diff options
| author |   Repository mirror & CI <repomirrorci@gentoo.org> | 2021-05-01 00:06:55 +0000 |
|---|---|---|
| committer | Repository mirror & CI <repomirrorci@gentoo.org> | 2021-05-01 00:06:55 +0000 |
| commit | e0b2e9131505ed5428756dc794b8b9074a1516bb (patch) | |
| tree | 486bd9e3a7d920e70acf3473dfe291e9607c9939 /metadata | |
| parent | Merge updates from master (diff) | |
| parent | [ GLSA 202104-10 ] Mozilla Firefox: Multiple vulnerabilities (diff) | |
| download | gentoo-e0b2e9131505ed5428756dc794b8b9074a1516bb.tar.gz gentoo-e0b2e9131505ed5428756dc794b8b9074a1516bb.tar.bz2 gentoo-e0b2e9131505ed5428756dc794b8b9074a1516bb.zip | |
Merge commit '5a03bba48cca75a466c39c0ecf4fb004e3a95245' into master
Diffstat (limited to 'metadata')
| -rw-r--r-- | metadata/glsa/glsa-202104-01.xml | 52 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202104-02.xml | 51 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202104-03.xml | 65 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202104-04.xml | 84 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202104-05.xml | 70 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202104-06.xml | 56 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202104-07.xml | 49 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202104-08.xml | 163 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202104-09.xml | 90 | ||||
| -rw-r--r-- | metadata/glsa/glsa-202104-10.xml | 115 |
10 files changed, 795 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202104-01.xml b/metadata/glsa/glsa-202104-01.xml new file mode 100644 index 000000000000..74237596f227 --- /dev/null +++ b/metadata/glsa/glsa-202104-01.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-01"> + <title>Git: User-assisted execution of arbitrary code</title> + <synopsis>A vulnerability has been found in Git that could allow a remote + attacker to execute arbitrary code. + </synopsis> + <product type="ebuild">git</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>774678</bug> + <access>local</access> + <affected> + <package name="dev-vcs/git" auto="yes" arch="*"> + <unaffected range="ge">2.26.3</unaffected> + <vulnerable range="lt">2.26.3</vulnerable> + </package> + </affected> + <background> + <p>Git is a distributed version control system designed.</p> + </background> + <description> + <p>It was discovered that Git could be fooled into running remote code + during a clone on case-insensitive file systems with support for symbolic + links, if Git is configured globally to apply delay-capable clean/smudge + filters (such as Git LFS). + </p> + </description> + <impact type="normal"> + <p>A remote attacker could entice a user to clone a specially crafted + repository, possibly resulting in the remote execution of arbitrary code + with the privileges of the user running the application. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Git users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.26.3" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21300">CVE-2021-21300</uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T22:21:04Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:44:55Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-02.xml b/metadata/glsa/glsa-202104-02.xml new file mode 100644 index 000000000000..fc7805e8fe2d --- /dev/null +++ b/metadata/glsa/glsa-202104-02.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-02"> + <title>X.Org X Server: Privilege escalation</title> + <synopsis>A vulnerability in X.Org X Server may allow users to escalate + privileges. + </synopsis> + <product type="ebuild">xorg-server</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>782679</bug> + <access>local, remote</access> + <affected> + <package name="x11-base/xorg-server" auto="yes" arch="*"> + <unaffected range="ge">1.20.11</unaffected> + <vulnerable range="lt">1.20.11</vulnerable> + </package> + </affected> + <background> + <p>The X Window System is a graphical windowing system based on a + client/server model. + </p> + </background> + <description> + <p>It was discovered that X.Org X Server did not sufficiently check the + length of the XInput extension’s ChangeFeedbackControl request. + </p> + </description> + <impact type="high"> + <p>An authorized attacker could possibly escalate privileges, or cause a + Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All X.Org X Server users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.20.11" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3472">CVE-2021-3472</uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T21:51:09Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:45:08Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-03.xml b/metadata/glsa/glsa-202104-03.xml new file mode 100644 index 000000000000..1486ced0fbaf --- /dev/null +++ b/metadata/glsa/glsa-202104-03.xml @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-03"> + <title>WebkitGTK+: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst + of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">webkit-gtk</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>770793</bug> + <bug>773193</bug> + <access>local, remote</access> + <affected> + <package name="net-libs/webkit-gtk" auto="yes" arch="*"> + <unaffected range="ge">2.30.6</unaffected> + <vulnerable range="lt">2.30.6</vulnerable> + </package> + </affected> + <background> + <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, from hybrid + HTML/CSS applications to full-fledged web browsers. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>An attacker, by enticing a user to visit maliciously crafted web + content, may be able to execute arbitrary code, violate iframe sandboxing + policy, access restricted ports on arbitrary servers, cause memory + corruption, or could cause a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All WebkitGTK+ users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13558">CVE-2020-13558</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27918">CVE-2020-27918</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29623">CVE-2020-29623</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9947">CVE-2020-9947</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1765">CVE-2021-1765</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1789">CVE-2021-1789</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1799">CVE-2021-1799</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1801">CVE-2021-1801</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1870">CVE-2021-1870</uri> + <uri link="https://webkitgtk.org/security/WSA-2021-0001.html">WSA-2021-0001</uri> + <uri link="https://webkitgtk.org/security/WSA-2021-0002.html">WSA-2021-0002</uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T22:10:11Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:45:22Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-04.xml b/metadata/glsa/glsa-202104-04.xml new file mode 100644 index 000000000000..09f39c7237d8 --- /dev/null +++ b/metadata/glsa/glsa-202104-04.xml @@ -0,0 +1,84 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-04"> + <title>Python: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Python, the worst of + which might allow attackers to access sensitive information. + </synopsis> + <product type="ebuild">python</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>770853</bug> + <bug>779841</bug> + <bug>779844</bug> + <access>local, remote</access> + <affected> + <package name="dev-lang/python" auto="yes" arch="*"> + <unaffected range="ge" slot="2.7">2.7.18_p8</unaffected> + <unaffected range="ge" slot="3.6">3.6.13_p1</unaffected> + <unaffected range="ge" slot="3.7">3.7.10_p1</unaffected> + <unaffected range="ge" slot="3.8">3.8.8_p1</unaffected> + <unaffected range="ge" slot="3.9">3.9.2_p1</unaffected> + <vulnerable range="lt">3.9.2_p1</vulnerable> + </package> + </affected> + <background> + <p>Python is an interpreted, interactive, object-oriented programming + language. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Python. Please review + the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Python 2.7 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.18_p8" + </code> + + <p>All Python 3.6 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.6.13_p1" + </code> + + <p>All Python 3.7 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.7.10_p1" + </code> + + <p>All Python 3.8 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.8_p1" + </code> + + <p>All Python 3.9 users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.2_p1" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23336">CVE-2021-23336</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3426">CVE-2021-3426</uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T23:29:13Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:45:38Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-05.xml b/metadata/glsa/glsa-202104-05.xml new file mode 100644 index 000000000000..9f9c0ce72f3e --- /dev/null +++ b/metadata/glsa/glsa-202104-05.xml @@ -0,0 +1,70 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-05"> + <title>GRUB: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in GRUB, the worst might + allow for circumvention of UEFI Secure Boot. + </synopsis> + <product type="ebuild">grub</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>734654</bug> + <bug>773991</bug> + <access>local</access> + <affected> + <package name="sys-devel/grub" auto="yes" arch="*"> + <unaffected range="ge">2.06_rc1</unaffected> + <vulnerable range="lt">2.06_rc1</vulnerable> + </package> + </affected> + <background> + <p>GNU GRUB is a multiboot boot loader used by most Linux systems.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in GRUB. Please review the + CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GRUB users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-devel/grub-2.06_rc1" + </code> + + <p>After upgrading, make sure to run the grub-install command with options + appropriate for your system. See the GRUB Quick Start guide in the + references below for examples. Your system will be vulnerable until this + action is performed. + </p> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10713">CVE-2020-10713</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14308">CVE-2020-14308</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14309">CVE-2020-14309</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14310">CVE-2020-14310</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14311">CVE-2020-14311</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14372">CVE-2020-14372</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15705">CVE-2020-15705</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15706">CVE-2020-15706</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15707">CVE-2020-15707</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25632">CVE-2020-25632</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25647">CVE-2020-25647</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27749">CVE-2020-27749</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27779">CVE-2020-27779</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20225">CVE-2021-20225</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20233">CVE-2021-20233</uri> + <uri link="https://wiki.gentoo.org/wiki/GRUB2_Quick_Start">GRUB Quick Start + guide + </uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T23:17:40Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:45:51Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-06.xml b/metadata/glsa/glsa-202104-06.xml new file mode 100644 index 000000000000..ec8e0eaa696c --- /dev/null +++ b/metadata/glsa/glsa-202104-06.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-06"> + <title>libTIFF: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in LibTIFF, the worst of + which could result in the execution of arbitrary code. + </synopsis> + <product type="ebuild">libtiff</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>775125</bug> + <access>local, remote</access> + <affected> + <package name="media-libs/tiff" auto="yes" arch="*"> + <unaffected range="ge">4.2.0</unaffected> + <vulnerable range="lt">4.2.0</vulnerable> + </package> + </affected> + <background> + <p>The TIFF library contains encoding and decoding routines for the Tag + Image File Format. It is called by numerous programs, including GNOME and + KDE applications, to interpret TIFF images. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in LibTIFF. Please review + the referenced CVE identifiers for details. + </p> + </description> + <impact type="normal"> + <p>A remote attacker, by enticing the user to process a specially crafted + TIFF file, could possibly execute arbitrary code with the privileges of + the process, or cause a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All LibTIFF users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.2.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35521">CVE-2020-35521</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35522">CVE-2020-35522</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35523">CVE-2020-35523</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35524">CVE-2020-35524</uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T23:10:58Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:46:04Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-07.xml b/metadata/glsa/glsa-202104-07.xml new file mode 100644 index 000000000000..bd3937bee365 --- /dev/null +++ b/metadata/glsa/glsa-202104-07.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-07"> + <title>ClamAV: Denial of Service</title> + <synopsis>A vulnerability in ClamAV could lead to a Denial of Service + condition. + </synopsis> + <product type="ebuild">clamav</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>780894</bug> + <access>local, remote</access> + <affected> + <package name="app-antivirus/clamav" auto="yes" arch="*"> + <unaffected range="ge">0.103.2</unaffected> + <vulnerable range="lt">0.103.2</vulnerable> + </package> + </affected> + <background> + <p>ClamAV is a GPL virus scanner.</p> + </background> + <description> + <p>A vulnerability has been discovered in ClamAV. Please review the CVE + identifier referenced below for details. + </p> + </description> + <impact type="low"> + <p>A remote attacker could cause ClamAV to scan a specially crafted file, + possibly resulting a Denial of Service condition. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All ClamAV users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.2" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1405">CVE-2021-1405</uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T23:40:37Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:46:17Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-08.xml b/metadata/glsa/glsa-202104-08.xml new file mode 100644 index 000000000000..8fca53ce6b6a --- /dev/null +++ b/metadata/glsa/glsa-202104-08.xml @@ -0,0 +1,163 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-08"> + <title>Chromium, Google Chrome: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Chromium and Google + Chrome, the worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">chromium,google-chrome</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>768459</bug> + <bug>768831</bug> + <bug>771012</bug> + <bug>774015</bug> + <bug>776181</bug> + <bug>779493</bug> + <bug>782802</bug> + <bug>782970</bug> + <bug>784554</bug> + <bug>785889</bug> + <access>local, remote</access> + <affected> + <package name="www-client/chromium" auto="yes" arch="*"> + <unaffected range="ge">90.0.4430.93</unaffected> + <vulnerable range="lt">90.0.4430.93</vulnerable> + </package> + <package name="www-client/google-chrome" auto="yes" arch="*"> + <unaffected range="ge">90.0.4430.93</unaffected> + <vulnerable range="lt">90.0.4430.93</vulnerable> + </package> + </affected> + <background> + <p>Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. + </p> + + <p>Google Chrome is one fast, simple, and secure browser for all your + devices. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Chromium users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/chromium-90.0.4430.93" + </code> + + <p>All Google Chrome users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=www-client/google-chrome-90.0.4430.93" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21142">CVE-2021-21142</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21143">CVE-2021-21143</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21144">CVE-2021-21144</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21145">CVE-2021-21145</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21146">CVE-2021-21146</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21147">CVE-2021-21147</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21148">CVE-2021-21148</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21149">CVE-2021-21149</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21150">CVE-2021-21150</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21151">CVE-2021-21151</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21152">CVE-2021-21152</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21153">CVE-2021-21153</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21154">CVE-2021-21154</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21155">CVE-2021-21155</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21156">CVE-2021-21156</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21157">CVE-2021-21157</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21159">CVE-2021-21159</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21160">CVE-2021-21160</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21161">CVE-2021-21161</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21162">CVE-2021-21162</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21163">CVE-2021-21163</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21165">CVE-2021-21165</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21166">CVE-2021-21166</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21167">CVE-2021-21167</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