summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Legler <alex@a3li.li>2015-03-08 22:02:38 +0100
committerAlex Legler <alex@a3li.li>2015-03-08 22:02:38 +0100
commita24567fbc43f221b14e805f9bc0b7c6d16911c46 (patch)
tree910a04fe6ee560ac0eebac55f3cd2781c3519760
downloadglsa-a24567fbc43f221b14e805f9bc0b7c6d16911c46.tar.gz
glsa-a24567fbc43f221b14e805f9bc0b7c6d16911c46.tar.bz2
glsa-a24567fbc43f221b14e805f9bc0b7c6d16911c46.zip
Import existing advisories
-rw-r--r--glsa-200310-03.xml64
-rw-r--r--glsa-200310-04.xml73
-rw-r--r--glsa-200311-01.xml67
-rw-r--r--glsa-200311-02.xml66
-rw-r--r--glsa-200311-03.xml62
-rw-r--r--glsa-200311-04.xml67
-rw-r--r--glsa-200311-05.xml63
-rw-r--r--glsa-200311-06.xml60
-rw-r--r--glsa-200311-07.xml60
-rw-r--r--glsa-200311-08.xml57
-rw-r--r--glsa-200312-01.xml81
-rw-r--r--glsa-200312-03.xml77
-rw-r--r--glsa-200312-04.xml68
-rw-r--r--glsa-200312-05.xml74
-rw-r--r--glsa-200312-06.xml66
-rw-r--r--glsa-200312-07.xml76
-rw-r--r--glsa-200312-08.xml66
-rw-r--r--glsa-200401-01.xml230
-rw-r--r--glsa-200401-02.xml63
-rw-r--r--glsa-200401-03.xml69
-rw-r--r--glsa-200401-04.xml80
-rw-r--r--glsa-200402-01.xml75
-rw-r--r--glsa-200402-02.xml94
-rw-r--r--glsa-200402-03.xml61
-rw-r--r--glsa-200402-04.xml67
-rw-r--r--glsa-200402-05.xml67
-rw-r--r--glsa-200402-06.xml92
-rw-r--r--glsa-200402-07.xml68
-rw-r--r--glsa-200403-01.xml55
-rw-r--r--glsa-200403-02.xml244
-rw-r--r--glsa-200403-03.xml93
-rw-r--r--glsa-200403-04.xml113
-rw-r--r--glsa-200403-05.xml70
-rw-r--r--glsa-200403-06.xml74
-rw-r--r--glsa-200403-07.xml74
-rw-r--r--glsa-200403-08.xml77
-rw-r--r--glsa-200403-09.xml59
-rw-r--r--glsa-200403-10.xml61
-rw-r--r--glsa-200403-11.xml80
-rw-r--r--glsa-200403-12.xml71
-rw-r--r--glsa-200403-13.xml100
-rw-r--r--glsa-200403-14.xml75
-rw-r--r--glsa-200404-01.xml95
-rw-r--r--glsa-200404-02.xml61
-rw-r--r--glsa-200404-03.xml72
-rw-r--r--glsa-200404-04.xml68
-rw-r--r--glsa-200404-05.xml65
-rw-r--r--glsa-200404-06.xml67
-rw-r--r--glsa-200404-07.xml73
-rw-r--r--glsa-200404-08.xml68
-rw-r--r--glsa-200404-09.xml61
-rw-r--r--glsa-200404-10.xml63
-rw-r--r--glsa-200404-11.xml66
-rw-r--r--glsa-200404-12.xml69
-rw-r--r--glsa-200404-13.xml73
-rw-r--r--glsa-200404-14.xml70
-rw-r--r--glsa-200404-15.xml74
-rw-r--r--glsa-200404-16.xml65
-rw-r--r--glsa-200404-17.xml87
-rw-r--r--glsa-200404-18.xml71
-rw-r--r--glsa-200404-19.xml67
-rw-r--r--glsa-200404-20.xml89
-rw-r--r--glsa-200404-21.xml99
-rw-r--r--glsa-200405-01.xml63
-rw-r--r--glsa-200405-02.xml72
-rw-r--r--glsa-200405-03.xml78
-rw-r--r--glsa-200405-04.xml123
-rw-r--r--glsa-200405-05.xml63
-rw-r--r--glsa-200405-06.xml73
-rw-r--r--glsa-200405-07.xml66
-rw-r--r--glsa-200405-08.xml66
-rw-r--r--glsa-200405-09.xml66
-rw-r--r--glsa-200405-10.xml66
-rw-r--r--glsa-200405-11.xml78
-rw-r--r--glsa-200405-12.xml68
-rw-r--r--glsa-200405-13.xml65
-rw-r--r--glsa-200405-14.xml76
-rw-r--r--glsa-200405-15.xml65
-rw-r--r--glsa-200405-16.xml72
-rw-r--r--glsa-200405-17.xml63
-rw-r--r--glsa-200405-18.xml68
-rw-r--r--glsa-200405-19.xml77
-rw-r--r--glsa-200405-20.xml70
-rw-r--r--glsa-200405-21.xml69
-rw-r--r--glsa-200405-22.xml85
-rw-r--r--glsa-200405-23.xml65
-rw-r--r--glsa-200405-24.xml79
-rw-r--r--glsa-200405-25.xml65
-rw-r--r--glsa-200406-01.xml78
-rw-r--r--glsa-200406-02.xml63
-rw-r--r--glsa-200406-03.xml66
-rw-r--r--glsa-200406-04.xml62
-rw-r--r--glsa-200406-05.xml82
-rw-r--r--glsa-200406-06.xml74
-rw-r--r--glsa-200406-07.xml72
-rw-r--r--glsa-200406-08.xml67
-rw-r--r--glsa-200406-09.xml63
-rw-r--r--glsa-200406-10.xml68
-rw-r--r--glsa-200406-11.xml64
-rw-r--r--glsa-200406-12.xml69
-rw-r--r--glsa-200406-13.xml66
-rw-r--r--glsa-200406-14.xml66
-rw-r--r--glsa-200406-15.xml72
-rw-r--r--glsa-200406-16.xml69
-rw-r--r--glsa-200406-17.xml68
-rw-r--r--glsa-200406-18.xml71
-rw-r--r--glsa-200406-19.xml66
-rw-r--r--glsa-200406-20.xml122
-rw-r--r--glsa-200406-21.xml76
-rw-r--r--glsa-200406-22.xml62
-rw-r--r--glsa-200407-01.xml70
-rw-r--r--glsa-200407-02.xml322
-rw-r--r--glsa-200407-03.xml72
-rw-r--r--glsa-200407-04.xml64
-rw-r--r--glsa-200407-05.xml83
-rw-r--r--glsa-200407-06.xml74
-rw-r--r--glsa-200407-07.xml69
-rw-r--r--glsa-200407-08.xml77
-rw-r--r--glsa-200407-09.xml68
-rw-r--r--glsa-200407-10.xml71
-rw-r--r--glsa-200407-11.xml72
-rw-r--r--glsa-200407-12.xml135
-rw-r--r--glsa-200407-13.xml93
-rw-r--r--glsa-200407-14.xml91
-rw-r--r--glsa-200407-15.xml71
-rw-r--r--glsa-200407-16.xml301
-rw-r--r--glsa-200407-17.xml66
-rw-r--r--glsa-200407-18.xml63
-rw-r--r--glsa-200407-19.xml60
-rw-r--r--glsa-200407-20.xml82
-rw-r--r--glsa-200407-21.xml78
-rw-r--r--glsa-200407-22.xml79
-rw-r--r--glsa-200407-23.xml65
-rw-r--r--glsa-200408-01.xml70
-rw-r--r--glsa-200408-02.xml73
-rw-r--r--glsa-200408-03.xml73
-rw-r--r--glsa-200408-04.xml70
-rw-r--r--glsa-200408-05.xml72
-rw-r--r--glsa-200408-06.xml66
-rw-r--r--glsa-200408-07.xml67
-rw-r--r--glsa-200408-08.xml75
-rw-r--r--glsa-200408-09.xml64
-rw-r--r--glsa-200408-10.xml66
-rw-r--r--glsa-200408-11.xml66
-rw-r--r--glsa-200408-12.xml66
-rw-r--r--glsa-200408-13.xml81
-rw-r--r--glsa-200408-14.xml69
-rw-r--r--glsa-200408-15.xml71
-rw-r--r--glsa-200408-16.xml83
-rw-r--r--glsa-200408-17.xml73
-rw-r--r--glsa-200408-18.xml70
-rw-r--r--glsa-200408-19.xml73
-rw-r--r--glsa-200408-20.xml74
-rw-r--r--glsa-200408-21.xml69
-rw-r--r--glsa-200408-22.xml119
-rw-r--r--glsa-200408-23.xml81
-rw-r--r--glsa-200408-24.xml235
-rw-r--r--glsa-200408-25.xml70
-rw-r--r--glsa-200408-26.xml71
-rw-r--r--glsa-200408-27.xml83
-rw-r--r--glsa-200409-01.xml66
-rw-r--r--glsa-200409-02.xml72
-rw-r--r--glsa-200409-03.xml63
-rw-r--r--glsa-200409-04.xml68
-rw-r--r--glsa-200409-05.xml79
-rw-r--r--glsa-200409-06.xml70
-rw-r--r--glsa-200409-07.xml67
-rw-r--r--glsa-200409-08.xml74
-rw-r--r--glsa-200409-09.xml85
-rw-r--r--glsa-200409-10.xml70
-rw-r--r--glsa-200409-11.xml69
-rw-r--r--glsa-200409-12.xml100
-rw-r--r--glsa-200409-13.xml73
-rw-r--r--glsa-200409-14.xml68
-rw-r--r--glsa-200409-15.xml99
-rw-r--r--glsa-200409-16.xml72
-rw-r--r--glsa-200409-17.xml72
-rw-r--r--glsa-200409-18.xml76
-rw-r--r--glsa-200409-19.xml71
-rw-r--r--glsa-200409-20.xml68
-rw-r--r--glsa-200409-21.xml101
-rw-r--r--glsa-200409-22.xml71
-rw-r--r--glsa-200409-23.xml70
-rw-r--r--glsa-200409-24.xml78
-rw-r--r--glsa-200409-25.xml70
-rw-r--r--glsa-200409-26.xml121
-rw-r--r--glsa-200409-27.xml69
-rw-r--r--glsa-200409-28.xml94
-rw-r--r--glsa-200409-29.xml72
-rw-r--r--glsa-200409-30.xml81
-rw-r--r--glsa-200409-31.xml72
-rw-r--r--glsa-200409-32.xml74
-rw-r--r--glsa-200409-33.xml68
-rw-r--r--glsa-200409-34.xml98
-rw-r--r--glsa-200409-35.xml73
-rw-r--r--glsa-200410-01.xml70
-rw-r--r--glsa-200410-02.xml74
-rw-r--r--glsa-200410-03.xml76
-rw-r--r--glsa-200410-04.xml93
-rw-r--r--glsa-200410-05.xml68
-rw-r--r--glsa-200410-06.xml65
-rw-r--r--glsa-200410-07.xml72
-rw-r--r--glsa-200410-08.xml76
-rw-r--r--glsa-200410-09.xml70
-rw-r--r--glsa-200410-10.xml73
-rw-r--r--glsa-200410-11.xml84
-rw-r--r--glsa-200410-12.xml70
-rw-r--r--glsa-200410-13.xml69
-rw-r--r--glsa-200410-14.xml75
-rw-r--r--glsa-200410-15.xml82
-rw-r--r--glsa-200410-16.xml80
-rw-r--r--glsa-200410-17.xml102
-rw-r--r--glsa-200410-18.xml81
-rw-r--r--glsa-200410-19.xml75
-rw-r--r--glsa-200410-20.xml79
-rw-r--r--glsa-200410-21.xml85
-rw-r--r--glsa-200410-22.xml91
-rw-r--r--glsa-200410-23.xml74
-rw-r--r--glsa-200410-24.xml71
-rw-r--r--glsa-200410-25.xml69
-rw-r--r--glsa-200410-26.xml73
-rw-r--r--glsa-200410-27.xml69
-rw-r--r--glsa-200410-28.xml70
-rw-r--r--glsa-200410-29.xml73
-rw-r--r--glsa-200410-30.xml98
-rw-r--r--glsa-200410-31.xml73
-rw-r--r--glsa-200411-01.xml62
-rw-r--r--glsa-200411-02.xml68
-rw-r--r--glsa-200411-03.xml69
-rw-r--r--glsa-200411-04.xml68
-rw-r--r--glsa-200411-05.xml69
-rw-r--r--glsa-200411-06.xml69
-rw-r--r--glsa-200411-07.xml73
-rw-r--r--glsa-200411-08.xml72
-rw-r--r--glsa-200411-09.xml67
-rw-r--r--glsa-200411-10.xml66
-rw-r--r--glsa-200411-11.xml69
-rw-r--r--glsa-200411-12.xml67
-rw-r--r--glsa-200411-13.xml85
-rw-r--r--glsa-200411-14.xml83
-rw-r--r--glsa-200411-15.xml91
-rw-r--r--glsa-200411-16.xml68
-rw-r--r--glsa-200411-17.xml70
-rw-r--r--glsa-200411-18.xml62
-rw-r--r--glsa-200411-19.xml65
-rw-r--r--glsa-200411-20.xml61
-rw-r--r--glsa-200411-21.xml76
-rw-r--r--glsa-200411-22.xml82
-rw-r--r--glsa-200411-23.xml75
-rw-r--r--glsa-200411-24.xml67
-rw-r--r--glsa-200411-25.xml73
-rw-r--r--glsa-200411-26.xml90
-rw-r--r--glsa-200411-27.xml75
-rw-r--r--glsa-200411-28.xml79
-rw-r--r--glsa-200411-29.xml71
-rw-r--r--glsa-200411-30.xml66
-rw-r--r--glsa-200411-31.xml69
-rw-r--r--glsa-200411-32.xml98
-rw-r--r--glsa-200411-33.xml70
-rw-r--r--glsa-200411-34.xml74
-rw-r--r--glsa-200411-35.xml68
-rw-r--r--glsa-200411-36.xml71
-rw-r--r--glsa-200411-37.xml64
-rw-r--r--glsa-200411-38.xml107
-rw-r--r--glsa-200412-01.xml85
-rw-r--r--glsa-200412-02.xml69
-rw-r--r--glsa-200412-03.xml68
-rw-r--r--glsa-200412-04.xml69
-rw-r--r--glsa-200412-05.xml65
-rw-r--r--glsa-200412-06.xml68
-rw-r--r--glsa-200412-07.xml66
-rw-r--r--glsa-200412-08.xml71
-rw-r--r--glsa-200412-09.xml70
-rw-r--r--glsa-200412-10.xml82
-rw-r--r--glsa-200412-11.xml70
-rw-r--r--glsa-200412-12.xml71
-rw-r--r--glsa-200412-13.xml64
-rw-r--r--glsa-200412-14.xml114
-rw-r--r--glsa-200412-15.xml83
-rw-r--r--glsa-200412-16.xml93
-rw-r--r--glsa-200412-17.xml82
-rw-r--r--glsa-200412-18.xml69
-rw-r--r--glsa-200412-19.xml72
-rw-r--r--glsa-200412-20.xml70
-rw-r--r--glsa-200412-21.xml74
-rw-r--r--glsa-200412-22.xml68
-rw-r--r--glsa-200412-23.xml66
-rw-r--r--glsa-200412-24.xml77
-rw-r--r--glsa-200412-25.xml84
-rw-r--r--glsa-200412-26.xml70
-rw-r--r--glsa-200412-27.xml64
-rw-r--r--glsa-200501-01.xml70
-rw-r--r--glsa-200501-02.xml81
-rw-r--r--glsa-200501-03.xml133
-rw-r--r--glsa-200501-04.xml69
-rw-r--r--glsa-200501-05.xml67
-rw-r--r--glsa-200501-06.xml72
-rw-r--r--glsa-200501-07.xml80
-rw-r--r--glsa-200501-08.xml75
-rw-r--r--glsa-200501-09.xml66
-rw-r--r--glsa-200501-10.xml68
-rw-r--r--glsa-200501-11.xml68
-rw-r--r--glsa-200501-12.xml70
-rw-r--r--glsa-200501-13.xml66
-rw-r--r--glsa-200501-14.xml66
-rw-r--r--glsa-200501-15.xml67
-rw-r--r--glsa-200501-16.xml68
-rw-r--r--glsa-200501-17.xml81
-rw-r--r--glsa-200501-18.xml69
-rw-r--r--glsa-200501-19.xml72
-rw-r--r--glsa-200501-20.xml69
-rw-r--r--glsa-200501-21.xml75
-rw-r--r--glsa-200501-22.xml79
-rw-r--r--glsa-200501-23.xml74
-rw-r--r--glsa-200501-24.xml67
-rw-r--r--glsa-200501-25.xml83
-rw-r--r--glsa-200501-26.xml65
-rw-r--r--glsa-200501-27.xml89
-rw-r--r--glsa-200501-28.xml79
-rw-r--r--glsa-200501-29.xml66
-rw-r--r--glsa-200501-30.xml66
-rw-r--r--glsa-200501-31.xml101
-rw-r--r--glsa-200501-32.xml80
-rw-r--r--glsa-200501-33.xml70
-rw-r--r--glsa-200501-34.xml81
-rw-r--r--glsa-200501-35.xml66
-rw-r--r--glsa-200501-36.xml79
-rw-r--r--glsa-200501-37.xml68
-rw-r--r--glsa-200501-38.xml86
-rw-r--r--glsa-200501-39.xml85
-rw-r--r--glsa-200501-40.xml67
-rw-r--r--glsa-200501-41.xml63
-rw-r--r--glsa-200501-42.xml67
-rw-r--r--glsa-200501-43.xml67
-rw-r--r--glsa-200501-44.xml75
-rw-r--r--glsa-200501-45.xml71
-rw-r--r--glsa-200501-46.xml71
-rw-r--r--glsa-200502-01.xml67
-rw-r--r--glsa-200502-02.xml67
-rw-r--r--glsa-200502-03.xml71
-rw-r--r--glsa-200502-04.xml87
-rw-r--r--glsa-200502-05.xml66
-rw-r--r--glsa-200502-06.xml67
-rw-r--r--glsa-200502-07.xml79
-rw-r--r--glsa-200502-08.xml84
-rw-r--r--glsa-200502-09.xml74
-rw-r--r--glsa-200502-10.xml66
-rw-r--r--glsa-200502-11.xml67
-rw-r--r--glsa-200502-12.xml75
-rw-r--r--glsa-200502-13.xml77
-rw-r--r--glsa-200502-14.xml67
-rw-r--r--glsa-200502-15.xml64
-rw-r--r--glsa-200502-16.xml69
-rw-r--r--glsa-200502-17.xml85
-rw-r--r--glsa-200502-18.xml72
-rw-r--r--glsa-200502-19.xml71
-rw-r--r--glsa-200502-20.xml80
-rw-r--r--glsa-200502-21.xml69
-rw-r--r--glsa-200502-22.xml67
-rw-r--r--glsa-200502-23.xml67
-rw-r--r--glsa-200502-24.xml71
-rw-r--r--glsa-200502-25.xml67
-rw-r--r--glsa-200502-26.xml69
-rw-r--r--glsa-200502-27.xml68
-rw-r--r--glsa-200502-28.xml72
-rw-r--r--glsa-200502-29.xml70
-rw-r--r--glsa-200502-30.xml67
-rw-r--r--glsa-200502-31.xml69
-rw-r--r--glsa-200502-32.xml62
-rw-r--r--glsa-200502-33.xml78
-rw-r--r--glsa-200503-01.xml64
-rw-r--r--glsa-200503-02.xml79
-rw-r--r--glsa-200503-03.xml70
-rw-r--r--glsa-200503-04.xml69
-rw-r--r--glsa-200503-05.xml85
-rw-r--r--glsa-200503-06.xml67
-rw-r--r--glsa-200503-07.xml83
-rw-r--r--glsa-200503-08.xml82
-rw-r--r--glsa-200503-09.xml66
-rw-r--r--glsa-200503-10.xml141
-rw-r--r--glsa-200503-11.xml66
-rw-r--r--glsa-200503-12.xml67
-rw-r--r--glsa-200503-13.xml69
-rw-r--r--glsa-200503-14.xml68
-rw-r--r--glsa-200503-15.xml69
-rw-r--r--glsa-200503-16.xml78
-rw-r--r--glsa-200503-17.xml68
-rw-r--r--glsa-200503-18.xml68
-rw-r--r--glsa-200503-19.xml72
-rw-r--r--glsa-200503-20.xml68
-rw-r--r--glsa-200503-21.xml68
-rw-r--r--glsa-200503-22.xml64
-rw-r--r--glsa-200503-23.xml66
-rw-r--r--glsa-200503-24.xml63
-rw-r--r--glsa-200503-25.xml68
-rw-r--r--glsa-200503-26.xml79
-rw-r--r--glsa-200503-27.xml66
-rw-r--r--glsa-200503-28.xml84
-rw-r--r--glsa-200503-29.xml70
-rw-r--r--glsa-200503-30.xml140
-rw-r--r--glsa-200503-31.xml99
-rw-r--r--glsa-200503-32.xml95
-rw-r--r--glsa-200503-33.xml68
-rw-r--r--glsa-200503-34.xml69
-rw-r--r--glsa-200503-35.xml70
-rw-r--r--glsa-200503-36.xml68
-rw-r--r--glsa-200503-37.xml69
-rw-r--r--glsa-200504-01.xml73
-rw-r--r--glsa-200504-02.xml75
-rw-r--r--glsa-200504-03.xml71
-rw-r--r--glsa-200504-04.xml69
-rw-r--r--glsa-200504-05.xml76
-rw-r--r--glsa-200504-06.xml69
-rw-r--r--glsa-200504-07.xml80
-rw-r--r--glsa-200504-08.xml68
-rw-r--r--glsa-200504-09.xml67
-rw-r--r--glsa-200504-10.xml65
-rw-r--r--glsa-200504-11.xml74
-rw-r--r--glsa-200504-12.xml71
-rw-r--r--glsa-200504-13.xml102
-rw-r--r--glsa-200504-14.xml74
-rw-r--r--glsa-200504-15.xml97
-rw-r--r--glsa-200504-16.xml68
-rw-r--r--glsa-200504-17.xml69
-rw-r--r--glsa-200504-18.xml137
-rw-r--r--glsa-200504-19.xml70
-rw-r--r--glsa-200504-20.xml68
-rw-r--r--glsa-200504-21.xml79
-rw-r--r--glsa-200504-22.xml65
-rw-r--r--glsa-200504-23.xml65
-rw-r--r--glsa-200504-24.xml71
-rw-r--r--glsa-200504-25.xml70
-rw-r--r--glsa-200504-26.xml68
-rw-r--r--glsa-200504-27.xml66
-rw-r--r--glsa-200504-28.xml70
-rw-r--r--glsa-200504-29.xml68
-rw-r--r--glsa-200504-30.xml75
-rw-r--r--glsa-200505-01.xml167
-rw-r--r--glsa-200505-02.xml68
-rw-r--r--glsa-200505-03.xml103
-rw-r--r--glsa-200505-04.xml83
-rw-r--r--glsa-200505-05.xml70
-rw-r--r--glsa-200505-06.xml72
-rw-r--r--glsa-200505-07.xml65
-rw-r--r--glsa-200505-08.xml70
-rw-r--r--glsa-200505-09.xml71
-rw-r--r--glsa-200505-10.xml69
-rw-r--r--glsa-200505-11.xml118
-rw-r--r--glsa-200505-12.xml80
-rw-r--r--glsa-200505-13.xml74
-rw-r--r--glsa-200505-14.xml65
-rw-r--r--glsa-200505-15.xml73
-rw-r--r--glsa-200505-16.xml79
-rw-r--r--glsa-200505-17.xml66
-rw-r--r--glsa-200505-18.xml70
-rw-r--r--glsa-200505-19.xml66
-rw-r--r--glsa-200505-20.xml79
-rw-r--r--glsa-200506-01.xml83
-rw-r--r--glsa-200506-02.xml67
-rw-r--r--glsa-200506-03.xml65
-rw-r--r--glsa-200506-04.xml71
-rw-r--r--glsa-200506-05.xml67
-rw-r--r--glsa-200506-06.xml72
-rw-r--r--glsa-200506-07.xml67
-rw-r--r--glsa-200506-08.xml83
-rw-r--r--glsa-200506-09.xml67
-rw-r--r--glsa-200506-10.xml68
-rw-r--r--glsa-200506-11.xml73
-rw-r--r--glsa-200506-12.xml69
-rw-r--r--glsa-200506-13.xml71
-rw-r--r--glsa-200506-14.xml105
-rw-r--r--glsa-200506-15.xml69
-rw-r--r--glsa-200506-16.xml71
-rw-r--r--glsa-200506-17.xml80
-rw-r--r--glsa-200506-18.xml66
-rw-r--r--glsa-200506-19.xml71
-rw-r--r--glsa-200506-20.xml82
-rw-r--r--glsa-200506-21.xml68
-rw-r--r--glsa-200506-22.xml68
-rw-r--r--glsa-200506-23.xml71
-rw-r--r--glsa-200506-24.xml67
-rw-r--r--glsa-200507-01.xml82
-rw-r--r--glsa-200507-02.xml73
-rw-r--r--glsa-200507-03.xml71
-rw-r--r--glsa-200507-04.xml69
-rw-r--r--glsa-200507-05.xml67
-rw-r--r--glsa-200507-06.xml68
-rw-r--r--glsa-200507-07.xml70
-rw-r--r--glsa-200507-08.xml80
-rw-r--r--glsa-200507-09.xml71
-rw-r--r--glsa-200507-10.xml68
-rw-r--r--glsa-200507-11.xml79
-rw-r--r--glsa-200507-12.xml73
-rw-r--r--glsa-200507-13.xml83
-rw-r--r--glsa-200507-14.xml100
-rw-r--r--glsa-200507-15.xml70
-rw-r--r--glsa-200507-16.xml67
-rw-r--r--glsa-200507-17.xml101
-rw-r--r--glsa-200507-18.xml69
-rw-r--r--glsa-200507-19.xml68
