From d80b870c42fbe218389ffaf86f0f2a39404deca1 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 24 Sep 2024 01:25:20 +0100 Subject: gentoo auto-resync : 24:09:2024 - 01:25:19 --- metadata/glsa/Manifest | 30 +++++++++++------------ metadata/glsa/Manifest.files.gz | Bin 588370 -> 588531 bytes metadata/glsa/glsa-202409-20.xml | 51 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 68 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202409-20.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 65362c0cec26..a6a8b0643b56 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 588370 BLAKE2B f495c00819858399f9c4e7652d637570436f076630fa2fc4800ddf34885210fb91bd7c12f91ce7ade4940796d66018d85520a5d35b7b1ff8f652e76f28f1d4ba SHA512 38849dbaf4ed005f716f199bf64f2a61c41194f77e951006c230efe4b69c16d6588767174dbd0d98bbc887c6a3d43322070c6d8dc4011f90da0a8dbec61db515 -TIMESTAMP 2024-09-22T23:40:13Z +MANIFEST Manifest.files.gz 588531 BLAKE2B 3d83a66d9c762955ba134aea6253e48c5f33b610ac0abc6f10cedd45b687dae99d8b74290e6f92ba6c9a33c4195523812d85c6c5ad730ad640e7adc2454206d0 SHA512 6413c60682e5f6ed998faa702d52a254f7a124cc29c7adba0a99a08aa315c2dc44d48331f0154669e4067f28194b9628445a0fd685284a0bcdbe57a764951e49 +TIMESTAMP 2024-09-23T23:40:24Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmbwqt1fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmbx/GpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klBDwhAAg3bxHf4mzxiPxbxX8+s1UQtEyLZ9paSXHndkDa63lPW3/qbk5bOZtcrs -V5ZTKFx7QGY3ufz+FNplPNxcDJ8QKXsIDBJbQHnOhkWngtoa654kRcDrMv5bqPO+ -pxnmaGtNktNJZa6qon7DXekYfDUpsVu4HHw1/vudZl4hiwc1JwsUvGAa0BJcMNIf -4KCVVGOppCcKa8ajDTbDuvcXi8qXKQ5ibPlBzTnTOhpDyc0GLmGFMbOLqhuCL6td -RJMRgCuBlVNDOLo5bXMXR/gwiEmoVqw/inXQnw5BfbCWdlP7a6r0GFFkj8hUvI0H -YqqOv3tWgMcR+4rMADwvsVDpQs4xFplpFZ3/vGXCePHEJDp4CyPbRDbDsHjAQ21S -OMLSCdDckQEooG6/6iA+FPXYdCYm3hbCKl0luBm4DaI95DAO0xDrT7nOPHo82oVD -ZkXPq1igX5jstGJiOYKP89Wm9QY/HD/fRMC/Z09JHb20CjKfWYQiuqBWAGWZ1Rto -Lf/wREioH2/UgYp+OaFZ2ewEASf8AkL5zB4lvGRexAelIO1RviFNkCzcrIUJ6aXb -uFC0OCDVLIF9kHNd0fyr5t7YPWLnzYD97pS/lZ+lJCvvA0CTbFXYgTvqhFGLHhch -QmD/TBCMPaRhNZ2cJ2obKSpsMib+cDYWGpZH055sLF5QnwFi8E0= -=OzuT +klAFug/8D9l9mftSYDgXWElprKOgccx44uDyz+Wk/LoI8kNPGB8PnMTBpbamKY3/ +cgqPJkS/rOuUBn2Fk3RV18xnByEV+tR0kgKHFilgzYZZ4+NdTwgQjOJP1kg9I1eI +XDGtrJHpueoiS/EswrU++h1kuDBV4YsFLjSeNV1a9MV2q6yF4GcaXtCHxhgwZWzF +erNQ6kionzVQDzbSOceCmS2h8wZtUCul/yWg5fVrKTlmtzHx9+rkMD2DPXKFdR/h +N+s0nQWuj2TDKHFIVDBIYJ5BF9m7V1hQNIXc9cHk8W5TJQLwAdlsfEq7ZQ6gu5AQ +0sCS3G6VqO2upLxrR/UkQK5sF9RySdGRIDGpNnjdS4xkWIRF2Q16ksxpa9dv5AiT +PbSzwlwBdDFc/mOLxAMKLdLEe+ADRC6AqIMrqKx7flzNj1S072E1J1TVB7tafJdu +FKaEznpBRPbBtQoSsl32wfVOBGdwj5f8cogdRt8tvO8juBz1jTYpvv7tPYStdYmF +EHxfOWRKyn34DEcx53HQUsqtOC4jw6FUL7/jzfP0/LcKpXF5Z2S3bl0b8aNKWkhK +rKeFcDJbtMB/wBmo/Axfh9NsK16pNhiF0y/cIfnxXJ4AIPgmSOFSk/vnLrbdNxJf +GdXya78fexJPmQ82udR6t94W2hBFK3V/fhTg/4hyU6iCE1bRmAI= +=Ofvz -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 1c5c3851b1f5..15a50bac9716 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202409-20.xml b/metadata/glsa/glsa-202409-20.xml new file mode 100644 index 000000000000..0f55e4837a0c --- /dev/null +++ b/metadata/glsa/glsa-202409-20.xml @@ -0,0 +1,51 @@ + + + + curl: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. + curl + 2024-09-23 + 2024-09-23 + 919325 + 919889 + 923413 + 927960 + remote + + + 8.7.1 + 8.7.1 + + + +

A command line tool and library for transferring data with URLs.

+
+ +

Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All curl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/curl-8.7.1" + +
+ + CVE-2023-42619 + CVE-2023-46218 + CVE-2023-46219 + CVE-2024-0853 + CVE-2024-2004 + CVE-2024-2398 + CVE-2024-2466 + + graaff + graaff +
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 9893824f6eca..8fd16c406a3f 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 22 Sep 2024 23:40:10 +0000 +Mon, 23 Sep 2024 23:40:19 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index fb54db6a96f5..98677f8c2800 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -c5244efc38e02f2f0af5af93f3b49a15bf368da2 1726995862 2024-09-22T09:04:22Z +b04b4f7e697b62c8b67bd3c4bad5d6903b20f23f 1727070820 2024-09-23T05:53:40Z -- cgit v1.2.3