From fc637fb28da700da71ec2064d65ca5a7a31b9c6c Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 18 Aug 2019 18:16:17 +0100 Subject: gentoo resync : 18.08.2019 --- metadata/glsa/Manifest | 30 +++--- metadata/glsa/Manifest.files.gz | Bin 442968 -> 446941 bytes metadata/glsa/glsa-201908-01.xml | 69 +++++++++++++ metadata/glsa/glsa-201908-02.xml | 54 ++++++++++ metadata/glsa/glsa-201908-03.xml | 80 +++++++++++++++ metadata/glsa/glsa-201908-04.xml | 52 ++++++++++ metadata/glsa/glsa-201908-05.xml | 56 +++++++++++ metadata/glsa/glsa-201908-06.xml | 50 ++++++++++ metadata/glsa/glsa-201908-07.xml | 50 ++++++++++ metadata/glsa/glsa-201908-08.xml | 51 ++++++++++ metadata/glsa/glsa-201908-09.xml | 51 ++++++++++ metadata/glsa/glsa-201908-10.xml | 82 ++++++++++++++++ metadata/glsa/glsa-201908-11.xml | 53 ++++++++++ metadata/glsa/glsa-201908-12.xml | 97 ++++++++++++++++++ metadata/glsa/glsa-201908-13.xml | 62 ++++++++++++ metadata/glsa/glsa-201908-14.xml | 50 ++++++++++ metadata/glsa/glsa-201908-15.xml | 47 +++++++++ metadata/glsa/glsa-201908-16.xml | 49 ++++++++++ metadata/glsa/glsa-201908-17.xml | 48 +++++++++ metadata/glsa/glsa-201908-18.xml | 206 +++++++++++++++++++++++++++++++++++++++ metadata/glsa/glsa-201908-19.xml | 48 +++++++++ metadata/glsa/glsa-201908-20.xml | 76 +++++++++++++++ metadata/glsa/glsa-201908-21.xml | 54 ++++++++++ metadata/glsa/glsa-201908-22.xml | 53 ++++++++++ metadata/glsa/glsa-201908-23.xml | 50 ++++++++++ metadata/glsa/glsa-201908-24.xml | 109 +++++++++++++++++++++ metadata/glsa/glsa-201908-25.xml | 64 ++++++++++++ metadata/glsa/timestamp.chk | 2 +- metadata/glsa/timestamp.commit | 2 +- 29 files changed, 1678 insertions(+), 17 deletions(-) create mode 100644 metadata/glsa/glsa-201908-01.xml create mode 100644 metadata/glsa/glsa-201908-02.xml create mode 100644 metadata/glsa/glsa-201908-03.xml create mode 100644 metadata/glsa/glsa-201908-04.xml create mode 100644 metadata/glsa/glsa-201908-05.xml create mode 100644 metadata/glsa/glsa-201908-06.xml create mode 100644 metadata/glsa/glsa-201908-07.xml create mode 100644 metadata/glsa/glsa-201908-08.xml create mode 100644 metadata/glsa/glsa-201908-09.xml create mode 100644 metadata/glsa/glsa-201908-10.xml create mode 100644 metadata/glsa/glsa-201908-11.xml create mode 100644 metadata/glsa/glsa-201908-12.xml create mode 100644 metadata/glsa/glsa-201908-13.xml create mode 100644 metadata/glsa/glsa-201908-14.xml create mode 100644 metadata/glsa/glsa-201908-15.xml create mode 100644 metadata/glsa/glsa-201908-16.xml create mode 100644 metadata/glsa/glsa-201908-17.xml create mode 100644 metadata/glsa/glsa-201908-18.xml create mode 100644 metadata/glsa/glsa-201908-19.xml create mode 100644 metadata/glsa/glsa-201908-20.xml create mode 100644 metadata/glsa/glsa-201908-21.xml create mode 100644 metadata/glsa/glsa-201908-22.xml create mode 100644 metadata/glsa/glsa-201908-23.xml create mode 100644 metadata/glsa/glsa-201908-24.xml create mode 100644 metadata/glsa/glsa-201908-25.xml (limited to 'metadata/glsa') diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest index 