-rw-r--r--glsa-200507-20.xml72
-rw-r--r--glsa-200507-21.xml66
-rw-r--r--glsa-200507-22.xml66
-rw-r--r--glsa-200507-23.xml77
-rw-r--r--glsa-200507-24.xml112
-rw-r--r--glsa-200507-25.xml70
-rw-r--r--glsa-200507-26.xml115
-rw-r--r--glsa-200507-27.xml81
-rw-r--r--glsa-200507-28.xml72
-rw-r--r--glsa-200507-29.xml68
-rw-r--r--glsa-200508-01.xml71
-rw-r--r--glsa-200508-02.xml74
-rw-r--r--glsa-200508-03.xml67
-rw-r--r--glsa-200508-04.xml79
-rw-r--r--glsa-200508-05.xml70
-rw-r--r--glsa-200508-06.xml71
-rw-r--r--glsa-200508-07.xml72
-rw-r--r--glsa-200508-08.xml103
-rw-r--r--glsa-200508-09.xml68
-rw-r--r--glsa-200508-10.xml68
-rw-r--r--glsa-200508-11.xml67
-rw-r--r--glsa-200508-12.xml74
-rw-r--r--glsa-200508-13.xml80
-rw-r--r--glsa-200508-14.xml80
-rw-r--r--glsa-200508-15.xml69
-rw-r--r--glsa-200508-16.xml68
-rw-r--r--glsa-200508-17.xml68
-rw-r--r--glsa-200508-18.xml68
-rw-r--r--glsa-200508-19.xml71
-rw-r--r--glsa-200508-20.xml70
-rw-r--r--glsa-200508-21.xml70
-rw-r--r--glsa-200508-22.xml70
-rw-r--r--glsa-200509-01.xml66
-rw-r--r--glsa-200509-02.xml70
-rw-r--r--glsa-200509-03.xml68
-rw-r--r--glsa-200509-04.xml68
-rw-r--r--glsa-200509-05.xml69
-rw-r--r--glsa-200509-06.xml68
-rw-r--r--glsa-200509-07.xml63
-rw-r--r--glsa-200509-08.xml73
-rw-r--r--glsa-200509-09.xml69
-rw-r--r--glsa-200509-10.xml65
-rw-r--r--glsa-200509-11.xml134
-rw-r--r--glsa-200509-12.xml87
-rw-r--r--glsa-200509-13.xml70
-rw-r--r--glsa-200509-14.xml68
-rw-r--r--glsa-200509-15.xml75
-rw-r--r--glsa-200509-16.xml68
-rw-r--r--glsa-200509-17.xml81
-rw-r--r--glsa-200509-18.xml66
-rw-r--r--glsa-200509-19.xml97
-rw-r--r--glsa-200509-20.xml67
-rw-r--r--glsa-200509-21.xml72
-rw-r--r--glsa-200510-01.xml65
-rw-r--r--glsa-200510-02.xml73
-rw-r--r--glsa-200510-03.xml70
-rw-r--r--glsa-200510-04.xml69
-rw-r--r--glsa-200510-05.xml67
-rw-r--r--glsa-200510-06.xml66
-rw-r--r--glsa-200510-07.xml76
-rw-r--r--glsa-200510-08.xml68
-rw-r--r--glsa-200510-09.xml65
-rw-r--r--glsa-200510-10.xml68
-rw-r--r--glsa-200510-11.xml73
-rw-r--r--glsa-200510-12.xml75
-rw-r--r--glsa-200510-13.xml67
-rw-r--r--glsa-200510-14.xml97
-rw-r--r--glsa-200510-15.xml68
-rw-r--r--glsa-200510-16.xml69
-rw-r--r--glsa-200510-17.xml69
-rw-r--r--glsa-200510-18.xml75
-rw-r--r--glsa-200510-19.xml70
-rw-r--r--glsa-200510-20.xml71
-rw-r--r--glsa-200510-21.xml74
-rw-r--r--glsa-200510-22.xml71
-rw-r--r--glsa-200510-23.xml67
-rw-r--r--glsa-200510-24.xml78
-rw-r--r--glsa-200510-25.xml87
-rw-r--r--glsa-200510-26.xml81
-rw-r--r--glsa-200511-01.xml69
-rw-r--r--glsa-200511-02.xml93
-rw-r--r--glsa-200511-03.xml70
-rw-r--r--glsa-200511-04.xml78
-rw-r--r--glsa-200511-05.xml72
-rw-r--r--glsa-200511-06.xml67
-rw-r--r--glsa-200511-07.xml73
-rw-r--r--glsa-200511-08.xml118
-rw-r--r--glsa-200511-09.xml73
-rw-r--r--glsa-200511-10.xml83
-rw-r--r--glsa-200511-11.xml68
-rw-r--r--glsa-200511-12.xml70
-rw-r--r--glsa-200511-13.xml82
-rw-r--r--glsa-200511-14.xml85
-rw-r--r--glsa-200511-15.xml69
-rw-r--r--glsa-200511-16.xml75
-rw-r--r--glsa-200511-17.xml71
-rw-r--r--glsa-200511-18.xml76
-rw-r--r--glsa-200511-19.xml71
-rw-r--r--glsa-200511-20.xml74
-rw-r--r--glsa-200511-21.xml75
-rw-r--r--glsa-200511-22.xml69
-rw-r--r--glsa-200511-23.xml80
-rw-r--r--glsa-200512-01.xml86
-rw-r--r--glsa-200512-02.xml83
-rw-r--r--glsa-200512-03.xml80
-rw-r--r--glsa-200512-04.xml89
-rw-r--r--glsa-200512-05.xml68
-rw-r--r--glsa-200512-06.xml69
-rw-r--r--glsa-200512-07.xml79
-rw-r--r--glsa-200512-08.xml104
-rw-r--r--glsa-200512-09.xml77
-rw-r--r--glsa-200512-10.xml69
-rw-r--r--glsa-200512-11.xml75
-rw-r--r--glsa-200512-12.xml79
-rw-r--r--glsa-200512-13.xml68
-rw-r--r--glsa-200512-14.xml64
-rw-r--r--glsa-200512-15.xml68
-rw-r--r--glsa-200512-16.xml81
-rw-r--r--glsa-200512-17.xml72
-rw-r--r--glsa-200512-18.xml73
-rw-r--r--glsa-200601-01.xml67
-rw-r--r--glsa-200601-02.xml108
-rw-r--r--glsa-200601-03.xml68
-rw-r--r--glsa-200601-04.xml70
-rw-r--r--glsa-200601-05.xml70
-rw-r--r--glsa-200601-06.xml83
-rw-r--r--glsa-200601-07.xml69
-rw-r--r--glsa-200601-08.xml68
-rw-r--r--glsa-200601-09.xml68
-rw-r--r--glsa-200601-10.xml106
-rw-r--r--glsa-200601-11.xml66
-rw-r--r--glsa-200601-12.xml72
-rw-r--r--glsa-200601-13.xml75
-rw-r--r--glsa-200601-14.xml69
-rw-r--r--glsa-200601-15.xml66
-rw-r--r--glsa-200601-16.xml65
-rw-r--r--glsa-200601-17.xml117
-rw-r--r--glsa-200602-01.xml74
-rw-r--r--glsa-200602-02.xml64
-rw-r--r--glsa-200602-03.xml101
-rw-r--r--glsa-200602-04.xml77
-rw-r--r--glsa-200602-05.xml76
-rw-r--r--glsa-200602-06.xml71
-rw-r--r--glsa-200602-07.xml87
-rw-r--r--glsa-200602-08.xml82
-rw-r--r--glsa-200602-09.xml67
-rw-r--r--glsa-200602-10.xml71
-rw-r--r--glsa-200602-11.xml82
-rw-r--r--glsa-200602-12.xml67
-rw-r--r--glsa-200602-13.xml71
-rw-r--r--glsa-200602-14.xml69
-rw-r--r--glsa-200603-01.xml68
-rw-r--r--glsa-200603-02.xml93
-rw-r--r--glsa-200603-03.xml73
-rw-r--r--glsa-200603-04.xml66
-rw-r--r--glsa-200603-05.xml70
-rw-r--r--glsa-200603-06.xml69
-rw-r--r--glsa-200603-07.xml69
-rw-r--r--glsa-200603-08.xml73
-rw-r--r--glsa-200603-09.xml82
-rw-r--r--glsa-200603-10.xml73
-rw-r--r--glsa-200603-11.xml68
-rw-r--r--glsa-200603-12.xml70
-rw-r--r--glsa-200603-13.xml68
-rw-r--r--glsa-200603-14.xml66
-rw-r--r--glsa-200603-15.xml71
-rw-r--r--glsa-200603-16.xml66
-rw-r--r--glsa-200603-17.xml68
-rw-r--r--glsa-200603-18.xml67
-rw-r--r--glsa-200603-19.xml72
-rw-r--r--glsa-200603-20.xml67
-rw-r--r--glsa-200603-21.xml63
-rw-r--r--glsa-200603-22.xml91
-rw-r--r--glsa-200603-23.xml95
-rw-r--r--glsa-200603-24.xml68
-rw-r--r--glsa-200603-25.xml84
-rw-r--r--glsa-200603-26.xml70
-rw-r--r--glsa-200604-01.xml68
-rw-r--r--glsa-200604-02.xml77
-rw-r--r--glsa-200604-03.xml68
-rw-r--r--glsa-200604-04.xml68
-rw-r--r--glsa-200604-05.xml68
-rw-r--r--glsa-200604-06.xml69
-rw-r--r--glsa-200604-07.xml75
-rw-r--r--glsa-200604-08.xml67
-rw-r--r--glsa-200604-09.xml67
-rw-r--r--glsa-200604-10.xml82
-rw-r--r--glsa-200604-11.xml70
-rw-r--r--glsa-200604-12.xml100
-rw-r--r--glsa-200604-13.xml68
-rw-r--r--glsa-200604-14.xml66
-rw-r--r--glsa-200604-15.xml68
-rw-r--r--glsa-200604-16.xml70
-rw-r--r--glsa-200604-17.xml84
-rw-r--r--glsa-200604-18.xml106
-rw-r--r--glsa-200605-01.xml78
-rw-r--r--glsa-200605-02.xml62
-rw-r--r--glsa-200605-03.xml64
-rw-r--r--glsa-200605-04.xml70
-rw-r--r--glsa-200605-05.xml71
-rw-r--r--glsa-200605-06.xml86
-rw-r--r--glsa-200605-07.xml69
-rw-r--r--glsa-200605-08.xml93
-rw-r--r--glsa-200605-09.xml106
-rw-r--r--glsa-200605-10.xml67
-rw-r--r--glsa-200605-11.xml63
-rw-r--r--glsa-200605-12.xml87
-rw-r--r--glsa-200605-13.xml77
-rw-r--r--glsa-200605-14.xml71
-rw-r--r--glsa-200605-15.xml77
-rw-r--r--glsa-200605-16.xml66
-rw-r--r--glsa-200605-17.xml66
-rw-r--r--glsa-200606-01.xml67
-rw-r--r--glsa-200606-02.xml69
-rw-r--r--glsa-200606-03.xml68
-rw-r--r--glsa-200606-04.xml72
-rw-r--r--glsa-200606-05.xml71
-rw-r--r--glsa-200606-06.xml75
-rw-r--r--glsa-200606-07.xml67
-rw-r--r--glsa-200606-08.xml64
-rw-r--r--glsa-200606-09.xml69
-rw-r--r--glsa-200606-10.xml66
-rw-r--r--glsa-200606-11.xml66
-rw-r--r--glsa-200606-12.xml95
-rw-r--r--glsa-200606-13.xml74
-rw-r--r--glsa-200606-14.xml66
-rw-r--r--glsa-200606-15.xml68
-rw-r--r--glsa-200606-16.xml68
-rw-r--r--glsa-200606-17.xml69
-rw-r--r--glsa-200606-18.xml70
-rw-r--r--glsa-200606-19.xml75
-rw-r--r--glsa-200606-20.xml68
-rw-r--r--glsa-200606-21.xml90
-rw-r--r--glsa-200606-22.xml66
-rw-r--r--glsa-200606-23.xml80
-rw-r--r--glsa-200606-24.xml66
-rw-r--r--glsa-200606-25.xml69
-rw-r--r--glsa-200606-26.xml66
-rw-r--r--glsa-200606-27.xml67
-rw-r--r--glsa-200606-28.xml65
-rw-r--r--glsa-200606-29.xml66
-rw-r--r--glsa-200606-30.xml69
-rw-r--r--glsa-200607-01.xml66
-rw-r--r--glsa-200607-02.xml67
-rw-r--r--glsa-200607-03.xml65
-rw-r--r--glsa-200607-04.xml79
-rw-r--r--glsa-200607-05.xml75
-rw-r--r--glsa-200607-06.xml82
-rw-r--r--glsa-200607-07.xml67
-rw-r--r--glsa-200607-08.xml67
-rw-r--r--glsa-200607-09.xml91
-rw-r--r--glsa-200607-10.xml69
-rw-r--r--glsa-200607-11.xml66
-rw-r--r--glsa-200607-12.xml83
-rw-r--r--glsa-200607-13.xml69
-rw-r--r--glsa-200608-01.xml73
-rw-r--r--glsa-200608-02.xml131
-rw-r--r--glsa-200608-03.xml135
-rw-r--r--glsa-200608-04.xml128
-rw-r--r--glsa-200608-05.xml68
-rw-r--r--glsa-200608-06.xml67
-rw-r--r--glsa-200608-07.xml71
-rw-r--r--glsa-200608-08.xml67
-rw-r--r--glsa-200608-09.xml68
-rw-r--r--glsa-200608-10.xml67
-rw-r--r--glsa-200608-11.xml77
-rw-r--r--glsa-200608-12.xml69
-rw-r--r--glsa-200608-13.xml67
-rw-r--r--glsa-200608-14.xml69
-rw-r--r--glsa-200608-15.xml70
-rw-r--r--glsa-200608-16.xml75
-rw-r--r--glsa-200608-17.xml69
-rw-r--r--glsa-200608-18.xml66
-rw-r--r--glsa-200608-19.xml69
-rw-r--r--glsa-200608-20.xml73
-rw-r--r--glsa-200608-21.xml67
-rw-r--r--glsa-200608-22.xml71
-rw-r--r--glsa-200608-23.xml73
-rw-r--r--glsa-200608-24.xml68
-rw-r--r--glsa-200608-25.xml165
-rw-r--r--glsa-200608-26.xml77
-rw-r--r--glsa-200608-27.xml76
-rw-r--r--glsa-200608-28.xml80
-rw-r--r--glsa-200609-01.xml69
-rw-r--r--glsa-200609-02.xml65
-rw-r--r--glsa-200609-03.xml65
-rw-r--r--glsa-200609-04.xml65
-rw-r--r--glsa-200609-05.xml79
-rw-r--r--glsa-200609-06.xml67
-rw-r--r--glsa-200609-07.xml77
-rw-r--r--glsa-200609-08.xml71
-rw-r--r--glsa-200609-09.xml64
-rw-r--r--glsa-200609-10.xml71
-rw-r--r--glsa-200609-11.xml81
-rw-r--r--glsa-200609-12.xml70
-rw-r--r--glsa-200609-13.xml79
-rw-r--r--glsa-200609-14.xml72
-rw-r--r--glsa-200609-15.xml67
-rw-r--r--glsa-200609-16.xml71
-rw-r--r--glsa-200609-17.xml66
-rw-r--r--glsa-200609-18.xml67
-rw-r--r--glsa-200609-19.xml81
-rw-r--r--glsa-200609-20.xml69
-rw-r--r--glsa-200610-01.xml85
-rw-r--r--glsa-200610-02.xml69
-rw-r--r--glsa-200610-03.xml68
-rw-r--r--glsa-200610-04.xml70
-rw-r--r--glsa-200610-05.xml66
-rw-r--r--glsa-200610-06.xml75
-rw-r--r--glsa-200610-07.xml70
-rw-r--r--glsa-200610-08.xml63
-rw-r--r--glsa-200610-09.xml69
-rw-r--r--glsa-200610-10.xml67
-rw-r--r--glsa-200610-11.xml86
-rw-r--r--glsa-200610-12.xml66
-rw-r--r--glsa-200610-13.xml69
-rw-r--r--glsa-200610-14.xml77
-rw-r--r--glsa-200610-15.xml81
-rw-r--r--glsa-200611-01.xml67
-rw-r--r--glsa-200611-02.xml75
-rw-r--r--glsa-200611-03.xml76
-rw-r--r--glsa-200611-04.xml90
-rw-r--r--glsa-200611-05.xml69
-rw-r--r--glsa-200611-06.xml73
-rw-r--r--glsa-200611-07.xml70
-rw-r--r--glsa-200611-08.xml69
-rw-r--r--glsa-200611-09.xml65
-rw-r--r--glsa-200611-10.xml71
-rw-r--r--glsa-200611-11.xml72
-rw-r--r--glsa-200611-12.xml66
-rw-r--r--glsa-200611-13.xml67
-rw-r--r--glsa-200611-14.xml70
-rw-r--r--glsa-200611-15.xml68
-rw-r--r--glsa-200611-16.xml67
-rw-r--r--glsa-200611-17.xml70
-rw-r--r--glsa-200611-18.xml69
-rw-r--r--glsa-200611-19.xml71
-rw-r--r--glsa-200611-20.xml66
-rw-r--r--glsa-200611-21.xml61
-rw-r--r--glsa-200611-22.xml66
-rw-r--r--glsa-200611-23.xml69
-rw-r--r--glsa-200611-24.xml74
-rw-r--r--glsa-200611-25.xml69
-rw-r--r--glsa-200611-26.xml78
-rw-r--r--glsa-200612-01.xml63
-rw-r--r--glsa-200612-02.xml69
-rw-r--r--glsa-200612-03.xml78
-rw-r--r--glsa-200612-04.xml68
-rw-r--r--glsa-200612-05.xml70
-rw-r--r--glsa-200612-06.xml102
-rw-r--r--glsa-200612-07.xml89
-rw-r--r--glsa-200612-08.xml73
-rw-r--r--glsa-200612-09.xml69
-rw-r--r--glsa-200612-10.xml69
-rw-r--r--glsa-200612-11.xml78
-rw-r--r--glsa-200612-12.xml70
-rw-r--r--glsa-200612-13.xml69
-rw-r--r--glsa-200612-14.xml68
-rw-r--r--glsa-200612-15.xml70
-rw-r--r--glsa-200612-16.xml69
-rw-r--r--glsa-200612-17.xml71
-rw-r--r--glsa-200612-18.xml61
-rw-r--r--glsa-200612-19.xml66
-rw-r--r--glsa-200612-20.xml74
-rw-r--r--glsa-200612-21.xml65
-rw-r--r--glsa-200701-01.xml66
-rw-r--r--glsa-200701-02.xml90
-rw-r--r--glsa-200701-03.xml88
-rw-r--r--glsa-200701-04.xml84
-rw-r--r--glsa-200701-05.xml68
-rw-r--r--glsa-200701-06.xml64
-rw-r--r--glsa-200701-07.xml81
-rw-r--r--glsa-200701-08.xml73
-rw-r--r--glsa-200701-09.xml61
-rw-r--r--glsa-200701-10.xml78
-rw-r--r--glsa-200701-11.xml69
-rw-r--r--glsa-200701-12.xml70
-rw-r--r--glsa-200701-13.xml73
-rw-r--r--glsa-200701-14.xml68
-rw-r--r--glsa-200701-15.xml99
-rw-r--r--glsa-200701-16.xml86
-rw-r--r--glsa-200701-17.xml71
-rw-r--r--glsa-200701-18.xml68
-rw-r--r--glsa-200701-19.xml73
-rw-r--r--glsa-200701-20.xml68
-rw-r--r--glsa-200701-21.xml69
-rw-r--r--glsa-200701-22.xml68
-rw-r--r--glsa-200701-23.xml71
-rw-r--r--glsa-200701-24.xml68
-rw-r--r--glsa-200701-25.xml71
-rw-r--r--glsa-200701-26.xml65
-rw-r--r--glsa-200701-27.xml67
-rw-r--r--glsa-200701-28.xml75
-rw-r--r--glsa-200702-01.xml70
-rw-r--r--glsa-200702-02.xml66
-rw-r--r--glsa-200702-03.xml67
-rw-r--r--glsa-200702-04.xml78
-rw-r--r--glsa-200702-05.xml67
-rw-r--r--glsa-200702-06.xml80
-rw-r--r--glsa-200702-07.xml108
-rw-r--r--glsa-200702-08.xml83
-rw-r--r--glsa-200702-09.xml72
-rw-r--r--glsa-200702-10.xml79
-rw-r--r--glsa-200702-11.xml68
-rw-r--r--glsa-200702-12.xml70
-rw-r--r--glsa-200703-01.xml66
-rw-r--r--glsa-200703-02.xml65
-rw-r--r--glsa-200703-03.xml72
-rw-r--r--glsa-200703-04.xml120
-rw-r--r--glsa-200703-05.xml79
-rw-r--r--glsa-200703-06.xml71
-rw-r--r--glsa-200703-07.xml67
-rw-r--r--glsa-200703-08.xml106
-rw-r--r--glsa-200703-09.xml84
-rw-r--r--glsa-200703-10.xml68
-rw-r--r--glsa-200703-11.xml66
-rw-r--r--glsa-200703-12.xml64
-rw-r--r--glsa-200703-13.xml71
-rw-r--r--glsa-200703-14.xml69
-rw-r--r--glsa-200703-15.xml75
-rw-r--r--glsa-200703-16.xml70
-rw-r--r--glsa-200703-17.xml67
-rw-r--r--glsa-200703-18.xml88
-rw-r--r--glsa-200703-19.xml70
-rw-r--r--glsa-200703-20.xml70
-rw-r--r--glsa-200703-21.xml93
-rw-r--r--glsa-200703-22.xml71
-rw-r--r--glsa-200703-23.xml92
-rw-r--r--glsa-200703-24.xml69
-rw-r--r--glsa-200703-25.xml66
-rw-r--r--glsa-200703-26.xml70
-rw-r--r--glsa-200703-27.xml65
-rw-r--r--glsa-200703-28.xml69
-rw-r--r--glsa-200704-01.xml72
-rw-r--r--glsa-200704-02.xml72
-rw-r--r--glsa-200704-03.xml71
-rw-r--r--glsa-200704-04.xml69
-rw-r--r--glsa-200704-05.xml67
-rw-r--r--glsa-200704-06.xml68
-rw-r--r--glsa-200704-07.xml68
-rw-r--r--glsa-200704-08.xml72
-rw-r--r--glsa-200704-09.xml68
-rw-r--r--glsa-200704-10.xml67
-rw-r--r--glsa-200704-11.xml70
-rw-r--r--glsa-200704-12.xml84
-rw-r--r--glsa-200704-13.xml68
-rw-r--r--glsa-200704-14.xml68
-rw-r--r--glsa-200704-15.xml72
-rw-r--r--glsa-200704-16.xml70
-rw-r--r--glsa-200704-17.xml67
-rw-r--r--glsa-200704-18.xml66
-rw-r--r--glsa-200704-19.xml66
-rw-r--r--glsa-200704-20.xml74
-rw-r--r--glsa-200704-21.xml69
-rw-r--r--glsa-200704-22.xml71
-rw-r--r--glsa-200704-23.xml65
-rw-r--r--glsa-200705-01.xml69
-rw-r--r--glsa-200705-02.xml67
-rw-r--r--glsa-200705-03.xml69
-rw-r--r--glsa-200705-04.xml74
-rw-r--r--glsa-200705-05.xml67
-rw-r--r--glsa-200705-06.xml67
-rw-r--r--glsa-200705-07.xml70
-rw-r--r--glsa-200705-08.xml63
-rw-r--r--glsa-200705-09.xml69
-rw-r--r--glsa-200705-10.xml80
-rw-r--r--glsa-200705-11.xml70
-rw-r--r--glsa-200705-12.xml77
-rw-r--r--glsa-200705-13.xml73
-rw-r--r--glsa-200705-14.xml67
-rw-r--r--glsa-200705-15.xml67
-rw-r--r--glsa-200705-16.xml67
-rw-r--r--glsa-200705-17.xml70
-rw-r--r--glsa-200705-18.xml65
-rw-r--r--glsa-200705-19.xml104
-rw-r--r--glsa-200705-20.xml90
-rw-r--r--glsa-200705-21.xml72
-rw-r--r--glsa-200705-22.xml68
-rw-r--r--glsa-200705-23.xml102
-rw-r--r--glsa-200705-24.xml70
-rw-r--r--glsa-200705-25.xml66
-rw-r--r--glsa-200706-01.xml68
-rw-r--r--glsa-200706-02.xml67
-rw-r--r--glsa-200706-03.xml68
-rw-r--r--glsa-200706-04.xml74
-rw-r--r--glsa-200706-05.xml85
-rw-r--r--glsa-200706-06.xml149
-rw-r--r--glsa-200706-07.xml75
-rw-r--r--glsa-200706-08.xml78
-rw-r--r--glsa-200706-09.xml70
-rw-r--r--glsa-200707-01.xml65
-rw-r--r--glsa-200707-02.xml82
-rw-r--r--glsa-200707-03.xml70
-rw-r--r--glsa-200707-04.xml71
-rw-r--r--glsa-200707-05.xml77
-rw-r--r--glsa-200707-06.xml69
-rw-r--r--glsa-200707-07.xml70
-rw-r--r--glsa-200707-08.xml67
-rw-r--r--glsa-200707-09.xml70
-rw-r--r--glsa-200707-10.xml62
-rw-r--r--glsa-200707-11.xml71
-rw-r--r--glsa-200707-12.xml68
-rw-r--r--glsa-200707-13.xml66
-rw-r--r--glsa-200707-14.xml68
-rw-r--r--glsa-200708-01.xml74
-rw-r--r--glsa-200708-02.xml68
-rw-r--r--glsa-200708-03.xml74
-rw-r--r--glsa-200708-04.xml65
-rw-r--r--glsa-200708-05.xml84
-rw-r--r--glsa-200708-06.xml68
-rw-r--r--glsa-200708-07.xml68
-rw-r--r--glsa-200708-08.xml75
-rw-r--r--glsa-200708-09.xml153
-rw-r--r--glsa-200708-10.xml70
-rw-r--r--glsa-200708-11.xml74
