From d934827bf44b7cfcf6711964418148fa60877668 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 25 Nov 2020 22:39:15 +0000 Subject: gentoo resync : 25.11.2020 --- metadata/glsa/Manifest | 30 +++++----- metadata/glsa/Manifest.files.gz | Bin 486217 -> 490524 bytes metadata/glsa/glsa-202005-09.xml | 11 ++-- metadata/glsa/glsa-202010-01.xml | 92 +++++++++++++++++++++++++++++ metadata/glsa/glsa-202010-02.xml | 121 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202010-03.xml | 60 +++++++++++++++++++ metadata/glsa/glsa-202010-04.xml | 50 ++++++++++++++++ metadata/glsa/glsa-202010-05.xml | 54 +++++++++++++++++ metadata/glsa/glsa-202010-06.xml | 52 +++++++++++++++++ metadata/glsa/glsa-202010-07.xml | 50 ++++++++++++++++ metadata/glsa/glsa-202010-08.xml | 120 ++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-202011-01.xml | 51 +++++++++++++++++ metadata/glsa/glsa-202011-02.xml | 50 ++++++++++++++++ metadata/glsa/glsa-202011-03.xml | 53 +++++++++++++++++ metadata/glsa/glsa-202011-04.xml | 51 +++++++++++++++++ metadata/glsa/glsa-202011-05.xml | 48 ++++++++++++++++ metadata/glsa/glsa-202011-06.xml | 78 +++++++++++++++++++++++++ metadata/glsa/glsa-202011-07.xml | 84 +++++++++++++++++++++++++++ metadata/glsa/glsa-202011-08.xml | 52 +++++++++++++++++ metadata/glsa/glsa-202011-09.xml | 57 ++++++++++++++++++ metadata/glsa/glsa-202011-10.xml | 48 ++++++++++++++++ metadata/glsa/glsa-202011-11.xml | 46 +++++++++++++++ metadata/glsa/glsa-202011-12.xml | 73 +++++++++++++++++++++++ metadata/glsa/glsa-202011-13.xml | 51 +++++++++++++++++ metadata/glsa/glsa-202011-14.xml | 74 ++++++++++++++++++++++++ metadata/glsa/glsa-202011-15.xml | 52 +++++++++++++++++ metadata/glsa/glsa-202011-16.xml | 69 ++++++++++++++++++++++ metadata/glsa/glsa-202011-17.xml | 50 ++++++++++++++++ metadata/glsa/glsa-202011-18.xml | 51 +++++++++++++++++ metadata/glsa/glsa-202011-19.xml | 51 +++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 32 files changed, 1711 insertions(+), 22 deletions(-) create mode 100644 metadata/glsa/glsa-202010-01.xml create mode 100644 metadata/glsa/glsa-202010-02.xml create mode 100644 metadata/glsa/glsa-202010-03.xml create mode 100644 metadata/glsa/glsa-202010-04.xml create mode 100644 metadata/glsa/glsa-202010-05.xml create mode 100644 metadata/glsa/glsa-202010-06.xml create mode 100644 metadata/glsa/glsa-202010-07.xml create mode 100644 metadata/glsa/glsa-202010-08.xml create mode 100644 metadata/glsa/glsa-202011-01.xml create mode 100644 metadata/glsa/glsa-202011-02.xml create mode 100644 metadata/glsa/glsa-202011-03.xml create mode 100644 metadata/glsa/glsa-202011-04.xml create mode 100644 metadata/glsa/glsa-202011-05.xml create mode 100644 metadata/glsa/glsa-202011-06.xml create mode 100644 metadata/glsa/glsa-202011-07.xml create mode 100644 metadata/glsa/glsa-202011-08.xml create mode 100644 metadata/glsa/glsa-202011-09.xml create mode 100644 metadata/glsa/glsa-202011-10.xml create mode 100644 metadata/glsa/glsa-202011-11.xml create mode 100644 metadata/glsa/glsa-202011-12.xml create mode 100644 metadata/glsa/glsa-202011-13.xml create mode 100644 metadata/glsa/glsa-202011-14.xml create mode 100644 metadata/glsa/glsa-202011-15.xml create mode 100644 metadata/glsa/glsa-202011-16.xml create mode 100644 metadata/glsa/glsa-202011-17.xml create mode 100644 metadata/glsa/glsa-202011-18.xml create mode 100644 metadata/glsa/glsa-202011-19.