56f9a5a41f90..43909281f0ca 100644 --- a/metadata/glsa/Manifest +++ b/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 442968 BLAKE2B 0e3056acaaa1238904402db3f7b9e5da9aa5a9653669d2d7ce6f23bca37fa04e6d2464868f79b589adb4a48dae4f38f6a27f145e60e4ed4a75c40ec11b1eba6c SHA512 4b7e5da9d352bb5de232fbbf053c3a1aaed9d07615188794445787743dcee0fee452db8b05004310c60b1d29787734050729e72ec84bf2e6f7a8c0bec2b2b9e1 -TIMESTAMP 2019-08-02T17:09:13Z +MANIFEST Manifest.files.gz 446941 BLAKE2B 27348febfa1e8b0c37a6262b9e1c30afa2668e0702870fc19e3e8e049c8aa3fce3a0a847ecfdfa1843e08f25b1c541365b360bee2789c88b7c7abd1d0af7a0a4 SHA512 b604df11b0bda8c02e03d8c0f183f427ec63dd525e2cbd5b7473a5dbfd7112d964e04f46efec437421b06496482ba2148b26225bcbd4b736cd57023d4aeb1ea7 +TIMESTAMP 2019-08-18T16:09:02Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1EbjlfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1ZeB5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDsRBAArnc5GDd3kNDjHwGi4hJ1A7kevTE+Wtm+tRdEoWPPYEMSyxkJaZvyhweW -dMZ3LbdYmJP1ayh4MLSMjc7Kvs3wFpGvW97+dUYxc9Xy2fSDyUmq3QZaxqB1C+1Z -IueNdMqV4v0xwT0Cc7h+2MXYt4EgNH5U4SuraJ3tqlsTMPOh10rJ6kLD6RZZITUT -raSnEGNEVjpzj1+G0nxSEEzMOTXTvfRxddzDhJe0fEovx9Svm1fP9jqEXO24dW2u -ovWGzXZ6D3yl8D1w4T7/G29lTSizGdKR1PCx9Gf4zgsOYM+oeW/fyhx8mqIfVAjo -cw/wMxBTgXKQaR49Xkl6qtpCGCgHtT2z2h+rbSGUSjLGpqit9pZJ6EifWTim7Ti/ -oXtM2MR6Ibc0fD379PbqJQqXwIGTaqq/0F4RTwugNYwdk1gEM/gt7aF747Dfnxkf -wqifk+Fc57jMKv/SBPlyD6j4FjAxQXBmN6c9Gm/kAQBA4BYPlIfIZq1lAsHAFpXE -yMp55PTDkFDojBfXJY9txO8xWoPW4LxRL+xkd789bQ4sRVV7kkEZqDJ7nv/gE6us -PA4jSXiyU+uNc00XzYt3N4ZAsxdGUBJs0/IQqkzTt6dXH/lwPNuDz3kGSaxBhIdn -wHlxxh3AUKqyio2ciFh0U8780s1mdBz//0Fa6l6XT9zywORQgJM= -=Pdab +klAlMw//Y9l50sTL8BwL9tH0qPOFngKNjcjMJzJGgU69fY+GrSyTWN0U1GMQzpcR +KqaTOuUJiSAxYhm8AZueZ73wGp21lm4qFUvKGHjWvTLT7YtlMqenG6kX/HeKoaM/ +5U1KHEAHVFgXOyQOD/h9ETZNnvB/oJhjXUgf46nYUnZi5UXrj73b8Z0G6jfNERO6 +9VQ3+VkOFYp6oOKplqDfyxrDCqwTzQRXap2dpmdozxVbydpr6BfquEbYy+0NijYC +FNsEWNCwEo8GeWSdYFS8Q/eB3Vp6oCVAwBtW6+GZwsMEpt7/yGQe1Y9Zat1VGze2 +MsCQ06nnL/G/lnRpe1LtfzEugKh1RPzv78ZruY6dqkqo/wfrIkMksM2l9IU8zsE1 +XQgI/cFLfZoMNe7DhYvWPhe9Jj8jgIjiXY5F2RuiVt+B3K8DcJoBB0LeyrTSs9w+ +1q3eOiunW4Z6wTfeYpXmnIrW/ZDM0xw0SU/fgAKmf/u1QRy9ctNVGwB02u/Oif/o +xbX5yfRQxEA7qK3RN6tPU1r+9QYbbyIUBePFXbbMCEv41QUpj9shNh3g5kC1LQPQ +VG7l+/ewS57u6wUBRAEFosLVcU5zKZydHkmqJTY4mCpGbDcJQ/q16Es/kNBprEsM +GkSyKT4EJrp8XUnqfXBVVADUP2aGqiJTQ8GPsBn5CUkb33fO2gY= +=z3VN -----END PGP SIGNATURE----- diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz index 4f3d5d05a5e4..8dde4ddcf57d 100644 Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ diff --git a/metadata/glsa/glsa-201908-01.xml b/metadata/glsa/glsa-201908-01.xml new file mode 100644 index 000000000000..e2b90baf12fa --- /dev/null +++ b/metadata/glsa/glsa-201908-01.xml @@ -0,0 +1,69 @@ + + + + Binutils: Multiple vulnerabilities + Multiple vulnerabilities have been found in Binutils, the worst of + which may allow remote attackers to cause a Denial of Service condition. + + binutils + 2019-08-03 + 2019-08-03 + 672904 + 672910 + 674668 + 682698 + 682702 + remote + + + 2.32-r1 + 2.32-r1 + + + +

