From dd851ab76c56a249df7a0ec052acd90940bc014f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 4 Oct 2023 17:52:00 +0100 Subject: gentoo auto-resync : 04:10:2023 - 17:51:59 --- metadata/glsa/Manifest | 30 +++++++++++++------------- metadata/glsa/Manifest.files.gz | Bin 549460 -> 549618 bytes metadata/glsa/glsa-202310-04.xml | 44 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 61 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202310-04.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index db6e875dfbda..f3638011a8b6 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 549460 BLAKE2B a1f9ee4b119079d55103a4ccc3197b5638e1f0913b6b08dbff50e6a9ae785bd677e97041b367e5c90d4e715da5a2e9d245d4614a65f57c6fffbe3055d41af720 SHA512 af57c6ff084a9b4d66c2d7d6cdcf381f6edfb5a8b5e7b97a153bb0d0556002c8d13b0c6530999163f8396d382c2b2f781f28b63456546ee7c16c7c3f82742c24 -TIMESTAMP 2023-10-04T10:10:13Z +MANIFEST Manifest.files.gz 549618 BLAKE2B df3cca5309face77ad600cd7dd41da5c8d5969140f0f882439af0839721ca14a3e2ddda207c25ab4f6c4bb766db6e715560df951e539d7cc21ac6c04098c804d SHA512 fecd1787120b073b451d8a3eda16e7b1d80f65213749758b8dc28dd7adb7911c5d678553c3d79c9868d343fd46ecb5e858110be9deff13b5fe735cee99c77036 +TIMESTAMP 2023-10-04T16:10:22Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUdOgVfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUdjm5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDmlg/9HBr9rlvuXXu6wZkguZCHd+LrEdxj2g0beJ9QakQ9OnSpm5kiYlWKQEsp -vRjHJO/iAg1E3zC4JfLUAje1AaYwDUggAYuc+lLCozQfJzq0kyChYQm9mWd5LyA/ -ym3+SzzulpOhE4aQgCZEUN0sOylkHmiMlcwx4mh7Dpc0knIFb/7GDTmZYoJy6WwI -+hedW0Jj+9LVV7OgZ6yNWCjRfhVV3NnrA2wRAmVWFNgs3PTezenZ/myP1vo6+8Yz -kq2yP0ybQX7mQD6b9xf3o9NSk6wYmz/6DXCAgCTMVLhblEhJ7o3+7H0H2W59nF5E -HaybFdmrObOzM7nivDIHpKE3zjwypkkmCcMcBRv9wuddph+38VSNmIaAhG1T2NQ4 -Lhb2se13umiwSOIfEulS3lMJVvTtSTZl8h7sUUJrY23hxMDfCqd9WjcvuosWCYNV -E3rsNlwE/UIH1zToXJ6uKfT27u9rsYue6h5awjkl7f+0+taWGjQerCYj7TFkoy5Z -XrwpwWPycLlwV75qcHLS9l6xkpLMaeZQ1qeDadAm+D7RqNqfMsTzbDJSyunkPuRD -/94492Y1OE3cZRN4aCAyEBiF/fT2zDuczMhOuWDpAAu6Cs++/6J6idfpomEEWB1z -nHKJg77r5ySgWhDFY9xjpyWTwtob7bY189ndGQChAxlZNI54P3s= -=TDQs +klAW1w/9GEkAnWv4jk/CSI4tbaI2N6UsQWxgpljhqstH/hO+1TqxU7AqCVBu7jb2 +g/F5zcxyfn1qaL1M8D1GcoWpvkLLcFahw+B5zgSmPOh8hEplz/M4gjIWJ0BXOj3Z +BoaE7utURddat2uuFlrtFNfgX91eCgEioSjdeqkaGy2jU6XcbENnFu3nha14Wl6L +FaO8pxXiYjOqfG0aYh8jrF6B9q5l0FjrdfUi+scZOSU1u7xcJNdYVEUWIIYBktqJ +ytLCIoByEUWFBz8EcGT46weTWSEDm5ZTtSzha+4kQ4SVtFuk/dVSYvPH/9jENJtC +sD0cQj7UL+BEns9CkeoEiGrV+7962XNRU/QJgXngkmGLv2H+5Jeakz6mrEeSGFO4 +HeDD39WXf+l7BjRkD39NrOlFjwICcC8KI24Qa1X1E7cpgdq2x8dIhxx0I6jERvGZ +HCv5Xo3hPyM55epx9xeiFdK5ETO5POgm5eEVf4DbA8s50rNlOu/gapYB63CyO/53 +WLQUlvFa98atJ/Esj3pvBpGjyUbv302mm3Al3P2fpCrsp4CM6gMu9p+QuFYcHyIz +/bpR/lD7ZlU1zEIbt6oKEGH4Mn3C3c4cvqkc4YkuLOqCtcXZMtxqNgUDTjymzEsF +wiHgXPT/DKAMUdsc2rXbjqD6IwSQae6ZmuCJz6yZF2Xpf+0MWTA= +=TE3s -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index b03f0fde4bfb..a7e06bb28b43 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202310-04.xml b/metadata/glsa/glsa-202310-04.xml new file mode 100644 index 000000000000..e7025c0e616f --- /dev/null +++ b/metadata/glsa/glsa-202310-04.xml @@ -0,0 +1,44 @@ + + + + libvpx: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in libvpx, the worst of which could result in arbitrary code execution. + libvpx + 2023-10-04 + 2023-10-04 + 914875 + 914987 + remote + + + 1.13.1 + 1.13.1 + + + +

libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file.

+
+ +

Multiple vulnerabilities have been discovered in libvpx. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All libvpx users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libvpx-1.13.1" + +
+ + CVE-2023-5217 + CVE-2023-44488 + + sam + sam +
\ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index b92e786ad91c..365bbb13eee1 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Wed, 04 Oct 2023 10:10:09 +0000 +Wed, 04 Oct 2023 16:10:16 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 276c5a56bfe3..d43c424dd71e 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -029e12731f29676d3f6ebed09f7747ee6e15c5e8 1696406561 2023-10-04T08:02:41+00:00 +78441d962cbe20f36c819692b8c5ea5befbaf0be 1696416594 2023-10-04T10:49:54+00:00 -- cgit v1.2.3