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 6bec4882a062..1291ab5e49c8 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 486217 BLAKE2B a2e8388c21e11622400955df84cf5750d3dc1ed97260561adcf8593401f8ff3776aefdf5d04f851eb00ee9174b5b2687221348810862c270d26525ad93d576a6 SHA512 b61762e35911592950f03484850ed8e6736359d874b45a8dc2f8c3e462bef78fc8623da4842eeba0a994b89218e6ced81235ec4b0d1cee904aa59dd83fa038b1 -TIMESTAMP 2020-10-01T21:38:34Z +MANIFEST Manifest.files.gz 490524 BLAKE2B be35a1d153e1ba81293ae8ab5c825660ca94c79791160c09b03110828197671a59a74fda786aa87df0a823f5f18368ee4bdb024182195c06d7785f78d4cdfc02 SHA512 92605b968213805888bbe32f28bff22d2b23ff8e28d68962bb98d751b39f639824fc3891bdf662b3c74e0cdbff6403326e6a81180cc9ca128519d4ae6770b3d7 +TIMESTAMP 2020-11-25T22:08:37Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl92TFpfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl++1eVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCQ1hAAn1G6/fYQF+DWncvR8C2oN3/roLLP7GLjC8YAD9FqwItZ3MvL/M9Gq84L -2IQjH5lHXunvYnTwK020RsgBvrsIVHIaSaEqiawGh+mYkGMXnLHOAnt/M6h5RIPL -ewNXHil2WSY0erX0f3AGccPVoq601b1XHkAUw91MPw5ArOAKOPM88EWhOBjVB6L/ -r/jY98/InLkT9pp66QbnU1JWzX1O3fotBsLDpLYcbO6TH/2VD1HSpG9Wbwj03T+S -ZUJgaR08UGQEQsqRHB3uoH3mPgH2lWoTzp/5l6dRuygVrIaPdZti18JPPnBhKYj7 -G+f/6uIaIC16J5J3ghgIwEqGRPnlq3cBeUye5x4jEC6dmgN0p7NdSpDJY4sAOGOI -x8ThoJWCCaM/LQQKGTYWKJi7n8DDjj7a1UgFZia/WScy0yAuJKz/I0db1tFO/LGC -p6YHyTXZMb8z+mFnDFaw1Vhms3yoIdIF4O1pgsVtMcGKz1xKaiAe/qgYv/jO/LwG -XD+ADmtT0hiaUEZ3+MAL5An7LOFubPQS/WUmTbZfY7vL4WZHx+UeZheJpdzVKyI7 -xpq06kYoJPzwRRy9boDCo+E08PhC8IOe9Hm/8bhX0prSkcU4LuAGBYcdjOiLlBTu -BsOrUt9p+TenQJsoi6oVnX+xZ5kZ2ZRAxCwJ4lI9Dmw/UP9nIxE= -=NxjY +klAzHg/+PfhpYrjCraKDC0jPkS8kA97Gy/PuTtQ7snQSQo2n4+97Lybcrr0aD03Y +LyICts7YTS8JRekiQokiFyJdQMX3y7gw0tBcsDhsPxftXgHPJf3iQ1SKmcwENOih +Il5D17e7yUpav/63X49dFSGUAUrJ0B0b1a/cqmPzrGbIpqbJYqY4tgfackJMl8NK +qd9P8oLBnjU53LSrkrmdAEwaUUuWbR2Y5tOEV0XgbrC8VIJwJtAaVu/zZLkqrG8w +vfqeQQ3MKl/jbh95NGOgJMFV9B1TcBYVvvXRMwujZFFizK6LlNg/6S1vwcXluz7W +jdtpgYKzBSFfW7FPC7Z0ABQmum8e1Qo+uAttCyyUDoB/7xQ2LuA/noSLi3NjyHYG +RETPm0Rk+nUlY51Uv1XydRK9cLOFhUgSOS5A1ERAjJR3h3UZDF2PVugA1/awhMgk +v370YKvJyNGY7xroHeHMeFdZLOrV7GTWXcuANAMa0ihcTrgZlNeulCdkILDqRHBZ +mAxhsoPc1L/Xy5NxbLJD17b6dDryg4MSZbtlPESiAz1AXoQo+EhpwVa00KI3l//L +dTwgPQ3kmG1WbsJ9BNK1ExHI2y9d4fz1nUvaMPvQrrg1O8q9DpAGtdYZMhlHNIhb +eCJ70ExqVRU9Rrz7N2zFaVQCa17ld79lZOCrELULxobHyc0z0DA= +=fBZY -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 57704eac4cbc..cfb40c7df80f 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202005-09.xml b/metadata/glsa/glsa-202005-09.xml index 332036b90775..0968323af7b0 100644 --- a/metadata/glsa/glsa-202005-09.xml +++ b/metadata/glsa/glsa-202005-09.xml @@ -7,16 +7,17 @@ python 2020-05-14 - 2020-05-14 + 2020-10-18 707822 + 741502 remote - 2.7.18 + 2.7.18-r2 3.6.10-r2 3.7.7-r2 3.8.2-r2 - 2.7.18 + 2.7.18-r2 3.6.10-r2 3.7.7-r2 3.8.2-r2 @@ -44,7 +45,7 @@ # emerge --sync - # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.18:2.7" + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.18-r2:2.7"

