Merge pull request #2706 from flatcar/buildbot/monthly-glsa-metadata-…

…updates-2025-03-01 Monthly GLSA metadata 2025-03-01
flatcar · Mar 5, 2025 · 828104d · 828104d
2 parents 33e22ed + 8737b09
commit 828104d
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 19 deletions.
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 596663 BLAKE2B d03f77688298f7e2b1c117787c6f899250317779b0320cb4d08119535bbb454be5ff75faf4d4f6b88394f22fc5ce722770f4e51f537acca0853947165902a3ab SHA512 ca731da057a6d173058e289dcfa3c1e06f0e35cc32aa1f85102f6637f27eb4a9f2444a9eb532f9df30535ce50e36fc4a7976c85eb02dcc7f7b80b4a213ec6d2d
-TIMESTAMP 2025-02-01T06:42:06Z
+MANIFEST Manifest.files.gz 596822 BLAKE2B a9b0f5c65a940b6320ab70803bebd95404f9ee27b20ca8810931c1fcf7e654e8c3a3353df7be16cd7167bf07f5ed700ecc1c79d6d42f569a309c01510eecbc79 SHA512 e8c3ad4b5e76fc1f6d6c57728842a13093528e82181c97b264f9eda883f4382c150b2d8081792f7d8accedb7b711e0acb9cdad1526edd9b6e1b88d2a62d89ab6
+TIMESTAMP 2025-03-01T05:58:15Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmedwj5fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmfCofhfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klBlXBAAr4sY5iEDzYLEfvubrkiF3uuAHKfIwYSEXfmUWd0Ltv+skBym3Rmr5yp0
-4/+OTE+9CqgqdbnWdlFbQcaBf+dLmZ6Q/CUZ054dbW5EjVchTx1VsKb+zSCyUSky
-Vm4uCHniPN7UgODv/NX8kttdQLojIR+HW0DvAJ6cDb9GFOYpvyilYezK0HuGNkje
-vXWoiBRERytYJ74cigATfNaQ6aVgZAhWB/CMqC4EWW4d9o8e0XIi6TSq2cNgraAu
-+Mxa4n7LrMaBFHKy+TNdeirztkHJSKdAAFwscpBZwngl8XwmOR3EIIJyzuvZ9jtY
-uOkoLN+sn16Pz0zyuuonYn5aTu0TkazdEh6MVR2YTz8CcifTt1HcPivRiiB2Wa+e
-50csAbppVN9UvCKMaR+Z+/JBnFP2BcuYNIdW+qUlzGHecB01PBLYBN9AI2HK9Ujn
-AgtQ8uwX49PDief0RQcUlAQ1xQ4wRu4HOgZHxT6XL9LTLVSMedm9/R4CK7uc1s4S
-U5uuC7xkPHXVi8s26wCf4+g7Rx2vVtxCEmevgnnBETD0B9OxECfqf+ZQfqqfwbL3
-JhT2rMejK7WWJC/Owp2syiWwEHEg8pR8XeyqwTSVmeqceJClQGWt0d4cIYSBUW2b
-efiUP+na+uWMxVbQm92Q/UKCrJe/cp9FvHDUyYeGuxun/1u1gXw=
-=4Nub
+klAjzw/9HafOiqvmFMhuMpbqOc8kBWDPs4QvsKPa4g0uteFXaT6RqrNeC+MMC+pR
+MP845xBdtqRbnJZynOLiQ8eWxVSPAh51tfzeA+gzd2mHEJtzTihb6N2G1ZtOeABR
+7Qr5YSt3b8qaoOE/xF2jrLUVpekhOxMJPcWm1H4Tfp7rXuvhQoBMNA7ypLPveFs5
+6aqURzUvDK3VR/mnOmITFSOd+WSY3eFaLNgH0p99coDkQGnz8VU2x4T51qDMDrlL
+5G/LCS0mkVlwR3ZZtgUJ7EY06eZCug2enaRrj6oLsjL9tFUqSMRUgRRS+rTcLgwG
+0qXqXIpSGvxKXvv+Z4J5WIgPQ6U0qsdRRV1462fLl5jUhmwCb02ycmiVtExXeZOK
+30q5Er0pF8hjEaLVUrAUfiWC0WbJ2dJgAwCcipte76Fluak1O+Fbi1rbuw+LEYSo
+ju4DF0GtY63+l0pwEx/ID7cHtOkoRhORO5mwHSD88sXDONMf9F7FQFBmi2Yjgx+g
+cwHnBFRDJ1VnbzkDxb1AkGy2CbaLNZHUrbw3Z1OED4NutuvaXTuy8o0mbs43ctlq
+1XGlvA/j9Tmn5+YwfbNpy30y1XSp1vT+1qWwJBsTedLI9IzNxnSV/XCzQbKft11D
++At2VWgYedpNquqzJ8SzoFgiK6A1RlvBSQf6o1tv+Hwv8TQMwtk=
+=j/wo
 -----END PGP SIGNATURE-----
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202305-30.xml
@@ -58,7 +58,6 @@
         <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3551">CVE-2022-3551</uri>
         <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3553">CVE-2022-3553</uri>
         <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4283">CVE-2022-4283</uri>
-        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46283">CVE-2022-46283</uri>
         <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46340">CVE-2022-46340</uri>
         <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46341">CVE-2022-46341</uri>
         <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46342">CVE-2022-46342</uri>
@@ -70,4 +69,4 @@
     </references>
     <metadata tag="requester" timestamp="2023-05-30T02:54:51.090310Z">ajak</metadata>
     <metadata tag="submitter" timestamp="2023-05-30T02:54:51.098055Z">ajak</metadata>
-</glsa>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202502-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202502-01.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202502-01">
+    <title>OpenSSH: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access.</synopsis>
+    <product type="ebuild">openssh</product>
+    <announced>2025-02-18</announced>
+    <revised count="1">2025-02-18</revised>
+    <bug>949904</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/openssh" auto="yes" arch="*">
+            <unaffected range="ge">9.9_p2</unaffected>
+            <vulnerable range="lt">9.9_p2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All OpenSSH users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/openssh-9.9_p2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-26465">CVE-2025-26465</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-26466">CVE-2025-26466</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-02-18T23:20:42.579856Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2025-02-18T23:20:42.581904Z">sam</metadata>
+</glsa>
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 01 Feb 2025 06:42:03 +0000
+Sat, 01 Mar 2025 05:57:38 +0000
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-681de9cd0cd49ec8f318f71af0c5917f69f302d8 1737617238 2025-01-23T07:27:18Z
+f01e28c57cba4b543a023e00e1c4088ce9f7f6e4 1739927477 2025-02-19T01:11:17Z
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		Sat, 01 Feb 2025 06:42:03 +0000
		Sat, 01 Mar 2025 05:57:38 +0000
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		681de9cd0cd49ec8f318f71af0c5917f69f302d8 1737617238 2025-01-23T07:27:18Z
		f01e28c57cba4b543a023e00e1c4088ce9f7f6e4 1739927477 2025-02-19T01:11:17Z