-rw-r--r--glsa-200708-12.xml76
-rw-r--r--glsa-200708-13.xml81
-rw-r--r--glsa-200708-14.xml68
-rw-r--r--glsa-200708-15.xml64
-rw-r--r--glsa-200708-16.xml68
-rw-r--r--glsa-200708-17.xml82
-rw-r--r--glsa-200709-01.xml74
-rw-r--r--glsa-200709-02.xml70
-rw-r--r--glsa-200709-03.xml67
-rw-r--r--glsa-200709-04.xml65
-rw-r--r--glsa-200709-05.xml69
-rw-r--r--glsa-200709-06.xml66
-rw-r--r--glsa-200709-07.xml66
-rw-r--r--glsa-200709-08.xml63
-rw-r--r--glsa-200709-09.xml63
-rw-r--r--glsa-200709-10.xml68
-rw-r--r--glsa-200709-11.xml69
-rw-r--r--glsa-200709-12.xml72
-rw-r--r--glsa-200709-13.xml68
-rw-r--r--glsa-200709-14.xml75
-rw-r--r--glsa-200709-15.xml82
-rw-r--r--glsa-200709-16.xml68
-rw-r--r--glsa-200709-17.xml74
-rw-r--r--glsa-200709-18.xml85
-rw-r--r--glsa-200710-01.xml69
-rw-r--r--glsa-200710-02.xml154
-rw-r--r--glsa-200710-03.xml77
-rw-r--r--glsa-200710-04.xml69
-rw-r--r--glsa-200710-05.xml68
-rw-r--r--glsa-200710-06.xml74
-rw-r--r--glsa-200710-07.xml66
-rw-r--r--glsa-200710-08.xml100
-rw-r--r--glsa-200710-09.xml82
-rw-r--r--glsa-200710-10.xml67
-rw-r--r--glsa-200710-11.xml79
-rw-r--r--glsa-200710-12.xml68
-rw-r--r--glsa-200710-13.xml70
-rw-r--r--glsa-200710-14.xml70
-rw-r--r--glsa-200710-15.xml78
-rw-r--r--glsa-200710-16.xml71
-rw-r--r--glsa-200710-17.xml67
-rw-r--r--glsa-200710-18.xml69
-rw-r--r--glsa-200710-19.xml75
-rw-r--r--glsa-200710-20.xml80
-rw-r--r--glsa-200710-21.xml67
-rw-r--r--glsa-200710-22.xml69
-rw-r--r--glsa-200710-23.xml68
-rw-r--r--glsa-200710-24.xml79
-rw-r--r--glsa-200710-25.xml75
-rw-r--r--glsa-200710-26.xml71
-rw-r--r--glsa-200710-27.xml74
-rw-r--r--glsa-200710-28.xml68
-rw-r--r--glsa-200710-29.xml77
-rw-r--r--glsa-200710-30.xml69
-rw-r--r--glsa-200710-31.xml71
-rw-r--r--glsa-200711-01.xml68
-rw-r--r--glsa-200711-02.xml66
-rw-r--r--glsa-200711-03.xml67
-rw-r--r--glsa-200711-04.xml73
-rw-r--r--glsa-200711-05.xml80
-rw-r--r--glsa-200711-06.xml79
-rw-r--r--glsa-200711-07.xml79
-rw-r--r--glsa-200711-08.xml73
-rw-r--r--glsa-200711-09.xml68
-rw-r--r--glsa-200711-10.xml67
-rw-r--r--glsa-200711-11.xml77
-rw-r--r--glsa-200711-12.xml69
-rw-r--r--glsa-200711-13.xml68
-rw-r--r--glsa-200711-14.xml127
-rw-r--r--glsa-200711-15.xml76
-rw-r--r--glsa-200711-16.xml71
-rw-r--r--glsa-200711-17.xml77
-rw-r--r--glsa-200711-18.xml67
-rw-r--r--glsa-200711-19.xml69
-rw-r--r--glsa-200711-20.xml69
-rw-r--r--glsa-200711-21.xml69
-rw-r--r--glsa-200711-22.xml120
-rw-r--r--glsa-200711-23.xml112
-rw-r--r--glsa-200711-24.xml82
-rw-r--r--glsa-200711-25.xml67
-rw-r--r--glsa-200711-26.xml77
-rw-r--r--glsa-200711-27.xml69
-rw-r--r--glsa-200711-28.xml71
-rw-r--r--glsa-200711-29.xml80
-rw-r--r--glsa-200711-30.xml102
-rw-r--r--glsa-200711-31.xml67
-rw-r--r--glsa-200711-32.xml70
-rw-r--r--glsa-200711-33.xml70
-rw-r--r--glsa-200711-34.xml74
-rw-r--r--glsa-200712-01.xml64
-rw-r--r--glsa-200712-02.xml67
-rw-r--r--glsa-200712-03.xml79
-rw-r--r--glsa-200712-04.xml69
-rw-r--r--glsa-200712-05.xml70
-rw-r--r--glsa-200712-06.xml68
-rw-r--r--glsa-200712-07.xml65
-rw-r--r--glsa-200712-08.xml71
-rw-r--r--glsa-200712-09.xml69
-rw-r--r--glsa-200712-10.xml67
-rw-r--r--glsa-200712-11.xml66
-rw-r--r--glsa-200712-12.xml65
-rw-r--r--glsa-200712-13.xml71
-rw-r--r--glsa-200712-14.xml92
-rw-r--r--glsa-200712-15.xml72
-rw-r--r--glsa-200712-16.xml71
-rw-r--r--glsa-200712-17.xml76
-rw-r--r--glsa-200712-18.xml76
-rw-r--r--glsa-200712-19.xml65
-rw-r--r--glsa-200712-20.xml72
-rw-r--r--glsa-200712-21.xml104
-rw-r--r--glsa-200712-22.xml71
-rw-r--r--glsa-200712-23.xml92
-rw-r--r--glsa-200712-24.xml71
-rw-r--r--glsa-200712-25.xml89
-rw-r--r--glsa-200801-01.xml66
-rw-r--r--glsa-200801-02.xml69
-rw-r--r--glsa-200801-03.xml67
-rw-r--r--glsa-200801-04.xml65
-rw-r--r--glsa-200801-05.xml64
-rw-r--r--glsa-200801-06.xml84
-rw-r--r--glsa-200801-07.xml102
-rw-r--r--glsa-200801-08.xml68
-rw-r--r--glsa-200801-09.xml106
-rw-r--r--glsa-200801-10.xml81
-rw-r--r--glsa-200801-11.xml76
-rw-r--r--glsa-200801-12.xml69
-rw-r--r--glsa-200801-13.xml66
-rw-r--r--glsa-200801-14.xml66
-rw-r--r--glsa-200801-15.xml84
-rw-r--r--glsa-200801-16.xml67
-rw-r--r--glsa-200801-17.xml66
-rw-r--r--glsa-200801-18.xml68
-rw-r--r--glsa-200801-19.xml74
-rw-r--r--glsa-200801-20.xml68
-rw-r--r--glsa-200801-21.xml68
-rw-r--r--glsa-200801-22.xml66
-rw-r--r--glsa-200802-01.xml72
-rw-r--r--glsa-200802-02.xml77
-rw-r--r--glsa-200802-03.xml64
-rw-r--r--glsa-200802-04.xml77
-rw-r--r--glsa-200802-05.xml68
-rw-r--r--glsa-200802-06.xml75
-rw-r--r--glsa-200802-07.xml67
-rw-r--r--glsa-200802-08.xml70
-rw-r--r--glsa-200802-09.xml70
-rw-r--r--glsa-200802-10.xml69
-rw-r--r--glsa-200802-11.xml87
-rw-r--r--glsa-200802-12.xml73
-rw-r--r--glsa-200803-01.xml89
-rw-r--r--glsa-200803-02.xml70
-rw-r--r--glsa-200803-03.xml66
-rw-r--r--glsa-200803-04.xml67
-rw-r--r--glsa-200803-05.xml65
-rw-r--r--glsa-200803-06.xml67
-rw-r--r--glsa-200803-07.xml66
-rw-r--r--glsa-200803-08.xml80
-rw-r--r--glsa-200803-09.xml74
-rw-r--r--glsa-200803-10.xml68
-rw-r--r--glsa-200803-11.xml67
-rw-r--r--glsa-200803-12.xml68
-rw-r--r--glsa-200803-13.xml100
-rw-r--r--glsa-200803-14.xml89
-rw-r--r--glsa-200803-15.xml66
-rw-r--r--glsa-200803-16.xml83
-rw-r--r--glsa-200803-17.xml65
-rw-r--r--glsa-200803-18.xml81
-rw-r--r--glsa-200803-19.xml80
-rw-r--r--glsa-200803-20.xml76
-rw-r--r--glsa-200803-21.xml72
-rw-r--r--glsa-200803-22.xml69
-rw-r--r--glsa-200803-23.xml69
-rw-r--r--glsa-200803-24.xml81
-rw-r--r--glsa-200803-25.xml84
-rw-r--r--glsa-200803-26.xml66
-rw-r--r--glsa-200803-27.xml90
-rw-r--r--glsa-200803-28.xml79
-rw-r--r--glsa-200803-29.xml70
-rw-r--r--glsa-200803-30.xml170
-rw-r--r--glsa-200803-31.xml102
-rw-r--r--glsa-200803-32.xml67
-rw-r--r--glsa-200804-01.xml89
-rw-r--r--glsa-200804-02.xml66
-rw-r--r--glsa-200804-03.xml81
-rw-r--r--glsa-200804-04.xml81
-rw-r--r--glsa-200804-05.xml80
-rw-r--r--glsa-200804-06.xml68
-rw-r--r--glsa-200804-07.xml68
-rw-r--r--glsa-200804-08.xml74
-rw-r--r--glsa-200804-09.xml66
-rw-r--r--glsa-200804-10.xml110
-rw-r--r--glsa-200804-11.xml73
-rw-r--r--glsa-200804-12.xml66
-rw-r--r--glsa-200804-13.xml83
-rw-r--r--glsa-200804-14.xml68
-rw-r--r--glsa-200804-15.xml72
-rw-r--r--glsa-200804-16.xml78
-rw-r--r--glsa-200804-17.xml72
-rw-r--r--glsa-200804-18.xml67
-rw-r--r--glsa-200804-19.xml72
-rw-r--r--glsa-200804-20.xml234
-rw-r--r--glsa-200804-21.xml106
-rw-r--r--glsa-200804-22.xml72
-rw-r--r--glsa-200804-23.xml69
-rw-r--r--glsa-200804-24.xml71
-rw-r--r--glsa-200804-25.xml95
-rw-r--r--glsa-200804-26.xml66
-rw-r--r--glsa-200804-27.xml104
-rw-r--r--glsa-200804-28.xml77
-rw-r--r--glsa-200804-29.xml72
-rw-r--r--glsa-200804-30.xml68
-rw-r--r--glsa-200805-01.xml131
-rw-r--r--glsa-200805-02.xml66
-rw-r--r--glsa-200805-03.xml136
-rw-r--r--glsa-200805-04.xml77
-rw-r--r--glsa-200805-05.xml79
-rw-r--r--glsa-200805-06.xml70
-rw-r--r--glsa-200805-07.xml88
-rw-r--r--glsa-200805-08.xml65
-rw-r--r--glsa-200805-09.xml66
-rw-r--r--glsa-200805-10.xml69
-rw-r--r--glsa-200805-11.xml67
-rw-r--r--glsa-200805-12.xml70
-rw-r--r--glsa-200805-13.xml75
-rw-r--r--glsa-200805-14.xml70
-rw-r--r--glsa-200805-15.xml64
-rw-r--r--glsa-200805-16.xml110
-rw-r--r--glsa-200805-17.xml76
-rw-r--r--glsa-200805-18.xml282
-rw-r--r--glsa-200805-19.xml102
-rw-r--r--glsa-200805-20.xml82
-rw-r--r--glsa-200805-21.xml71
-rw-r--r--glsa-200805-22.xml69
-rw-r--r--glsa-200805-23.xml69
-rw-r--r--glsa-200806-01.xml69
-rw-r--r--glsa-200806-02.xml68
-rw-r--r--glsa-200806-03.xml74
-rw-r--r--glsa-200806-04.xml82
-rw-r--r--glsa-200806-05.xml67
-rw-r--r--glsa-200806-06.xml77
-rw-r--r--glsa-200806-07.xml99
-rw-r--r--glsa-200806-08.xml79
-rw-r--r--glsa-200806-09.xml88
-rw-r--r--glsa-200806-10.xml85
-rw-r--r--glsa-200806-11.xml99
-rw-r--r--glsa-200807-01.xml89
-rw-r--r--glsa-200807-02.xml72
-rw-r--r--glsa-200807-03.xml78
-rw-r--r--glsa-200807-04.xml65
-rw-r--r--glsa-200807-05.xml78
-rw-r--r--glsa-200807-06.xml86
-rw-r--r--glsa-200807-07.xml77
-rw-r--r--glsa-200807-08.xml75
-rw-r--r--glsa-200807-09.xml66
-rw-r--r--glsa-200807-10.xml68
-rw-r--r--glsa-200807-11.xml67
-rw-r--r--glsa-200807-12.xml69
-rw-r--r--glsa-200807-13.xml72
-rw-r--r--glsa-200807-14.xml65
-rw-r--r--glsa-200807-15.xml68
-rw-r--r--glsa-200807-16.xml109
-rw-r--r--glsa-200808-01.xml89
-rw-r--r--glsa-200808-02.xml76
-rw-r--r--glsa-200808-03.xml249
-rw-r--r--glsa-200808-04.xml76
-rw-r--r--glsa-200808-05.xml66
-rw-r--r--glsa-200808-06.xml70
-rw-r--r--glsa-200808-07.xml74
-rw-r--r--glsa-200808-08.xml71
-rw-r--r--glsa-200808-09.xml65
-rw-r--r--glsa-200808-10.xml64
-rw-r--r--glsa-200808-11.xml78
-rw-r--r--glsa-200808-12.xml126
-rw-r--r--glsa-200809-01.xml73
-rw-r--r--glsa-200809-02.xml79
-rw-r--r--glsa-200809-03.xml64
-rw-r--r--glsa-200809-04.xml65
-rw-r--r--glsa-200809-05.xml71
-rw-r--r--glsa-200809-06.xml74
-rw-r--r--glsa-200809-07.xml69
-rw-r--r--glsa-200809-08.xml68
-rw-r--r--glsa-200809-09.xml78
-rw-r--r--glsa-200809-10.xml74
-rw-r--r--glsa-200809-11.xml64
-rw-r--r--glsa-200809-12.xml67
-rw-r--r--glsa-200809-13.xml67
-rw-r--r--glsa-200809-14.xml66
-rw-r--r--glsa-200809-15.xml68
-rw-r--r--glsa-200809-16.xml67
-rw-r--r--glsa-200809-17.xml84
-rw-r--r--glsa-200809-18.xml74
-rw-r--r--glsa-200810-01.xml94
-rw-r--r--glsa-200810-02.xml75
-rw-r--r--glsa-200810-03.xml71
-rw-r--r--glsa-200811-01.xml129
-rw-r--r--glsa-200811-02.xml98
-rw-r--r--glsa-200811-03.xml66
-rw-r--r--glsa-200811-04.xml67
-rw-r--r--glsa-200811-05.xml134
-rw-r--r--glsa-200812-01.xml67
-rw-r--r--glsa-200812-02.xml71
-rw-r--r--glsa-200812-03.xml78
-rw-r--r--glsa-200812-04.xml82
-rw-r--r--glsa-200812-05.xml67
-rw-r--r--glsa-200812-06.xml99
-rw-r--r--glsa-200812-07.xml88
-rw-r--r--glsa-200812-08.xml66
-rw-r--r--glsa-200812-09.xml71
-rw-r--r--glsa-200812-10.xml66
-rw-r--r--glsa-200812-11.xml83
-rw-r--r--glsa-200812-12.xml65
-rw-r--r--glsa-200812-13.xml85
-rw-r--r--glsa-200812-14.xml66
-rw-r--r--glsa-200812-15.xml73
-rw-r--r--glsa-200812-16.xml83
-rw-r--r--glsa-200812-17.xml122
-rw-r--r--glsa-200812-18.xml80
-rw-r--r--glsa-200812-19.xml75
-rw-r--r--glsa-200812-20.xml88
-rw-r--r--glsa-200812-21.xml73
-rw-r--r--glsa-200812-22.xml66
-rw-r--r--glsa-200812-23.xml67
-rw-r--r--glsa-200812-24.xml82
-rw-r--r--glsa-200901-01.xml67
-rw-r--r--glsa-200901-02.xml85
-rw-r--r--glsa-200901-03.xml81
-rw-r--r--glsa-200901-04.xml66
-rw-r--r--glsa-200901-05.xml69
-rw-r--r--glsa-200901-06.xml73
-rw-r--r--glsa-200901-07.xml85
-rw-r--r--glsa-200901-08.xml74
-rw-r--r--glsa-200901-09.xml106
-rw-r--r--glsa-200901-10.xml66
-rw-r--r--glsa-200901-11.xml67
-rw-r--r--glsa-200901-12.xml67
-rw-r--r--glsa-200901-13.xml95
-rw-r--r--glsa-200901-14.xml65
-rw-r--r--glsa-200901-15.xml67
-rw-r--r--glsa-200902-01.xml68
-rw-r--r--glsa-200902-02.xml71
-rw-r--r--glsa-200902-03.xml67
-rw-r--r--glsa-200902-04.xml67
-rw-r--r--glsa-200902-05.xml70
-rw-r--r--glsa-200902-06.xml93
-rw-r--r--glsa-200903-01.xml68
-rw-r--r--glsa-200903-02.xml65
-rw-r--r--glsa-200903-03.xml66
-rw-r--r--glsa-200903-04.xml66
-rw-r--r--glsa-200903-05.xml77
-rw-r--r--glsa-200903-06.xml66
-rw-r--r--glsa-200903-07.xml66
-rw-r--r--glsa-200903-08.xml66
-rw-r--r--glsa-200903-09.xml70
-rw-r--r--glsa-200903-10.xml68
-rw-r--r--glsa-200903-11.xml66
-rw-r--r--glsa-200903-12.xml69
-rw-r--r--glsa-200903-13.xml65
-rw-r--r--glsa-200903-14.xml69
-rw-r--r--glsa-200903-15.xml86
-rw-r--r--glsa-200903-16.xml68
-rw-r--r--glsa-200903-17.xml68
-rw-r--r--glsa-200903-18.xml67
-rw-r--r--glsa-200903-19.xml69
-rw-r--r--glsa-200903-20.xml79
-rw-r--r--glsa-200903-21.xml68
-rw-r--r--glsa-200903-22.xml68
-rw-r--r--glsa-200903-23.xml139
-rw-r--r--glsa-200903-24.xml65
-rw-r--r--glsa-200903-25.xml69
-rw-r--r--glsa-200903-26.xml65
-rw-r--r--glsa-200903-27.xml75
-rw-r--r--glsa-200903-28.xml89
-rw-r--r--glsa-200903-29.xml78
-rw-r--r--glsa-200903-30.xml93
-rw-r--r--glsa-200903-31.xml64
-rw-r--r--glsa-200903-32.xml100
-rw-r--r--glsa-200903-33.xml112
-rw-r--r--glsa-200903-34.xml76
-rw-r--r--glsa-200903-35.xml65
-rw-r--r--glsa-200903-36.xml67
-rw-r--r--glsa-200903-37.xml97
-rw-r--r--glsa-200903-38.xml73
-rw-r--r--glsa-200903-39.xml74
-rw-r--r--glsa-200903-40.xml70
-rw-r--r--glsa-200903-41.xml74
-rw-r--r--glsa-200904-01.xml98
-rw-r--r--glsa-200904-02.xml75
-rw-r--r--glsa-200904-03.xml65
-rw-r--r--glsa-200904-04.xml65
-rw-r--r--glsa-200904-05.xml67
-rw-r--r--glsa-200904-06.xml67
-rw-r--r--glsa-200904-07.xml69
-rw-r--r--glsa-200904-08.xml68
-rw-r--r--glsa-200904-09.xml84
-rw-r--r--glsa-200904-10.xml70
-rw-r--r--glsa-200904-11.xml97
-rw-r--r--glsa-200904-12.xml65
-rw-r--r--glsa-200904-13.xml63
-rw-r--r--glsa-200904-14.xml78
-rw-r--r--glsa-200904-15.xml67
-rw-r--r--glsa-200904-16.xml68
-rw-r--r--glsa-200904-17.xml102
-rw-r--r--glsa-200904-18.xml71
-rw-r--r--glsa-200904-19.xml86
-rw-r--r--glsa-200904-20.xml84
-rw-r--r--glsa-200905-01.xml87
-rw-r--r--glsa-200905-02.xml70
-rw-r--r--glsa-200905-03.xml78
-rw-r--r--glsa-200905-04.xml84
-rw-r--r--glsa-200905-05.xml70
-rw-r--r--glsa-200905-06.xml66
-rw-r--r--glsa-200905-07.xml81
-rw-r--r--glsa-200905-08.xml84
-rw-r--r--glsa-200905-09.xml77
-rw-r--r--glsa-200906-01.xml69
-rw-r--r--glsa-200906-02.xml64
-rw-r--r--glsa-200906-03.xml72
-rw-r--r--glsa-200906-04.xml70
-rw-r--r--glsa-200906-05.xml154
-rw-r--r--glsa-200907-01.xml67
-rw-r--r--glsa-200907-02.xml75
-rw-r--r--glsa-200907-03.xml90
-rw-r--r--glsa-200907-04.xml96
-rw-r--r--glsa-200907-05.xml67
-rw-r--r--glsa-200907-06.xml125
-rw-r--r--glsa-200907-07.xml95
-rw-r--r--glsa-200907-08.xml86
-rw-r--r--glsa-200907-09.xml69
-rw-r--r--glsa-200907-10.xml73
-rw-r--r--glsa-200907-11.xml112
-rw-r--r--glsa-200907-12.xml67
-rw-r--r--glsa-200907-13.xml70
-rw-r--r--glsa-200907-14.xml80
-rw-r--r--glsa-200907-15.xml96
-rw-r--r--glsa-200907-16.xml76
-rw-r--r--glsa-200908-01.xml81
-rw-r--r--glsa-200908-02.xml70
-rw-r--r--glsa-200908-03.xml80
-rw-r--r--glsa-200908-04.xml115
-rw-r--r--glsa-200908-05.xml70
-rw-r--r--glsa-200908-06.xml69
-rw-r--r--glsa-200908-07.xml84
-rw-r--r--glsa-200908-08.xml67
-rw-r--r--glsa-200908-09.xml68
-rw-r--r--glsa-200908-10.xml68
-rw-r--r--glsa-200909-01.xml71
-rw-r--r--glsa-200909-02.xml69
-rw-r--r--glsa-200909-03.xml83
-rw-r--r--glsa-200909-04.xml89
-rw-r--r--glsa-200909-05.xml77
-rw-r--r--glsa-200909-06.xml67
-rw-r--r--glsa-200909-07.xml66
-rw-r--r--glsa-200909-08.xml66
-rw-r--r--glsa-200909-09.xml66
-rw-r--r--glsa-200909-10.xml65
-rw-r--r--glsa-200909-11.xml65
-rw-r--r--glsa-200909-12.xml72
-rw-r--r--glsa-200909-13.xml68
-rw-r--r--glsa-200909-14.xml115
-rw-r--r--glsa-200909-15.xml72
-rw-r--r--glsa-200909-16.xml84
-rw-r--r--glsa-200909-17.xml67
-rw-r--r--glsa-200909-18.xml84
-rw-r--r--glsa-200909-19.xml78
-rw-r--r--glsa-200909-20.xml70
-rw-r--r--glsa-200910-01.xml70
-rw-r--r--glsa-200910-02.xml92
-rw-r--r--glsa-200910-03.xml91
-rw-r--r--glsa-200911-01.xml96
-rw-r--r--glsa-200911-02.xml240
-rw-r--r--glsa-200911-03.xml99
-rw-r--r--glsa-200911-04.xml68
-rw-r--r--glsa-200911-05.xml88
-rw-r--r--glsa-200911-06.xml71
-rw-r--r--glsa-200912-01.xml97
-rw-r--r--glsa-200912-02.xml118
-rw-r--r--glsa-201001-01.xml68
-rw-r--r--glsa-201001-02.xml85
-rw-r--r--glsa-201001-03.xml118
-rw-r--r--glsa-201001-04.xml107
-rw-r--r--glsa-201001-05.xml69
-rw-r--r--glsa-201001-06.xml70
-rw-r--r--glsa-201001-07.xml68
-rw-r--r--glsa-201001-08.xml87
-rw-r--r--glsa-201001-09.xml79
-rw-r--r--glsa-201003-01.xml78
-rw-r--r--glsa-201006-01.xml75
-rw-r--r--glsa-201006-02.xml76
-rw-r--r--glsa-201006-03.xml74
-rw-r--r--glsa-201006-04.xml94
-rw-r--r--glsa-201006-05.xml69
-rw-r--r--glsa-201006-06.xml66
-rw-r--r--glsa-201006-07.xml82
-rw-r--r--glsa-201006-08.xml69
-rw-r--r--glsa-201006-09.xml68
-rw-r--r--glsa-201006-10.xml72
-rw-r--r--glsa-201006-11.xml76
-rw-r--r--glsa-201006-12.xml87
-rw-r--r--glsa-201006-13.xml86
-rw-r--r--glsa-201006-14.xml72
-rw-r--r--glsa-201006-15.xml74
-rw-r--r--glsa-201006-16.xml72
-rw-r--r--glsa-201006-17.xml66
-rw-r--r--glsa-201006-18.xml143
-rw-r--r--glsa-201006-19.xml87
-rw-r--r--glsa-201006-20.xml90
-rw-r--r--glsa-201006-21.xml78
-rw-r--r--glsa-201009-01.xml81
-rw-r--r--glsa-201009-02.xml68
-rw-r--r--glsa-201009-03.xml77
-rw-r--r--glsa-201009-04.xml70
-rw-r--r--glsa-201009-05.xml113
-rw-r--r--glsa-201009-06.xml69
-rw-r--r--glsa-201009-07.xml82
-rw-r--r--glsa-201009-08.xml67
-rw-r--r--glsa-201009-09.xml65
