From c25088d4fc442a7d6dc3a8d0498b43024888318d Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Wed, 25 Sep 2024 01:25:44 +0100
Subject: gentoo auto-resync : 25:09:2024 - 01:25:44

---
 metadata/glsa/Manifest           |  30 +++++++++++-----------
 metadata/glsa/Manifest.files.gz  | Bin 588531 -> 589168 bytes
 metadata/glsa/glsa-202409-21.xml |  41 +++++++++++++++++++++++++++++
 metadata/glsa/glsa-202409-22.xml |  54 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202409-23.xml |  42 ++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202409-24.xml |  44 +++++++++++++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 8 files changed, 198 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-202409-21.xml
 create mode 100644 metadata/glsa/glsa-202409-22.xml
 create mode 100644 metadata/glsa/glsa-202409-23.xml
 create mode 100644 metadata/glsa/glsa-202409-24.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index a6a8b0643b56..710d9c4e09a3 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 588531 BLAKE2B 3d83a66d9c762955ba134aea6253e48c5f33b610ac0abc6f10cedd45b687dae99d8b74290e6f92ba6c9a33c4195523812d85c6c5ad730ad640e7adc2454206d0 SHA512 6413c60682e5f6ed998faa702d52a254f7a124cc29c7adba0a99a08aa315c2dc44d48331f0154669e4067f28194b9628445a0fd685284a0bcdbe57a764951e49
-TIMESTAMP 2024-09-23T23:40:24Z
+MANIFEST Manifest.files.gz 589168 BLAKE2B 086b8bdef76746eee9f4b4c09c6ab6fd093f1448693af2c5b6cfb638e2eaba91d1148ff9a4c029d0feb34050cee77e22635c3cf095050a900c530ae39132fa00 SHA512 a4a3488a37b4ed0bdff36d3fd27a0d124e76910a9ba8a6e74c6da1f90de9beedb9bc99ef26e8c121f13928005ebccdd806b2bb53205db62138afa6d78a528a9e
+TIMESTAMP 2024-09-24T23:40:20Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmbx/GpfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmbzTeRfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAFug/8D9l9mftSYDgXWElprKOgccx44uDyz+Wk/LoI8kNPGB8PnMTBpbamKY3/
-cgqPJkS/rOuUBn2Fk3RV18xnByEV+tR0kgKHFilgzYZZ4+NdTwgQjOJP1kg9I1eI
-XDGtrJHpueoiS/EswrU++h1kuDBV4YsFLjSeNV1a9MV2q6yF4GcaXtCHxhgwZWzF
-erNQ6kionzVQDzbSOceCmS2h8wZtUCul/yWg5fVrKTlmtzHx9+rkMD2DPXKFdR/h
-N+s0nQWuj2TDKHFIVDBIYJ5BF9m7V1hQNIXc9cHk8W5TJQLwAdlsfEq7ZQ6gu5AQ
-0sCS3G6VqO2upLxrR/UkQK5sF9RySdGRIDGpNnjdS4xkWIRF2Q16ksxpa9dv5AiT
-PbSzwlwBdDFc/mOLxAMKLdLEe+ADRC6AqIMrqKx7flzNj1S072E1J1TVB7tafJdu
-FKaEznpBRPbBtQoSsl32wfVOBGdwj5f8cogdRt8tvO8juBz1jTYpvv7tPYStdYmF
-EHxfOWRKyn34DEcx53HQUsqtOC4jw6FUL7/jzfP0/LcKpXF5Z2S3bl0b8aNKWkhK
-rKeFcDJbtMB/wBmo/Axfh9NsK16pNhiF0y/cIfnxXJ4AIPgmSOFSk/vnLrbdNxJf
-GdXya78fexJPmQ82udR6t94W2hBFK3V/fhTg/4hyU6iCE1bRmAI=
-=Ofvz
+klDIEhAAixowfYKtd8bYyqCPIXWXmBlrddZHtiwBnFuDMBbCEhVHK2C4lyqy4I/K
+DZHS1LSD4tMInTohwN+71PWp3cV8rWS9SUKO1FmSSNylZKA+oa+tChg7Z7rKtxon
+DvNB+9KBtxBllWf1bx1t89VqKRzAPjUnkhpe1j3UX2bHkk4FxWYMVRivtzsv9V/X
+P8cWTEjPJUfumhcwpmq8Snl4PN0+Q7khLF/LfXNVzaTL2ER8cdoTOAj6E4iTmKfW
+YBj9Oodo2GWTTure5Eb64cFf0EXkQ7Awq4KON/wslBNI0Pn78rC/Vxe2nTV4qpqn
+EpLBHG/oFdlDIMsOBxLPevS96sbkY76wMzVspdTt/G+yXyJp/8E0RY7BkEH27/ZG
+paaaS43JmQ+F/RQh44NPKS/So0HnEhK2AgujHaQCtBUO3zuv1M8lWxHjOJuEF0t8
+5ApEN3wF2PDJV8Jk/SspkRLGyW+SQueIXQB3DO2IAzExTLZfd1OD0Zxpw0pvoZqu
+FrsqwcFLIgPNgjLDdBIWIVbzM968/fVgBsIqCHaApZwtqo3wND5xOOLI6mvXg8NI
+jJxVIMzNIKP+58/hLoDwF5rn0i/VAe6h8R7PgTbRpuvYZWk4QDrX7/doSTtHQWaw
+m1AyLU2yHMJVtM7YDIYKRoyStlghZQ+S6YdytYPsYQJs3o2EZtM=
+=TJyn
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 15a50bac9716..74651e1dae00 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202409-21.xml b/metadata/glsa/glsa-202409-21.xml
new file mode 100644
index 000000000000..8f68a53102c2
--- /dev/null
+++ b/metadata/glsa/glsa-202409-21.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-21">
+    <title>Hunspell: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Hunspell, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">hunspell</product>
+    <announced>2024-09-24</announced>
+    <revised count="1">2024-09-24</revised>
+    <bug>866093</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-text/hunspell" auto="yes" arch="*">
+            <unaffected range="ge">1.7.1</unaffected>
+            <vulnerable range="lt">1.7.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Hunspell is the spell checker of LibreOffice, OpenOffice.org, Mozilla Firefox &amp; Thunderbird, Google Chrome.</p>
+    </background>
+    <description>
+        <p>Malicious input to the hunspell spell checker could result in an application crash or other unspecified behavior.</p>
+    </description>
+    <impact type="normal">
+        <p>Malicious input to the hunspell spell checker could result in an application crash or other unspecified behavior.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Hunspell users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/hunspell-1.7.1"
+        </code>
+    </resolution>
