From f99f698d6ca8e2b91b91c08d82bde8f07ed2cdfc Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 14 Jan 2024 13:14:55 +0000 Subject: gentoo auto-resync : 14:01:2024 - 13:14:55 --- metadata/glsa/Manifest | 30 ++++++++++++++-------------- metadata/glsa/Manifest.files.gz | Bin 560744 -> 560905 bytes metadata/glsa/glsa-202401-17.xml | 42 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 5 files changed, 59 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-202401-17.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 9007ce3f2d40..e5daaf1a5742 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 560744 BLAKE2B a2c14353dd5785d34a9849d5b67a163032b03a379f9a0801a77674b6b6541c7273d72057452f70737f90a7aef3568710066add50311a9819860af72169e41d69 SHA512 e736fc103c43ac3c49ed7838718f30e699740b25bc3e516459a55713b7774c654fa31aa11efd3c741b714d9f2e7f273bea8960aefbc6e06db9cd5fe0db0ce201 -TIMESTAMP 2024-01-14T06:40:30Z +MANIFEST Manifest.files.gz 560905 BLAKE2B b9505da046e9692a3b481fa08a8eae179027410a2c2065865cec1df0702c2c24c28065b147fcd50163efd4a08d845ceef92739c63c5770ca44ea935b7164751f SHA512 a08b802b515e37cfb86e660dc1e116cc6dfc97ec72b82ea0f28230b169fb16caf11869e46fb805e8cf7227594dcd8901da8fcb705deeb93763b0613ca9a7b8c2 +TIMESTAMP 2024-01-14T12:39:56Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWjgd5fFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWj1hxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klAcwRAApkX7nj2YoUBtF5pJSywDnZQ9BGOwiQnYrbUosiX6GRm7uXbCFFBguy61 -9+db6UVsjo/Ny8+v+lpy/ZzelYSjoAEiv2gWf56Wrj29yb7kD3khOBKb9NwsUtnA -T6CqEssGLqi2yOGsy1e4r2qOOrFjXus8g8YzkPX4Wp/avgsbDye4YwPZuBGizZUW -WcdcCY1GwPPNbQzhroJDt8PtTpfA77Dlyq5y5R/LfpROTk6sA8M9q9iaxy8YZoKl -DBx5FYscnXKRC27l+0YdnnQyaXzh31xbzgH3775U4ZMA13Qk11XsuOrKTnVEAreM -b0hRgFlG+ststLaOHWpMjThfuPQnV3pAFFYdy93fJGIeuE34/+zHgGUHsJb/1Ser -MX1F9BVuUejUoKodaoWGJhJpPn6sNDQQvRDHNc/yEDacwogcrf31DyRLl67mZm6L -tKecUCm4qndn/Q2LTJGMJl6d36gjYYWzxUGm0I9W0l9m001iKKFlLEzFgswF4TKU -SpwDqv3kRYJeWyfdmzunoEmhhfKl6QQiL7CzvQweDT1Sn9Bu0278oF3Yqy017eVG -YgDtf6TuWLOeMXYPeoHJ8tv5T8qlQY9rAxlSpSK3MpTXygiL1HfB6aVPeLU5oojg -Xcqk+CHq8XzNfSlQlvAS62lSUrD2T7aZIJSV3JlB4oJXj+aV7/M= -=kZco +klCZXw/9Ejr1sCkx8j7a6xfkH8jlLP60JYwRq6WCSUP5tMRfgrhVmwdOwCo0NVxQ +FnPuCinV5mQBWlI4hq90z1aJgykSkshYA0HbXS9Z60jqPSWMyBJfMQPWwoMRjhuR +WXr8GRiiGtnMeXjYmz0gMP3Q9R7YYaiA8qe5m3bTAfQ+dk8fHo0Bd1+vCVu07s0g +pGnyENL48dzd1DohG6UmlETOsDq2H7PtNpCv4mu2ZTz+Brf5HXkyJMXLwxxo6Qld +C9Q5rJWhv+TUQrHJDVkcLglByWIu54UmIHNyD0EvNUMZt+dpJ/bQg5xQQ6eEC6O0 +g0+vU16zlU+or028fwsTz3JMsAtSNbdUJegIRFi6YYd+VZ4fTLPeZAg4Vq+yjWMV +Ox13gyvjD0KXauWJfzRX7S/V7FMZ/qAW/XP/rOyIhGKyhwWPEbZTv86s7iJfExhB +ODEem9gQAeuq8Lk5OAGfaSCQrzgUfjfpgtYUjLypaAIiDPzYD9yG4w0pn2Kqkc5j +aIfBpVb2GDUTqHvnbym7vLy0PGdGyg+QgQGaftcJuMmIalqoX/5fy6psJvqe1rAC +V5OfvSjYw/MC15jKYpb6i9AhL1VruZApJD0FiuDKsboixFVy52dEuwbGhXjOC1fG +bECNta1dZJ0ud0FbB095EUJXp+1esvP/0SM/zq0wn/wdgFA0OtU= +=7nb7 -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 0fa2bc80a4c0..4db39261fcad 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-202401-17.xml b/metadata/glsa/glsa-202401-17.xml new file mode 100644 index 000000000000..ca67fc87bb68 --- /dev/null +++ b/metadata/glsa/glsa-202401-17.xml @@ -0,0 +1,42 @@ + + + + libgit2: Privilege Escalation Vulnerability + A vulnerability has been found in libgit2 which could result in privilege escalation. + libgit2 + 2024-01-14 + 2024-01-14 + 857792 + local + + + 1.4.4 + 1.4.4 + + + +

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API.

+ + +

A vulnerability has been discovered in libgit2. Please review the CVE identifier referenced below for details.

+ + +

Usages of a malicious crafted Git repository could allow the creator of the repository to elevate privileges to those of the user accessing the repository.

+ + +

Administrators can ensure that their usages of libgit2 only interact with repositories which have only been modified by trusted users.

+ + +

All libgit2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libgit2-1.4.4" + + + + CVE-2022-29187 + + ajak + graaff + \ No newline at end of file diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 8d5ba6059971..fbdb234bb787 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 14 Jan 2024 06:40:27 +0000 +Sun, 14 Jan 2024 12:39:51 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index 68484c5d1ac2..d88faeafae8c 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -0bd76dc2009147dbb24e9f25ef0c1928a1d99371 1705060019 2024-01-12T11:46:59+00:00 +1e10dddefba8566fa926c19fd2f97c893860b8ea 1705223691 2024-01-14T09:14:51+00:00 -- cgit v1.2.3