All Python 3.6 users should upgrade to the latest version:

@@ -73,5 +74,5 @@ CVE-2020-8492 sam_c - sam_c + sam_c diff --git a/metadata/glsa/glsa-202010-01.xml b/metadata/glsa/glsa-202010-01.xml new file mode 100644 index 000000000000..855bac0279af --- /dev/null +++ b/metadata/glsa/glsa-202010-01.xml @@ -0,0 +1,92 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the arbitrary execution of code. + + chromium, google-chrome + 2020-10-17 + 2020-10-17 + 747013 + local, remote + + + 86.0.4240.75 + 86.0.4240.75 + + + 86.0.4240.75 + 86.0.4240.75 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one fast, simple, and secure browser for all your + devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-86.0.4240.75" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-86.0.4240.75" + + + + + CVE-2020-15967 + CVE-2020-15968 + CVE-2020-15969 + CVE-2020-15970 + CVE-2020-15971 + CVE-2020-15972 + CVE-2020-15973 + CVE-2020-15974 + CVE-2020-15975 + CVE-2020-15976 + CVE-2020-15977 + CVE-2020-15978 + CVE-2020-15979 + CVE-2020-15980 + CVE-2020-15981 + CVE-2020-15982 + CVE-2020-15983 + CVE-2020-15984 + CVE-2020-15985 + CVE-2020-15986 + CVE-2020-15987 + CVE-2020-15988 + CVE-2020-15989 + CVE-2020-15990 + CVE-2020-15991 + CVE-2020-15992 + CVE-2020-6557 + + sam_c + whissi + diff --git a/metadata/glsa/glsa-202010-02.xml b/metadata/glsa/glsa-202010-02.xml new file mode 100644 index 000000000000..e67ad5cb8917 --- /dev/null +++ b/metadata/glsa/glsa-202010-02.xml @@ -0,0 +1,121 @@ + + + + Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox and + Mozilla Thunderbird, the worst of which could result in the arbitrary + execution of code. + + firefox,thunderbird + 2020-10-17 + 2020-10-17 + 744208 + 745432 + local, remote + + + 81.0 + 78.3.0 + 81.0 + + + 81.0 + 78.3.0 + 81.0 + + + 78.3.1 + 78.3.1 + + + 78.3.1 + 78.3.1 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla + project. +

+ +

Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox and + Mozilla Thunderbird. Please review the CVE identifiers referenced below + for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-81.0" + + +

All Mozilla Firefox (bin) users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-81.0" + + +

All Mozilla Firefox ESR (bin) users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-78.3.0" + + +

All Mozilla Firefox ESR (bin) users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-78.3.0" + + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-78.3.1" + + +

All Mozilla Thunderbird (bin) users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-78.3.1" + + + + + CVE-2020-15673 + CVE-2020-15676 + CVE-2020-15677 + CVE-2020-15678 + + Mozilla Foundation Security Advisory 2020-43 + + + Mozilla Foundation Security Advisory 2020-44 + + + sam_c + whissi + diff --git a/metadata/glsa/glsa-202010-03.xml b/metadata/glsa/glsa-202010-03.xml new file mode 100644 index 000000000000..192d449c539a --- /dev/null +++ b/metadata/glsa/glsa-202010-03.xml @@ -0,0 +1,60 @@ + + + + libjpeg-turbo: Information disclosure + An information disclosure vulnerability in libjpeg-turbo allow + remote attackers to obtain sensitive information. + + libjpeg-turbo + 2020-10-20 + 2020-10-20 + 727010 + local, remote + + + 1.5.3-r3 + 2.0.4-r1 + 2.0.4-r1 + + + +

libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.

+ + +

It was discovered that libjpeg-turbo incorrectly handled certain PPM + files. +

+ + +

A remote attacker could entice a user to open a specially crafted PPM + file using an application linked against libjpeg-turbo, possibly allowing + attacker to obtain sensitive information. +

+ + +

There is no known workaround at this time.

