From e3cf2c86fca1750343c1885311f857f185ee4f2d Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 8 Sep 2019 01:07:24 +0100 Subject: gentoo resync : 08.09.2019 --- metadata/glsa/Manifest | 30 +++++----- metadata/glsa/Manifest.files.gz | Bin 447571 -> 448529 bytes metadata/glsa/glsa-201909-01.xml | 53 ++++++++++++++++++ metadata/glsa/glsa-201909-02.xml | 57 +++++++++++++++++++ metadata/glsa/glsa-201909-03.xml | 52 +++++++++++++++++ metadata/glsa/glsa-201909-04.xml | 53 ++++++++++++++++++ metadata/glsa/glsa-201909-05.xml | 118 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-201909-06.xml | 54 ++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 10 files changed, 404 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-201909-01.xml create mode 100644 metadata/glsa/glsa-201909-02.xml create mode 100644 metadata/glsa/glsa-201909-03.xml create mode 100644 metadata/glsa/glsa-201909-04.xml create mode 100644 metadata/glsa/glsa-201909-05.xml create mode 100644 metadata/glsa/glsa-201909-06.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 14342aa9db71..eba6cee644e5 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 447571 BLAKE2B 5dcbf22acab4aa936027b65cb350fd1f2f1c1e2537d9521e947b1cbe33f4d7b2b6fbb6bb4805bdf0c5ff45c77fcb33345e4c8d8b89729f3fa2275febb0067a24 SHA512 85251d26f1a84f633b1f394aeaeb284222b79a86f4ce32b3e4e3dbc431b1a27e54bd1e6b1023f766bdacf2a7c3226992247aab3e13dd008f70ff63b9b31dcd87 -TIMESTAMP 2019-09-06T08:39:04Z +MANIFEST Manifest.files.gz 448529 BLAKE2B 70fc5fdf3704f2b7ec0033da58e9dba173720d87011ed4a8c13796a79ab719c338f43528d1a392475f724b87e95f6e187b39a6f6e92d64f4882d0f0004bffa24 SHA512 53832aafadeff79f44632a74dc19ba49106055cc3a8017511025ef2e4ca2499a5d5154766e4957167240e37b7e0bfd956e305d79053c82988ad80b673f006f8c +TIMESTAMP 2019-09-07T23:09:08Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1yGyhfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl10OJRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klCTtxAAhLPXP6XvR+/h9wHgS6IrEhLTQ3N5A5s8veo5JxxSv6qrosvcmz5D1Enx -1TjSiBhfKZMacSjIbDbwn0LZ5r5e7RcZnY8wPpieL7xcYhgRF935Py4CTsjkEZXR -EjCQWPbsSsPgTSya/RkMowmHib4ruGJtqKc12MJFB4XXGizIfGxT5sE278hJ4kKn -oysYDsJgdq4Md9KRwr04f59oncNx3cvtfDCNfYDl9G1m57GZC/A/uuCdyx6wRk8B -jdKDwxE7Yz3rJAHDnbiN629i3HaaN1Csu1IVgXKbUToCaKwRwno5W4uJE9tnNZjk -RIFsdPrV/C62PdZXyxB8koPk5pVx/fmwn8hdh3Q23pITZXnUKQdEHg5gqV447KGk -WlNi40qMmw5npaUmKWUGNCyNj4211BGPzbjn4xOKGQwZOAZZkE3eyNBWiS6kNALL -2LkBmHjPe8It97gXBBfdyMElxMUhK1GljNFF7K8X10kT4Tnqy04q2heRN7e2pcaH -y8H9iQlzFvi0fJt2yZZfKmc/ktlHwXiQJeFzk9ym+PiM2dmr35roCfR26aKF7yio -LMCmGWvAW7WDxpAKDzfSmS05oavvtT9nI7H1MjZHSoHHescL6vVQU2drelNIyCuQ -QVoSn7xRqg3yPU6F2lwhGCNKq95XcprgmmRseY8RnxHOEdddRXA= -=x/mL +klCN8A//SkpChS4L4qFkiOHwjHf4wtUIa7szn1dux34X7fyb3W/5uXdyyRqCarK9 +X9Y8yqKkKUWBTRP195IsRMn76nJD0AwX2v5sKvOEsJJjCMD3Ka8uxKJqb1V23JXM +LXn0/cqFJHQCfVnZvNLQUCOg5TJEtKZQJVEojFwpicB8usWdGrvk0tuxi81bLbOB ++1ekRMfKy3Ik2sdMWKrowEoeoicOcbYTi7yGT+z8YceVIku+pDeq0Tbj8jvfOYdf +sdo5pPJeqYFk788zYELBpUGAfM1RkMTv3uuTdQ6bIjNnjb0cp2TP62oSoEYWOWDg +qh2Ts+j7As00AGtxjq6zv2jQj03rugy3aiz9FvEhR7aLh+acYgD66Lale9QXnHa+ +SLiA22EOXIuACTnFZr0E/IdZGU/KG3QFr2EKCmsupUVxiUINM/Ypz73bmbi6lEIW +7/ziqcDqYBMmxTcZg5x3gyqrOU/Na/nXEJZ3dLyA7zCtkgts+W4+oh2Iwm9Vcajn +FTHp0D0ep4hAv505JGUEKPv8tBsU4tmcdjbcpKBXaAF10OU4bkEJd3hzvcNTqrim +0V1YIj482yNYDWuQEOrru5yBRXrZj9nr+yAkW/sqGvH5zCSAeuMxOKTvzHlO1p1p +tEizdnKAB6hB3tFjgiF/JMZkDxx3+pMYoTnu57m0KQUjlcVTboo= +=V6QD -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 8045ca98ae1e..81138f54ea78 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-201909-01.xml b/metadata/glsa/glsa-201909-01.xml new file mode 100644 index 000000000000..d94daf002b35 --- /dev/null +++ b/metadata/glsa/glsa-201909-01.xml @@ -0,0 +1,53 @@ + + + + Perl: Multiple vulnerabilities + Multiple vulnerabilities have been found in Perl, the worst of + which could result in the arbitrary execution of code. + + perl + 2019-09-06 + 2019-09-06 + 653432 + 670190 + remote + + + 5.28.2 + 5.28.2 + + + +

