Merge commit '60298a368732a5fdf5e926ec4c59811f482e73b5'

author: Repository mirror & CI <repomirrorci@gentoo.org> 2022-08-14 00:20:56 +0000
committer: Repository mirror & CI <repomirrorci@gentoo.org> 2022-08-14 00:20:56 +0000
commit: 439c210552784221d24c600768ebaf74e5bca94d (patch)
tree: 2af3968ef7edf4122ce36cede5ffbd18799e67b1 /metadata/glsa
parent: 2022-08-13 20:16:56 UTC (diff)
parent: [ GLSA 202208-22 ] xterm: Multiple Vulnerabilities (diff)
download: gentoo-439c210552784221d24c600768ebaf74e5bca94d.tar.gz
gentoo-439c210552784221d24c600768ebaf74e5bca94d.tar.bz2
gentoo-439c210552784221d24c600768ebaf74e5bca94d.zip
3 files changed, 164 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202208-20.xml b/metadata/glsa/glsa-202208-20.xml
new file mode 100644
index 000000000000..58744f5a5bc0
--- /dev/null
+++ b/metadata/glsa/glsa-202208-20.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-20">
+    <title>Apache HTTPD: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">apache,apache-tools</product>
+    <announced>2022-08-14</announced>
+    <revised count="1">2022-08-14</revised>
+    <bug>813429</bug>
+    <bug>816399</bug>
+    <bug>816864</bug>
+    <bug>829722</bug>
+    <bug>835131</bug>
+    <bug>850622</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-admin/apache-tools" auto="yes" arch="*">
+            <unaffected range="ge">2.4.54</unaffected>
+            <vulnerable range="lt">2.4.54</vulnerable>
+        </package>
+        <package name="www-servers/apache" auto="yes" arch="*">
+            <unaffected range="ge">2.4.54</unaffected>
+            <vulnerable range="lt">2.4.54</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The Apache HTTP server is one of the most popular web servers on the Internet.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Apache HTTPD users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
+        </code>
+        
+        <p>All Apache HTTPD tools users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33193">CVE-2021-33193</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34798">CVE-2021-34798</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36160">CVE-2021-36160</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39275">CVE-2021-39275</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40438">CVE-2021-40438</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41524">CVE-2021-41524</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41773">CVE-2021-41773</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42013">CVE-2021-42013</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44224">CVE-2021-44224</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44790">CVE-2021-44790</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22719">CVE-2022-22719</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22720">CVE-2022-22720</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22721">CVE-2022-22721</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23943">CVE-2022-23943</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26377">CVE-2022-26377</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28614">CVE-2022-28614</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28615">CVE-2022-28615</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29404">CVE-2022-29404</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30522">CVE-2022-30522</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30556">CVE-2022-30556</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31813">CVE-2022-31813</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-08-14T00:09:33.469438Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-08-14T00:09:33.474207Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202208-21.xml b/metadata/glsa/glsa-202208-21.xml
new file mode 100644
index 000000000000..3f883725ca03
--- /dev/null
+++ b/metadata/glsa/glsa-202208-21.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-21">
+    <title>libebml: Heap buffer overflow vulnerability</title>
+    <synopsis>A heap-based buffer overflow in libeml might allow attackers to execute arbitrary code.</synopsis>
+    <product type="ebuild">libebml</product>
+    <announced>2022-08-14</announced>
+    <revised count="1">2022-08-14</revised>
+    <bug>772272</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-libs/libebml" auto="yes" arch="arm,ppc,sparc,x86">
+            <unaffected range="ge">1.4.2</unaffected>
+            <vulnerable range="lt">1.4.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libebml is a C++ library to parse EBML files.</p>
+    </background>
+    <description>
+        <p>On 32bit builds of libebml, the length of a string is miscalculated, potentially leading to an exploitable heap overflow.</p>
+    </description>
+    <impact type="high">
+        <p>An attacker able to provide arbitrary input to libebml could achieve arbitrary code execution.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>Users of libebml on 32 bit architectures should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/libebml-1.4.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3405">CVE-2021-3405</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-08-14T00:09:54.090013Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-08-14T00:09:54.093255Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202208-22.xml b/metadata/glsa/glsa-202208-22.xml
new file mode 100644
index 000000000000..5e5f67c9185e
--- /dev/null
+++ b/metadata/glsa/glsa-202208-22.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202208-22">
+    <title>xterm: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in xterm, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">xterm</product>
+    <announced>2022-08-14</announced>
+    <revised count="1">2022-08-14</revised>
+    <bug>769839</bug>
+    <bug>832409</bug>
+    <access>remote</access>
+    <affected>
+        <package name="x11-terms/xterm" auto="yes" arch="*">
+            <unaffected range="ge">371</unaffected>
+            <vulnerable range="lt">371</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>xterm is a terminal emulator for the X Window system.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in xterm. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All xterm users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=x11-terms/xterm-371"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27135">CVE-2021-27135</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24130">CVE-2022-24130</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-08-14T00:10:06.372997Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-08-14T00:10:06.379758Z">ajak</metadata>
+</glsa>
+\ No newline at end of file
author	Repository mirror & CI <repomirrorci@gentoo.org>	2022-08-14 00:20:56 +0000
committer	Repository mirror & CI <repomirrorci@gentoo.org>	2022-08-14 00:20:56 +0000
commit	439c210552784221d24c600768ebaf74e5bca94d (patch)
tree	2af3968ef7edf4122ce36cede5ffbd18799e67b1 /metadata/glsa
parent	2022-08-13 20:16:56 UTC (diff)
parent	[ GLSA 202208-22 ] xterm: Multiple Vulnerabilities (diff)
download	gentoo-439c210552784221d24c600768ebaf74e5bca94d.tar.gz gentoo-439c210552784221d24c600768ebaf74e5bca94d.tar.bz2 gentoo-439c210552784221d24c600768ebaf74e5bca94d.zip