The GNU Binutils are a collection of tools to create, modify and analyse + binary files. Many of the files use BFD, the Binary File Descriptor + library, to do low-level manipulation. +

+ + +

Multiple vulnerabilities have been discovered in Binutils. Please review + the referenced CVE identifiers for details. +

+ + +

A remote attacker, by enticing a user to compile/execute a specially + crafted ELF, object, PE, or binary file, could possibly cause a Denial of + Service condition or have other unspecified impacts. +

+ + +

There is no known workaround at this time.

+ + +

All Binutils users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.32-r1" + + + + CVE-2018-10372 + CVE-2018-10373 + CVE-2018-10534 + CVE-2018-10535 + CVE-2018-12641 + CVE-2018-12697 + CVE-2018-12698 + CVE-2018-12699 + CVE-2018-12700 + CVE-2018-13033 + CVE-2018-19931 + CVE-2018-19932 + CVE-2018-20002 + CVE-2018-20651 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-02.xml b/metadata/glsa/glsa-201908-02.xml new file mode 100644 index 000000000000..0c73ede6a3c9 --- /dev/null +++ b/metadata/glsa/glsa-201908-02.xml @@ -0,0 +1,54 @@ + + + + libpng: Multiple vulnerabilities + Multiple vulnerabilities have been found in libpng, the worst of + which could result in a Denial of Service condition. + + libpng + 2019-08-03 + 2019-08-03 + 683366 + remote + + + 1.6.37 + 1.6.37 + + + +

libpng is a standard library used to process PNG (Portable Network + Graphics) images. It is used by several programs, including web browsers + and potentially server processes. +

+ + +

Multiple vulnerabilities have been discovered in libpng. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker, by enticing a user to process a specially crafted PNG + file, could cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All libpng users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.6.37" + + + + + CVE-2018-14048 + CVE-2018-14550 + CVE-2019-7317 + + BlueKnight + b-man + diff --git a/metadata/glsa/glsa-201908-03.xml b/metadata/glsa/glsa-201908-03.xml new file mode 100644 index 000000000000..2b768c68c862 --- /dev/null +++ b/metadata/glsa/glsa-201908-03.xml @@ -0,0 +1,80 @@ + + + + JasPer: Multiple vulnerabilities + Multiple vulnerabilities have been found in JasPer, the worst of + which could result in a Denial of Service condition. + + jasper + 2019-08-09 + 2019-08-09 + 614028 + 614032 + 624988 + 629286 + 635552 + 662160 + 674154 + 674214 + remote + + + 2.0.16 + + + +

JasPer is a software-based implementation of the codec specified in the + JPEG-2000 Part-1 standard. +

+ + +

Multiple vulnerabilities have been discovered in JasPer. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

JasPer is no longer maintained upstream and contains many + vulnerabilities which remain unaddressed. Gentoo users are advised to + unmerge this package. +

+ + + # emerge --unmerge media-libs/jasper + + + + + CVE-2017-1000050 + + CVE-2017-13745 + CVE-2017-13746 + CVE-2017-13747 + CVE-2017-13748 + CVE-2017-13749 + CVE-2017-13750 + CVE-2017-13751 + CVE-2017-13752 + CVE-2017-13753 + CVE-2017-14132 + CVE-2017-14229 + CVE-2017-14232 + CVE-2017-5503 + CVE-2017-5504 + CVE-2017-5505 + CVE-2017-6851 + CVE-2017-6852 + CVE-2017-9782 + CVE-2018-18873 + CVE-2018-20584 + CVE-2018-9055 + CVE-2018-9154 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-04.xml b/metadata/glsa/glsa-201908-04.xml new file mode 100644 index 000000000000..bc5160a9290f --- /dev/null +++ b/metadata/glsa/glsa-201908-04.xml @@ -0,0 +1,52 @@ + + + + Redis: Multiple vulnerabilities + Multiple vulnerabilities have been found in Redis, the worst of + which may allow execution of arbitrary code. + + redis + 2019-08-09 + 2019-08-09 + 658066 + 689700 + remote + + + 4.0.14 + 4.0.14 + + + +

Redis is an open source (BSD licensed), in-memory data structure store, + used as a database, cache and message broker. +

+ + +

Multiple vulnerabilities have been discovered in Redis. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Redis users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/redis-4.0.14" + + + + CVE-2018-11218 + CVE-2018-11219 + CVE-2019-10192 + CVE-2019-10193 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-05.xml b/metadata/glsa/glsa-201908-05.xml new file mode 100644 index 000000000000..42d9037a0887 --- /dev/null +++ b/metadata/glsa/glsa-201908-05.xml @@ -0,0 +1,56 @@ + + + + LibVNCServer: Multiple vulnerabilities + Multiple vulnerabilities have been found in LibVNCServer, the worst + of which could result in the arbitrary execution of code. + + libvncserver + 2019-08-09 + 2019-08-09 + 659560 + 673508 + remote + + + 0.9.12 + 0.9.12 + + + +

LibVNCServer/LibVNCClient are cross-platform C libraries that allow you + to easily implement VNC server or client functionality in your program. +

+ + +

Multiple vulnerabilities have been discovered in LibVNCServer. Please + review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All LibVNCServer users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/libvncserver-0.9.12" + + + + CVE-2018-20019 + CVE-2018-20020 + CVE-2018-20021 + CVE-2018-20022 + CVE-2018-20023 + CVE-2018-20024 + CVE-2018-7225 + CVE-2018-7226 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-06.xml b/metadata/glsa/glsa-201908-06.xml new file mode 100644 index 000000000000..03379fb8e90b --- /dev/null +++ b/metadata/glsa/glsa-201908-06.xml @@ -0,0 +1,50 @@ + + + + glibc: Multiple vulnerabilities + Multiple vulnerabilities have been found in glibc, the worst of + which could result in a Denial of Service condition. + + glibc + 2019-08-15 + 2019-08-15 + 609386 + 635012 + 672228 + local, remote + + + 2.28-r4 + 2.28-r4 + + + +

glibc is a package that contains the GNU C library.