+ + +

All libjpeg-turbo 1.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=media-libs/libjpeg-turbo-1.5.3-r3:0/0.1" + + +

All libjpeg-turbo 2.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=media-libs/libjpeg-turbo-2.0.4-r1:0/0.2" + + + + + CVE-2020-13790 + + sam_c + whissi + diff --git a/metadata/glsa/glsa-202010-04.xml b/metadata/glsa/glsa-202010-04.xml new file mode 100644 index 000000000000..78c3523463bb --- /dev/null +++ b/metadata/glsa/glsa-202010-04.xml @@ -0,0 +1,50 @@ + + + + libxml2: Multiple vulnerabilities + Multiple vulnerabilities have been found in libxml2, the worst of + which could result in a Denial of Service condition. + + libxml2 + 2020-10-20 + 2020-10-20 + 710748 + local, remote + + + 2.9.10 + 2.9.10 + + + +

libxml2 is the XML (eXtended Markup Language) C parser and toolkit + initially developed for the Gnome project. +

+ + +

Multiple vulnerabilities have been discovered in libxml2. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All libxml2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.10" + + + + + CVE-2019-20388 + CVE-2020-7595 + + sam_c + whissi + diff --git a/metadata/glsa/glsa-202010-05.xml b/metadata/glsa/glsa-202010-05.xml new file mode 100644 index 000000000000..06ea01608cb7 --- /dev/null +++ b/metadata/glsa/glsa-202010-05.xml @@ -0,0 +1,54 @@ + + + + LibRaw: Multiple vulnerabilities + Multiple vulnerabilities have been found in LibRaw, the worst of + which may allow attackers to execute arbitrary code. + + libraw + 2020-10-20 + 2020-10-20 + 744190 + local, remote + + + 0.20.0 + 0.20.0 + + + +

LibRaw is a library for reading RAW files obtained from digital photo + cameras. +

+ + +

Multiple vulnerabilities have been discovered in LibRaw. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted image + file using an application linked against LibRaw, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All LibRaw users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libraw-0.20.0" + + + + + CVE-2020-24889 + CVE-2020-24890 + + sam_c + whissi + diff --git a/metadata/glsa/glsa-202010-06.xml b/metadata/glsa/glsa-202010-06.xml new file mode 100644 index 000000000000..6996a19ab11a --- /dev/null +++ b/metadata/glsa/glsa-202010-06.xml @@ -0,0 +1,52 @@ + + + + Ark: Arbitrary code execution + Ark was found to allow arbitrary file overwrite, possibly allowing + arbitrary code execution. + + ark + 2020-10-20 + 2020-10-20 + 743959 + local, remote + + + 20.04.3-r2 + 20.04.3-r2 + + + +

Ark is a graphical file compression/decompression utility with support + for multiple formats. +

+ + +

It was discovered that Ark incorrectly handled symbolic links in tar + archive files. +

+ + +

A remote attacker could entice a user to open a specially crafted + archive using Ark, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All KDE Ark users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-apps/ark-20.04.3-r2" + + + + + CVE-2020-24654 + + sam_c + whissi + diff --git a/metadata/glsa/glsa-202010-07.xml b/metadata/glsa/glsa-202010-07.xml new file mode 100644 index 000000000000..8e52bf4fa560 --- /dev/null +++ b/metadata/glsa/glsa-202010-07.xml @@ -0,0 +1,50 @@ + + + + FreeType: Arbitrary code execution + A buffer overflow in FreeType might allow remote attacker(s) to + execute arbitrary code. + + freetype + 2020-10-23 + 2020-10-23 + 750275 + remote + + + 2.10.3-r1 + 2.10.3-r1 + + + +

FreeType is a high-quality and portable font engine.

+ + +

A flaw in FreeType’s handling of embedded PNG bitmaps was discovered + where the image height and width was not checked to be within bounds. +

+ + +

A remote attacker could entice a user to open a specially crafted font + file using FreeType possibly resulting in the execution of arbitrary code + with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All FreeType users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.10.3-r1" + + + + CVE-2020-15999 + Upstream bug + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202010-08.xml b/metadata/glsa/glsa-202010-08.xml new file mode 100644 index 000000000000..f206b1a07441 --- /dev/null +++ b/metadata/glsa/glsa-202010-08.xml @@ -0,0 +1,120 @@ + + + + Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox and + Mozilla Thunderbird, the worst of which could result in the arbitrary + execution of code. + + firefox,thunderbird + 2020-10-28 + 2020-10-28 + 750446 + local, remote + + + 82.0 + 78.4.0 + 82.0 + + + 82.0 + 78.4.0 + 82.0 + + + 78.4.0 + 78.4.0 + + + 78.4.0 + 78.4.0 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla + project. +

+ +

Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox and + Mozilla Thunderbird. Please review the CVE identifiers referenced below + for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0" + + +

All Mozilla Firefox (bin) users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-82.0" + + +

All Mozilla Firefox ESR users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/firefox-78.4.0:0/esr78" + + +