21168">CVE-2021-21168</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21169">CVE-2021-21169</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21170">CVE-2021-21170</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21171">CVE-2021-21171</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21172">CVE-2021-21172</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21173">CVE-2021-21173</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21174">CVE-2021-21174</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21175">CVE-2021-21175</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21176">CVE-2021-21176</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21177">CVE-2021-21177</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21178">CVE-2021-21178</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21179">CVE-2021-21179</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21180">CVE-2021-21180</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21181">CVE-2021-21181</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21182">CVE-2021-21182</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21183">CVE-2021-21183</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21184">CVE-2021-21184</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21185">CVE-2021-21185</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21186">CVE-2021-21186</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21187">CVE-2021-21187</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21188">CVE-2021-21188</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21189">CVE-2021-21189</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2119">CVE-2021-2119</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21191">CVE-2021-21191</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21192">CVE-2021-21192</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21193">CVE-2021-21193</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21194">CVE-2021-21194</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21195">CVE-2021-21195</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21196">CVE-2021-21196</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21197">CVE-2021-21197</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21198">CVE-2021-21198</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21199">CVE-2021-21199</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21201">CVE-2021-21201</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21202">CVE-2021-21202</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21203">CVE-2021-21203</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21204">CVE-2021-21204</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21205">CVE-2021-21205</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21206">CVE-2021-21206</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21207">CVE-2021-21207</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21208">CVE-2021-21208</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21209">CVE-2021-21209</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21210">CVE-2021-21210</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21211">CVE-2021-21211</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21212">CVE-2021-21212</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21213">CVE-2021-21213</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21214">CVE-2021-21214</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21215">CVE-2021-21215</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21216">CVE-2021-21216</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21217">CVE-2021-21217</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21218">CVE-2021-21218</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21219">CVE-2021-21219</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21220">CVE-2021-21220</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21221">CVE-2021-21221</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21222">CVE-2021-21222</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21223">CVE-2021-21223</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21224">CVE-2021-21224</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21225">CVE-2021-21225</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21226">CVE-2021-21226</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21227">CVE-2021-21227</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21228">CVE-2021-21228</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21229">CVE-2021-21229</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21230">CVE-2021-21230</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21231">CVE-2021-21231</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21232">CVE-2021-21232</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21233">CVE-2021-21233</uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T23:06:01Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:46:30Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-09.xml b/metadata/glsa/glsa-202104-09.xml new file mode 100644 index 000000000000..079925cdc2cd --- /dev/null +++ b/metadata/glsa/glsa-202104-09.xml @@ -0,0 +1,90 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-09"> + <title>Mozilla Thunderbird: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird, + the worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">thunderbird</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>772287</bug> + <bug>778272</bug> + <bug>784578</bug> + <access>local, remote</access> + <affected> + <package name="mail-client/thunderbird" auto="yes" arch="*"> + <unaffected range="ge">78.10.0</unaffected> + <vulnerable range="lt">78.10.0</vulnerable> + </package> + <package name="mail-client/thunderbird-bin" auto="yes" arch="*"> + <unaffected range="ge">78.10.0</unaffected> + <vulnerable range="lt">78.10.