+ + +

Multiple vulnerabilities have been discovered in glibc. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All glibc users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.28-r4" + + + + CVE-2015-8985 + CVE-2016-6263 + CVE-2018-19591 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-07.xml b/metadata/glsa/glsa-201908-07.xml new file mode 100644 index 000000000000..93df38d655c4 --- /dev/null +++ b/metadata/glsa/glsa-201908-07.xml @@ -0,0 +1,50 @@ + + + + KDE KConfig: User-assisted execution of arbitrary code + A vulnerablity has been found in KDE KConfig that could allow a + remote attacker to execute arbitrary code. + + kconfig + 2019-08-15 + 2019-08-15 + 691858 + remote + + + 5.60.0-r1 + 5.60.0-r1 + + + +

Provides an advanced configuration system.

+ + +

A vulnerability was discovered in KDE KConfig’s handling of .desktop + and .directory files. +

+ + +

An attacker could entice a user to execute a specially crafted .desktop + or .directory file possibly resulting in execution of arbitrary code with + the privileges of the process. +

+ + +

There is no known workaround at this time.

+ + +

All KConfig users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=kde-frameworks/kconfig-5.60.0-r1" + + + + CVE-2019-14744 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-08.xml b/metadata/glsa/glsa-201908-08.xml new file mode 100644 index 000000000000..29ebf5011b8b --- /dev/null +++ b/metadata/glsa/glsa-201908-08.xml @@ -0,0 +1,51 @@ + + + + CUPS: Multiple vulnerabilities + Multiple vulnerabilities have been found in CUPS, the worst of + which could result in the arbitrary execution of code. + + cups + 2019-08-15 + 2019-08-15 + 660954 + remote + + + 2.2.8 + 2.2.8 + + + +

CUPS, the Common Unix Printing System, is a full-featured print server.

+ + +

Multiple vulnerabilities have been discovered in CUPS. Please review the + CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All CUPS users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-print/cups-2.2.8" + + + + CVE-2017-15400 + CVE-2018-4180 + CVE-2018-4181 + CVE-2018-4182 + CVE-2018-4183 + CVE-2018-6553 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-09.xml b/metadata/glsa/glsa-201908-09.xml new file mode 100644 index 000000000000..3ac338fad0ae --- /dev/null +++ b/metadata/glsa/glsa-201908-09.xml @@ -0,0 +1,51 @@ + + + + SQLite: Multiple vulnerabilities + Multiple vulnerabilities have been found in SQLite, the worst of + which could result in the arbitrary execution of code. + + sqlite + 2019-08-15 + 2019-08-15 + 684840 + 685838 + remote + + + 3.28.0 + 3.28.0 + + + +

SQLite is a C library that implements an SQL database engine.

+ + +

Multiple vulnerabilities have been discovered in SQLite. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could, by executing arbitrary SQL statements against a + vulnerable host, execute arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All SQLite users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.28.0" + + + + CVE-2019-5018 + CVE-2019-9936 + CVE-2019-9937 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-10.xml b/metadata/glsa/glsa-201908-10.xml new file mode 100644 index 000000000000..c5246faff191 --- /dev/null +++ b/metadata/glsa/glsa-201908-10.xml @@ -0,0 +1,82 @@ + + + + Oracle JDK/JRE: Multiple vulnerabilities + Multiple vulnerabilities have been found in Oracle’s JDK and JRE + software suites. + + oracle,jre,jdk + 2019-08-15 + 2019-08-15 + 668948 + 691336 + remote + + + 1.8.0.202 + 1.8.0.202 + + + 1.8.0.202 + 1.8.0.202 + + + +

Java Platform, Standard Edition (Java SE) lets you develop and deploy + Java applications on desktops and servers, as well as in today’s + demanding embedded environments. Java offers the rich user interface, + performance, versatility, portability, and security that today’s + applications require. +

+ + +

Multiple vulnerabilities have been discovered in Oracle’s JDK and JRE + software suites. Please review the CVE identifiers referenced below for + details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Oracle JDK bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jdk-bin-1.8.0.202:1.8" + + +

All Oracle JRE bin users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=dev-java/oracle-jre-bin-1.8.0.202:1.8" + + + + CVE-2018-13785 + CVE-2018-3136 + CVE-2018-3139 + CVE-2018-3149 + CVE-2018-3150 + CVE-2018-3157 + CVE-2018-3169 + CVE-2018-3180 + CVE-2018-3183 + CVE-2018-3209 + CVE-2018-3211 + CVE-2018-3214 + CVE-2019-2602 + CVE-2019-2684 + CVE-2019-2697 + CVE-2019-2698 + CVE-2019-2699 + + BlueKnight + b-man + diff --git a/metadata/glsa/glsa-201908-11.xml b/metadata/glsa/glsa-201908-11.xml new file mode 100644 index 000000000000..53a2922c960a --- /dev/null +++ b/metadata/glsa/glsa-201908-11.xml @@ -0,0 +1,53 @@ + + + + libarchive: Multiple vulnerabilities + Multiple vulnerabilities have been found in libarchive, the worst + of which could result in the arbitrary execution of code. + + libarchive + 2019-08-15 + 2019-08-15 + 631294 + 636070 + remote + + + 3.3.3 + 3.3.3 + + + +

libarchive is a library for manipulating different streaming archive + formats, including certain tar variants, several cpio formats, and both + BSD and GNU ar variants. +