Perl is a highly capable, feature-rich programming language.

+ + +

Multiple vulnerabilities have been discovered in Perl. Please review the + CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Perl users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.28.2" + + + + CVE-2018-18311 + CVE-2018-18312 + CVE-2018-18313 + CVE-2018-18314 + CVE-2018-6797 + CVE-2018-6798 + CVE-2018-6913 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201909-02.xml b/metadata/glsa/glsa-201909-02.xml new file mode 100644 index 000000000000..14e36289adff --- /dev/null +++ b/metadata/glsa/glsa-201909-02.xml @@ -0,0 +1,57 @@ + + + + VLC: Multiple vulnerabilities + Multiple vulnerabilities have been found in VLC, the worst of which + could result in the arbitrary execution of code. + + vlc + 2019-09-06 + 2019-09-06 + 689974 + remote + + + 3.0.8 + 3.0.8 + + + +

VLC is a cross-platform media player and streaming server.

+ + +

Multiple vulnerabilities have been discovered in VLC. Please review the + CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All VLC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-3.0.8" + + + + CVE-2019-13602 + CVE-2019-13962 + CVE-2019-14437 + CVE-2019-14438 + CVE-2019-14498 + CVE-2019-14533 + CVE-2019-14534 + CVE-2019-14535 + CVE-2019-14776 + CVE-2019-14777 + CVE-2019-14778 + CVE-2019-14970 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201909-03.xml b/metadata/glsa/glsa-201909-03.xml new file mode 100644 index 000000000000..70b47802e0c1 --- /dev/null +++ b/metadata/glsa/glsa-201909-03.xml @@ -0,0 +1,52 @@ + + + + Pango: Buffer overflow + A buffer overflow in Pango might allow an attacker to execute + arbitrary code. + + pango + 2019-09-06 + 2019-09-06 + 692110 + remote + + + 1.42.4-r2 + 1.42.4-r2 + + + +

Pango is a library for layout and rendering of internationalized text.

+ + +

A buffer overflow has been discovered in Pango’s + pango_log2vis_get_embedding_levels function. +

+ + +

A remote attacker could entice a user to process a specially crafted + string with functions like pango_itemize, possibly resulting in execution + of arbitrary code with the privileges of the process or a Denial of + Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Pango users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/pango-1.42.4-r2" + + + + + CVE-2019-1010238 + + + b-man + b-man + diff --git a/metadata/glsa/glsa-201909-04.xml b/metadata/glsa/glsa-201909-04.xml new file mode 100644 index 000000000000..0d229fc59291 --- /dev/null +++ b/metadata/glsa/glsa-201909-04.xml @@ -0,0 +1,53 @@ + + + + Apache: Multiple vulnerabilities + Multiple vulnerabilities have been found in Apache, the worst of + which could result in a Denial of Service condition. + + apache + 2019-09-06 + 2019-09-06 + 692172 + remote + + + 2.4.41 + 2.4.41 + + + +

The Apache HTTP server is one of the most popular web servers on the + Internet. +