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Thunderbird users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-78.10.0" + </code> + + <p>All Mozilla Thunderbird binary users should upgrade to the latest + version: + </p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose + ">=mail-client/thunderbird-bin-78.10.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23961">CVE-2021-23961</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23968">CVE-2021-23968</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23969">CVE-2021-23969</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23973">CVE-2021-23973</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23978">CVE-2021-23978</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23981">CVE-2021-23981</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23982">CVE-2021-23982</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23984">CVE-2021-23984</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23987">CVE-2021-23987</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23994">CVE-2021-23994</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23995">CVE-2021-23995</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23998">CVE-2021-23998</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23999">CVE-2021-23999</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-24002">CVE-2021-24002</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29945">CVE-2021-29945</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29946">CVE-2021-29946</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29948">CVE-2021-29948</uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/"> + MFSA-2021-09 + </uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/"> + MFSA-2021-12 + </uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/"> + MFSA-2021-14 + </uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T22:33:39Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:46:41Z">whissi</metadata> +</glsa> diff --git a/metadata/glsa/glsa-202104-10.xml b/metadata/glsa/glsa-202104-10.xml new file mode 100644 index 000000000000..02a76e567bf1 --- /dev/null +++ b/metadata/glsa/glsa-202104-10.xml @@ -0,0 +1,115 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202104-10"> + <title>Mozilla Firefox: Multiple vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the + worst of which could result in the arbitrary execution of code. + </synopsis> + <product type="ebuild">firefox</product> + <announced>2021-04-30</announced> + <revised count="1">2021-04-30</revised> + <bug>772305</bug> + <bug>778269</bug> + <bug>784572</bug> + <access>local, remote</access> + <affected> + <package name="www-client/firefox" auto="yes" arch="*"> + <unaffected range="ge" slot="0/esr78">78.10.0</unaffected> + <unaffected range="ge">88.0</unaffected> + <vulnerable range="lt">88.0</vulnerable> + </package> + <package name="www-client/firefox-bin" auto="yes" arch="*"> + <unaffected range="ge" slot="0/esr78">78.10.0</unaffected> + <unaffected range="ge">88.0</unaffected> + <vulnerable range="lt">88.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Firefox is a popular open-source web browser from the Mozilla + project. + </p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. + </p> + </description> + <impact type="normal"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-78.10.0" + </code> + + <p>All Mozilla Firefox ESR binary users should upgrade to the latest + version: + </p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-78.10.0" + </code> + + <p>All Mozilla Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-88.0" + </code> + + <p>All Mozilla Firefox binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-88.0" + </code> + + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23961">CVE-2021-23961</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23968">CVE-2021-23968</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23969">CVE-2021-23969</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23970">CVE-2021-23970</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23971">CVE-2021-23971</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23972">CVE-2021-23972</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23973">CVE-2021-23973</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23974">CVE-2021-23974</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23975">CVE-2021-23975</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23976">CVE-2021-23976</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23977">CVE-2021-23977</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23978">CVE-2021-23978</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23981">CVE-2021-23981</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23982">CVE-2021-23982</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23983">CVE-2021-23983</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23984">CVE-2021-23984</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23985">CVE-2021-23985</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23986">CVE-2021-23986</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23987">CVE-2021-23987</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23988">CVE-2021-23988</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23994">CVE-2021-23994</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23995">CVE-2021-23995</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23998">CVE-2021-23998</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23999">CVE-2021-23999</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-24002">CVE-2021-24002</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29945">CVE-2021-29945</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29946">CVE-2021-29946</uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/"> + MFSA-2021-08 + </uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/"> + MFSA-2021-11 + </uri> + <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/"> + MFSA-2021-15 + </uri> + </references> + <metadata tag="requester" timestamp="2021-04-30T22:45:03Z">whissi</metadata> + <metadata tag="submitter" timestamp="2021-04-30T23:47:33Z">whissi</metadata> +</glsa> |