-rw-r--r--glsa-201010-01.xml90
-rw-r--r--glsa-201011-01.xml78
-rw-r--r--glsa-201012-01.xml101
-rw-r--r--glsa-201101-01.xml70
-rw-r--r--glsa-201101-02.xml67
-rw-r--r--glsa-201101-03.xml73
-rw-r--r--glsa-201101-04.xml64
-rw-r--r--glsa-201101-05.xml72
-rw-r--r--glsa-201101-06.xml67
-rw-r--r--glsa-201101-07.xml70
-rw-r--r--glsa-201101-08.xml91
-rw-r--r--glsa-201101-09.xml133
-rw-r--r--glsa-201110-01.xml95
-rw-r--r--glsa-201110-02.xml107
-rw-r--r--glsa-201110-03.xml83
-rw-r--r--glsa-201110-04.xml80
-rw-r--r--glsa-201110-05.xml66
-rw-r--r--glsa-201110-06.xml135
-rw-r--r--glsa-201110-07.xml51
-rw-r--r--glsa-201110-08.xml56
-rw-r--r--glsa-201110-09.xml51
-rw-r--r--glsa-201110-10.xml64
-rw-r--r--glsa-201110-11.xml137
-rw-r--r--glsa-201110-12.xml51
-rw-r--r--glsa-201110-13.xml69
-rw-r--r--glsa-201110-14.xml58
-rw-r--r--glsa-201110-15.xml61
-rw-r--r--glsa-201110-16.xml61
-rw-r--r--glsa-201110-17.xml55
-rw-r--r--glsa-201110-18.xml52
-rw-r--r--glsa-201110-19.xml73
-rw-r--r--glsa-201110-20.xml68
-rw-r--r--glsa-201110-21.xml78
-rw-r--r--glsa-201110-22.xml181
-rw-r--r--glsa-201110-23.xml59
-rw-r--r--glsa-201110-24.xml69
-rw-r--r--glsa-201110-25.xml63
-rw-r--r--glsa-201110-26.xml61
-rw-r--r--glsa-201111-01.xml212
-rw-r--r--glsa-201111-02.xml171
-rw-r--r--glsa-201111-03.xml61
-rw-r--r--glsa-201111-04.xml61
-rw-r--r--glsa-201111-05.xml102
-rw-r--r--glsa-201111-06.xml57
-rw-r--r--glsa-201111-07.xml60
-rw-r--r--glsa-201111-08.xml57
-rw-r--r--glsa-201111-09.xml77
-rw-r--r--glsa-201111-10.xml65
-rw-r--r--glsa-201111-11.xml60
-rw-r--r--glsa-201111-12.xml69
-rw-r--r--glsa-201201-01.xml152
-rw-r--r--glsa-201201-02.xml103
-rw-r--r--glsa-201201-03.xml117
-rw-r--r--glsa-201201-04.xml55
-rw-r--r--glsa-201201-05.xml64
-rw-r--r--glsa-201201-06.xml58
-rw-r--r--glsa-201201-07.xml71
-rw-r--r--glsa-201201-08.xml60
-rw-r--r--glsa-201201-09.xml122
-rw-r--r--glsa-201201-10.xml68
-rw-r--r--glsa-201201-11.xml59
-rw-r--r--glsa-201201-12.xml70
-rw-r--r--glsa-201201-13.xml88
-rw-r--r--glsa-201201-14.xml72
-rw-r--r--glsa-201201-15.xml61
-rw-r--r--glsa-201201-16.xml72
-rw-r--r--glsa-201201-17.xml74
-rw-r--r--glsa-201201-18.xml68
-rw-r--r--glsa-201201-19.xml110
-rw-r--r--glsa-201202-01.xml160
-rw-r--r--glsa-201202-02.xml74
-rw-r--r--glsa-201202-03.xml51
-rw-r--r--glsa-201202-04.xml66
-rw-r--r--glsa-201202-05.xml53
-rw-r--r--glsa-201202-06.xml52
-rw-r--r--glsa-201202-07.xml58
-rw-r--r--glsa-201202-08.xml51
-rw-r--r--glsa-201202-09.xml56
-rw-r--r--glsa-201203-01.xml51
-rw-r--r--glsa-201203-02.xml82
-rw-r--r--glsa-201203-03.xml67
-rw-r--r--glsa-201203-04.xml52
-rw-r--r--glsa-201203-05.xml51
-rw-r--r--glsa-201203-06.xml65
-rw-r--r--glsa-201203-07.xml56
-rw-r--r--glsa-201203-08.xml51
-rw-r--r--glsa-201203-09.xml62
-rw-r--r--glsa-201203-10.xml66
-rw-r--r--glsa-201203-11.xml55
-rw-r--r--glsa-201203-12.xml100
-rw-r--r--glsa-201203-13.xml64
-rw-r--r--glsa-201203-14.xml75
-rw-r--r--glsa-201203-15.xml61
-rw-r--r--glsa-201203-16.xml86
-rw-r--r--glsa-201203-17.xml66
-rw-r--r--glsa-201203-18.xml57
-rw-r--r--glsa-201203-19.xml150
-rw-r--r--glsa-201203-20.xml52
-rw-r--r--glsa-201203-21.xml65
-rw-r--r--glsa-201203-22.xml84
-rw-r--r--glsa-201203-23.xml63
-rw-r--r--glsa-201203-24.xml105
-rw-r--r--glsa-201204-01.xml68
-rw-r--r--glsa-201204-02.xml52
-rw-r--r--glsa-201204-03.xml96
-rw-r--r--glsa-201204-04.xml71
-rw-r--r--glsa-201204-05.xml58
-rw-r--r--glsa-201204-06.xml70
-rw-r--r--glsa-201204-07.xml80
-rw-r--r--glsa-201204-08.xml55
-rw-r--r--glsa-201205-01.xml62
-rw-r--r--glsa-201205-02.xml60
-rw-r--r--glsa-201205-03.xml121
-rw-r--r--glsa-201205-04.xml101
-rw-r--r--glsa-201206-01.xml71
-rw-r--r--glsa-201206-02.xml56
-rw-r--r--glsa-201206-03.xml188
-rw-r--r--glsa-201206-04.xml56
-rw-r--r--glsa-201206-05.xml70
-rw-r--r--glsa-201206-06.xml50
-rw-r--r--glsa-201206-07.xml56
-rw-r--r--glsa-201206-08.xml62
-rw-r--r--glsa-201206-09.xml70
-rw-r--r--glsa-201206-10.xml57
-rw-r--r--glsa-201206-11.xml58
-rw-r--r--glsa-201206-12.xml53
-rw-r--r--glsa-201206-13.xml89
-rw-r--r--glsa-201206-14.xml60
-rw-r--r--glsa-201206-15.xml111
-rw-r--r--glsa-201206-16.xml69
-rw-r--r--glsa-201206-17.xml50
-rw-r--r--glsa-201206-18.xml73
-rw-r--r--glsa-201206-19.xml56
-rw-r--r--glsa-201206-20.xml66
-rw-r--r--glsa-201206-21.xml62
-rw-r--r--glsa-201206-22.xml78
-rw-r--r--glsa-201206-23.xml46
-rw-r--r--glsa-201206-24.xml109
-rw-r--r--glsa-201206-25.xml78
-rw-r--r--glsa-201206-26.xml90
-rw-r--r--glsa-201206-27.xml53
-rw-r--r--glsa-201206-28.xml58
-rw-r--r--glsa-201206-29.xml55
-rw-r--r--glsa-201206-30.xml53
-rw-r--r--glsa-201206-31.xml75
-rw-r--r--glsa-201206-32.xml53
-rw-r--r--glsa-201206-33.xml57
-rw-r--r--glsa-201206-34.xml53
-rw-r--r--glsa-201206-35.xml55
-rw-r--r--glsa-201206-36.xml62
-rw-r--r--glsa-201207-01.xml52
-rw-r--r--glsa-201207-02.xml54
-rw-r--r--glsa-201207-03.xml51
-rw-r--r--glsa-201207-04.xml67
-rw-r--r--glsa-201207-05.xml54
-rw-r--r--glsa-201207-06.xml50
-rw-r--r--glsa-201207-07.xml52
-rw-r--r--glsa-201207-08.xml63
-rw-r--r--glsa-201207-09.xml67
-rw-r--r--glsa-201207-10.xml93
-rw-r--r--glsa-201208-01.xml53
-rw-r--r--glsa-201208-02.xml74
-rw-r--r--glsa-201208-03.xml89
-rw-r--r--glsa-201208-04.xml60
-rw-r--r--glsa-201208-05.xml56
-rw-r--r--glsa-201208-06.xml52
-rw-r--r--glsa-201209-01.xml62
-rw-r--r--glsa-201209-02.xml97
-rw-r--r--glsa-201209-03.xml94
-rw-r--r--glsa-201209-04.xml69
-rw-r--r--glsa-201209-05.xml87
-rw-r--r--glsa-201209-06.xml63
-rw-r--r--glsa-201209-07.xml58
-rw-r--r--glsa-201209-08.xml51
-rw-r--r--glsa-201209-09.xml55
-rw-r--r--glsa-201209-10.xml52
-rw-r--r--glsa-201209-11.xml64
-rw-r--r--glsa-201209-12.xml59
-rw-r--r--glsa-201209-13.xml56
-rw-r--r--glsa-201209-14.xml51
-rw-r--r--glsa-201209-15.xml68
-rw-r--r--glsa-201209-16.xml53
-rw-r--r--glsa-201209-17.xml52
-rw-r--r--glsa-201209-18.xml56
-rw-r--r--glsa-201209-19.xml51
-rw-r--r--glsa-201209-20.xml50
-rw-r--r--glsa-201209-21.xml52
-rw-r--r--glsa-201209-22.xml50
-rw-r--r--glsa-201209-23.xml65
-rw-r--r--glsa-201209-24.xml104
-rw-r--r--glsa-201209-25.xml211
-rw-r--r--glsa-201210-01.xml51
-rw-r--r--glsa-201210-02.xml63
-rw-r--r--glsa-201210-03.xml53
-rw-r--r--glsa-201210-04.xml63
-rw-r--r--glsa-201210-05.xml68
-rw-r--r--glsa-201210-06.xml69
-rw-r--r--glsa-201210-07.xml105
-rw-r--r--glsa-201211-01.xml80
-rw-r--r--glsa-201301-01.xml1247
-rw-r--r--glsa-201301-02.xml51
-rw-r--r--glsa-201301-03.xml59
-rw-r--r--glsa-201301-04.xml55
-rw-r--r--glsa-201301-05.xml54
-rw-r--r--glsa-201301-06.xml65
-rw-r--r--glsa-201301-07.xml63
-rw-r--r--glsa-201304-01.xml65
-rw-r--r--glsa-201307-01.xml60
-rw-r--r--glsa-201308-01.xml55
-rw-r--r--glsa-201308-02.xml60
-rw-r--r--glsa-201308-03.xml132
-rw-r--r--glsa-201308-04.xml64
-rw-r--r--glsa-201308-05.xml123
-rw-r--r--glsa-201308-06.xml163
-rw-r--r--glsa-201309-01.xml59
-rw-r--r--glsa-201309-02.xml61
-rw-r--r--glsa-201309-03.xml58
-rw-r--r--glsa-201309-04.xml56
-rw-r--r--glsa-201309-05.xml60
-rw-r--r--glsa-201309-06.xml141
-rw-r--r--glsa-201309-07.xml56
-rw-r--r--glsa-201309-08.xml67
-rw-r--r--glsa-201309-09.xml72
-rw-r--r--glsa-201309-10.xml53
-rw-r--r--glsa-201309-11.xml75
-rw-r--r--glsa-201309-12.xml64
-rw-r--r--glsa-201309-13.xml53
-rw-r--r--glsa-201309-14.xml54
-rw-r--r--glsa-201309-15.xml68
-rw-r--r--glsa-201309-16.xml236
-rw-r--r--glsa-201309-17.xml60
-rw-r--r--glsa-201309-18.xml61
-rw-r--r--glsa-201309-19.xml56
-rw-r--r--glsa-201309-20.xml64
-rw-r--r--glsa-201309-21.xml58
-rw-r--r--glsa-201309-22.xml62
-rw-r--r--glsa-201309-23.xml234
-rw-r--r--glsa-201309-24.xml158
-rw-r--r--glsa-201310-01.xml64
-rw-r--r--glsa-201310-02.xml50
-rw-r--r--glsa-201310-03.xml92
-rw-r--r--glsa-201310-04.xml57
-rw-r--r--glsa-201310-05.xml56
-rw-r--r--glsa-201310-06.xml51
-rw-r--r--glsa-201310-07.xml55
-rw-r--r--glsa-201310-08.xml59
-rw-r--r--glsa-201310-09.xml48
-rw-r--r--glsa-201310-10.xml61
-rw-r--r--glsa-201310-11.xml55
-rw-r--r--glsa-201310-12.xml171
-rw-r--r--glsa-201310-13.xml66
-rw-r--r--glsa-201310-14.xml59
-rw-r--r--glsa-201310-15.xml59
-rw-r--r--glsa-201310-16.xml56
-rw-r--r--glsa-201310-17.xml54
-rw-r--r--glsa-201310-18.xml62
-rw-r--r--glsa-201310-19.xml56
-rw-r--r--glsa-201310-20.xml46
-rw-r--r--glsa-201310-21.xml87
-rw-r--r--glsa-201311-01.xml54
-rw-r--r--glsa-201311-02.xml69
-rw-r--r--glsa-201311-03.xml64
-rw-r--r--glsa-201311-04.xml55
-rw-r--r--glsa-201311-05.xml55
-rw-r--r--glsa-201311-06.xml62
-rw-r--r--glsa-201311-07.xml58
-rw-r--r--glsa-201311-08.xml59
-rw-r--r--glsa-201311-09.xml55
-rw-r--r--glsa-201311-10.xml57
-rw-r--r--glsa-201311-11.xml58
-rw-r--r--glsa-201311-12.xml57
-rw-r--r--glsa-201311-13.xml58
-rw-r--r--glsa-201311-14.xml82
-rw-r--r--glsa-201311-15.xml62
-rw-r--r--glsa-201311-16.xml53
-rw-r--r--glsa-201311-17.xml62
-rw-r--r--glsa-201311-18.xml52
-rw-r--r--glsa-201311-19.xml65
-rw-r--r--glsa-201311-20.xml57
-rw-r--r--glsa-201311-21.xml56
-rw-r--r--glsa-201311-22.xml55
-rw-r--r--glsa-201312-01.xml79
-rw-r--r--glsa-201312-02.xml62
-rw-r--r--glsa-201312-03.xml81
-rw-r--r--glsa-201312-04.xml58
-rw-r--r--glsa-201312-05.xml56
-rw-r--r--glsa-201312-06.xml56
-rw-r--r--glsa-201312-07.xml69
-rw-r--r--glsa-201312-08.xml50
-rw-r--r--glsa-201312-09.xml64
-rw-r--r--glsa-201312-10.xml63
-rw-r--r--glsa-201312-11.xml54
-rw-r--r--glsa-201312-12.xml68
-rw-r--r--glsa-201312-13.xml69
-rw-r--r--glsa-201312-14.xml62
-rw-r--r--glsa-201312-15.xml57
-rw-r--r--glsa-201312-16.xml58
-rw-r--r--glsa-201401-01.xml61
-rw-r--r--glsa-201401-02.xml57
-rw-r--r--glsa-201401-03.xml57
-rw-r--r--glsa-201401-04.xml99
-rw-r--r--glsa-201401-05.xml56
-rw-r--r--glsa-201401-06.xml61
-rw-r--r--glsa-201401-07.xml70
-rw-r--r--glsa-201401-08.xml73
-rw-r--r--glsa-201401-09.xml51
-rw-r--r--glsa-201401-10.xml77
-rw-r--r--glsa-201401-11.xml73
-rw-r--r--glsa-201401-12.xml65
-rw-r--r--glsa-201401-13.xml72
-rw-r--r--glsa-201401-14.xml61
-rw-r--r--glsa-201401-15.xml72
-rw-r--r--glsa-201401-16.xml56
-rw-r--r--glsa-201401-17.xml59
-rw-r--r--glsa-201401-18.xml56
-rw-r--r--glsa-201401-19.xml80
-rw-r--r--glsa-201401-20.xml75
-rw-r--r--glsa-201401-21.xml59
-rw-r--r--glsa-201401-22.xml59
-rw-r--r--glsa-201401-23.xml68
-rw-r--r--glsa-201401-24.xml49
-rw-r--r--glsa-201401-25.xml64
-rw-r--r--glsa-201401-26.xml60
-rw-r--r--glsa-201401-27.xml64
-rw-r--r--glsa-201401-28.xml64
-rw-r--r--glsa-201401-29.xml59
-rw-r--r--glsa-201401-30.xml364
-rw-r--r--glsa-201401-31.xml56
-rw-r--r--glsa-201401-32.xml62
-rw-r--r--glsa-201401-33.xml53
-rw-r--r--glsa-201401-34.xml61
-rw-r--r--glsa-201402-01.xml55
-rw-r--r--glsa-201402-02.xml82
-rw-r--r--glsa-201402-03.xml58
-rw-r--r--glsa-201402-04.xml67
-rw-r--r--glsa-201402-05.xml60
-rw-r--r--glsa-201402-06.xml69
-rw-r--r--glsa-201402-07.xml60
-rw-r--r--glsa-201402-08.xml63
-rw-r--r--glsa-201402-09.xml57
-rw-r--r--glsa-201402-10.xml51
-rw-r--r--glsa-201402-11.xml53
-rw-r--r--glsa-201402-12.xml53
-rw-r--r--glsa-201402-13.xml54
-rw-r--r--glsa-201402-14.xml64
-rw-r--r--glsa-201402-15.xml65
-rw-r--r--glsa-201402-16.xml59
-rw-r--r--glsa-201402-17.xml54
-rw-r--r--glsa-201402-18.xml51
-rw-r--r--glsa-201402-19.xml58
-rw-r--r--glsa-201402-20.xml61
-rw-r--r--glsa-201402-21.xml80
-rw-r--r--glsa-201402-22.xml64
-rw-r--r--glsa-201402-23.xml55
-rw-r--r--glsa-201402-24.xml92
-rw-r--r--glsa-201402-25.xml58
-rw-r--r--glsa-201402-26.xml54
-rw-r--r--glsa-201402-27.xml53
-rw-r--r--glsa-201402-28.xml58
-rw-r--r--glsa-201402-29.xml53
-rw-r--r--glsa-201403-01.xml143
-rw-r--r--glsa-201403-02.xml55
-rw-r--r--glsa-201403-03.xml53
-rw-r--r--glsa-201403-04.xml57
-rw-r--r--glsa-201403-05.xml69
-rw-r--r--glsa-201403-06.xml52
-rw-r--r--glsa-201403-07.xml49
-rw-r--r--glsa-201403-08.xml59
-rw-r--r--glsa-201404-01.xml57
-rw-r--r--glsa-201404-02.xml51
-rw-r--r--glsa-201404-03.xml53
-rw-r--r--glsa-201404-04.xml51
-rw-r--r--glsa-201404-05.xml71
-rw-r--r--glsa-201404-06.xml56
-rw-r--r--glsa-201404-07.xml83
-rw-r--r--glsa-201405-01.xml64
-rw-r--r--glsa-201405-02.xml56
-rw-r--r--glsa-201405-03.xml62
-rw-r--r--glsa-201405-04.xml73
-rw-r--r--glsa-201405-05.xml77
-rw-r--r--glsa-201405-06.xml87
-rw-r--r--glsa-201405-07.xml92
-rw-r--r--glsa-201405-08.xml62
-rw-r--r--glsa-201405-09.xml69
-rw-r--r--glsa-201405-10.xml82
-rw-r--r--glsa-201405-11.xml48
-rw-r--r--glsa-201405-12.xml67
-rw-r--r--glsa-201405-13.xml68
-rw-r--r--glsa-201405-14.xml48
-rw-r--r--glsa-201405-15.xml59
-rw-r--r--glsa-201405-16.xml50
-rw-r--r--glsa-201405-17.xml57
-rw-r--r--glsa-201405-18.xml50
-rw-r--r--glsa-201405-19.xml62
-rw-r--r--glsa-201405-20.xml55
-rw-r--r--glsa-201405-21.xml65
-rw-r--r--glsa-201405-22.xml83
-rw-r--r--glsa-201405-23.xml63
-rw-r--r--glsa-201405-24.xml79
-rw-r--r--glsa-201405-25.xml50
-rw-r--r--glsa-201405-26.xml51
-rw-r--r--glsa-201405-27.xml60
-rw-r--r--glsa-201405-28.xml59
-rw-r--r--glsa-201406-01.xml69
-rw-r--r--glsa-201406-02.xml66
-rw-r--r--glsa-201406-03.xml63
-rw-r--r--glsa-201406-04.xml57
-rw-r--r--glsa-201406-05.xml56
-rw-r--r--glsa-201406-06.xml73
-rw-r--r--glsa-201406-07.xml61
-rw-r--r--glsa-201406-08.xml62
-rw-r--r--glsa-201406-09.xml61
-rw-r--r--glsa-201406-10.xml62
-rw-r--r--glsa-201406-11.xml56
-rw-r--r--glsa-201406-12.xml56
-rw-r--r--glsa-201406-13.xml70
-rw-r--r--glsa-201406-14.xml74
-rw-r--r--glsa-201406-15.xml55
-rw-r--r--glsa-201406-16.xml61
-rw-r--r--glsa-201406-17.xml61
-rw-r--r--glsa-201406-18.xml56
-rw-r--r--glsa-201406-19.xml68
-rw-r--r--glsa-201406-20.xml57
-rw-r--r--glsa-201406-21.xml58
-rw-r--r--glsa-201406-22.xml60
-rw-r--r--glsa-201406-23.xml55
-rw-r--r--glsa-201406-24.xml57
-rw-r--r--glsa-201406-25.xml64
-rw-r--r--glsa-201406-26.xml77
-rw-r--r--glsa-201406-27.xml107
-rw-r--r--glsa-201406-28.xml83
-rw-r--r--glsa-201406-29.xml51
-rw-r--r--glsa-201406-30.xml56
-rw-r--r--glsa-201406-31.xml59
-rw-r--r--glsa-201406-32.xml306
-rw-r--r--glsa-201406-33.xml72
-rw-r--r--glsa-201406-34.xml64
-rw-r--r--glsa-201406-35.xml56
-rw-r--r--glsa-201406-36.xml67
-rw-r--r--glsa-201407-01.xml51
-rw-r--r--glsa-201407-02.xml56
-rw-r--r--glsa-201407-03.xml147
-rw-r--r--glsa-201407-04.xml60
-rw-r--r--glsa-201407-05.xml79
-rw-r--r--glsa-201408-01.xml59
-rw-r--r--glsa-201408-02.xml54
-rw-r--r--glsa-201408-03.xml53
-rw-r--r--glsa-201408-04.xml56
-rw-r--r--glsa-201408-05.xml61
-rw-r--r--glsa-201408-06.xml84
-rw-r--r--glsa-201408-07.xml56
-rw-r--r--glsa-201408-08.xml54
-rw-r--r--glsa-201408-09.xml58
-rw-r--r--glsa-201408-10.xml53
-rw-r--r--glsa-201408-11.xml131
-rw-r--r--glsa-201408-12.xml61
-rw-r--r--glsa-201408-13.xml54
-rw-r--r--glsa-201408-14.xml58
-rw-r--r--glsa-201408-15.xml99
-rw-r--r--glsa-201408-16.xml125
-rw-r--r--glsa-201408-17.xml76
-rw-r--r--glsa-201408-18.xml59
-rw-r--r--glsa-201408-19.xml122
-rw-r--r--glsa-201409-01.xml55
-rw-r--r--glsa-201409-02.xml58
-rw-r--r--glsa-201409-03.xml52
-rw-r--r--glsa-201409-04.xml98
-rw-r--r--glsa-201409-05.xml65
-rw-r--r--glsa-201409-06.xml54
-rw-r--r--glsa-201409-07.xml57
-rw-r--r--glsa-201409-08.xml54
-rw-r--r--glsa-201409-09.xml83
-rw-r--r--glsa-201409-10.xml93
-rw-r--r--glsa-201410-01.xml96
-rw-r--r--glsa-201410-02.xml66
-rw-r--r--glsa-201411-01.xml109
-rw-r--r--glsa-201411-02.xml73
-rw-r--r--glsa-201411-03.xml52
-rw-r--r--glsa-201411-04.xml80
-rw-r--r--glsa-201411-05.xml51
-rw-r--r--glsa-201411-06.xml75
-rw-r--r--glsa-201411-07.xml54
-rw-r--r--glsa-201411-08.xml58
-rw-r--r--glsa-201411-09.xml57
-rw-r--r--glsa-201411-10.xml55
-rw-r--r--glsa-201411-11.xml58
-rw-r--r--glsa-201412-01.xml63
-rw-r--r--glsa-201412-02.xml54
-rw-r--r--glsa-201412-03.xml51
-rw-r--r--glsa-201412-04.xml85
-rw-r--r--glsa-201412-05.xml55
-rw-r--r--glsa-201412-06.xml53
-rw-r--r--glsa-201412-07.xml61
-rw-r--r--glsa-201412-08.xml430
-rw-r--r--glsa-201412-09.xml441
-rw-r--r--glsa-201412-10.xml168
-rw-r--r--glsa-201412-11.xml87
-rw-r--r--glsa-201412-12.xml64
-rw-r--r--glsa-201412-13.xml76
-rw-r--r--glsa-201412-14.xml52
-rw-r--r--glsa-201412-15.xml63
-rw-r--r--glsa-201412-16.xml58
-rw-r--r--glsa-201412-17.xml64
-rw-r--r--glsa-201412-18.xml51
-rw-r--r--glsa-201412-19.xml53
-rw-r--r--glsa-201412-20.xml55
-rw-r--r--glsa-201412-21.xml60
-rw-r--r--glsa-201412-22.xml69
-rw-r--r--glsa-201412-23.xml54
-rw-r--r--glsa-201412-24.xml62
-rw-r--r--glsa-201412-25.xml50
-rw-r--r--glsa-201412-26.xml55
-rw-r--r--glsa-201412-27.xml80
-rw-r--r--glsa-201412-28.xml91