All Mozilla Firefox ESR (bin) users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/firefox-bin-78.4.0:0/esr78" + + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-78.4.0" + + +

All Mozilla Thunderbird (bin) users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-78.4.0" + + + + CVE-2020-15683 + CVE-2020-15969 + + MFSA-2020-45 + + + MFSA-2020-46 + + + MFSA-2020-47 + + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-01.xml b/metadata/glsa/glsa-202011-01.xml new file mode 100644 index 000000000000..8050a84cb56f --- /dev/null +++ b/metadata/glsa/glsa-202011-01.xml @@ -0,0 +1,51 @@ + + + + BlueZ: Arbitrary code execution + A vulnerability in BlueZ might allow remote attackers to execute + arbitrary code. + + bluez + 2020-11-03 + 2020-11-03 + 749285 + remote + + + 5.55 + 5.55 + + + +

Set of tools to manage Bluetooth devices for Linux.

+ + +

It was discovered that there was a double-free vulnerability in Bluez + after the service discovery which occurs after a Bluetoth Low Energy + (BLE) connection has been established to a device. +

+ + +

A remote attacker, by enticing a user to connect to a malicious GATT + server or device, could cause the execution of arbitrary code with the + privileges of the user running gatttool client or cause a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All BlueZ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.55" + + + + CVE-2020-27153 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-02.xml b/metadata/glsa/glsa-202011-02.xml new file mode 100644 index 000000000000..b718c8d628dc --- /dev/null +++ b/metadata/glsa/glsa-202011-02.xml @@ -0,0 +1,50 @@ + + + + OpenDMARC: Heap-based buffer overflow + A heap-based buffer overflow in OpenDMARC might allow remote + attackers to execute arbitrary code. + + opendmarc + 2020-11-03 + 2020-11-03 + 734158 + local, remote + + + 1.3.3 + 1.3.3 + + + +

OpenDMARC is an open source DMARC implementation.

+ + +

It was found that OpenDMARC did not properly handle DMARC aggregate + reports. +

+ + +

A remote attacker, by sending a specially crafted DMARC aggregate + report, could possibly cause a Denial of Service condition and depending + on how OpenDMARC library is used in linked application execute arbitrary + code with the privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All OpenDMARC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-filter/opendmarc-1.3.3" + + + + CVE-2020-12460 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-03.xml b/metadata/glsa/glsa-202011-03.xml new file mode 100644 index 000000000000..e1b77427335f --- /dev/null +++ b/metadata/glsa/glsa-202011-03.xml @@ -0,0 +1,53 @@ + + + + KPMCore: Root privilege escalation + A vulnerability in kpmcore could result in privilege escalation. + kpmcore + 2020-11-03 + 2020-11-03 + 749822 + local + + + 4.2.0 + 4.2.0 + + + +

KPMcore, the KDE Partition Manager core, is a library for examining and + modifying partitions, disk devices, and filesystems on a Linux system. It + provides a unified programming interface over top of (external) + system-manipulation tools. +

+ + +

Improper checks on the D-Bus request received resulted in improper + protection for /etc/fstab. +

+ + +

An attacker could esclate privileges to root by exploiting this + vulnerability. +

+ + +

There is no known workaround at this time.

+ + +

All KPMCore users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/kpmcore-4.2.0" + + + + CVE-2020-27187 + + Upstream advisory + + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-04.xml b/metadata/glsa/glsa-202011-04.xml new file mode 100644 index 000000000000..6cef70d8b7af --- /dev/null +++ b/metadata/glsa/glsa-202011-04.xml @@ -0,0 +1,51 @@ + + + + Fossil: Multiple vulnerabilities + Multiple vulnerabilities have been found in Fossil, the worst of + which could result in the arbitrary execution of code. + + fossil + 2020-11-03 + 2020-11-03 + 738220 + remote + + + 2.12.1 + 2.12.1 + + + +

Fossil is a simple, high-reliability, distributed software configuration + management system. +

+ + +

Multiple vulnerabilities have been discovered in Fossil. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to open a specially crafted + repository using Fossil, possibly resulting in execution of arbitrary + code with the privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Fossil users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/fossil-2.12.1" + + + + CVE-2020-24614 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-05.xml b/metadata/glsa/glsa-202011-05.xml new file mode 100644 index 000000000000..3301038aa721 --- /dev/null +++ b/metadata/glsa/glsa-202011-05.xml @@ -0,0 +1,48 @@ + + + + libssh: Denial of Service + A vulnerability in libssh could lead to a Denial of Service + condition. + + libssh + 2020-11-03 + 2020-11-03 + 734624 + remote + + + 0.9.5 + 0.9.5 + + + +

libssh is a multiplatform C library implementing the SSHv2 protocol on + client and server side. +