+    <references>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-24T05:10:05.686745Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-09-24T05:10:05.693494Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202409-22.xml b/metadata/glsa/glsa-202409-22.xml
new file mode 100644
index 000000000000..2e5cb0cf13c4
--- /dev/null
+++ b/metadata/glsa/glsa-202409-22.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-22">
+    <title>GCC: Flawed Code Generation</title>
+    <synopsis>A vulnerability has been discovered in GCC, which can lead to flawed code generation.</synopsis>
+    <product type="ebuild">gcc</product>
+    <announced>2024-09-24</announced>
+    <revised count="1">2024-09-24</revised>
+    <bug>719466</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-devel/gcc" auto="yes" arch="ppc  ppc64">
+            <unaffected range="ge">10.0</unaffected>
+            <vulnerable range="lt">10.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages (libstdc++,...).</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>The POWER9 backend in GNU Compiler Collection (GCC) could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All GCC users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-devel/gcc-10.0"
+        </code>
+        
+        <p>And then select it with gcc-config:</p>
+        
+        <code>
+          # gcc-config latest
+        </code>
+        
+        <p>In this case, users should also rebuild all affected packages with emerge -e, e.g.:</p>
+        
+        <code>
+          # emerge --usepkg=n --emptytree @world
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15847">CVE-2019-15847</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-24T05:11:59.047098Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-09-24T05:11:59.050051Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202409-23.xml b/metadata/glsa/glsa-202409-23.xml
new file mode 100644
index 000000000000..7a887839a107
--- /dev/null
+++ b/metadata/glsa/glsa-202409-23.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-23">
+    <title>ZNC: Remote Code Execution</title>
+    <synopsis>A vulnerability has been found in ZNC which could result in remote code execution.</synopsis>
+    <product type="ebuild">znc</product>
+    <announced>2024-09-24</announced>
+    <revised count="1">2024-09-24</revised>
+    <bug>935422</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-irc/znc" auto="yes" arch="*">
+            <unaffected range="ge">1.9.1</unaffected>
+            <vulnerable range="lt">1.9.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>ZNC is an advanced IRC bouncer.</p>
+    </background>
+    <description>
+        <p>ZNC&#39;s modtcl could allow for remote code execution via a KICK.</p>
+    </description>
+    <impact type="normal">
+        <p>A vulnerable ZNC with the modtcl module loaded could be exploited for remote code execution.</p>
+    </impact>
+    <workaround>
+        <p>Unload the mod_tcl module.</p>
+    </workaround>
+    <resolution>
+        <p>All ZNC users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-irc/znc-1.9.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-39844">CVE-2024-39844</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-24T05:14:03.149211Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-24T05:14:03.152374Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202409-24.xml b/metadata/glsa/glsa-202409-24.xml
new file mode 100644
index 000000000000..fd5092cd5d12
--- /dev/null
+++ b/metadata/glsa/glsa-202409-24.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-24">
+    <title>Tor: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Tor, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">tor</product>
+    <announced>2024-09-24</announced>
+    <revised count="1">2024-09-24</revised>
+    <bug>916759</bug>
+    <bug>917142</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-vpn/tor" auto="yes" arch="*">
+            <unaffected range="ge">0.4.8.9</unaffected>
+            <vulnerable range="lt">0.4.8.9</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Tor users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.8.9"
+        </code>
+    </resolution>
+    <references>
+        <uri>TROVE-2023-004</uri>
+        <uri>TROVE-2023-006</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-24T05:15:39.701157Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-24T05:15:39.704608Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 8fd16c406a3f..0cec23cfdd76 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 23 Sep 2024 23:40:19 +0000
+Tue, 24 Sep 2024 23:40:16 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 98677f8c2800..8182f48f17d0 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-b04b4f7e697b62c8b67bd3c4bad5d6903b20f23f 1727070820 2024-09-23T05:53:40Z
+c26479fb378aedb5634d1fae755c460a1b2da823 1727155008 2024-09-24T05:16:48Z
-- 
cgit v1.2.3