege escalation.</synopsis>
+    <product type="ebuild">plasma-workspace</product>
+    <announced>2024-07-06</announced>
+    <revised count="1">2024-07-06</revised>
+    <bug>933342</bug>
+    <access>remote</access>
+    <affected>
+        <package name="kde-plasma/plasma-workspace" auto="yes" arch="*">
+            <unaffected range="ge">5.27.11.1</unaffected>
+            <vulnerable range="lt">5.27.11.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>KSmserver, KDE&#39;s XSMP manager, incorrectly allows connections via ICE
+based purely on the host, allowing all local connections. This allows
+another user on the same machine to gain access to the session
+manager.
+
+A well crafted client could use the session restore feature to execute
+arbitrary code as the user on the next boot.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All KDE Plasma Workspaces users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.27.11.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-36041">CVE-2024-36041</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-06T06:45:04.101679Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-06T06:45:04.105556Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-21.xml b/metadata/glsa/glsa-202407-21.xml
new file mode 100644
index 000000000000..12c0a2e5a2ed
--- /dev/null
+++ b/metadata/glsa/glsa-202407-21.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-21">
+    <title>X.Org X11 library: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service.</synopsis>
+    <product type="ebuild">libX11</product>
+    <announced>2024-07-06</announced>
+    <revised count="1">2024-07-06</revised>
+    <bug>877461</bug>
+    <bug>908549</bug>
+    <bug>915129</bug>
+    <access>remote</access>
+    <affected>
+        <package name="x11-libs/libX11" auto="yes" arch="*">
+            <unaffected range="ge">1.8.7</unaffected>
+            <vulnerable range="lt">1.8.7</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>X.Org is an implementation of the X Window System. The X.Org X11 library provides the X11 protocol library files.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in X.Org X11 library. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All X.Org X11 library users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.8.7"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3554">CVE-2022-3554</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3555">CVE-2022-3555</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3138">CVE-2023-3138</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43785">CVE-2023-43785</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43786">CVE-2023-43786</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43787">CVE-2023-43787</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-06T06:46:25.255732Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-06T06:46:25.259127Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-22.xml b/metadata/glsa/glsa-202407-22.xml
new file mode 100644
index 000000000000..10eb68b46743
--- /dev/null
+++ b/metadata/glsa/glsa-202407-22.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-22">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could arbitrary code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2024-07-06</announced>
+    <revised count="1">2024-07-06</revised>
+    <bug>927559</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">124.0.1</unaffected>
+            <unaffected range="ge" slot="esr">115.9.1</unaffected>
+            <vulnerable range="lt" slot="rapid">124.0.1</vulnerable>
+            <vulnerable range="lt" slot="esr">115.9.1</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">124.0.1</unaffected>
+            <unaffected range="ge" slot="esr">115.9.1</unaffected>
+            <vulnerable range="lt" slot="rapid">124.0.1</vulnerable>
+            <vulnerable range="lt" slot="esr">115.9.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-124.0.1"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-124.0.1:rapid"
+        </code>
+        
+        <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-115.9.1:esr"
+        </code>
+        
+        <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.9.1:esr"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-29943">CVE-2024-29943</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-29944">CVE-2024-29944</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-06T07:11:46.269314Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-06T07:11:46.272380Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 01f0f7485ab4..d0fb803a0dc7 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 06 Jul 2024 06:40:19 +0000
+Sun, 07 Jul 2024 10:40:38 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index e9b24c1dea7c..1bc9b09c57fb 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-b5d405cb92c7978530ba2683a461c9cb819d4d38 1720246492 2024-07-06T06:14:52Z
+212a4b375c557073cdfba6c10bc0bf6cb57b54c6 1720249915 2024-07-06T07:11:55Z
-- 
cgit v1.2.3