-rw-r--r--glsa-201412-29.xml82
-rw-r--r--glsa-201412-30.xml57
-rw-r--r--glsa-201412-31.xml51
-rw-r--r--glsa-201412-32.xml53
-rw-r--r--glsa-201412-33.xml61
-rw-r--r--glsa-201412-34.xml57
-rw-r--r--glsa-201412-35.xml57
-rw-r--r--glsa-201412-36.xml52
-rw-r--r--glsa-201412-37.xml60
-rw-r--r--glsa-201412-38.xml61
-rw-r--r--glsa-201412-39.xml80
-rw-r--r--glsa-201412-40.xml56
-rw-r--r--glsa-201412-41.xml48
-rw-r--r--glsa-201412-42.xml63
-rw-r--r--glsa-201412-43.xml57
-rw-r--r--glsa-201412-44.xml51
-rw-r--r--glsa-201412-45.xml50
-rw-r--r--glsa-201412-46.xml61
-rw-r--r--glsa-201412-47.xml81
-rw-r--r--glsa-201412-48.xml51
-rw-r--r--glsa-201412-49.xml56
-rw-r--r--glsa-201412-50.xml55
-rw-r--r--glsa-201412-51.xml58
-rw-r--r--glsa-201412-52.xml63
-rw-r--r--glsa-201412-53.xml59
-rw-r--r--glsa-201502-01.xml57
-rw-r--r--glsa-201502-02.xml85
-rw-r--r--glsa-201502-03.xml58
-rw-r--r--glsa-201502-04.xml111
-rw-r--r--glsa-201502-05.xml67
-rw-r--r--glsa-201502-06.xml51
-rw-r--r--glsa-201502-07.xml54
-rw-r--r--glsa-201502-08.xml69
-rw-r--r--glsa-201502-09.xml49
-rw-r--r--glsa-201502-10.xml76
-rw-r--r--glsa-201502-11.xml61
-rw-r--r--glsa-201502-12.xml164
-rw-r--r--glsa-201502-13.xml93
-rw-r--r--glsa-201502-14.xml49
-rw-r--r--glsa-201502-15.xml70
-rw-r--r--glsa-201503-01.xml59
-rw-r--r--glsa-201503-02.xml51
-rw-r--r--glsa-201503-03.xml78
-rw-r--r--glsa-201503-04.xml85
-rw-r--r--glsa-201503-05.xml71
2089 files changed, 157283 insertions, 0 deletions
diff --git a/glsa-200310-03.xml b/glsa-200310-03.xml
new file mode 100644
index 0000000..11916d6
--- /dev/null
+++ b/glsa-200310-03.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200310-03">
+ <title>Apache: multiple buffer overflows</title>
+ <synopsis>
+ Multiple stack-based buffer overflows in mod_alias and mod_rewrite can allow
+ execution of arbitrary code and cause a denial of service.
+ </synopsis>
+ <product type="ebuild">Apache</product>
+ <announced>2003-10-28</announced>
+ <revised>December 30, 2007: 02</revised>
+ <bug>32194</bug>
+ <access>local</access>
+ <affected>
+ <package name="www-servers/apache" auto="yes" arch="*">
+ <unaffected range="ge">1.3.29</unaffected>
+ <vulnerable range="lt">1.3.29</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ The Apache HTTP Server is one of the most popular web servers on the
+ Internet.
+ </p>
+ </background>
+ <description>
+ <p>
+ Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow
+ attackers who can create or edit configuration files including .htaccess
+ files, to cause a denial of service and execute arbitrary code via a regular
+ expression containing more than 9 captures.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ An attacker may cause a denial of service or execute arbitrary code with the
+ privileges of the user that is running apache.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time, other than to disable both
+ mod_alias and mod_rewrite.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ It is recommended that all Gentoo Linux users who are running
+ net-misc/apache 1.x upgrade:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv apache
+ # emerge '&gt;=www-servers/apache-1.3.29'
+ # emerge clean
+ # /etc/init.d/apache restart</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542 (under review at time of GLSA)</uri>
+ </references>
+</glsa>
diff --git a/glsa-200310-04.xml b/glsa-200310-04.xml
new file mode 100644
index 0000000..68787c5
--- /dev/null
+++ b/glsa-200310-04.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200310-04">
+ <title>Apache: buffer overflows and a possible information disclosure</title>
+ <synopsis>
+ Multiple stack-based buffer overflows in mod_alias and mod_rewrite can allow
+ execution of arbitrary code and cause a denial of service, and a bug in the
+ way mod_cgid handles CGI redirect paths could result in CGI output going to
+ the wrong client.
+ </synopsis>
+ <product type="ebuild">Apache</product>
+ <announced>2003-10-31</announced>
+ <revised>December 30, 2007: 02</revised>
+ <bug>32271</bug>
+ <access>local</access>
+ <affected>
+ <package name="www-servers/apache" auto="yes" arch="*">
+ <unaffected range="ge">2.0.48</unaffected>
+ <unaffected range="lt">2.0</unaffected>
+ <vulnerable range="lt">2.0.48</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ The Apache HTTP Server is one of the most popular web servers on the
+ Internet.
+ </p>
+ </background>
+ <description>
+ <p>
+ Multiple stack-based buffer overflows in mod_alias and mod_rewrite allow
+ attackers who can create or edit configuration files including .htaccess
+ files, to cause a denial of service and execute arbitrary code via a regular
+ expression containing more than 9 captures, and a bug in the way mod_cgid
+ handles CGI redirect paths could result in CGI output going to the wrong
+ client when a threaded MPM is used, resulting in an information disclosure.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ An attacker may cause a denial of service or execute arbitrary code with the
+ privileges of the user that is running apache.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ It is recommended that all Gentoo Linux users who are running
+ net-misc/apache 2.x upgrade:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=www-servers/apache-2.0.48'
+ # emerge '&gt;=www-servers/apache-2.0.48'
+ # emerge clean
+ # /etc/init.d/apache2 restart</code>
+ <p>
+ Please remember to update your config files in /etc/apache2 as --datadir has
+ been changed to /var/www/localhost.
+ </p>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789">CAN-2003-0789</uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542</uri>
+ </references>
+</glsa>
diff --git a/glsa-200311-01.xml b/glsa-200311-01.xml
new file mode 100644
index 0000000..d45ccbe
--- /dev/null
+++ b/glsa-200311-01.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200311-01">
+ <title>kdebase: KDM vulnerabilities</title>
+ <synopsis>
+ A bug in KDM can allow privilege escalation with certain configurations of
+ PAM modules.
+ </synopsis>
+ <product type="ebuild">kdebase</product>
+ <announced>2003-11-15</announced>
+ <revised>2003-11-15: 01</revised>
+ <bug>29406</bug>
+ <access>local / remote</access>
+ <affected>
+ <package name="kde-base/kdebase" auto="yes" arch="*">
+ <unaffected range="ge">3.1.4</unaffected>
+ <vulnerable range="le">3.1.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ KDM is the desktop manager included with the K Desktop Environment.
+ </p>
+ </background>
+ <description>
+ <p>
+ Firstly, versions of KDM &lt;=3.1.3 are vulnerable to a privilege escalation
+ bug with a specific configuration of PAM modules. Users who do not use PAM
+ with KDM and users who use PAM with regular Unix crypt/MD5 based
+ authentication methods are not affected.
+ </p>
+ <p>
+ Secondly, KDM uses a weak cookie generation algorithm. Users are advised to
+ upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable source of
+ entropy to improve security.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ A remote or local attacker could gain root privileges.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ It is recommended that all Gentoo Linux users who are running
+ kde-base/kdebase &lt;=3.1.3 upgrade:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=kde-base/kde-3.1.4'
+ # emerge '&gt;=kde-base/kde-3.1.4'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690">CAN-2003-0690</uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692">CAN-2003-0692</uri>
+ <uri link="http://www.kde.org/info/security/advisory-20030916-1.txt">KDE Security Advisory</uri>
+ </references>
+</glsa>
diff --git a/glsa-200311-02.xml b/glsa-200311-02.xml
new file mode 100644
index 0000000..2844958
--- /dev/null
+++ b/glsa-200311-02.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200311-02">
+ <title>Opera: buffer overflows in 7.11 and 7.20</title>
+ <synopsis>
+ Buffer overflows exist in Opera 7.11 and 7.20 that can cause Opera to crash,
+ and can potentially overwrite arbitrary bytes on the heap leading to a
+ system compromise.
+ </synopsis>
+ <product type="ebuild">Opera</product>
+ <announced>2003-11-19</announced>
+ <revised>2003-11-19: 01</revised>
+ <bug>31775</bug>
+ <access>local / remote</access>
+ <affected>
+ <package name="www-client/opera" auto="yes" arch="*">
+ <unaffected range="ge">7.21</unaffected>
+ <vulnerable range="eq">7.20</vulnerable>
+ <vulnerable range="eq">7.11</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Opera is a multi-platform web browser.
+ </p>
+ </background>
+ <description>
+ <p>
+ The Opera browser can cause a buffer allocated on the heap to overflow under
+ certain HREFs when rendering HTML. The mail system is also deemed
+ vulnerable and an attacker can send an email containing a malformed HREF, or
+ plant the malicious HREF on a web site.
+ </p>
+ </description>
+ <impact type="high">
+ <p>
+ Certain HREFs can cause a buffer allocated on the heap to overflow when
+ rendering HTML which can allow arbitrary bytes on the heap to be overwritten
+ which can result in a system compromise.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Users are encouraged to perform an 'emerge sync' and upgrade the package
+ to the latest available version. Opera 7.22 is recommended as Opera 7.21 is
+ vulnerable to other security flaws. Specific steps to upgrade:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=www-client/opera-7.22'
+ # emerge '&gt;=www-client/opera-7.22'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0870">CAN-2003-0870</uri>
+ <uri link="http://www.atstake.com/research/advisories/2003/a102003-1.txt">@stake Security Advisory</uri>
+ </references>
+</glsa>
diff --git a/glsa-200311-03.xml b/glsa-200311-03.xml
new file mode 100644
index 0000000..8afc275
--- /dev/null
+++ b/glsa-200311-03.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200311-03">
+ <title>HylaFAX: Remote code exploit in hylafax</title>
+ <synopsis>
+ A format bug condition allows a remote attacjer to execute arbitrary code as
+ the root user.
+ </synopsis>
+ <product type="ebuild">HylaFAX</product>
+ <announced>2003-11-10</announced>
+ <revised>2003-11-10: 01</revised>
+ <bug>33368</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-misc/hylafax" auto="yes" arch="*">
+ <unaffected range="ge">4.1.8</unaffected>
+ <vulnerable range="le">4.1.7</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ HylaFAX is a popular client-server fax package.
+ </p>
+ </background>
+ <description>
+ <p>
+ During a code review of the hfaxd server, the SuSE Security Team discovered
+ a format bug condition that allows a remote attacker to execute arbitrary
+ code as the root user. However, the bug cannot be triggered in the default
+ hylafax configuration.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ A remote attacker could execute arbitrary code with root privileges.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Users are encouraged to perform an 'emerge sync' and upgrade the package to
+ the latest available version. Vulnerable versions of hylafax have been
+ removed from portage. Specific steps to upgrade:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=net-misc/hylafax-4.1.8'
+ # emerge '&gt;=net-misc/hylafax-4.1.8'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0886">CAN-2003-0886</uri>
+ <uri link="http://www.novell.com/linux/security/advisories/2003_045_hylafax.html">SuSE Security Announcment</uri>
+ </references>
+</glsa>
diff --git a/glsa-200311-04.xml b/glsa-200311-04.xml
new file mode 100644
index 0000000..e126b59
--- /dev/null
+++ b/glsa-200311-04.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200311-04">
+ <title>FreeRADIUS: heap exploit and NULL pointer dereference vulnerability</title>
+ <synopsis>
+ FreeRADIUS is vulnerable to a heap exploit and a NULL pointer dereference
+ vulnerability.
+ </synopsis>
+ <product type="ebuild">FreeRADIUS</product>
+ <announced>2003-11-23</announced>
+ <revised>2003-11-23: 01</revised>
+ <bug>33989</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-dialup/freeradius" auto="yes" arch="*">
+ <unaffected range="ge">0.9.3</unaffected>
+ <vulnerable range="le">0.9.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ FreeRADIUS is a popular open source RADIUS server.
+ </p>
+ </background>
+ <description>
+ <p>
+ FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however,
+ the attack code must be in the form of a valid RADIUS packet which limits
+ the possible exploits.
+ </p>
+ <p>
+ Also corrected in the 0.9.3 release is another vulnerability which causes
+ the RADIUS server to de-reference a NULL pointer and crash when an
+ Access-Request packet with a Tunnel-Password is received.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ A remote attacker could craft a RADIUS packet which would cause the RADIUS
+ server to crash, or could possibly overflow the heap resulting in a system
+ compromise.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Users are encouraged to perform an 'emerge sync' and upgrade the package to
+ the latest available version - 0.9.3 is available in portage and is marked
+ as stable.
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=net-dialup/freeradius-0.9.3'
+ # emerge '&gt;=net-dialup/freeradius-0.9.3'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://www.securitytracker.com/alerts/2003/Nov/1008263.html">SecurityTracker.com Security Alert</uri>
+ </references>
+</glsa>
diff --git a/glsa-200311-05.xml b/glsa-200311-05.xml
new file mode 100644
index 0000000..57ec9ae
--- /dev/null
+++ b/glsa-200311-05.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200311-05">
+ <title>Ethereal: security problems in ethereal 0.9.15</title>
+ <synopsis>
+ Ethereal is vulnerable to heap and buffer overflows in the GTP, ISAKMP,
+ MEGACO, and SOCKS protocol dissectors.
+ </synopsis>
+ <product type="ebuild">Ethereal</product>
+ <announced>2003-11-22</announced>
+ <revised>2003-11-22: 01</revised>
+ <bug>32691</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/ethereal" auto="yes" arch="*">
+ <unaffected range="ge">0.9.16</unaffected>
+ <vulnerable range="lt">0.9.16</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Ethereal is a popular network protocol analyzer.
+ </p>
+ </background>
+ <description>
+ <p>
+ Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and
+ MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS
+ protocol dissector, which could cause Ethereal to crash or to execute
+ arbitrary code.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ A remote attacker could craft a malformed packet which would cause Ethereal
+ to crash or run arbitrary code with the permissions of the user running
+ Ethereal.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time, other than to disable the GTP,
+ ISAKMP, MEGACO, and SOCKS protocol dissectors.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ It is recommended that all Gentoo Linux users who are running
+ net-analyzer/ethereal 0.9.x upgrade:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=net-analyzer/ethereal-0.9.16'
+ # emerge '&gt;=net-analyzer/ethereal-0.9.16'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://www.ethereal.com/appnotes/enpa-sa-00011.html">Ethereal Security Advisory</uri>
+ </references>
+</glsa>
diff --git a/glsa-200311-06.xml b/glsa-200311-06.xml
new file mode 100644
index 0000000..a766ed1
--- /dev/null
+++ b/glsa-200311-06.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200311-06">
+ <title>glibc: getgrouplist buffer overflow vulnerability</title>
+ <synopsis>
+ glibc contains a buffer overflow in the getgrouplist function.
+ </synopsis>
+ <product type="ebuild">glibc</product>
+ <announced>2003-11-22</announced>
+ <revised>2003-11-22: 01</revised>
+ <bug>33383</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-libs/glibc" auto="yes" arch="*">
+ <unaffected range="ge">2.2.5</unaffected>
+ <vulnerable range="le">2.2.4</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ glibc is the GNU C library.