+ + +

Multiple vulnerabilities have been discovered in libarchive. Please + review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All libarchive users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/libarchive-3.3.3" + + + + CVE-2017-14166 + CVE-2017-14501 + CVE-2017-14502 + CVE-2017-14503 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-12.xml b/metadata/glsa/glsa-201908-12.xml new file mode 100644 index 000000000000..83d7758ea716 --- /dev/null +++ b/metadata/glsa/glsa-201908-12.xml @@ -0,0 +1,97 @@ + + + + Mozilla Firefox: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Firefox, the + worst of which could result in the arbitrary execution of code. + + firefox + 2019-08-15 + 2019-08-15 + 688332 + 690626 + remote + + + 60.8.0 + 60.8.0 + + + 60.8.0 + 60.8.0 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-60.8.0" + + +

All Mozilla Firefox binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.8.0" + + + + CVE-2019-11707 + CVE-2019-11708 + CVE-2019-11709 + CVE-2019-11710 + CVE-2019-11711 + CVE-2019-11712 + CVE-2019-11713 + CVE-2019-11714 + CVE-2019-11715 + CVE-2019-11716 + CVE-2019-11717 + CVE-2019-11718 + CVE-2019-11719 + CVE-2019-11720 + CVE-2019-11721 + CVE-2019-11723 + CVE-2019-11724 + CVE-2019-11725 + CVE-2019-11727 + CVE-2019-11728 + CVE-2019-11729 + CVE-2019-11730 + CVE-2019-9811 + + MFSA2019-18 + + + MFSA2019-19 + + + MFSA2019-21 + + + MFSA2019-22 + + + whissi + b-man + diff --git a/metadata/glsa/glsa-201908-13.xml b/metadata/glsa/glsa-201908-13.xml new file mode 100644 index 000000000000..c709f4ce791d --- /dev/null +++ b/metadata/glsa/glsa-201908-13.xml @@ -0,0 +1,62 @@ + + + + LibreOffice: Multiple vulnerabilities + Multiple vulnerabilities have been found in LibreOffice, the worst + of which could result in the arbitrary execution of code. + + libreoffice + 2019-08-15 + 2019-08-15 + 690354 + local, remote + + + 6.2.5.2 + 6.2.5.2 + + + 6.2.5.2 + 6.2.5.2 + + + +

LibreOffice is a powerful office suite; its clean interface and powerful + tools let you unleash your creativity and grow your productivity. +

+ + +

Multiple vulnerabilities have been discovered in LibreOffice. Please + review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All LibreOffice users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-6.2.5.2" + + +

All LibreOffice binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=app-office/libreoffice-bin-6.2.5.2" + + + + + CVE-2019-9848 + CVE-2019-9849 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-14.xml b/metadata/glsa/glsa-201908-14.xml new file mode 100644 index 000000000000..bdd1c2c60eae --- /dev/null +++ b/metadata/glsa/glsa-201908-14.xml @@ -0,0 +1,50 @@ + + + + polkit: Multiple vulnerabilities + Multiple vulnerabilities have been found in polkit, the worst of + which could result in privilege escalation. + + polkit + 2019-08-15 + 2019-08-15 + 661470 + 672578 + remote + + + 0.115-r2 + 0.115-r2 + + + +

polkit is a toolkit for managing policies relating to unprivileged + processes communicating with privileged processes. +

+ + +

Multiple vulnerabilities have been discovered in polkit. Please review + the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All polkit users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.115-r2" + + + + CVE-2018-1116 + CVE-2018-19788 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-15.xml b/metadata/glsa/glsa-201908-15.xml new file mode 100644 index 000000000000..56293af7dc20 --- /dev/null +++ b/metadata/glsa/glsa-201908-15.xml @@ -0,0 +1,47 @@ + + + + ZNC: Privilege escalation + A vulnerability in ZNC allows users to escalate privileges. + znc + 2019-08-15 + 2019-08-15 + 688152 + remote + + + 1.7.4_rc1 + 1.7.4_rc1 + + + +

ZNC is an advanced IRC bouncer.

+ + +

It was discovered that ZNC’s “Modules.cpp” allows remote + authenticated non-admin users to escalate privileges. +

+ + +

A remote authenticated attacker could escalate privileges and + subsequently execute arbitrary code or conduct a Denial of Service + attack. +

+ + +

There is no known workaround at this time.

+ + +

All ZNC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-irc/znc-1.7.4_rc1" + + + + CVE-2019-12816 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-16.xml b/metadata/glsa/glsa-201908-16.xml new file mode 100644 index 000000000000..e52f22844927 --- /dev/null +++ b/metadata/glsa/glsa-201908-16.xml @@ -0,0 +1,49 @@ + + + + ProFTPD: Remote code execution + A vulnerability in ProFTPD could result in the arbitrary execution + of code. + + proftpd + 2019-08-15 + 2019-08-15 + 690528 + remote + + + 1.3.6-r5 + 1.3.6-r5 + + + +

ProFTPD is an advanced and very configurable FTP server.

