diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index f598fbe3f70..28cba16daf8 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,24 +1,24 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 606828 BLAKE2B a1b451cbd8b97fba48dcbcc329e204f935247276d40c90ac4cbfb608d79ab2e992895b94ff858963121d1134b508c59270174e7bcdaf0344859da3443b02f1b8 SHA512 7cf2f0457c87986d719605bc843f16fb1b58e94af8217c0a3cfc1d3b7a854459cdf2ac652b4f9271da08b81922bfb4c73aa18e4836c21288bc5adf2c59450d36 -TIMESTAMP 2026-03-01T06:12:18Z +MANIFEST Manifest.files.gz 606986 BLAKE2B a1a7c8f65fa2d227109ddc598ecd792925cbf4dd59fd721d0e3d30d2ca2d680abe6f48efd8c7f747286a8b9b83dd77ab08effbd12fd5cff7aea22ff05b4b3249 SHA512 1d46d342b6898d53ef6e234a4ca25659b7a64373067f8d911b4a7efe73a227178e519cb54901fc15172d8a4113aeafaf14390ce5e552d1e17e50d3297a8f0701 +TIMESTAMP 2026-04-01T07:08:01Z -----BEGIN PGP SIGNATURE----- -iQKvBAEBCgCZFiEE4dartjv8+0ugL98c7FkO6skYklAFAmmj2MIbFIAAAAAABAAO +iQKvBAEBCgCZFiEE4dartjv8+0ugL98c7FkO6skYklAFAmnMxFEbFIAAAAAABAAO bWFudTIsMi41KzEuMTEsMiwyXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25z Lm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFMUQ2QUJCNjNCRkNGQjRCQTAyRkRG -MUNFQzU5MEVFQUM5MTg5MjUwAAoJEOxZDurJGJJQDrkQAJVOtRLLR09Bs6ZPpXx+ -qjIgr/8v/Ny7QEXtnOfloVvsWyD0BrEMfS70lY5AD5Y8UKJWbRyqmiQaz7bIwqVR -qZiG1I3IJeDLTgS8Rj0EHBtGhIzlZCUuKRzozzet7shom2V5auOzKlFO5wHw/zVK -9QCbLOzsNk4yKIDEmt6ze5VFsB0HItwSk1IRBdmEE+f7swqe/iqwetdX1+aoCZQA -RASTPpnw2wwAcWVaWoghBrGQB+1YUExW1Rnbvhb/jH2B512SRxKYo7QYt0y3PWZt -UloEMAfITAXOvpMde3cl7c59Pt6euRPUpddwF7SQ1R1Brmuq+hiI4qi9+3kgN3G8 -mZnmcyclX5HkW9O7kIpCgBkgNmI1TSbJc8gpy8H8aZD/jqKaNTdnCIk82URFpVuA -o68q2MfT2Fy0vQ4aE/FUb2cxXU77/GFHOZlhL3c7COSAYHLlMeXauoF3k3Pdwxgr -zKK7/pMBczspKh+/4zGpAkJ0Lq9OPxQyo5H4alP74McR2jadRzCpx6wR/b3TEOiq -wiFQ1IiABOkYniItRp2m6idx3TmYe609/838W0+TdlCeMznTir6QvEJvqfAcB8I6 -ngElyGqGmmxYujZWXdLK3Yx/g41hdOSTx16Gm43jSfKbkb5iFCnSGXHyUMkBRXry -q1+EzlCr3AUo+YRkA4/QVUdr -=WD7f +MUNFQzU5MEVFQUM5MTg5MjUwAAoJEOxZDurJGJJQCCMQAJqLP7jt/MtqrWUu66/N +g4C4QYQY65p5tHkq6lFs/X24MeAtuRUgKbaOQm02KZJNb61bvZBdgtNE8P14qWJX +LtJ8hqYOJiDT3hDhnL5Z+UbjIxDdn6m2udztvXvdkgRiQEUnhaTv8BpeOwvdGnZ4 +nswP+jJ5hMK4tYuMFy96jO39jKAbKo4HNYQCW8CJe4/HRSboXe20Z+N74xqq5M2e +aajm7K7adRALxIYM2Ih3V64LfVsPn31TzMfXaFk0y4p3f82uZ/hTophDZIdePR0M +a1hkcQRPdHOmbVftt3llye5XoSmq0d+Pie7axQUJVwlFd+gORzNqvK3U+9PeeKjB +FU6wU1vmR2mlIE90prbdDKPkoNhOnn9CVLHRHYl0M8WLh4TATrDl0HcUbEOrE/CC +vay9V4s+lABWZh2D/BToIrWUs0UMpWtt/5e5ZANrECj7T5ExWngHY7zCCDn1dySw +Poabc3KIQlBzmstxNBqTUIvxdaxhvF+Hh7Fj4Grzzmsgio76mBhQLUF2ML8vquVe +ipeNd0fnGIWUN6eGdC6BZ73wVC66r53bSjHPMa+N6KyCgmHbGP/HCE0GuUvnKtBc +joBONGhatuZEM3zLIMLLxHg4cMYVEF2vA19Mh89OhYQDlIbEf5Bc/LpPYOtN3LdD +vHcXTmn2vbBiAIieKmqm6Elk +=iTBC -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index 3747ba6e615..5a16cfb564d 100644 Binary files a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz and b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz differ diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202603-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202603-01.xml new file mode 100644 index 00000000000..4a82cd39ff7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202603-01.xml @@ -0,0 +1,49 @@ + + + + Exiv2: Multiple Vulnerabilities + Multiple vulnerabilities have been found in Exiv2, the worst of which can lead to a crash via Denial of Service. + exiv2 + 2026-03-09 + 2026-03-09 + 942164 + 970828 + remote + + + 0.28.8 + 0.28.8 + + + +

Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images.

+ + +

The following vulnerabilities have been discovered in Exiv2: 2 out of bounds reads, an integer overflow, and an uncaught exception. The worst of which can lead to a Denial of Service via a crash of the program. Please review the CVE identifiers referenced below for details.

+ + +

The following is a possible outcome: data leakage via an out-of-bounds read or a Denial of Service via a crash of the program.

+ + +

Avoid using the CLI tool, exiv2, with untrusted files.

+ + +

All Exiv2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-gfx/exiv2-0.28.8" + + + + CVE-2024-39695 + CVE-2026-25884 + CVE-2026-27596 + CVE-2026-27631 + GHSA-3wgv-fg4w-75x7 + GHSA-9mxq-4j5g-5wrp + GHSA-p2pw-7935-c73j + + csfore + csfore + \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index e5ce456b1d6..a1497795f48 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Sun, 01 Mar 2026 06:12:15 +0000 +Wed, 01 Apr 2026 07:08:00 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index 13704c4210c..db882af785d 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -371ee63aaee87b60a1f5a63de7d230d6598a20c8 1769423604 2026-01-26T10:33:24Z +d2078931cc4cb1c6d04130dacbed885a7d2bf71c 1773030064 2026-03-09T04:21:04Z