+ </p>
+ </background>
+ <description>
+ <p>
+ A bug in the getgrouplist function can cause a buffer overflow if the size
+ of the group list is too small to hold all the user's groups. This overflow
+ can cause segmentation faults in user applications. This vulnerability
+ exists only when an administrator has placed a user in a number of groups
+ larger than that expected by an application.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ Applications that use getgrouplist can crash.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ It is recommended that all Gentoo Linux users update their systems as
+ follows:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=sys-libs/glibc-2.2.5'
+ # emerge '&gt;=sys-libs/glibc-2.2.5'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689">CAN-2003-0689</uri>
+ </references>
+</glsa>
diff --git a/glsa-200311-07.xml b/glsa-200311-07.xml
new file mode 100644
index 0000000..969005f
--- /dev/null
+++ b/glsa-200311-07.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200311-07">
+ <title>phpSysInfo: arbitrary code execution and directory traversal</title>
+ <synopsis>
+ phpSysInfo contains two vulnerabilities that can allow arbitrary code
+ execution and local directory traversal.
+ </synopsis>
+ <product type="ebuild">phpSysInfo</product>
+ <announced>2003-11-22</announced>
+ <revised>December 30, 2007: 02</revised>
+ <bug>26782</bug>
+ <access>local</access>
+ <affected>
+ <package name="www-apps/phpsysinfo" auto="yes" arch="*">
+ <unaffected range="ge">2.1-r1</unaffected>
+ <vulnerable range="le">2.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ phpSysInfo is a PHP system information tool.
+ </p>
+ </background>
+ <description>
+ <p>
+ phpSysInfo contains two vulnerabilities which could allow local files to be
+ read or arbitrary PHP code to be executed, under the privileges of the web
+ server process.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ An attacker could read local files or execute arbitrary code with the
+ permissions of the user running the host web server.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ It is recommended that all Gentoo Linux users who are running
+ www-apps/phpsysinfo upgrade to the fixed version:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=www-apps/phpsysinfo-2.1-r1'
+ # emerge '&gt;=www-apps/phpsysinfo-2.1-r1'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0536">CAN-2003-0536</uri>
+ </references>
+</glsa>
diff --git a/glsa-200311-08.xml b/glsa-200311-08.xml
new file mode 100644
index 0000000..28315f9
--- /dev/null
+++ b/glsa-200311-08.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200311-08">
+ <title>Libnids: remote code execution vulnerability</title>
+ <synopsis>
+ Libnids contains a bug which could allow remote code execution.
+ </synopsis>
+ <product type="ebuild">Libnids</product>
+ <announced>2003-11-22</announced>
+ <revised>2003-11-22: 01</revised>
+ <bug>32724</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-libs/libnids" auto="yes" arch="*">
+ <unaffected range="ge">1.18</unaffected>
+ <vulnerable range="le">1.17</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Libnids is a component of a network intrusion detection system.
+ </p>
+ </background>
+ <description>
+ <p>
+ There is a bug in the part of libnids code responsible for TCP reassembly.
+ The flaw probably allows remote code execution.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ A remote attacker could possibly execute arbitrary code.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ It is recommended that all Gentoo Linux users who are running
+ net-libs/libnids update their systems as follows:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=net-libs/libnids-1.18'
+ # emerge '&gt;=net-libs/libnids-1.18'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850">CAN-2003-0850</uri>
+ </references>
+</glsa>
diff --git a/glsa-200312-01.xml b/glsa-200312-01.xml
new file mode 100644
index 0000000..81d8ddc
--- /dev/null
+++ b/glsa-200312-01.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200312-01">
+ <title>rsync.gentoo.org: rotation server compromised</title>
+ <synopsis>
+ A server in the rsync.gentoo.org rotation was compromised.
+ </synopsis>
+ <product type="infrastructure">rsync mirror</product>
+ <announced>2003-12-02</announced>
+ <revised>2003-12-02: 01</revised>
+ <affected>
+ <service type="rsync" fixed="yes"/>
+ </affected>
+ <background>
+ <p>
+ The rsync.gentoo.org rotation of servers provides an up to date Portage
+ tree using the rsync file transfer protocol.
+ </p>
+ </background>
+ <description>
+ <p>
+ On December 2nd at approximately 03:45 UTC, one of the servers that makes up
+ the rsync.gentoo.org rotation was compromised via a remote exploit. At this
+ point, we are still performing forensic analysis. However, the compromised
+ system had both an IDS and a file integrity checker installed and we have a
+ very detailed forensic trail of what happened once the box was breached, so
+ we are reasonably confident that the portage tree stored on that box was
+ unaffected.
+ </p>
+ <p>
+ The attacker appears to have installed a rootkit and modified/deleted some
+ files to cover their tracks, but left the server otherwise untouched. The
+ box was in a compromised state for approximately one hour before it was
+ discovered and shut down. During this time, approximately 20 users
+ synchronized against the portage mirror stored on this box. The method used
+ to gain access to the box remotely is still under investigation. We will
+ release more details once we have ascertained the cause of the remote
+ exploit.
+ </p>
+ <p>
+ This box is not an official Gentoo infrastructure box and is instead donated
+ by a sponsor. The box provides other services as well and the sponsor has
+ requested that we not publicly identify the box at this time. Because the
+ Gentoo part of this box appears to be unaffected by this exploit, we are
+ currently honoring the sponsor's request. That said, if at any point, we
+ determine that any file in the portage tree was modified in any way, we will
+ release full details about the compromised server.
+ </p>
+ </description>
+ <impact type="low">
+ <p>
+ There is no known impact at this time.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Again, based on the forensic analysis done so far, we are reasonably
+ confident that no files within the Portage tree on the box were affected.
+ However, the server has been removed from all rsync.*.gentoo.org rotations
+ and will remain so until the forensic analysis has been completed and the
+ box has been wiped and rebuilt. Thus, users preferring an extra level of
+ security may ensure that they have a correct and accurate portage tree by
+ running:
+ </p>
+ <code>
+ # emerge sync</code>
+ <p>
+ Which will perform a sync against another server and ensure that all files
+ are up to date.
+ </p>
+ </resolution>
+ <references/>
+</glsa>
diff --git a/glsa-200312-03.xml b/glsa-200312-03.xml
new file mode 100644
index 0000000..8f1d671
--- /dev/null
+++ b/glsa-200312-03.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200312-03">
+ <title>rsync: exploitable heap overflow</title>
+ <synopsis>
+ rsync contains a heap overflow vulnerability that can be used to execute
+ arbitrary code.
+ </synopsis>
+ <product type="ebuild">rsync</product>
+ <announced>2003-12-04</announced>
+ <revised>2003-12-04: 01</revised>
+ <access>remote</access>
+ <affected>
+ <package name="net-misc/rsync" auto="yes" arch="*">
+ <unaffected range="ge">2.5.7</unaffected>
+ <vulnerable range="lt">2.5.7</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ rsync is a popular file transfer package used to synchronize the Portage
+ tree.
+ </p>
+ </background>
+ <description>
+ <p>
+ Rsync version 2.5.6 contains a vulnerability that can be used to run
+ arbitrary code. The Gentoo infrastructure team has some reasonably good
+ forensic evidence that this exploit may have been used in combination with
+ the Linux kernel do_brk() vulnerability (see GLSA 200312-02) to exploit a
+ rsync.gentoo.org rotation server (see GLSA-200312-01.)
+ </p>
+ <p>
+ Please see http://lwn.net/Articles/61541/ for the security advisory released
+ by the rsync development team.
+ </p>
+ </description>
+ <impact type="high">
+ <p>
+ A remote attacker could execute arbitrary code with the permissions of the
+ root user.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ To address this vulnerability, all Gentoo users should read GLSA-200312-02
+ and ensure that all systems are upgraded to a version of the Linux kernel
+ without the do_brk() vulnerability, and upgrade to version 2.5.7 of rsync:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=net-misc/rsync-2.5.7'
+ # emerge '&gt;=net-misc/rsync-2.5.7'
+ # emerge clean</code>
+ <p>
+ Review your /etc/rsync/rsyncd.conf configuration file; ensure that the use
+ chroot="no" command is commented out or removed, or change use chroot="no"
+ to use chroot="yes". Then, if necessary, restart rsyncd:
+ </p>
+ <code>
+ # /etc/init.d/rsyncd restart</code>
+ </resolution>
+ <references>
+ <uri link="http://rsync.samba.org/#security_dec03">Rsync Security Advisory</uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962">CAN-2003-0962</uri>
+ <uri link="http://security.gentoo.org/glsa/glsa-200312-02.xml">GLSA-200312-02</uri>
+ <uri link="http://security.gentoo.org/glsa/glsa-200312-01.xml">GLSA-200312-01</uri>
+ </references>
+</glsa>
diff --git a/glsa-200312-04.xml b/glsa-200312-04.xml
new file mode 100644
index 0000000..2995311
--- /dev/null
+++ b/glsa-200312-04.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200312-04">
+ <title>CVS: malformed module request vulnerability</title>
+ <synopsis>
+ A bug in cvs could allow attempts to create files and directories outside a
+ repository.
+ </synopsis>
+ <product type="ebuild">CVS</product>
+ <announced>2003-12-08</announced>
+ <revised>2003-12-08: 01</revised>
+ <bug>35371</bug>
+ <access>unknown</access>
+ <affected>
+ <package name="dev-util/cvs" auto="yes" arch="*">
+ <unaffected range="ge">1.11.10</unaffected>
+ <vulnerable range="le">1.11.9</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ CVS, which stands for Concurrent Versions System, is a client/server
+ application which tracks changes to sets of files. It allows multiple users
+ to work concurrently on files, and then merge their changes back into the
+ main tree (which can be on a remote system). It also allows branching, or
+ maintaining separate versions for files.
+ </p>
+ </background>
+ <description>
+ <p>
+ Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=84:
+ "Stable CVS 1.11.10 has been released. Stable releases contain only bug
+ fixes from previous versions of CVS. This release fixes a security issue
+ with no known exploits that could cause previous versions of CVS to attempt
+ to create files and directories in the filesystem root. This release also
+ fixes several issues relevant to case insensitive filesystems and some other
+ bugs. We recommend this upgrade for all CVS clients and servers!"
+ </p>
+ </description>
+ <impact type="minimal">
+ <p>
+ Attempts to create files and directories outside the repository may be
+ possible.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All Gentoo Linux machines with cvs installed should be updated to use
+ dev-util/cvs-1.11.10 or higher:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=dev-util/cvs-1.11.10'
+ # emerge '&gt;=dev-util/cvs-1.11.10'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977">CAN-2003-0977</uri>
+ </references>
+</glsa>
diff --git a/glsa-200312-05.xml b/glsa-200312-05.xml
new file mode 100644
index 0000000..bb254c0
--- /dev/null
+++ b/glsa-200312-05.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200312-05">
+ <title>GnuPG: ElGamal signing keys compromised and format string vulnerability</title>
+ <synopsis>
+ A bug in GnuPG allows ElGamal signing keys to be compromised, and a format
+ string bug in the gpgkeys_hkp utility may allow arbitrary code execution.
+ </synopsis>
+ <product type="ebuild">GnuPG</product>
+ <announced>2003-12-12</announced>
+ <revised>2003-12-12: 01</revised>
+ <bug>34504</bug>
+ <access>unknown</access>
+ <affected>
+ <package name="app-crypt/gnupg" auto="yes" arch="*">
+ <unaffected range="ge">1.2.3-r5</unaffected>
+ <vulnerable range="le">1.2.3-r4</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ GnuPG is a popular open source signing and encryption tool.
+ </p>
+ </background>
+ <description>
+ <p>
+ Two flaws have been found in GnuPG 1.2.3.
+ </p>
+ <p>
+ First, ElGamal signing keys can be compromised. These keys are not commonly
+ used, but this is "a significant security failure which can lead to a
+ compromise of almost all ElGamal keys used for signing. Note that this is a
+ real world vulnerability which will reveal your private key within a few
+ seconds".
+ </p>
+ <p>
+ Second, there is a format string flaw in the 'gpgkeys_hkp' utility which
+ "would allow a malicious keyserver in the worst case to execute an arbitrary
+ code on the user's machine."
+ </p>
+ </description>
+ <impact type="minimal">
+ <p>
+ If you have used ElGamal keys for signing your private key can be
+ compromised, and a malicious keyserver could remotely execute arbitrary code
+ with the permissions of the user running gpgkeys_hkp.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users who have created ElGamal signing keys should immediately revoke
+ them. In addition, all Gentoo Linux machines with gnupg installed should be
+ updated to use gnupg-1.2.3-r5 or higher:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=app-crypt/gnupg-1.2.3-r5'
+ # emerge '&gt;=app-crypt/gnupg-1.2.3-r5'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0971">CAN-2003-0971</uri>
+ <uri link="http://marc.theaimsgroup.com/?l=gnupg-announce&amp;m=106992378510843&amp;q=raw">GnuPG Announcement</uri>
+ <uri link="http://www.s-quadra.com/advisories/Adv-20031203.txt">S-Quadra Advisory</uri>
+ </references>
+</glsa>
diff --git a/glsa-200312-06.xml b/glsa-200312-06.xml
new file mode 100644
index 0000000..1d0ba5e
--- /dev/null
+++ b/glsa-200312-06.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200312-06">
+ <title>XChat: malformed dcc send request denial of service</title>
+ <synopsis>
+ A bug in XChat could allow malformed dcc send requests to cause a denial of
+ service.
+ </synopsis>
+ <product type="ebuild">xchat</product>
+ <announced>2003-12-14</announced>
+ <revised>2003-12-14: 01</revised>
+ <bug>35623</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-irc/xchat" auto="yes" arch="*">
+ <unaffected range="ge">2.0.6-r1</unaffected>
+ <vulnerable range="eq">2.0.6</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ XChat is a multiplatform IRC client.
+ </p>
+ </background>
+ <description>
+ <p>
+ There is a remotely exploitable bug in XChat 2.0.6 that could lead to a
+ denial of service attack. Gentoo wishes to thank lloydbates for discovering
+ this bug, as well as jcdutton and rac for submitting patches to fix the bug.
+ </p>
+ </description>
+ <impact type="medium">
+ <p>
+ A malformed DCC packet sent by a remote attacker can cause XChat to crash.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most
+ architectures. Since it was never marked as stable in the portage tree,
+ only xchat users who have explictly added the unstable keyword to
+ ACCEPT_KEYWORDS are affected. Users may updated affected machines to the
+ patched version of xchat using the following commands:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=net-irc/xchat-2.0.6-r1'
+ # emerge '&gt;=net-irc/xchat-2.0.6-r1'
+ # emerge clean</code>
+ <p>
+ This assumes that users are running with ACCEPT_KEYWORDS enabled for their
+ architecture.
+ </p>
+ </resolution>
+ <references>
+ <uri link="http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html">XChat Announcement</uri>
+ </references>
+</glsa>
diff --git a/glsa-200312-07.xml b/glsa-200312-07.xml
new file mode 100644
index 0000000..1f6b5ef
--- /dev/null
+++ b/glsa-200312-07.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200312-07">
+ <title>Two buffer overflows in lftp</title>
+ <synopsis>
+ Two buffer overflow problems are found in lftp that, in case the user visits
+ a malicious ftp server, could lead to malicious code being executed.
+ </synopsis>
+ <product type="ebuild">lftp</product>
+ <announced>December 13, 2003</announced>
+ <revised>200312-07: 2</revised>
+ <bug>35866</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-ftp/lftp" auto="yes" arch="*">
+ <vulnerable range="lt">2.6.10</vulnerable>
+ <unaffected range="ge">2.6.10</unaffected>
+ </package>
+ </affected>
+ <background>
+ <p>
+ lftp is a multithreaded command-line based FTP client. It allows you to
+ execute multiple commands simultaneously or in the background. If features
+ mirroring capabilities, resuming downloads, etc.
+ </p>
+ </background>
+ <description>
+ <p>
+ Two buffer overflows exist in lftp. Both can occur when the user connects to
+ a malicious web server using the HTTP or HTTPS protocol and issues lftp's
+ "ls" or "rels" commands.
+ </p>
+ <p>
+ Ulf Harnhammar explains:
+ </p>
+ <p>
+ Technically, the problem lies in the file src/HttpDir.cc and the
+ functions try_netscape_proxy() and try_squid_eplf(), which both
+ have sscanf() calls that take data of an arbitrary length and
+ store it in a char array with 32 elements. (Back in version 2.3.0,
+ the problematic code was located in some other function, but the
+ problem existed back then too.) Depending on the HTML document in the
+ specially prepared directory, buffers will be overflown in either one
+ function or the other.
+ </p>
+ </description>
+ <impact type="low">
+ <p>
+ When a user issues "ls" or "rels" on a malicious server, the tftp
+ application can be tricked into running arbitrary code on the user his
+ machine.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no workaround available.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All Gentoo users who have net-ftp/lftp installed should update to use
+ version 2.6.0 or higher using these commands:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '>=net-ftp/lftp-2.6.10'
+ # emerge '>=net-ftp/lftp-2.6.10'
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://www.securityfocus.com/archive/1/347587/2003-12-13/2003-12-19/0">Initial report by Ulf Harnhammar</uri>
+ </references>
+</glsa>
diff --git a/glsa-200312-08.xml b/glsa-200312-08.xml
new file mode 100644
index 0000000..5787205
--- /dev/null
+++ b/glsa-200312-08.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+
+<glsa id="200312-08">
+ <title>CVS: possible root compromise when using CVS pserver</title>
+ <synopsis>
+ A possible root compromise exists for CVS pservers.
+ </synopsis>
+ <product type="ebuild">cvs</product>
+ <announced>2003-12-28</announced>
+ <revised>2003-12-28: 01</revised>
+ <bug>36142</bug>
+ <access>unknown</access>
+ <affected>
+ <package name="dev-util/cvs" auto="yes" arch="*">
+ <unaffected range="ge">1.11.11</unaffected>
+ <vulnerable range="le">1.11.10</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ CVS, which stands for Concurrent Versions System, is a client/server
+ application which tracks changes to sets of files. It allows multiple users
+ to work concurrently on files, and then merge their changes back into the
+ main tree (which can be on a remote system). It also allows branching, or
+ maintaining separate versions for files.
+ </p>
+ </background>
+ <description>
+ <p>
+ Quote from ccvs.cvshome.org/servlets/NewsItemView?newsID=88:
+ "Stable CVS 1.11.11 has been released. Stable releases contain only bug
+ fixes from previous versions of CVS. This release adds code to the CVS
+ server to prevent it from continuing as root after a user login, as an extra
+ failsafe against a compromise of the CVSROOT/passwd file. Previously, any
+ user with the ability to write the CVSROOT/passwd file could execute
+ arbitrary code as the root user on systems with CVS pserver access enabled.
+ We recommend this upgrade for all CVS servers!"
+ </p>
+ </description>
+ <impact type="high">
+ <p>
+ A remote user could execute arbitrary code with the permissions of the root
+ user.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All Gentoo Linux machines with cvs installed should be updated to use
+ cvs-1.11.11 or higher.
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv '&gt;=dev-util/cvs-1.11.11'
+ # emerge '&gt;=dev-util/cvs-1.11.11'
+ # emerge clean</code>
+ </resolution>
+ <references/>
+</glsa>
diff --git a/glsa-200401-01.xml b/glsa-200401-01.xml
new file mode 100644
index 0000000..0716288
--- /dev/null
+++ b/glsa-200401-01.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200401-01">
+ <title>Linux kernel do_mremap() local privilege escalation vulnerability</title>
+ <synopsis>
+ A critical security vulnerability has been found in recent Linux kernels
+ which allows for local privelege escalation.
+ </synopsis>
+ <product type="ebuild">Kernel</product>
+ <announced>January 08, 2004</announced>
+ <revised>January 08, 2004: 01</revised>
+ <bug>37292</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-kernel/aa-sources" auto="no" arch="*">
+ <unaffected range="ge">2.4.23-r1</unaffected>
+ <vulnerable range="lt">2.4.23-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/alpha-sources" auto="no" arch="*">
+ <unaffected range="ge">2.4.21-r2</unaffected>
+ <vulnerable range="lt">2.4.21-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/arm-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.19-r2</unaffected>
+ <vulnerable range="lt">2.4.19-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/ck-sources" auto="no" arch="*">
+ <unaffected range="ge">2.4.23-r1</unaffected>
+ <vulnerable range="lt">2.4.23-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/compaq-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.9.32.7-r1</unaffected>
+ <vulnerable range="lt">2.4.9.32.7-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/development-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.1_rc3</unaffected>
+ <vulnerable range="lt">2.6.1_rc3</vulnerable>
+ </package>
+ <package name="sys-kernel/gaming-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.20-r7</unaffected>
+ <vulnerable range="lt">2.4.20-r7</vulnerable>
+ </package>
+ <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.1_rc3</unaffected>
+ <vulnerable range="lt">2.6.1_rc3</vulnerable>
+ </package>
+ <package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
+ <unaffected range="gt">2.4.22-r3</unaffected>
+ <vulnerable range="lt">2.4.22-r3</vulnerable>
+ </package>
+ <package name="sys-kernel/grsec-sources" auto="yes" arch="*">
+ <unaffected range="gt">2.4.23.2.0_rc4-r1</unaffected>
+ <vulnerable range="lt">2.4.23.2.0_rc4-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/gs-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.23_pre8-r2</unaffected>
+ <vulnerable range="lt">2.4.23_pre8-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/hardened-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.22-r2</unaffected>
+ <vulnerable range="lt">2.4.22-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/hppa-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.23_p4-r2</unaffected>
+ <vulnerable range="lt">2.4.23_p4-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/ia64-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.22-r2</unaffected>
+ <vulnerable range="lt">2.4.22-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/mips-prepatch-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24_pre2-r1</unaffected>
+ <vulnerable range="lt">2.4.24_pre2-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/mips-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.23-r2</unaffected>
+ <vulnerable range="lt">2.4.23-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/mm-sources" auto="no" arch="*">
+ <unaffected range="ge">2.6.1_rc1-r2</unaffected>
+ <vulnerable range="lt">2.6.1_rc1-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.22-r3</unaffected>
+ <vulnerable range="lt">2.4.22-r3</vulnerable>
+ </package>
+ <package name="sys-kernel/pac-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.23-r1</unaffected>
+ <vulnerable range="lt">2.4.23-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/pfeifer-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.21.1_pre4-r1</unaffected>
+ <vulnerable range="lt">2.4.21.1_pre4-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/planet-ccrma-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.21-r4</unaffected>
+ <vulnerable range="lt">2.4.21-r4</vulnerable>
+ </package>
+ <package name="sys-kernel/ppc-development-sources" auto="no" arch="*">
+ <unaffected range="ge">2.6.1_rc1-r1</unaffected>
+ <vulnerable range="lt">2.6.1_rc1-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/ppc-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.23-r1</unaffected>
+ <vulnerable range="lt">2.4.23-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/ppc-sources-benh" auto="yes" arch="*">
+ <unaffected range="ge">2.4.22-r4</unaffected>
+ <vulnerable range="lt">2.4.22-r4</vulnerable>
+ </package>
+ <package name="sys-kernel/ppc-sources-crypto" auto="yes" arch="*">
+ <unaffected range="ge">2.4.20-r2</unaffected>
+ <vulnerable range="lt">2.4.20-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/selinux-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24</unaffected>
+ <vulnerable range="lt">2.4.24</vulnerable>
+ </package>
+ <package name="sys-kernel/sparc-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.1_rc2</unaffected>
+ <vulnerable range="lt">2.6.1_rc2</vulnerable>
+ </package>
+ <package name="sys-kernel/sparc-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24</unaffected>
+ <vulnerable range="lt">2.4.24</vulnerable>
+ </package>
+ <package name="sys-kernel/usermode-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.23-r1</unaffected>
+ <vulnerable range="lt">2.4.23-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/vanilla-prepatch-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.25_pre4</unaffected>
+ <vulnerable range="lt">2.4.25_pre4</vulnerable>
+ </package>
+ <package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24</unaffected>
+ <vulnerable range="lt">2.4.24</vulnerable>
+ </package>
+ <package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.0-r1</unaffected>
+ <vulnerable range="lt">2.6.0-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/wolk-sources" auto="yes" arch="*">
+ <unaffected range="ge">4.10_pre7-r2</unaffected>
+ <vulnerable range="lt">4.10_pre7-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/xfs-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.23-r1</unaffected>
+ <vulnerable range="lt">2.4.23-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ The Linux kernel is responsible for memory management in a working
+ system - to allow this, processes are allowed to allocate and unallocate
+ memory.