+ + +

It was discovered that ProFTPD’s “mod_copy” module does not + properly restrict privileges for anonymous users. +

+ + +

A remote attacker, by anonymously uploading a malicious file, could + possibly execute arbitrary code with the privileges of the process, cause + a Denial of Service condition or disclose information. +

+ + +

There is no known workaround at this time.

+ + +

All ProFTPD users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.6-r5" + + + + CVE-2019-12815 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-17.xml b/metadata/glsa/glsa-201908-17.xml new file mode 100644 index 000000000000..24e15836d90c --- /dev/null +++ b/metadata/glsa/glsa-201908-17.xml @@ -0,0 +1,48 @@ + + + + ZeroMQ: Arbitrary code execution + A vulnerability in ZeroMQ might allow an attacker to execute + arbitrary code. + + zeromq + 2019-08-15 + 2019-08-15 + 689426 + remote + + + 4.3.2 + 4.3.2 + + + +

Looks like an embeddable networking library but acts like a concurrency + framework. +

+ + +

A buffer overflow was discovered in ZeroMQ.

+ + +

An attacker could possibly execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All ZeroMQ users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/zeromq-4.3.2" + + + + CVE-2019-13132 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-18.xml b/metadata/glsa/glsa-201908-18.xml new file mode 100644 index 000000000000..28f8eb0cc599 --- /dev/null +++ b/metadata/glsa/glsa-201908-18.xml @@ -0,0 +1,206 @@ + + + + Chromium, Google Chrome: Multiple vulnerabilities + Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could allow remote attackers to execute + arbitrary code. + + chorme,chromium + 2019-08-15 + 2019-08-16 + 672606 + 684238 + 684272 + 687732 + 688072 + 689944 + 691098 + 691682 + remote + + + 76.0.3809.100 + 76.0.3809.100 + + + 76.0.3809.100 + 76.0.3809.100 + + + +

Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +

+ +

Google Chrome is one fast, simple, and secure browser for all your + devices. +

+ + +

Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers and Google Chrome + Releases for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Chromium users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-76.0.3809.100" + + +

All Google Chrome users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-76.0.3809.100" + + + + CVE-2019-5805 + CVE-2019-5806 + CVE-2019-5807 + CVE-2019-5808 + CVE-2019-5809 + CVE-2019-5810 + CVE-2019-5811 + CVE-2019-5812 + CVE-2019-5813 + CVE-2019-5814 + CVE-2019-5815 + CVE-2019-5816 + CVE-2019-5817 + CVE-2019-5818 + CVE-2019-5819 + CVE-2019-5820 + CVE-2019-5821 + CVE-2019-5822 + CVE-2019-5823 + CVE-2019-5828 + CVE-2019-5829 + CVE-2019-5830 + CVE-2019-5831 + CVE-2019-5832 + CVE-2019-5833 + CVE-2019-5834 + CVE-2019-5835 + CVE-2019-5836 + CVE-2019-5837 + CVE-2019-5838 + CVE-2019-5839 + CVE-2019-5840 + CVE-2019-5842 + CVE-2019-5847 + CVE-2019-5848 + CVE-2019-5850 + CVE-2019-5851 + CVE-2019-5852 + CVE-2019-5853 + CVE-2019-5854 + CVE-2019-5855 + CVE-2019-5856 + CVE-2019-5857 + CVE-2019-5858 + CVE-2019-5859 + CVE-2019-5860 + CVE-2019-5861 + CVE-2019-5862 + CVE-2019-5863 + CVE-2019-5864 + CVE-2019-5865 + CVE-2019-5867 + CVE-2019-5868 + CVE-2018-17480 + CVE-2018-17481 + CVE-2018-18335 + CVE-2018-18336 + CVE-2018-18337 + CVE-2018-18338 + CVE-2018-18339 + CVE-2018-18340 + CVE-2018-18341 + CVE-2018-18342 + CVE-2018-18343 + CVE-2018-18344 + CVE-2018-18345 + CVE-2018-18346 + CVE-2018-18347 + CVE-2018-18348 + CVE-2018-18349 + CVE-2018-18350 + CVE-2018-18351 + CVE-2018-18352 + CVE-2018-18353 + CVE-2018-18354 + CVE-2018-18355 + CVE-2018-18356 + CVE-2018-18357 + CVE-2018-18358 + CVE-2018-18359 + CVE-2019-5805 + CVE-2019-5806 + CVE-2019-5807 + CVE-2019-5808 + CVE-2019-5809 + CVE-2019-5810 + CVE-2019-5811 + CVE-2019-5812 + CVE-2019-5813 + CVE-2019-5814 + CVE-2019-5815 + CVE-2019-5816 + CVE-2019-5817 + CVE-2019-5818 + CVE-2019-5819 + CVE-2019-5820 + CVE-2019-5821 + CVE-2019-5822 + CVE-2019-5823 + CVE-2019-5828 + CVE-2019-5829 + CVE-2019-5830 + CVE-2019-5831 + CVE-2019-5832 + CVE-2019-5833 + CVE-2019-5834 + CVE-2019-5835 + CVE-2019-5836 + CVE-2019-5837 + CVE-2019-5838 + CVE-2019-5839 + CVE-2019-5840 + CVE-2019-5842 + CVE-2019-5847 + CVE-2019-5848 + CVE-2019-5850 + CVE-2019-5851 + CVE-2019-5852 + CVE-2019-5853 + CVE-2019-5854 + CVE-2019-5855 + CVE-2019-5856 + CVE-2019-5857 + CVE-2019-5858 + CVE-2019-5859 + CVE-2019-5860 + CVE-2019-5861 + CVE-2019-5862 + CVE-2019-5863 + CVE-2019-5864 + CVE-2019-5865 + CVE-2019-5867 + CVE-2019-5868 + + BlueKnight + b-man + diff --git a/metadata/glsa/glsa-201908-19.xml b/metadata/glsa/glsa-201908-19.xml new file mode 100644 index 000000000000..e6a77881ce70 --- /dev/null +++ b/metadata/glsa/glsa-201908-19.xml @@ -0,0 +1,48 @@ + + + + GNU Wget: Arbitrary code execution + A vulnerability in GNU Wget might allow an attacker to execute + arbitrary code. + + wget + 2019-08-15 + 2019-08-15 + 682994 + remote + + + 1.20.3 + 1.20.3 + + + +

