Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorRepository mirror & CI <repomirrorci@gentoo.org>2021-07-15 05:21:17 +0000
committerRepository mirror & CI <repomirrorci@gentoo.org>2021-07-15 05:21:17 +0000
commit46cf9a943288d37d549980ef45549f2cd7bf0c86 (patch)
tree2930f957679df1f961e07a6c068441231e4f5b9e /metadata/glsa
parent2021-07-15 04:07:28 UTC (diff)
parent[ GLSA 202107-33 ] Pillow: Multiple vulnerabilities (diff)
downloadgentoo-46cf9a943288d37d549980ef45549f2cd7bf0c86.tar.gz
gentoo-46cf9a943288d37d549980ef45549f2cd7bf0c86.tar.bz2
gentoo-46cf9a943288d37d549980ef45549f2cd7bf0c86.zip
Merge commit '9cb700928be6982da7a290112e7010fd2e46c9c9'
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/glsa-202107-32.xml52
-rw-r--r--metadata/glsa/glsa-202107-33.xml62
2 files changed, 114 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202107-32.xml b/metadata/glsa/glsa-202107-32.xml
new file mode 100644
index 000000000000..1471ab62487f
--- /dev/null
+++ b/metadata/glsa/glsa-202107-32.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-32">
+ <title>Apache Thrift: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Apache Thrift, the
+ worst of which could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">thrift</product>
+ <announced>2021-07-14</announced>
+ <revised count="1">2021-07-14</revised>
+ <bug>761409</bug>
+ <bug>770145</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-python/thrift" auto="yes" arch="*">
+ <unaffected range="ge">0.14.1</unaffected>
+ <vulnerable range="lt">0.14.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Apache Thrift is a software framework that combines a software stack
+ with a code generation engine to build services that work efficiently and
+ seamlessly between many languages.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Apache Thrift. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Apache Thrift users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-python/thrift-0.14.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0205">CVE-2019-0205</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-0210">CVE-2019-0210</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13949">CVE-2020-13949</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-07-08T01:05:35Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2021-07-14T03:10:06Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-33.xml b/metadata/glsa/glsa-202107-33.xml
new file mode 100644
index 000000000000..ab54702ebb12
--- /dev/null
+++ b/metadata/glsa/glsa-202107-33.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-33">
+ <title>Pillow: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Pillow, the worst of
+ which could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">pillow</product>
+ <announced>2021-07-14</announced>
+ <revised count="1">2021-07-14</revised>
+ <bug>773559</bug>
+ <bug>774387</bug>
+ <bug>779760</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-python/pillow" auto="yes" arch="*">
+ <unaffected range="ge">8.2.0</unaffected>
+ <vulnerable range="lt">8.2.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Python Imaging Library (fork)</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Pillow. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Pillow users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-python/pillow-8.2.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25287">CVE-2021-25287</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25288">CVE-2021-25288</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25289">CVE-2021-25289</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25290">CVE-2021-25290</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25291">CVE-2021-25291</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25292">CVE-2021-25292</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25293">CVE-2021-25293</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27921">CVE-2021-27921</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27922">CVE-2021-27922</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27923">CVE-2021-27923</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28675">CVE-2021-28675</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28676">CVE-2021-28676</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28677">CVE-2021-28677</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28678">CVE-2021-28678</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-07-13T01:09:21Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2021-07-14T03:15:19Z">ajak</metadata>
+</glsa>