+ </p>
+ </background>
+ <description>
+ <p>
+ The memory subsystem allows for shrinking, growing, and moving of
+ chunks of memory along any of the allocated memory areas which the kernel
+ posesses.
+ </p>
+ <p>
+ A typical virtual memory area covers at least one memory page. An incorrect
+ bound check discovered inside the do_mremap() kernel code performing
+ remapping of a virtual memory area may lead to creation of a virtual memory
+ area of 0 bytes length.
+ </p>
+ <p>
+ The problem is based on the general mremap flaw that remapping 2 pages from
+ inside a VMA creates a memory hole of only one page in length but an
+ additional VMA of two pages. In the case of a zero sized remapping request
+ no VMA hole is created but an additional VMA descriptor of 0
+ bytes in length is created.
+ </p>
+ <p>
+ This advisory also addresses an information leak in the Linux RTC system.
+ </p>
+ </description>
+ <impact type="high">
+ <p>
+ Arbitrary code may be able to exploit this vulnerability and may
+ disrupt the operation of other
+ parts of the kernel memory management subroutines finally leading to
+ unexpected behavior.
+ </p>
+ <p>
+ Since no special privileges are required to use the mremap(2) system call
+ any process may misuse its unexpected behavior to disrupt the kernel memory
+ management subsystem. Proper exploitation of this vulnerability may lead to
+ local privilege escalation including execution of arbitrary code
+ with kernel level access.
+ </p>
+ <p>
+ Proof-of-concept exploit code has been created and successfully tested,
+ permitting root escalation on vulnerable systems. As a result, all users
+ should upgrade their kernels to new or patched versions.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no temporary workaround - a kernel upgrade is required. A list
+ of unaffected kernels is provided along with this announcement.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Users are encouraged to upgrade to the latest available sources for
+ their system:
+ </p>
+ <code>
+ $> emerge sync
+ $> emerge -pv your-favourite-sources
+ $> emerge your-favourite-sources
+ $> # Follow usual procedure for compiling and installing a kernel.
+ $> # If you use genkernel, run genkernel as you would do normally.
+
+ $> # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
+ $> # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
+ $> # REPORTS THAT THE SAME VERSION IS INSTALLED.</code>
+ </resolution>
+ <references>
+ <uri link="http://isec.pl/vulnerabilities/isec-0012-mremap.txt">Vulnerability</uri>
+ </references>
+</glsa>
diff --git a/glsa-200401-02.xml b/glsa-200401-02.xml
new file mode 100644
index 0000000..5cd9b2b
--- /dev/null
+++ b/glsa-200401-02.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200401-02">
+ <title>Honeyd remote detection vulnerability via a probe packet</title>
+ <synopsis>
+ Identification of Honeyd installations allows an adversary to launch
+ attacks specifically against Honeyd. No remote root exploit is currently
+ known.
+ </synopsis>
+ <product type="ebuild">honeyd</product>
+ <announced>January 21, 2004</announced>
+ <revised>January 21, 2004: 01</revised>
+ <bug>38934</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/honeyd" auto="yes" arch="*">
+ <unaffected range="ge">0.8</unaffected>
+ <vulnerable range="lt">0.8</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Honeyd is a virtual honeypot daemon that can simulate virtual hosts on
+ unallocated IP addresses.
+ </p>
+ </background>
+ <description>
+ <p>
+ A bug in handling NMAP fingerprints caused Honeyd to reply to TCP
+ packets with both the SYN and RST flags set. Watching for replies, it is
+ possible to detect IP addresses simulated by Honeyd.
+ </p>
+ </description>
+ <impact type="low">
+ <p>
+ Although there are no public exploits known for Honeyd, the detection
+ of Honeyd IP addresses may in some cases be undesirable.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ Honeyd 0.8 has been released along with an advisory to address this
+ issue. In addition, Honeyd 0.8 drops privileges if permitted by the
+ configuration file and contains command line flags to force dropping
+ of privileges.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users are recommended to update to honeyd version 0.8:
+ </p>
+ <code>
+ $> emerge sync
+ $> emerge -pv ">=net-analyzer/honeyd-0.8"
+ $> emerge ">=net-analyzer/honeyd-0.8"</code>
+ </resolution>
+ <references>
+ <uri link="http://www.honeyd.org/adv.2004-01.asc">Honeyd Security Advisory 2004-001</uri>
+ </references>
+</glsa>
diff --git a/glsa-200401-03.xml b/glsa-200401-03.xml
new file mode 100644
index 0000000..affef9a
--- /dev/null
+++ b/glsa-200401-03.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200401-03">
+ <title>Apache mod_python Denial of Service vulnerability</title>
+ <synopsis>
+ Apache's mod_python module could crash the httpd process if a specific,
+ malformed query string was sent.
+ </synopsis>
+ <product type="ebuild">mod_python</product>
+ <announced>January 27, 2004</announced>
+ <revised>December 30, 2007: 02</revised>
+ <bug>39154</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-apache/mod_python" auto="yes" arch="*">
+ <unaffected range="ge">2.7.10</unaffected>
+ <vulnerable range="lt">2.7.10</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Mod_python is an Apache module that embeds the Python interpreter
+ within the server allowing Python-based web-applications to be
+ created.
+ </p>
+ </background>
+ <description>
+ <p>
+ The Apache Foundation has reported that mod_python may be prone to
+ Denial of Service attacks when handling a malformed
+ query. Mod_python 2.7.9 was released to fix the vulnerability,
+ however, because the vulnerability has not been fully fixed,
+ version 2.7.10 has been released.
+ </p>
+ <p>
+ Users of mod_python 3.0.4 are not affected by this vulnerability.
+ </p>
+ </description>
+ <impact type="low">
+ <p>
+ Although there are no known public exploits known for this
+ exploit, users are recommended to upgrade mod_python to ensure the
+ security of their infrastructure.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ Mod_python 2.7.10 has been released to solve this issue; there is
+ no immediate workaround.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users using mod_python 2.7.9 or below are recommended to
+ update their mod_python installation:
+ </p>
+ <code>
+ $> emerge sync
+ $> emerge -pv ">=www-apache/mod_python-2.7.10"
+ $> emerge ">=www-apache/mod_python-2.7.10"
+ $> /etc/init.d/apache restart</code>
+ </resolution>
+ <references>
+ <uri link="http://www.modpython.org/pipermail/mod_python/2004-January/014879.html">Mod_python 2.7.10 release announcement</uri>
+ </references>
+</glsa>
diff --git a/glsa-200401-04.xml b/glsa-200401-04.xml
new file mode 100644
index 0000000..1291d6b
--- /dev/null
+++ b/glsa-200401-04.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200401-04">
+ <title>GAIM 0.75 Remote overflows</title>
+ <synopsis>
+ Various overflows in the handling of AIM DirectIM packets was revealed in
+ GAIM that could lead to a remote compromise of the IM client.
+ </synopsis>
+ <product type="ebuild">GAIM</product>
+ <announced>January 26, 2004</announced>
+ <revised>January 26, 2004: 01</revised>
+ <bug>39470</bug>
+ <access>man-in-the-middle</access>
+ <affected>
+ <package name="net-im/gaim" auto="yes" arch="*">
+ <unaffected range="ge">0.75-r7</unaffected>
+ <vulnerable range="lt">0.75-r7</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Gaim is a multi-platform and multi-protocol instant messaging
+ client. It is compatible with AIM , ICQ, MSN Messenger, Yahoo,
+ IRC, Jabber, Gadu-Gadu, and the Zephyr networks.
+ </p>
+ </background>
+ <description>
+ <p>
+ Yahoo changed the authentication methods to their IM servers,
+ rendering GAIM useless. The GAIM team released a rushed release
+ solving this issue, however, at the same time a code audit
+ revealed 12 new vulnerabilities.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ Due to the nature of instant messaging many of these bugs require
+ man-in-the-middle attacks between the client and the server. But
+ the underlying protocols are easy to implement and attacking
+ ordinary TCP sessions is a fairly simple task. As a result, all
+ users are advised to upgrade their GAIM installation.
+ </p>
+ <ul>
+ <li>
+ Users of GAIM 0.74 or below are affected by 7 of the
+ vulnerabilities and are encouraged to upgrade.
+ </li>
+ <li>
+ Users of GAIM 0.75 are affected by 11 of the vulnerabilities
+ and are encouraged to upgrade to the patched version of GAIM
+ offered by Gentoo.
+ </li>
+ <li>
+ Users of GAIM 0.75-r6 are only affected by
+ 4 of the vulnerabilities, but are still urged to upgrade to
+ maintain security.
+ </li>
+ </ul>
+ </impact>
+ <workaround>
+ <p>
+ There is no immediate workaround; a software upgrade is required.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users are recommended to upgrade GAIM to 0.75-r7.
+ </p>
+ <code>
+ $> emerge sync
+ $> emerge -pv ">=net-im/gaim-0.75-r7"
+ $> emerge ">=net-im/gaim-0.75-r7"</code>
+ </resolution>
+ <references>
+ <uri link="http://www.securityfocus.com/archive/1/351235/2004-01-23/2004-01-29/0">Security advisory from Stefan Esser</uri>
+ </references>
+</glsa>
diff --git a/glsa-200402-01.xml b/glsa-200402-01.xml
new file mode 100644
index 0000000..5cff9f8
--- /dev/null
+++ b/glsa-200402-01.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200402-01">
+ <title>PHP setting leaks from .htaccess files on virtual hosts</title>
+ <synopsis>
+ If the server configuration &quot;php.ini&quot; file has
+ &quot;register_globals = on&quot; and a request is made to one virtual host
+ (which has &quot;php_admin_flag register_globals off&quot;) and the next
+ request is sent to the another virtual host (which does not have the
+ setting) global variables may leak and may be used to exploit the
+ site.
+ </synopsis>
+ <product type="ebuild">PHP</product>
+ <announced>February 07, 2004</announced>
+ <revised>February 07, 2004: 01</revised>
+ <bug>39952</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-php/mod_php" auto="yes" arch="*">
+ <unaffected range="ge">4.3.4-r4</unaffected>
+ <vulnerable range="lt">4.3.4-r4</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ PHP is a widely-used general-purpose scripting language that is
+ especially suited for Web development and can be embedded into HTML.
+ </p>
+ </background>
+ <description>
+ <p>
+ If the server configuration &quot;php.ini&quot; file has
+ &quot;register_globals = on&quot; and a request is made to one virtual host
+ (which has &quot;php_admin_flag register_globals off&quot;) and the next
+ request is sent to the another virtual host (which does not have the
+ setting) through the same apache child, the setting will persist.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ Depending on the server and site, an attacker may be able to exploit
+ global variables to gain access to reserved areas, such as MySQL passwords,
+ or this vulnerability may simply cause a lack of functionality. As a
+ result, users are urged to upgrade their PHP installations.
+ </p>
+ <p>
+ Gentoo ships PHP with &quot;register_globals&quot; set to &quot;off&quot;
+ by default.
+ </p>
+ <p>
+ This issue affects both servers running Apache 1.x and servers running
+ Apache 2.x.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ No immediate workaround is available; a software upgrade is required.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users are recommended to upgrade their PHP installation to 4.3.4-r4:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv ">=dev-php/mod_php-4.3.4-r4"
+ # emerge ">=dev-php/mod_php-4.3.4-r4"</code>
+ </resolution>
+ <references>
+ <uri link="http://bugs.php.net/bug.php?id=25753">Corresponding PHP bug</uri>
+ </references>
+</glsa>
diff --git a/glsa-200402-02.xml b/glsa-200402-02.xml
new file mode 100644
index 0000000..c96c332
--- /dev/null
+++ b/glsa-200402-02.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200402-02">
+ <title>XFree86 Font Information File Buffer Overflow</title>
+ <synopsis>
+ Exploitation of a buffer overflow in the XFree86 Project Inc.'s XFree86 X
+ Window System allows local attackers to gain root privileges.
+ </synopsis>
+ <product type="ebuild">200402-02</product>
+ <announced>February 11, 2004</announced>
+ <revised>February 11, 2004: 01</revised>
+ <access>local</access>
+ <affected>
+ <package name="x11-base/xfree" auto="yes" arch="*">
+ <vulnerable range="lt">4.3.99.902-r1</vulnerable>
+ <unaffected range="eq">4.2.1-r3</unaffected>
+ <unaffected range="eq">4.3.0-r4</unaffected>
+ <unaffected range="ge">4.3.99.902-r1</unaffected>
+ </package>
+ </affected>
+ <background>
+ <p>
+ XFree86, provides a client/server interface between display
+ hardware and the desktop environment while also providing both the
+ windowing infrastructure and a standardized API. XFree86 is
+ platform independent, network-transparent and extensible.
+ </p>
+ </background>
+ <description>
+ <p>
+ Exploitation of a buffer overflow in The XFree86 Window System
+ discovered by iDefence allows local attackers to gain root
+ privileges.
+ </p>
+ <p>
+ The problem exists in the parsing of the 'font.alias' file. The X
+ server (running as root) fails to check the length of the user
+ provided input, so a malicious user may craft a malformed
+ 'font.alias' file causing a buffer overflow upon parsing,
+ eventually leading to the execution of arbitrary code.
+ </p>
+ <p>
+ To reproduce the overflow on the command line one can run:
+ </p>
+ <code>
+ # cat > fonts.dir &lt;&lt;EOF
+ 1
+ word.bdf -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1
+ EOF
+ # perl -e 'print "0" x 1024 . "A" x 96 . "\n"' > fonts.alias
+ # X :0 -fp $PWD</code>
+ <p>
+ {Some output removed}... Server aborting... Segmentation fault (core dumped)
+ </p>
+ </description>
+ <impact type="high">
+ <p>
+ Successful exploitation can lead to a root compromise provided
+ that the attacker is able to execute commands in the X11
+ subsystem. This can be done either by having console access to the
+ target or through a remote exploit against any X client program
+ such as a web-browser, mail-reader or game.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ No immediate workaround is available; a software upgrade is required.
+ </p>
+ <p>
+ Gentoo has released XFree 4.2.1-r3, 4.3.0-r4 and 4.3.99.902-r1 and
+ encourages all users to upgrade their XFree86
+ installations. Vulnerable versions are no longer available in
+ Portage.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users are recommended to upgrade their XFree86 installation:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv x11-base/xfree
+ # emerge x11-base/xfree</code>
+ </resolution>
+ <references>
+ <uri
+ link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0083">CVE: CAN-2004-0083</uri>
+ <uri link="http://www.idefense.com/application/poi/display?id=72&amp;type=vulnerabilities">Vulnerability:
+ XFree86 Font Information File Buffer Overflow</uri>
+ </references>
+</glsa>
diff --git a/glsa-200402-03.xml b/glsa-200402-03.xml
new file mode 100644
index 0000000..ffeefb1
--- /dev/null
+++ b/glsa-200402-03.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200402-03">
+ <title>Monkeyd Denial of Service vulnerability</title>
+ <synopsis>
+ A bug in get_real_string() function allows for a Denial of Service attack to be
+ launched against the webserver.
+ </synopsis>
+ <product type="ebuild">monkeyd</product>
+ <announced>February 11, 2004</announced>
+ <revised>February 11, 2004: 01</revised>
+ <bug>41156</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-servers/monkeyd" auto="yes" arch="*">
+ <unaffected range="ge">0.8.2</unaffected>
+ <vulnerable range="lt">0.8.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ The Monkey HTTP daemon is a Web server written in C that works
+ under Linux and is based on the HTTP/1.1 protocol. It aims to develop
+ a fast, efficient and small web server.
+ </p>
+ </background>
+ <description>
+ <p>
+ A bug in the URI processing of incoming requests allows for a Denial of
+ Service to be launched against the webserver, which may cause the server
+ to crash or behave sporadically.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ Although there are no public exploits known for bug, users are recommended
+ to upgrade to ensure the security of their infrastructure.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no immediate workaround; a software upgrade is
+ required. The vulnerable function in the code has been rewritten.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users are recommended to upgrade monkeyd to 0.8.2:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv ">=www-servers/monkeyd-0.8.2"
+ # emerge ">=www-servers/monkeyd-0.8.2"</code>
+ </resolution>
+ <references>
+ <uri link="http://cvs.sourceforge.net/viewcvs.py/monkeyd/monkeyd/src/utils.c?r1=1.3&amp;r2=1.4">CVS Patch</uri>
+ </references>
+</glsa>
diff --git a/glsa-200402-04.xml b/glsa-200402-04.xml
new file mode 100644
index 0000000..407a198
--- /dev/null
+++ b/glsa-200402-04.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200402-04">
+ <title>Gallery 1.4.1 and below remote exploit vulnerability</title>
+ <synopsis>
+ The Gallery developers have discovered a potentially serious security flaw
+ in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1 which can allow a
+ remote exploit of your webserver.
+ </synopsis>
+ <product type="ebuild">Gallery</product>
+ <announced>February 11, 2004</announced>
+ <revised>February 11, 2004: 01</revised>
+ <bug>39638</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-apps/gallery" auto="yes" arch="*">
+ <unaffected range="ge">1.4.1_p1</unaffected>
+ <vulnerable range="lt">1.4.1_p1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Gallery is an open source image management system written in PHP.
+ More information is available at http://gallery.sourceforge.net
+ </p>
+ </background>
+ <description>
+ <p>
+ Starting in the 1.3.1 release, Gallery includes code to simulate the behaviour
+ of the PHP 'register_globals' variable in environments where that setting
+ is disabled. It is simulated by extracting the values of the various
+ $HTTP_ global variables into the global namespace.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ A crafted URL such as
+ http://example.com/gallery/init.php?HTTP_POST_VARS=xxx causes the
+ 'register_globals' simulation code to overwrite the $HTTP_POST_VARS which,
+ when it is extracted, will deliver the given payload. If the
+ payload compromises $GALLERY_BASEDIR then the malicious user can perform a
+ PHP injection exploit and gain remote access to the webserver with PHP
+ user UID access rights.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ The workaround for the vulnerability is to replace init.php and
+ setup/init.php with the files in the following ZIP file:
+ http://prdownloads.sourceforge.net/gallery/patch_1.4.1-to-1.4.1-pl1.zip?download
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users are encouraged to upgrade their gallery installation:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -p ">=www-apps/gallery-1.4.1_p1"
+ # emerge ">=www-apps/gallery-1.4.1_p1"</code>
+ </resolution>
+ <references>
+ </references>
+</glsa>
diff --git a/glsa-200402-05.xml b/glsa-200402-05.xml
new file mode 100644
index 0000000..3b84cf4
--- /dev/null
+++ b/glsa-200402-05.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200402-05">
+ <title>phpMyAdmin &lt; 2.5.6-rc1: possible attack against export.php</title>
+ <synopsis>
+ A vulnerability in phpMyAdmin which was not properly verifying user
+ generated input could lead to a directory traversal attack.
+ </synopsis>
+ <product type="ebuild">phpmyadmin</product>
+ <announced>February 17, 2004</announced>
+ <revised>February 17, 2004: 01</revised>
+ <bug>40268</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+ <unaffected range="ge">2.5.6_rc1</unaffected>
+ <vulnerable range="le">2.5.5_p1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ phpMyAdmin is a tool written in PHP intended to handle the administration
+ of MySQL databased over the Web.
+ </p>
+ </background>
+ <description>
+ <p>
+ One component of the phpMyAdmin software package (export.php) does not
+ properly verify input that is passed to it from a remote user. Since the
+ input is used to include other files, it is possible to launch a directory
+ traversal attack.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ Private information could be gleaned from the remote server if an attacker
+ uses a malformed URL such as http://phpmyadmin.example.com/export.php?what=../../../[existing_file]
+ </p>
+ <p>
+ In this scenario, the script does not sanitize the "what" argument passed
+ to it, allowing directory traversal attacks to take place, disclosing
+ the contents of files if the file is readable as the web-server user.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ The workaround is to either patch the export.php file using the
+ referenced CVS patch or upgrade the software via Portage.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Users are encouraged to upgrade to phpMyAdmin-2.5.6_rc1:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv ">=dev-db/phpmyadmin-2.5.6_rc1"
+ # emerge ">=dev-db/phpmyadmin-2.5.6_rc1"
+ # emerge clean</code>
+ </resolution>
+ <references>
+ <uri link="http://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/export.php?r1=2.3&amp;r2=2.3.2.1">CVS Patch</uri>
+ </references>
+</glsa>
diff --git a/glsa-200402-06.xml b/glsa-200402-06.xml
new file mode 100644
index 0000000..fbbcf64
--- /dev/null
+++ b/glsa-200402-06.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200402-06">
+ <title>Updated kernel packages fix the AMD64 ptrace vulnerability</title>
+ <synopsis>
+ A vulnerability has been discovered by in the ptrace emulation code for
+ AMD64 platforms when eflags are processed, allowing a local user to obtain
+ elevated priveleges.
+ </synopsis>
+ <product type="ebuild">Kernel</product>
+ <announced>February 17, 2004</announced>
+ <revised>February 17, 2004: 01</revised>
+ <access>local</access>
+ <affected>
+ <package name="sys-kernel/ck-sources" auto="yes" arch="amd64">
+ <unaffected range="ge">2.6.2</unaffected>
+ <vulnerable range="lt">2.6.2</vulnerable>
+ </package>
+ <package name="sys-kernel/development-sources" auto="yes" arch="amd64">
+ <unaffected range="ge">2.6.2</unaffected>
+ <vulnerable range="lt">2.6.2</vulnerable>
+ </package>
+ <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="amd64">
+ <unaffected range="ge">2.6.2</unaffected>
+ <vulnerable range="lt">2.6.2</vulnerable>
+ </package>
+ <package name="sys-kernel/gentoo-sources" auto="yes" arch="amd64">
+ <unaffected range="ge">2.4.22-r6</unaffected>
+ <vulnerable range="lt">2.4.22-r6</vulnerable>
+ </package>
+ <package name="sys-kernel/gentoo-test-sources" auto="yes" arch="amd64">
+ <unaffected range="ge">2.6.2-r1</unaffected>
+ <vulnerable range="lt">2.6.2</vulnerable>
+ </package>
+ <package name="sys-kernel/gs-sources" auto="yes" arch="amd64">
+ <unaffected range="ge">2.4.25_pre7-r1</unaffected>
+ <vulnerable range="lt">2.4.25_pre7-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/vanilla-prepatch-sources" auto="yes" arch="amd64">
+ <unaffected range="ge">2.4.25_rc3</unaffected>
+ <vulnerable range="lt">2.4.25_rc3</vulnerable>
+ </package>
+ <package name="sys-kernel/vanilla-sources" auto="yes" arch="amd64">
+ <unaffected range="ge">2.4.24-r1</unaffected>
+ <vulnerable range="lt">2.4.24-r1</vulnerable>
+ </package>
+ </affected>
+ <description>
+ <p>
+ A vulnerability has been discovered by Andi Kleen in the ptrace emulation
+ code for AMD64 platforms when eflags are processed, allowing a local user
+ to obtain elevated priveleges. The Common Vulnerabilities and Exposures
+ project, http://cve.mitre.org, has assigned CAN-2004-0001 to this issue.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ Only users of the AMD64 platform are affected: in this scenario, a user may
+ be able to obtain elevated priveleges, including root access. However, no
+ public exploit is known for the vulnerability at this time.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no temporary workaround - a kernel upgrade is required. A list of
+ unaffected kernels is provided along with this announcement.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Users are encouraged to upgrade to the latest available sources for
+ their system:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv your-favourite-sources
+ # emerge your-favourite-sources
+ # # Follow usual procedure for compiling and installing a kernel.
+ # # If you use genkernel, run genkernel as you would do normally.
+ </code>
+ <code>
+ # # IF YOUR KERNEL IS MARKED as "remerge required!" THEN
+ # # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
+ # # REPORTS THAT THE SAME VERSION IS INSTALLED.
