From ee0c4d5e506a6c64994a15c3af5cf1ca22045567 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 27 Nov 2023 22:51:10 +0000 Subject: gentoo auto-resync : 27:11:2023 - 22:51:09 --- metadata/glsa/Manifest | 30 ++++++++++++------------ metadata/glsa/Manifest.files.gz | Bin 555336 -> 555493 bytes metadata/glsa/glsa-202311-18.xml | 49 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 66 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202311-18.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 55c9cb606a7c..f66a8b1744b4 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 555336 BLAKE2B 61845e600ed6d18be132119bdf3c18b5d7470dc0e9e6d2d7bbbd986ec173c3f6efeafe2d8c452a7dc1908ee00dc99ededa85cc6987ca0678a809132c3f9d1090 SHA512 0d231256dfdb4051a222ab45deaa4260258f4a609494607807f233e851695323a751b69e56f75452b3f361b66f39284d7c3ad73ec04ea29c532b73d36166af03 -TIMESTAMP 2023-11-26T21:40:23Z +MANIFEST Manifest.files.gz 555493 BLAKE2B 9b9c68f6fcd5aa241244f03965d32d2bee2397eebacb0b4742f3b5eff9058f33cdb8d4c1f96505cd2a1acaed4347077a204862e5674effe944e54b05e7466726 SHA512 bf81aa35acfc8893b8a8ffc0d57915c1a8e6b54e9400f0d03f26dd199de30e2601f7a7c1060d2185e26c3276979665ae687fb8e8a1e2b4d537df4a3270e38d43 +TIMESTAMP 2023-11-27T22:10:27Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVju0dfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmVlE9NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAdAg/9HRVlm1xv6zoKAhDA1NwI1rbyFdQjYjt7+CtXcI42i9DcEzqfTMLvDTtB -NLy8LNQUtdvhGHKV+pJMESG76/tsWjd505+NpAqQZ5i+NLiaw57YUxBoTItSZoTR -IsuxZ3aiPKQ/wwjQq8EKpd46+aSiDE39EIN0PBW/XaknvtyQ4MT0lTcl6IB2tLNy -Xo1/HYqT0ntSpx0igG9PyTPvvrRVxjEhetW/dTLuHLpKeo5dkY8RYDW8QOLY+X3/ -Bewar+puRYfBgANIqN50CCj+HPH6LygiJYLL1qE5RxU8NNX1WKep1xKPt+/B11aK -6wz7s56SS+b/1vEsk7giwpqjbruwiDajVu/x7hX6RYyQQjDLIYdlfN3LeotNnZVo -/t9fe1V3GUOXQUuzf3p6UgXvlVeuRRYq4uDcoC56BMqc+Mm9o6hhplk0ENOxLLu3 -Y9zwXSdO1UxqrJ0tXeeWIo73H1aW38WBASf8ViR2vSUkOGMl30c4aE/+IwDlr3PE -sWYQmWpbGtpsd7DVgcRxzrEKoSWAaOxT1uTKmJInw1zwWKLyo9W6HcEVG8HtmqmL -JUogB4Q9grseL/nQF8ydPQrQZ18gcdQfTwZuDp+JlAHHVOE3NA/4eJwsl19FUOLa -NmirymoSREdT8UJMLHUrUue+/TwaiDfpivH0WI9FKAoT+u94pmo= -=KM/Y +klDJOg/+JGlixE8sQIb9zxBp43pvibxE0cBMkHFs9cymGkdR4QnADKvd9NbqzeEC +qQLuZf3qKZ+jTnJNcNGa3aknvpNlzFiU2S/7rc12IdHDMEUsNUpWXBP+5K7TLDm2 +SZDdD5SFOuRkJwF66QSLPrsVhwd4fHhHijDrbogA6FSRnnQSZ0QidEzWN/PrkXYa +ZxWXy8Bw7op4ClKfClhCrIovq9lIcAlSfMQNq53hu41aNQb21iVlDFRNtY8hm1S/ +TkVC45TH5YFjki8OX8gI02jH8VRJCF4tf7mHb3nTPMyRztJujMssnlGAnj6HVe3S +p/hdi1BrfK7ntnDKIZIZIDXT+9bODUjd3t6ea6fPTZORFEthUs6Ho7KTKc3mv3uu +XpEnIgzU3gaGh1FEmlHM6TmsjpxNcdqhA38FeEbuvmlV2qzgh917Xya3548+BNus +zYeZH/hfXe4lqmoXFcalynW1o4dNlFe2H3+tAtFQjTP6z/s1HtDUWdxiOhU4/5T2 +dyz3ZhJbcd5RFed5CJlOJ6wE554QaPFBi5OeioqeZS5vqUB4rtyS3IylN7Q5RJV1 +T4/x+CO+4KMXhhl9s06KzkYPK1knc/DTs0AsWr3rKQ1MGLWpAuj7nzPZpm4zdSYD +sBX6uleDfAC6kevu3nR4Mj91UZrWCsMacweyMIuGKxaE+WwzfKw= +=cNip -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index fd82309ee061..0ed9dcec42d6 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202311-18.xml b/metadata/glsa/glsa-202311-18.xml new file mode 100644 index 000000000000..e9be8ca61104 --- /dev/null +++ b/metadata/glsa/glsa-202311-18.xml @@ -0,0 +1,49 @@ + + + + GLib: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in GLib. + glib + 2023-11-27 + 2023-11-27 + 886197 + 887807 + remote + + + 2.74.4 + 2.74.4 + + + +

GLib is a library providing a number of GNOME's core objects and functions.

+ + +

Multiple vulnerabilities have been discovered in GLib. Please review the referenced CVEs for details.

+ + +

GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. + +GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. + +GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

+ + +

There is no known workaround at this time.

+ + +

All GLib users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.74.4" + + + + CVE-2023-29499 + CVE-2023-32611 + CVE-2023-32665 + + graaff + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 7279f918bfde..ea3b769c08f8 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 26 Nov 2023 21:40:20 +0000 +Mon, 27 Nov 2023 22:10:25 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 41bafd70d2fe..313f325014a1 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -17b5b8836331281e84f8ed624b689a3d52cac6fe 1700995599 2023-11-26T10:46:39+00:00 +e8cae5eafb887bc451b4344e6de2d99b8d6e75de 1701088111 2023-11-27T12:28:31+00:00 -- cgit v1.2.3