From b9d13f23ed10bb803607f6ef67f0df2f078aa70f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 15 Jan 2024 13:18:00 +0000 Subject: gentoo auto-resync : 15:01:2024 - 13:18:00 --- metadata/glsa/Manifest | 30 ++++++++++++++-------------- metadata/glsa/Manifest.files.gz | Bin 560896 -> 561052 bytes metadata/glsa/glsa-202401-18.xml | 42 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 59 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202401-18.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index cc4fabbcd941..0ae966a639c7 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 560896 BLAKE2B 8c15a48bbd5eabebbba22927e63a3cc862eeecc5754e9e0ca8aa69bf36f50b87f2a58a31ac9d4cdd8038a1cd900c07b164636665ec38de65bc51dccb6c538dd7 SHA512 81aef26a69175ed1979920f616babd336fd2277ed160d474e5b5602fa9b264088907d9c34efc1436d5ce2377f19ea7692e5b40c7ef7bfd83d3e0a76cb3d0641c -TIMESTAMP 2024-01-15T06:14:09Z +MANIFEST Manifest.files.gz 561052 BLAKE2B 2e370baf90fdcc40ea27b2a1f0d7e6210ee747e4187243c4991ef22775123b08db937038f2d78635383232c5803c72b8a98f177b12e48fdefd33bfca9230a109 SHA512 fc1a49a1af98767621f025f1ee7184510bb281bd9e24e963c6700bc0c7aba3681caa3ebfa19bd541d1935840d01247cbbb29742d2400806b1206bcaf9bfd26a0 +TIMESTAMP 2024-01-15T12:41:01Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWkzTFfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWlJ91fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBHMQ/+L7SYFnYySCBr7+ZDM2M46GB8ZA9FRbqAaGxlTqqLf3kMSubbHjpTtRKJ -oYYWt1fyFp95M4V2ti6RXVMOu3RXjwoao/2b06vJVp7brn63I0sU2Q+RKVFFtA05 -VTAKdlASmvEjcGc7IYADJeemn0EdjZwE2Vpo8tFn1MR3bZsambEV701Bc9MQiuh6 -YC7fJ0nCFE42wvN6LiBdYHNeTvJvUxbrf1ZgCk4FmSzJRKdM9Si+VnBT0uug6hWm -lYxMGRSjE081gBNIgdj9PE2MwnkrU7kk0UePbdzCzpCCNfD/hdrRuZiCobWoDzaf -xk+Kwn2Unux83jCBPbQFTeLIsRvrwgERy5FmmdXYmJZVM0YqaO64g7rdUhLkwIoE -xG3tVbxs1TFpf3id/KGIDABnD10movKKM1TBWa0YVNvBnV0xalMcABDMc42R6k2d -+ZNUP3zYplJ29VQNqiC/W3Jg6yFzTsnwBUNSzs0fEJk3ZXUuE/Y+XUVHt3L2FlH3 -e8UgUMCu7uBY86uif1KKdP4DuGwQEZOdabma/mYU6cWrSbxwJGD/XIO/z3uHVhyT -l9hMzpF6llae0CkNDyoQxDPHAanmHRfjGMFRHtLNMMi8DWKwRueXC8AS+nCP4RPS -xP3jKQWFFn0NysFdyo8zNmpKMc36c1F521HEZ9f+sJ49cq8uf9I= -=mBMY +klDpYQ//eSOigBbuQXnxsaIAVJ2Nb5g16vxFbibw3RdOuKLEfpYj40KS8I7Zzp3O +/OvL249+3SRO1JrZfuZnWTFCt3LY5ZfoRgJ67TP18vuZwlTyN9BLH4q7LUn3MGkT +NbbLhazV50SrEFxVgdpW67beIBNc64chd1fniJZWqK0RIF+4UkSohdhPsa093W+q +DCYpoz8RLQcRNLAmArg4ZLWM9hsimJqbswxXcWiTRp1jDM6Qb7T6JLw0G4ZEphvE +7ypUiuGyL776zy0ONOkdRT+FdiCANP+EXmCiuj/HY8UisHyd/63v4+OKuz0Z3bqs +6SZ6dGIZ3GFHGOq/mXcGpO8wt9/RN0J6uDPW5xQ0X/vtBHZlCj3jaicyUlQWUerF +lqJHu5S1ytCqPQ3Xki6FjVbx8Qdt3LtCxWAtHjE8yR0Ek4o1NIeVKav6Cuor6KdN +VnAcBqGMxNDu/2GFSC8PRZYw9kB61q+rCmJ1H5/nlENjHsEaxXBuJ3u4EXIXkYq5 +5bASXHCOYF1WQmcGjlloo3JYkUwQ6Ljfx0SK8lCQg7bDe0jMH9D4miXBhi8gsuEX +4zfziBoj5qSX+8cK5+gqMsBemCuZVrbpyJU2+4WNB97Ib10Kvrj+bV6iBpFF03xF +kH9BmNtEXzRFhcUadSCQq0/PfgKvdNI/pcfW7V/83uxHYl7Kqf8= +=h7SA -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 59cff6646524..150aa1571e0f 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202401-18.xml b/metadata/glsa/glsa-202401-18.xml new file mode 100644 index 000000000000..73fa6e0953a0 --- /dev/null +++ b/metadata/glsa/glsa-202401-18.xml @@ -0,0 +1,42 @@ + + + + zlib: Buffer Overflow + A vulnerability has been found in zlib that can lead to a heap-based buffer overflow. + zlib + 2024-01-15 + 2024-01-15 + 916484 + remote + + + 1.2.13-r2 + 1.2.13-r2 + + + +

zlib is a widely used free and patent unencumbered data compression library.

+ + +

A vulnerability has been discovered in zlib. Please review the CVE identifier referenced below for details.

+ + +

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in ZipOpenNewFileInZip4_64 via a long filename, comment, or extra field.

+ + +

There is no known workaround at this time.

+ + +

All zlib users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.13-r2" + + + + CVE-2023-45853 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 9dadc72a2fc6..f51938f0f188 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Mon, 15 Jan 2024 06:14:06 +0000 +Mon, 15 Jan 2024 12:40:58 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index c59670cdca46..4d92ae452f19 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -c084d1da1a61ad3d1c3cdebcb2fd0cde427e89f4 1705291358 2024-01-15T04:02:38+00:00 +93dbf80a72b6cbaffc14d3cdc8167e7cfb1c6bdd 1705320250 2024-01-15T12:04:10+00:00 -- cgit v1.2.3