GNU Wget is a free software package for retrieving files using HTTP, + HTTPS and FTP, the most widely-used Internet protocols. +

+ + +

A buffer overflow was discovered in GNU’s Wget.

+ + +

An attacker could possibly execute arbitrary code with the privileges of + the process or cause a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Wget users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/wget-1.20.3" + + + + CVE-2019-5953 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-20.xml b/metadata/glsa/glsa-201908-20.xml new file mode 100644 index 000000000000..05b2ac48e805 --- /dev/null +++ b/metadata/glsa/glsa-201908-20.xml @@ -0,0 +1,76 @@ + + + + Mozilla Thunderbird: Multiple vulnerabilities + Multiple vulnerabilities have been found in Mozilla Thunderbird, + the worst of which could result in the arbitrary execution of code. + + thunderbird + 2019-08-16 + 2019-08-16 + 688032 + 690664 + remote + + + 60.8.0 + 60.8.0 + + + 60.8.0 + 60.8.0 + + + +

Mozilla Thunderbird is a popular open-source email client from the + Mozilla project +

+ + +

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-60.8.0" + + +

All Mozilla Thunderbird binary users should upgrade to the latest + version: +

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-60.8.0" + + + + CVE-2019-11703 + CVE-2019-11704 + CVE-2019-11705 + CVE-2019-11706 + CVE-2019-11709 + CVE-2019-11711 + CVE-2019-11712 + CVE-2019-11713 + CVE-2019-11715 + CVE-2019-11717 + CVE-2019-11719 + CVE-2019-11729 + CVE-2019-11730 + CVE-2019-9811 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-21.xml b/metadata/glsa/glsa-201908-21.xml new file mode 100644 index 000000000000..ec87cbf19c38 --- /dev/null +++ b/metadata/glsa/glsa-201908-21.xml @@ -0,0 +1,54 @@ + + + + Adobe Flash Player: Multiple vulnerabilities + Multiple vulnerabilities have been found in Adobe Flash Player, the + worst of which could result in the arbitrary execution of code. + + flash + 2019-08-18 + 2019-08-18 + 683006 + 687894 + remote + + + 32.0.0.207 + 32.0.0.207 + + + +

The Adobe Flash Player is a renderer for the SWF file format, which is + commonly used to provide interactive websites. +

+ + +

Multiple vulnerabilities have been discovered in Adobe Flash Player. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could possibly execute arbitrary code with the + privileges of the process or bypass security restrictions. +

+ + +

There is no known workaround at this time.

+ + +

All Adobe Flash Player users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-plugins/adobe-flash-32.0.0.207" + + + + CVE-2019-7096 + CVE-2019-7108 + CVE-2019-7845 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-22.xml b/metadata/glsa/glsa-201908-22.xml new file mode 100644 index 000000000000..c4264b73b4e5 --- /dev/null +++ b/metadata/glsa/glsa-201908-22.xml @@ -0,0 +1,53 @@ + + + + Patch: Multiple vulnerabilities + Multiple vulnerabilities have been found in Patch, the worst of + which could result in the arbitrary execution of code. + + patch + 2019-08-18 + 2019-08-18 + 690136 + local + + + 2.7.6-r4 + 2.7.6-r4 + + + +

Patch takes a patch file containing a difference listing produced by the + diff program and applies those differences to one or more original files, + producing patched versions. +

+ + +

Multiple vulnerabilities have been discovered in Patch. Please review + the CVE identifiers referenced below for details. +

+ + +

A local attacker could pass a specially crafted diff file to Patch, + possibly resulting in a Denial of Service condition or arbitrary code + execution. +

+ + +

There is no known workaround at this time.