+ + +

libssh was found to have a NULL pointer dereference in tftpserver.c if + the function ssh_buffer_new returns NULL. +

+ + +

An attacker could cause a possible Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All libssh users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libssh-0.9.5" + + + + CVE-2020-16135 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-06.xml b/metadata/glsa/glsa-202011-06.xml new file mode 100644 index 000000000000..f3f187929c41 --- /dev/null +++ b/metadata/glsa/glsa-202011-06.xml @@ -0,0 +1,78 @@ + + + + Xen: Multiple vulnerabilities + Multiple vulnerabilities have been found in Xen, the worst of which + could result in privilege escalation. + + xen + 2020-11-11 + 2020-11-11 + 744202 + 750779 + 753692 + remote + + + 4.13.2 + 4.13.2 + + + 4.13.2 + 4.13.2 + + + +

Xen is a bare-metal hypervisor.

+ + +

Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Xen users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.13.1-r5" + + +

All Xen Tools users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-emulation/xen-tools-4.13.1-r5" + + + + CVE-2020-25595 + CVE-2020-25596 + CVE-2020-25597 + CVE-2020-25598 + CVE-2020-25599 + CVE-2020-25600 + CVE-2020-25601 + CVE-2020-25602 + CVE-2020-25603 + CVE-2020-25604 + CVE-2020-27670 + CVE-2020-27671 + CVE-2020-27672 + CVE-2020-27673 + CVE-2020-27674 + CVE-2020-27675 + XSA-345 + XSA-346 + XSA-347 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-07.xml b/metadata/glsa/glsa-202011-07.xml new file mode 100644 index 000000000000..19e8efe6d69a --- /dev/null +++ b/metadata/glsa/glsa-202011-07.xml @@ -0,0 +1,84 @@ + + + + Mozilla Firefox: Remote code execution + A use-after-free in Mozilla Firefox might allow remote attacker(s) + to execute arbitrary code. + + firefox + 2020-11-11 + 2020-11-11 + 753773 + remote + + + 82.0.3 + 78.4.1 + 82.0.3 + + + 82.0.3 + 78.4.1 + 78.4.1 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla + project. +

+ + +

Invalid assumptions when emitting the the MCallGetProperty opcode in the + JavaScript JIT may result in a use-after-free condition. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0.3" + + +

All Mozilla Firefox (bin) users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/firefox-bin-78.4.1:0/esr78" + + +

All Mozilla Firefox (ESR) users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0.3" + + +

All Mozilla Firefox (ESR) bin users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/firefox-bin-78.4.1:0/esr78" + + + + CVE-2020-26950 + + MFSA-2020-49 + + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-08.xml b/metadata/glsa/glsa-202011-08.xml new file mode 100644 index 000000000000..c91c014dc588 --- /dev/null +++ b/metadata/glsa/glsa-202011-08.xml @@ -0,0 +1,52 @@ + + + + Wireshark: Multiple vulnerabilities + Multiple vulnerabilities have been found in Wireshark, the worst of + which could result in a Denial of Service condition. + + wireshark + 2020-11-11 + 2020-11-11 + 750692 + remote + + + 3.4.0 + 3.4.0 + + + +

Wireshark is a network protocol analyzer formerly known as ethereal.

+ + +

Multiple vulnerabilities have been discovered in Wireshark. Please + review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Wireshark users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-3.4.0" + + + + CVE-2020-26575 + + wnpa-sec-2020-14 + + + wnpa-sec-2020-15 + + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-09.xml b/metadata/glsa/glsa-202011-09.xml new file mode 100644 index 000000000000..fba58488bdff --- /dev/null +++ b/metadata/glsa/glsa-202011-09.xml @@ -0,0 +1,57 @@ + + + + QEMU: Multiple vulnerabilities + Multiple vulnerabilities have been found in QEMU, the worst of + which could result in the arbitrary execution of code. + + qemu + 2020-11-11 + 2020-11-11 + 720896 + 725634 + 743649 + local, remote + + + 5.1.0-r1 + 5.1.0-r1 + + + +

QEMU is a generic and open source machine emulator and virtualizer.

+ + +

Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All QEMU users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/qemu-5.1.0-r1" + + + + CVE-2020-10717 + CVE-2020-10761 + CVE-2020-13253 + CVE-2020-13361 + CVE-2020-13362 + CVE-2020-13659 + CVE-2020-13754 + CVE-2020-13791 + CVE-2020-13800 + CVE-2020-14364 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-10.xml b/metadata/glsa/glsa-202011-10.xml new file mode 100644 index 000000000000..3126f1b174d5 --- /dev/null +++ b/metadata/glsa/glsa-202011-10.xml @@ -0,0 +1,48 @@ + + + + tmux: Buffer overflow + A buffer overflow in tmux might allow remote attacker(s) to execute + arbitrary code. + + tmux + 2020-11-11 + 2020-11-11 + 753206 + remote + + + 3.1c + 3.1c + + + +

tmux is a terminal multiplexer.

