From ce163dcd0944d81d8406c9532b457535efca7a6d Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 22 Jan 2024 16:48:54 +0000 Subject: gentoo auto-resync : 22:01:2024 - 16:48:54 --- metadata/glsa/Manifest | 30 ++++++++++++++-------------- metadata/glsa/Manifest.files.gz | Bin 562170 -> 562328 bytes metadata/glsa/glsa-202401-26.xml | 42 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 59 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202401-26.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 6e22334e7683..938fdf5d0e7a 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 562170 BLAKE2B 13793f99b2aeb07db808adbe0b1fe69005e597c86f14ec256c0bd329f157247d0873634aeaa1ef5172fbb27f87e570da5c2f41e37c53ebba4300745897cb3960 SHA512 33976cf0e449ecc18853b813040657dd420fdf2c05dc4aff4bdff73e28ad9894a7768a1303c77eed2804fc2648a328b169039a8cc4b94656ca92b5d36f9ce3d4 -TIMESTAMP 2024-01-22T10:10:04Z +MANIFEST Manifest.files.gz 562328 BLAKE2B f917e7f3715dafbea4631d1e8735246d5b9887c3efe70c6ba46f3209bd4352c3858fb9f3b94eddfea989436bd50ec90a84cb7490a3686cfafe856b8100fc8b3c SHA512 d02be3afe2c6c1c06c58a6413b27e2ddfa1c0d22459c4da9eb5fbc7afe9b5335376f1397c09c4bae95745e7e93f1941a58053c3f1b7dfe65b33c41f933bb9720 +TIMESTAMP 2024-01-22T16:10:14Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWuPvxfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWuk2ZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klC6nRAAtfGxYms9A607H9a1JMzKTdXjKzt6ZrVIuY6tWlrH0FXcVHaJ7FbvGk76 -zwzFVWBeQ9b/OBPrzpIuhUsavE0/rwJ0UIapBDlcV4cGt68se100Xwiyub4cevSP -mF4oKn/BWgCSbYv0KccpsnpUj8GDWL3qEAqLh61x6j4QZQXBRVp0am33Bi8Sp9oA -+7pLQt67ntXtswCsSYczB3uzvzMN1PMCezd4zm3oPDJo8VKkski9/lUhM/EBU2fC -fGimq10wp3ucazxBZYgJJ4iorf09PxhTeyWBofqyDPk7vwlROgl9/FXYsIxk8ZkU -ERIj3q57xzvsU+cWMegbj6LE1yhU2B/YhZpOlh3q2th4CEaEnS1rVlDbBMtWIcfF -YM6cDG4nOJbdKjy45oUc3txLX+rBxSNckoFMygys5Y3xUxPn1cO9SwE0+BDCoCpi -fJGUL2qb0Owu5fBDhEO/h+oQikha1vWaXjYawBoWroFJ3uXbuzFPzmfHLB6tZn52 -EbdJ5wrlvAtyoeKeWvxh+V9MYhfHoHBXBl+WtVFnzCRfa970f9WFACJhja14u9mU -O8pxklUr+uhk6yeIZyJLXsTYg2YeylHyYgX2bAHy6VkIxNIlsUyZ/MJRR5f4aqd9 -i9ytoLf7ocjjlQy5FK6VvapBfHKGn0jMUQ6VfswCghaLiOHp++s= -=EQ4b +klCcgA/+KHqxTQPyOBKMeVrm+M6R6NGs8zuAEbNUEbmH43HkHTBIyGQtUOBXnUTP +6JtutdlJ91Vi5y+7/EGKpN+H56au8ELCkhqnusvoRpK22nsWUqWHb7Zu6WkomeoS +N2MM7K2QQRpF+WH/oF87XHmu6PjjJ+t1RxJALM1TG4HTnT2Qu54ZcZYgc1XM43ZZ +BTsap0RVg3+tKUzKvYZoR+1ZCdZaL2zWs6L+vFvGzs5dbF4xOt3WWxcxVyiH76Z/ +p1bJvuXfubpOYuy097wTEBNofxypIsGpZ4ci0EZILEVkDRNY+llaUSa8/nDDq3uC +7ko6L4v5ZN/nvbEhR7RGokhhquCv5uPWXRqtKjg/cmLo4KG3b0Hh4gl3lCv1tOZu +tZWhrdQtegtQGhXqSzUGlFhhu8g9Q+xYsfL/rqxoOk0ieJa57TNHqginoTsGGe7w +2Zk+f8z/k5K5k35lpq1/Yajbz3n4lQceHzf9sIus0FSPOq0yhq8RUO81Sz3w5DEK +TuvteJ+0kRHnLqp/6Js131J/FIHOa+5w6J5aGh18JZPjf9JsXvw2lX9CW9eYAXRk +NgjkD0YEbdxXTb6Y8KPdBlVigFRieq/SIe/Bw1bfyjo/ui/WlWEB+ZeFNGUjYRnd +Eg2i0/C18MYUGbxIhBwUW/Q5V5S6JFHvJPDpyPyYp496w5BdTKk= +=/Ypv -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index d4fa5e4d7562..89879b805fe9 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202401-26.xml b/metadata/glsa/glsa-202401-26.xml new file mode 100644 index 000000000000..56b9740e67e9 --- /dev/null +++ b/metadata/glsa/glsa-202401-26.xml @@ -0,0 +1,42 @@ + + + + Apache XML-RPC: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Apache XML-RPC, the worst of which could result in arbitrary code execution. + xmlrpc + 2024-01-22 + 2024-01-22 + 713098 + remote + + + 3.1.3 + + + +

Apache XML-RPC (previously known as Helma XML-RPC) is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls.

+
+ +

Multiple vulnerabilities have been discovered in Apache XML-RPC. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

Gentoo has discontinued support for Apache XML-RPC. We recommend that users unmerge it:

+ + + # emerge --ask --depclean "dev-java/xmlrpc" + +
+ + CVE-2016-5002 + CVE-2016-5003 + CVE-2019-17570 + + ajak + graaff +
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 40aa1e17f608..3b0ffe0079da 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Mon, 22 Jan 2024 10:10:00 +0000 +Mon, 22 Jan 2024 16:10:11 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 8731fa61a717..edc30d72137e 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -192b729d81f588010b67c1e39e06aa02c513b126 1705499128 2024-01-17T13:45:28+00:00 +6ee7e022f8f6a1893b71cb4e09707f9eb56fa40b 1705934279 2024-01-22T14:37:59+00:00 -- cgit v1.2.3