+ + +

All Patch users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/patch-2.7.6-r4" + + + + CVE-2019-13636 + CVE-2019-13638 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-23.xml b/metadata/glsa/glsa-201908-23.xml new file mode 100644 index 000000000000..c62336f32cf7 --- /dev/null +++ b/metadata/glsa/glsa-201908-23.xml @@ -0,0 +1,50 @@ + + + + VLC: Multiple vulnerabilities + Multiple vulnerabilities have been found in VLC, the worst of which + could result in the arbitrary execution of code. + + vlc + 2019-08-18 + 2019-08-18 + 688642 + local, remote + + + 3.0.7 + 3.0.7 + + + +

VLC is a cross-platform media player and streaming server.

+ + +

Multiple vulnerabilities have been discovered in VLC. Please review the + CVE identifiers referenced below for details. +

+ + +

Remote attackers, by enticing a user to execute a specially crafted + media file, could cause a Denial of Service condition or possibly execute + arbitrary code. +

+ + +

There is no known workaround at this time.

+ + +

All VLC users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-3.0.7" + + + + CVE-2019-12874 + CVE-2019-5439 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-24.xml b/metadata/glsa/glsa-201908-24.xml new file mode 100644 index 000000000000..f6add259ef8c --- /dev/null +++ b/metadata/glsa/glsa-201908-24.xml @@ -0,0 +1,109 @@ + + + + MariaDB, MySQL: Multiple vulnerabilities + Multiple vulnerabilities have been found in MariaDB and MySQL, the + worst of which could result in privilege escalation. + + mariadb,mysql + 2019-08-18 + 2019-08-18 + 661500 + 670388 + 679024 + local, remote + + + 10.1.38-r1 + 10.2.22 + 10.1.38-r1 + 10.2.22 + + + 5.6.42 + 5.7.24 + 5.6.42 + 5.7.24 + + + +

MariaDB is an enhanced, drop-in replacement for MySQL. MySQL is a + popular multi-threaded, multi-user SQL server. MySQL is a popular + multi-threaded, multi-user SQL server +

+ + +

Multiple vulnerabilities have been discovered in MariaDB and MySQL. + Please review the CVE identifiers referenced below for details. +

+ + +

Please review the referenced CVE identifiers for details.

+ + +

There is no known workaround at this time.

+ + +

All MariaDB 10.1.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.1.38-r1" + + +

All MariaDB 10.2.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.2.22" + + +

All MySQL 5.6.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.6.42" + + +

All MySQL 5.7.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-db/mysql-5.7.24" + + + + CVE-2018-2755 + CVE-2018-2759 + CVE-2018-2761 + CVE-2018-2766 + CVE-2018-2771 + CVE-2018-2777 + CVE-2018-2781 + CVE-2018-2782 + CVE-2018-2784 + CVE-2018-2786 + CVE-2018-2787 + CVE-2018-2810 + CVE-2018-2813 + CVE-2018-2817 + CVE-2018-2819 + CVE-2018-3143 + CVE-2018-3156 + CVE-2018-3162 + CVE-2018-3173 + CVE-2018-3174 + CVE-2018-3185 + CVE-2018-3200 + CVE-2018-3251 + CVE-2018-3252 + CVE-2018-3277 + CVE-2018-3282 + CVE-2018-3284 + CVE-2019-2510 + CVE-2019-2529 + CVE-2019-2537 + + b-man + b-man + diff --git a/metadata/glsa/glsa-201908-25.xml b/metadata/glsa/glsa-201908-25.xml new file mode 100644 index 000000000000..7f2c146a9229 --- /dev/null +++ b/metadata/glsa/glsa-201908-25.xml @@ -0,0 +1,64 @@ + + + + hostapd and wpa_supplicant: Denial of Service + A vulnerability in hostapd and wpa_supplicant could lead to a + Denial of Service condition. + + wpa_supplicant + 2019-08-18 + 2019-08-18 + 685860 + 688588 + remote + + + 2.8 + 2.8 + + + 2.8 + 2.8 + + + +

wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE + 802.11i / RSN). +

+ +

hostapd is a user space daemon for access point and authentication + servers. +

+ + +

A vulnerability was discovered in hostapd’s and wpa_supplicant’s + eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c files. +

+ + +

An attacker could cause a possible Denial of Service condition.

+ + +

There is no known workaround at this time.

+ + +

All hostapd users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.8" + + +

All wpa_supplicant users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-2.8" + + + + CVE-2019-11555 + + b-man + b-man + diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk index 326b38d4fbc7..7a755efccb78 100644 --- a/metadata/glsa/timestamp.chk +++ b/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Fri, 02 Aug 2019 17:09:10 +0000 +Sun, 18 Aug 2019 16:08:59 +0000 diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit index b72a40632e5a..a0dca6b11934 100644 --- a/metadata/glsa/timestamp.commit +++ b/metadata/glsa/timestamp.commit @@ -1 +1 @@ -74d83a200d28906c5e5b46a676cd5579da349080 1559842216 2019-06-06T17:30:16+00:00 +55b0fff2f98b275d6a6bcaf8e12164157936324c 1566095478 2019-08-18T02:31:18+00:00 -- cgit v1.2.3