+ + +

A flaw in tmux’s handling of escape characters was discovered which + may allow a buffer overflow. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All tmux users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/tmux-3.1c" + + + + CVE-2020-27347 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-11.xml b/metadata/glsa/glsa-202011-11.xml new file mode 100644 index 000000000000..ee062a506924 --- /dev/null +++ b/metadata/glsa/glsa-202011-11.xml @@ -0,0 +1,46 @@ + + + + Blueman: Local privilege escalation + A privilege escalation vulnerability has been discovered in + Blueman. + + blueman + 2020-11-11 + 2020-11-11 + 751556 + local + + + 2.1.4 + 2.1.4 + + + +

Blueman is a simple and intuitive GTK+ Bluetooth Manager.

+ + +

Where Polkit is not used and the default permissions have been changed + on a specific rule file, control of a local DHCP daemon may be possible. +

+ + +

A local attacker may be able to achieve root privilege escalation.

+ + +

There is no known workaround at this time.

+ + +

All Blueman users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/blueman-2.1.4" + + + + CVE-2020-15238 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-12.xml b/metadata/glsa/glsa-202011-12.xml new file mode 100644 index 000000000000..03f1f501dfbc --- /dev/null +++ b/metadata/glsa/glsa-202011-12.xml @@ -0,0 +1,73 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the arbitrary execution of code. + + chromium,google-chrome + 2020-11-11 + 2020-11-11 + 750854 + 752375 + 753848 + remote + + + 86.0.4240.193 + 86.0.4240.193 + + + 86.0.4240.193 + 86.0.4240.193 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one fast, simple, and secure browser for all your + devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-86.0.4240.193" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-86.0.4240.193" + + + + CVE-2020-15999 + CVE-2020-16004 + CVE-2020-16005 + CVE-2020-16006 + CVE-2020-16008 + CVE-2020-16009 + CVE-2020-16016 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-13.xml b/metadata/glsa/glsa-202011-13.xml new file mode 100644 index 000000000000..b5f28160775e --- /dev/null +++ b/metadata/glsa/glsa-202011-13.xml @@ -0,0 +1,51 @@ + + + + Salt: Multiple vulnerabilities + Multiple vulnerabilities have been found in Salt, the worst of + which could result in the arbitrary execution of code. + + salt + 2020-11-11 + 2020-11-11 + 753266 + remote + + + 3000.5 + 3000.5 + + + +

Salt is a remote execution and configuration manager.

+ + +

Multiple vulnerabilities have been discovered in Salt. Please review the + CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Salt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/salt-3000.5" + + + + CVE-2020-16846 + CVE-2020-17490 + CVE-2020-25592 + + Upstream advisory + + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-14.xml b/metadata/glsa/glsa-202011-14.xml new file mode 100644 index 000000000000..2ae7a8c2ec92 --- /dev/null +++ b/metadata/glsa/glsa-202011-14.xml @@ -0,0 +1,74 @@ + + + + MariaDB: Remote code execution + A vulnerability has been discovered in MariaDB which could result + in the arbitrary execution of code. + + mariadb + 2020-11-11 + 2020-11-11 + 747166 + local, remote + + + 10.5.6 + 10.4.13-r3 + 10.3.23-r3 + 10.2.22-r3 + 10.5.6 + + + +

MariaDB is an enhanced, drop-in replacement for MySQL.

+ + +

It was discovered that MariaDB did not properly validate the content of + a packet received from a server. +

+ + +

A remote attacker could send a specially crafted packet to WSREP + service, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MariaDB 10.5.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.5.6:10.5" + + +

All MariaDB 10.4.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.4.13-r3:10.4" + + +

All MariaDB 10.3.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.3.23-r3:10.3" + + +

All MariaDB 10.2.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.2.22-r3:10.2" + + + + + CVE-2020-15180 + + whissi + whissi + diff --git a/metadata/glsa/glsa-202011-15.xml b/metadata/glsa/glsa-202011-15.xml new file mode 100644 index 000000000000..91f3acadcd3b --- /dev/null +++ b/metadata/glsa/glsa-202011-15.xml @@ -0,0 +1,52 @@ + + + + libmaxminddb: Denial of service + A vulnerability in libmaxminddb could lead to a Denial of Service + condition. + + libmaxminddb + 2020-11-14 + 2020-11-14 + 753275 + remote + + + 1.4.3 + 1.4.3 + + + +