+ + +

Multiple vulnerabilities have been discovered in Apache. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Apache users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.41" + + + + CVE-2019-10081 + CVE-2019-10082 + CVE-2019-10092 + CVE-2019-10097 + CVE-2019-10098 + CVE-2019-9517 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201909-05.xml b/metadata/glsa/glsa-201909-05.xml new file mode 100644 index 000000000000..dfe043bf6ac4 --- /dev/null +++ b/metadata/glsa/glsa-201909-05.xml @@ -0,0 +1,118 @@ + + + + WebkitGTK+: Multiple vulnerabilities + Multiple vulnerabilities have been found in WebkitGTK+, the worst + of which could result in the arbitrary execution of code. + + webkitgtk+ + 2019-09-06 + 2019-09-06 + 683234 + 686216 + 693122 + remote + + + 2.24.4 + 2.24.4 + + + +

WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, from hybrid + HTML/CSS applications to full-fledged web browsers. +

+ + +

Multiple vulnerabilities have been discovered in WebkitGTK+. Please + review the CVE identifiers referenced below for details. +

+ + +

An attacker, by enticing a user to visit maliciously crafted web + content, may be able to execute arbitrary code or cause memory + corruption. +

+ + +

There is no known workaround at this time.

+ + +

All WebkitGTK+ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.24.4" + + + + CVE-2019-11070 + CVE-2019-6201 + CVE-2019-6251 + CVE-2019-7285 + CVE-2019-7292 + CVE-2019-8503 + CVE-2019-8506 + CVE-2019-8515 + CVE-2019-8518 + CVE-2019-8523 + CVE-2019-8524 + CVE-2019-8535 + CVE-2019-8536 + CVE-2019-8544 + CVE-2019-8551 + CVE-2019-8558 + CVE-2019-8559 + CVE-2019-8563 + CVE-2019-8595 + CVE-2019-8607 + CVE-2019-8615 + CVE-2019-8644 + CVE-2019-8644 + CVE-2019-8649 + CVE-2019-8649 + CVE-2019-8658 + CVE-2019-8658 + CVE-2019-8666 + CVE-2019-8666 + CVE-2019-8669 + CVE-2019-8669 + CVE-2019-8671 + CVE-2019-8671 + CVE-2019-8672 + CVE-2019-8672 + CVE-2019-8673 + CVE-2019-8673 + CVE-2019-8676 + CVE-2019-8676 + CVE-2019-8677 + CVE-2019-8677 + CVE-2019-8678 + CVE-2019-8678 + CVE-2019-8679 + CVE-2019-8679 + CVE-2019-8680 + CVE-2019-8680 + CVE-2019-8681 + CVE-2019-8681 + CVE-2019-8683 + CVE-2019-8683 + CVE-2019-8684 + CVE-2019-8684 + CVE-2019-8686 + CVE-2019-8686 + CVE-2019-8687 + CVE-2019-8687 + CVE-2019-8688 + CVE-2019-8688 + CVE-2019-8689 + CVE-2019-8689 + CVE-2019-8690 + CVE-2019-8690 + WSA-2019-0002 + WSA-2019-0004 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201909-06.xml b/metadata/glsa/glsa-201909-06.xml new file mode 100644 index 000000000000..b8780c59022a --- /dev/null +++ b/metadata/glsa/glsa-201909-06.xml @@ -0,0 +1,54 @@ + + + + Exim: Multiple vulnerabilities + Multiple vulnerabilities have been found in Exim, the worst of + which allows remote attackers to execute arbitrary code. + + exim + 2019-09-07 + 2019-09-07 + 692394 + 693494 + remote + + + 4.92.2 + 4.92.2 + + + +

Exim is a message transfer agent (MTA) designed to be a a highly + configurable, drop-in replacement for sendmail. +

+ + +

Multiple vulnerabilities have been discovered in Exim. Please review the + CVE identifiers referenced below for details. +

+ + +

A remote attacker, by connecting to the SMTP listener daemon, could + possibly execute arbitrary code with the privileges of the process or + cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Exim users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-mta/exim-4.92.2" + + + + + CVE-2019-13917 + CVE-2019-15846 + + whissi + whissi + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 2f6a7762bf94..36c3392d5556 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 06 Sep 2019 08:39:01 +0000 +Sat, 07 Sep 2019 23:09:04 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index ac1358016db9..82f2e1957979 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -b3e8c925d3f6eb29b568169ff67ed18a2ff264c2 1567285941 2019-08-31T21:12:21+00:00 +68b71b2cbc79a9ef9e8701eb09586b9f2f9eb7b2 1567815781 2019-09-07T00:23:01+00:00 -- cgit v1.2.3