The libmaxminddb library provides a C library for reading MaxMind DB + files, including the GeoIP2 databases from MaxMind. +

+ + +

libmaxminddb used uninitialised memory when reading from a corrupt + database file. +

+ + +

A remote attacker could entice a user to use a specially crafted + database with libmaxminddb, possibly resulting in a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All libmaxminddb users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libmaxminddb-1.4.3" + + + + + CVE-2020-28241 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-16.xml b/metadata/glsa/glsa-202011-16.xml new file mode 100644 index 000000000000..1ffe1738d62b --- /dev/null +++ b/metadata/glsa/glsa-202011-16.xml @@ -0,0 +1,69 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the arbitrary execution of code. + + chromium,google-chrome + 2020-11-16 + 2020-11-16 + 754093 + local, remote + + + 86.0.4240.198 + 86.0.4240.198 + + + 86.0.4240.198 + 86.0.4240.198 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one fast, simple, and secure browser for all your + devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-86.0.4240.198" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-86.0.4240.198" + + + + CVE-2020-16013 + CVE-2020-16017 + + Google Chrome 86.0.4240.198 release announcement + + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-17.xml b/metadata/glsa/glsa-202011-17.xml new file mode 100644 index 000000000000..8de429e1f0a3 --- /dev/null +++ b/metadata/glsa/glsa-202011-17.xml @@ -0,0 +1,50 @@ + + + + MIT Kerberos 5: Denial of service + A vulnerability in MIT Kerberos 5 could lead to a Denial of Service + condition. + + mit-krb5 + 2020-11-16 + 2020-11-16 + 753281 + remote + + + 1.18.2-r2 + 1.18.2-r2 + + + +

The MIT Kerberos 5 implementation provides a command line telnet client + which is used for remote login via the telnet protocol. +

+ + +

It was discovered that MIT Kerberos network authentication system, krb5, + did not properly handle ASN.1-encoded Kerberos messages. +

+ + +

A remote attacker could send a specially crafted Kerberos message, + possibly resulting in a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All MIT Kerberos 5 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.18.2-r2" + + + + CVE-2020-28196 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-18.xml b/metadata/glsa/glsa-202011-18.xml new file mode 100644 index 000000000000..5e570091d36a --- /dev/null +++ b/metadata/glsa/glsa-202011-18.xml @@ -0,0 +1,51 @@ + + + + Apache Ant: Insecure temporary file + Apache Ant uses various insecure temporary files possibly allowing + local code execution. + + ant + 2020-11-16 + 2020-11-16 + 745768 + local + + + 1.10.9 + 1.10.9 + + + +

Ant is a Java-based build tool similar to ‘make’ that uses XML + configuration files. +

+ + +

A previous fix for a security vulnerability involving insecure temporary + files has been found to be incomplete. +

+ + +

A local attacker could perform symlink attacks to overwrite arbitrary + files with the privileges of the user running the application. +

+ + +

There is no known workaround at this time.

+ + +

All Apache Ant users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-java/ant-1.10.9" + + + + CVE-2020-11979 + GLSA-202007-34 + + sam_c + sam_c + diff --git a/metadata/glsa/glsa-202011-19.xml b/metadata/glsa/glsa-202011-19.xml new file mode 100644 index 000000000000..3f0a5cc981f9 --- /dev/null +++ b/metadata/glsa/glsa-202011-19.xml @@ -0,0 +1,51 @@ + + + + libexif: Multiple vulnerabilities + Multiple vulnerabilities have been found in libexif, the worst of + which could result in the arbitrary execution of code. + + libexif + 2020-11-16 + 2020-11-16 + 754681 + remote + + + 0.6.22_p20201105 + 0.6.22_p20201105 + + + +

libexif is a library for parsing, editing and saving Exif metadata from + images. +

+ + +

Multiple vulnerabilities have been discovered in libexif. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All libexif users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=media-libs/libexif-0.6.22_p20201105" + + + + CVE-2020-0181 + CVE-2020-0198 + CVE-2020-0452 + + sam_c + sam_c + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 251b1b6a1d70..43b544e08290 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Thu, 01 Oct 2020 21:38:30 +0000 +Wed, 25 Nov 2020 22:08:33 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 25e643fc27d2..972525befa14 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -785de3f76c77159a620986af784b88d221fb335c 1601425319 2020-09-30T00:21:59+00:00 +41b92ddadb281165194d571c52b3240cf7b140e5 1605559931 2020-11-16T20:52:11+00:00 -- cgit v1.2.3