+ </code>
+ </resolution>
+ <references>
+ </references>
+</glsa>
diff --git a/glsa-200402-07.xml b/glsa-200402-07.xml
new file mode 100644
index 0000000..8990422
--- /dev/null
+++ b/glsa-200402-07.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200402-07">
+ <title>Clam Antivirus DoS vulnerability</title>
+ <synopsis>
+ Oliver Eikemeier has reported a vulnerability in Clam AV, which can be
+ exploited by a malformed uuencoded message causing a denial of service for
+ programs that rely on the clamav daemon, such as SMTP daemons.
+ </synopsis>
+ <product type="ebuild">clamav</product>
+ <announced>February 17, 2004</announced>
+ <revised>February 17, 2004: 01</revised>
+ <bug>41248</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-antivirus/clamav" auto="yes" arch="*">
+ <unaffected range="ge">0.67</unaffected>
+ <vulnerable range="lt">0.67</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Clam AntiVirus is a GPLed anti-virus toolkit, designed for integration with
+ mail servers to perform attachment scanning. Clam AV also provides a
+ command line scanner and a tool for fetching updates of the virus database.
+ </p>
+ </background>
+ <description>
+ <p>
+ Oliver Eikemeier of Fillmore Labs discovered the overflow in Clam AV 0.65
+ when it handled malformed UUEncoded messages, causing the daemon to shut
+ down.
+ </p>
+ <p>
+ The problem originated in libclamav which calculates the line length of an
+ uuencoded message by taking the ASCII value of the first character minus 64
+ while doing an assertion if the length is not in the allowed range,
+ effectively terminating the calling program as clamav would not be
+ available.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ A malformed message would cause a denial of service,
+ and depending on the server configuration this may impact other daemons
+ relying on Clam AV in a fatal manner.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no immediate workaround, a software upgrade is required.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users are urged to upgrade their Clam AV installations to Clam AV 0.67:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv ">=app-antivirus/clamav-0.6.7"
+ # emerge ">=app-antivirus/clamav-0.6.7"</code>
+ </resolution>
+ <references>
+ </references>
+</glsa>
diff --git a/glsa-200403-01.xml b/glsa-200403-01.xml
new file mode 100644
index 0000000..0cde74d
--- /dev/null
+++ b/glsa-200403-01.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200403-01">
+ <title>Libxml2 URI Parsing Buffer Overflow Vulnerabilities</title>
+ <synopsis>
+ A buffer overflow has been discovered in libxml2 versions prior to
+ 2.6.6 which may be exploited by an attacker allowing the execution of
+ arbitrary code.
+ </synopsis>
+ <product type="ebuild">libxml</product>
+ <announced>March 05, 2004</announced>
+ <revised>March 05, 2004: 01</revised>
+ <bug>42735</bug>
+ <access>local and remote combination</access>
+ <affected>
+ <package name="dev-libs/libxml2" auto="yes" arch="*">
+ <unaffected range="ge">2.6.6</unaffected>
+ <vulnerable range="lt">2.6.6</vulnerable>
+ </package>
+ </affected>
+ <description>
+ <p>
+ Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
+ When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2
+ uses parsing routines that can overflow a buffer caused by improper bounds
+ checking if they are passed a URL longer than 4096 bytes.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ If an attacker is able to exploit an application using libxml2 that parses
+ remote resources, then this flaw could be used to execute arbitrary code.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ No workaround is available; users are urged to upgrade libxml2 to 2.6.6.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users are recommended to upgrade their libxml2 installation:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv ">=dev-libs/libxml2-2.6.6"
+ # emerge ">=dev-libs/libxml2-2.6.6"</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110">CVE 2004-0110</uri>
+ </references>
+</glsa>
diff --git a/glsa-200403-02.xml b/glsa-200403-02.xml
new file mode 100644
index 0000000..6c91741
--- /dev/null
+++ b/glsa-200403-02.xml
@@ -0,0 +1,244 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200403-02">
+ <title>Linux kernel do_mremap local privilege escalation vulnerability</title>
+ <synopsis>
+ A critical security vulnerability has been found in recent Linux kernels by
+ Paul Starzetz of iSEC Security Research which allows for local privilege
+ escalations.
+ </synopsis>
+ <product type="ebuild">Kernel</product>
+ <announced>March 05, 2004</announced>
+ <revised>May 22, 2006: 03</revised>
+ <bug>42024</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-kernel/aa-sources" auto="no" arch="*">
+ <unaffected range="ge">2.4.23-r1</unaffected>
+ <vulnerable range="lt">2.4.23-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/alpha-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.21-r4</unaffected>
+ <vulnerable range="lt">2.4.21-r4</vulnerable>
+ </package>
+ <package name="sys-kernel/ck-sources" auto="no" arch="*">
+ <unaffected range="eq">2.4.24-r1</unaffected>
+ <unaffected range="ge">2.6.2-r1</unaffected>
+ <vulnerable range="lt">2.6.2-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/compaq-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.9.32.7-r2</unaffected>
+ <vulnerable range="lt">2.4.9.32.7-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/development-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.3_rc1</unaffected>
+ <vulnerable range="lt">2.6.3_rc1</vulnerable>
+ </package>
+ <package name="sys-kernel/gaming-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.20-r8</unaffected>
+ <vulnerable range="lt">2.4.20-r8</vulnerable>
+ </package>
+ <package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.3_rc1</unaffected>
+ <vulnerable range="lt">2.6.3_rc1</vulnerable>
+ </package>
+ <package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
+ <unaffected range="eq">2.4.19-r11</unaffected>
+ <unaffected range="eq">2.4.20-r12</unaffected>
+ <unaffected range="ge">2.4.22-r7</unaffected>
+ <vulnerable range="lt">2.4.22-r7</vulnerable>
+ </package>
+ <package name="sys-kernel/grsec-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24.1.9.13-r1</unaffected>
+ <vulnerable range="lt">2.4.24.1.9.13-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/gs-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.25_pre7-r2</unaffected>
+ <vulnerable range="lt">2.4.25_pre7-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/hardened-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24-r1</unaffected>
+ <vulnerable range="lt">2.4.24-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.2_p3-r1</unaffected>
+ <vulnerable range="lt">2.6.2_p3-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/hppa-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24_p0-r1</unaffected>
+ <vulnerable range="lt">2.4.24_p0-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/ia64-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24-r1</unaffected>
+ <vulnerable range="lt">2.4.24-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/mips-prepatch-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.25_pre6-r1</unaffected>
+ <vulnerable range="lt">2.4.25_pre6-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/mips-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.25_rc4</unaffected>
+ <vulnerable range="lt">2.4.25_rc4</vulnerable>
+ </package>
+ <package name="sys-kernel/mm-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.3_rc1-r1</unaffected>
+ <vulnerable range="lt">2.6.3_rc1-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.22-r4</unaffected>
+ <vulnerable range="lt">2.4.22-r4</vulnerable>
+ </package>
+ <package name="sys-kernel/pac-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.23-r3</unaffected>
+ <vulnerable range="lt">2.4.23-r3</vulnerable>
+ </package>
+ <package name="sys-kernel/planet-ccrma-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.21-r5</unaffected>
+ <vulnerable range="lt">2.4.21-r5</vulnerable>
+ </package>
+ <package name="sys-kernel/ppc-development-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.3_rc1-r1</unaffected>
+ <vulnerable range="lt">2.6.3_rc1-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/ppc-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24-r1</unaffected>
+ <vulnerable range="lt">2.4.24-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/ppc-sources-benh" auto="yes" arch="*">
+ <unaffected range="ge">2.4.22-r5</unaffected>
+ <vulnerable range="lt">2.4.22-r5</vulnerable>
+ </package>
+ <package name="sys-kernel/ppc-sources-crypto" auto="yes" arch="*">
+ <unaffected range="ge">2.4.20-r3</unaffected>
+ <vulnerable range="lt">2.4.20-r3</vulnerable>
+ </package>
+ <package name="sys-kernel/ppc-sources-dev" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24-r2</unaffected>
+ <vulnerable range="lt">2.4.24-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/selinux-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24-r2</unaffected>
+ <vulnerable range="lt">2.4.24-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/sparc-dev-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.6.3_rc1</unaffected>
+ <vulnerable range="lt">2.6.3_rc1</vulnerable>
+ </package>
+ <package name="sys-kernel/sparc-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24-r2</unaffected>
+ <vulnerable range="lt">2.4.24-r2</vulnerable>
+ </package>
+ <package name="sys-kernel/usermode-sources" auto="yes" arch="*">
+ <unaffected range="rge">2.4.24-r1</unaffected>
+ <unaffected range="rge">2.4.26</unaffected>
+ <unaffected range="ge">2.6.3-r1</unaffected>
+ <vulnerable range="lt">2.6.3-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/vanilla-prepatch-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.25_rc4</unaffected>
+ <vulnerable range="lt">2.4.25_rc4</vulnerable>
+ </package>
+ <package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.25</unaffected>
+ <vulnerable range="lt">2.4.25</vulnerable>
+ </package>
+ <package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
+ <unaffected range="eq">2.4.23-r2</unaffected>
+ <unaffected range="ge">2.6.2-r1</unaffected>
+ <vulnerable range="lt">2.6.2-r1</vulnerable>
+ </package>
+ <package name="sys-kernel/wolk-sources" auto="yes" arch="*">
+ <unaffected range="eq">4.9-r4</unaffected>
+ <unaffected range="ge">4.10_pre7-r3</unaffected>
+ <vulnerable range="lt">4.10_pre7-r3</vulnerable>
+ </package>
+ <package name="sys-kernel/xfs-sources" auto="yes" arch="*">
+ <unaffected range="ge">2.4.24-r2</unaffected>
+ <vulnerable range="lt">2.4.24-r2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ The Linux kernel is responsible for memory management in a working
+ system - to allow this, processes are allowed to allocate and
+ unallocate memory.
+ </p>
+ </background>
+ <description>
+ <p>
+ The memory subsystem allows for shrinking, growing, and moving of
+ chunks of memory along any of the allocated memory areas which the
+ kernel posesses.
+ </p>
+ <p>
+ To accomplish this, the do_mremap code calls the do_munmap() kernel
+ function to remove any old memory mappings in the new location - but,
+ the code doesn't check the return value of the do_munmap() function
+ which may fail if the maximum number of available virtual memory area
+ descriptors has been exceeded.
+ </p>
+ <p>
+ Due to the missing return value check after trying to unmap the middle
+ of the first memory area, the corresponding page table entries from the
+ second new area are inserted into the page table locations described by
+ the first old one, thus they are subject to page protection flags of
+ the first area. As a result, arbitrary code can be executed.
+ </p>
+ </description>
+ <impact type="high">
+ <p>
+ Arbitrary code with normal non-super-user privelerges may be able to
+ exploit this vulnerability and may disrupt the operation of other parts
+ of the kernel memory management subroutines finally leading to
+ unexpected behavior.
+ </p>
+ <p>
+ Since no special privileges are required to use the mremap() and
+ mummap() system calls any process may misuse this unexpected behavior
+ to disrupt the kernel memory management subsystem. Proper exploitation
+ of this vulnerability may lead to local privilege escalation allowing
+ for the execution of arbitrary code with kernel level root access.
+ </p>
+ <p>
+ Proof-of-concept exploit code has been created and successfully tested,
+ permitting root escalation on vulnerable systems. As a result, all
+ users should upgrade their kernels to new or patched versions.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ Users who are unable to upgrade their kernels may attempt to use
+ "sysctl -w vm.max_map_count=1000000", however, this is a temporary fix
+ which only solves the problem by increasing the number of memory areas
+ that can be created by each process. Because of the static nature of
+ this workaround, it is not recommended and users are urged to upgrade
+ their systems to the latest avaiable patched sources.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Users are encouraged to upgrade to the latest available sources for
+ their system:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv your-favourite-sources
+ # emerge your-favourite-sources
+ # # Follow usual procedure for compiling and installing a kernel.
+ # # If you use genkernel, run genkernel as you would do normally.
+
+ # # IF YOUR KERNEL IS MARKED as &quot;remerge required!&quot; THEN
+ # # YOU SHOULD UPDATE YOUR KERNEL EVEN IF PORTAGE
+ # # REPORTS THAT THE SAME VERSION IS INSTALLED.</code>
+ </resolution>
+ <references>
+ <uri link="http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt">Advisory released by iSEC</uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0077">CVE-2004-0077</uri>
+ </references>
+ <metadata tag="submitter" timestamp="Sat, 2 Apr 2005 12:59:08 +0000">
+ koon
+ </metadata>
+</glsa>
diff --git a/glsa-200403-03.xml b/glsa-200403-03.xml
new file mode 100644
index 0000000..9088df9
--- /dev/null
+++ b/glsa-200403-03.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200403-03">
+ <title>Multiple OpenSSL Vulnerabilities</title>
+ <synopsis>
+ Three vulnerabilities have been found in OpenSSL via a commercial test
+ suite for the TLS protocol developed by Codenomicon Ltd.
+ </synopsis>
+ <product type="ebuild">OpenSSL</product>
+ <announced>March 17, 2004</announced>
+ <revised>May 22, 2006: 02</revised>
+ <bug>44941</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/openssl" auto="yes" arch="*">
+ <unaffected range="ge">0.9.7d</unaffected>
+ <unaffected range="eq">0.9.6m</unaffected>
+ <vulnerable range="le">0.9.7c</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, full-featured, and Open Source toolkit implementing
+ the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
+ v1) protocols as well as a full-strength general purpose cryptography
+ library.
+ </p>
+ </background>
+ <description>
+ <ol>
+ <li>
+ Testing performed by the OpenSSL group using the Codenomicon TLS Test
+ Tool uncovered a null-pointer assignment in the do_change_cipher_spec()
+ function. A remote attacker could perform a carefully crafted SSL/TLS
+ handshake against a server that used the OpenSSL library in such a way
+ as to cause OpenSSL to crash. Depending on the application this could
+ lead to a denial of service. All versions of OpenSSL from 0.9.6c to
+ 0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by
+ this issue.
+ </li>
+ <li>
+ A flaw has been discovered in SSL/TLS handshaking code when using
+ Kerberos ciphersuites. A remote attacker could perform a carefully
+ crafted SSL/TLS handshake against a server configured to use Kerberos
+ ciphersuites in such a way as to cause OpenSSL to crash. Most
+ applications have no ability to use Kerberos cipher suites and will
+ therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL
+ are affected by this issue.
+ </li>
+ <li>
+ Testing performed by the OpenSSL group using the Codenomicon TLS Test
+ Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead
+ to a Denial of Service attack (infinite loop). This issue was traced to
+ a fix that was added to OpenSSL 0.9.6d some time ago. This issue will
+ affect vendors that ship older versions of OpenSSL with backported
+ security patches.
+ </li>
+ </ol>
+ </description>
+ <impact type="normal">
+ <p>
+ Although there are no public exploits known for bug, users are
+ recommended to upgrade to ensure the security of their infrastructure.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no immediate workaround; a software upgrade is required. The
+ vulnerable function in the code has been rewritten.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv &quot;&gt;=dev-libs/openssl-0.9.7d&quot;
+ # emerge &quot;&gt;=dev-libs/openssl-0.9.7d&quot;</code>
+ </resolution>
+ <references>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079">CVE-2004-0079</uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0081">CVE-2004-0081</uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112">CVE-2004-0112</uri>
+ </references>
+ <metadata tag="submitter" timestamp="Mon, 22 May 2006 05:54:03 +0000">
+ DerCorny
+ </metadata>
+</glsa>
diff --git a/glsa-200403-04.xml b/glsa-200403-04.xml
new file mode 100644
index 0000000..c6a9d9d
--- /dev/null
+++ b/glsa-200403-04.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200403-04">
+ <title>Multiple security vulnerabilities in Apache 2</title>
+ <synopsis>
+ A memory leak in mod_ssl allows a remote denial of service attack against
+ an SSL-enabled server via plain HTTP requests. Another flaw was found when
+ arbitrary client-supplied strings can be written to the error log, allowing
+ the exploit of certain terminal emulators. A third flaw exists with the
+ mod_disk_cache module.
+ </synopsis>
+ <product type="ebuild">Apache</product>
+ <announced>March 22, 2004</announced>
+ <revised>December 30, 2007: 03</revised>
+ <bug>45206</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-servers/apache" auto="yes" arch="*">
+ <unaffected range="eq">1.3*</unaffected>
+ <unaffected range="ge">2.0.49</unaffected>
+ <vulnerable range="le">2.0.48</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ The Apache HTTP Server Project is an effort to develop and maintain an
+ open-source HTTP server for modern operating systems. The goal of this
+ project is to provide a secure, efficient and extensible server that
+ provides services in tune with the current HTTP standards.
+ </p>
+ </background>
+ <description>
+ <p>
+ Three vulnerabilities were found:
+ </p>
+ <ol>
+ <li>
+ A memory leak in ssl_engine_io.c for mod_ssl in Apache 2.0.48 and below
+ allows remote attackers to cause a denial of service attack via plain
+ HTTP requests to the SSL port of an SSL-enabled server.
+ </li>
+ <li>
+ Apache fails to filter terminal escape sequences from error logs that
+ begin with the ASCII (0x1B) sequence and are followed by a series of
+ arguments. If a remote attacker could inject escape sequences into an
+ Apache error log, the attacker could take advantages of weaknesses in
+ various terminal emulators, launching attacks against remote users
+ including further denial of service attacks, file modification, and the
+ execution of arbitrary commands.
+ </li>
+ <li>
+ The Apache mod_disk_cache has been found to be vulnerable to a weakness
+ that allows attackers to gain access to authentication credentials
+ through the issue of caching HTTP hop-by-hop headers which would
+ contain plaintext user passwords. There is no available resolution for
+ this issue yet.
+ </li>
+ </ol>
+ </description>
+ <impact type="normal">
+ <p>
+ No special privileges are required for these vulnerabilities. As a
+ result, all users are recommended to upgrade their Apache
+ installations.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no immediate workaround; a software upgrade is required. There
+ is no workaround for the mod_disk_cache issue; users are recommended to
+ disable the feature on their servers until a patched version is
+ released.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ Users are urged to upgrade to Apache 2.0.49:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv &quot;&gt;=www-servers/apache-2.0.49&quot;
+ # emerge &quot;&gt;=www-servers/apache-2.0.49&quot;
+
+ # ** IMPORTANT **
+
+ # If you are migrating from Apache 2.0.48-r1 or earlier versions,
+ # it is important that the following directories are removed.
+
+ # The following commands should cause no data loss since these
+ # are symbolic links.
+
+ # rm /etc/apache2/lib /etc/apache2/logs /etc/apache2/modules
+ # rm /etc/apache2/modules
+
+ # ** ** ** ** **
+
+ # ** ALSO NOTE **
+
+ # Users who use mod_disk_cache should edit their Apache
+ # configuration and disable mod_disk_cache.</code>
+ </resolution>
+ <references>
+ <uri link="http://www.securityfocus.com/bid/9933/info/">Apache mod_disk_cache authentication storage weakness vulnerability</uri>
+ <uri link="http://www.apache.org/dist/httpd/Announcement2.html">Apache HTTP Server 2.0.49 Announcement</uri>
+ <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0113">CVE-2004-0113</uri>
+ </references>
+ <metadata tag="submitter" timestamp="Mon, 22 May 2006 05:52:59 +0000">
+ DerCorny
+ </metadata>
+</glsa>
diff --git a/glsa-200403-05.xml b/glsa-200403-05.xml
new file mode 100644
index 0000000..4f60a18
--- /dev/null
+++ b/glsa-200403-05.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200403-05">
+ <title>UUDeview MIME Buffer Overflow</title>
+ <synopsis>
+ A specially-crafted MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe
+ extensions) may cause UUDeview to crash or execute arbitrary code.
+ </synopsis>
+ <product type="ebuild">UUDeview</product>
+ <announced>March 26, 2004</announced>
+ <revised>March 26, 2004: 01</revised>
+ <bug>44859</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-text/uudeview" auto="yes" arch="*">
+ <unaffected range="ge">0.5.20</unaffected>
+ <vulnerable range="lt">0.5.20</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ UUDeview is a program which is used to transmit binary files over the
+ Internet in a text-only format. It is commonly used for email and Usenet
+ attachments. It supports multiple encoding formats, including Base64,
+ BinHex and UUEncoding.
+ </p>
+ </background>
+ <description>
+ <p>
+ By decoding a MIME archive with excessively long strings for various
+ parameters, it is possible to crash UUDeview, or cause it to execute
+ arbitrary code.
+ </p>
+ <p>
+ This vulnerability was originally reported by iDEFENSE as part of a WinZip
+ advisory [ Reference: 1 ].
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ An attacker could create a specially-crafted MIME file and send it via
+ email. When recipient decodes the file, UUDeview may execute arbitrary code
+ which is embedded in the MIME file, thus granting the attacker access to
+ the recipient's account.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ There is no known workaround at this time. As a result, a software upgrade
+ is required and users should upgrade to uudeview 0.5.20.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users should upgrade to uudeview 0.5.20:
+ </p>
+ <code>
+ # emerge sync
+ # emerge -pv ">=app-text/uudeview-0.5.20"
+ # emerge ">=app-text/uudeview-0.5.20"
+ </code>
+ </resolution>
+ <references>
+ <uri link="http://www.idefense.com/application/poi/display?id=76&amp;type=vulnerabilities">iDEFENSE advisory</uri>
+ <uri link="http://www.securityfocus.com/bid/9758">SecurityFocus advisory</uri>
+ </references>
+</glsa>
diff --git a/glsa-200403-06.xml b/glsa-200403-06.xml
new file mode 100644
index 0000000..c8e6838
--- /dev/null
+++ b/glsa-200403-06.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200403-06">
+ <title>Multiple remote buffer overflow vulnerabilities in Courier</title>
+ <synopsis>
+ Remote buffer overflow vulnerabilities have been found in Courier-IMAP and
+ Courier MTA. These exploits may allow the execution of abritrary code,
+ allowing unauthorized access to a vulnerable system.
+ </synopsis>
+ <product type="ebuild">Courier</product>
+ <announced>March 26, 2004</announced>
+ <revised>March 26, 2004: 01</revised>
+ <bug>45584</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-mail/courier-imap" auto="yes" arch="*">
+ <unaffected range="ge">3.0.0</unaffected>
+ <vulnerable range="lt">3.0.0</vulnerable>
+ </package>
+ <package name="mail-mta/courier" auto="yes" arch="*">
+ <unaffected range="ge">0.45</unaffected>
+ <vulnerable range="lt">0.45</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Courier MTA is a multiprotocol mail server suite that provides webmail,
+ mailing lists, IMAP, and POP3 services. Courier-IMAP is a standalone server
+ that gives IMAP access to local mailboxes.
+ </p>
+ </background>
+ <description>
+ <p>
+ The vulnerabilities have been found in the 'SHIFT_JIS' converter in
+ 'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may
+ supply Unicode characters that exceed BMP (Basic Multilingual Plane) range,
+ causing an overflow.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>
+ An attacker without privileges may exploit this vulnerability remotely, allowing arbitrary code to be executed in order to gain unauthorized access.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ While a workaround is not currently known for this issue, all users are
+ advised to upgrade to the latest version of the affected packages.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users should upgrade to current versions of the affected packages:
+ </p>
+ <code>
+ # emerge sync
+
+ # emerge -pv ">=net-mail/courier-imap-3.0.0"
+ # emerge ">=net-mail/courier-imap-3.0.0"
+
+ # ** Or; depending on your installation... **
+
+ # emerge -pv ">=mail-mta/courier-0.45"
+ # emerge ">=mail-mta/courier-0.45"
+ </code>
+ </resolution>
+ <references>
+ <uri link="http://www.securityfocus.com/bid/9845">Courier Multiple Remote Buffer Overflow Vulnerabilities</uri>
+ <uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0224">CAN-2004-0224</uri>
+ </references>
+</glsa>
diff --git a/glsa-200403-07.xml b/glsa-200403-07.xml
new file mode 100644
index 0000000..8e43741
--- /dev/null
+++ b/glsa-200403-07.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
+<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+
+<glsa id="200403-07">
+ <title>Multiple remote overflows and vulnerabilities in Ethereal</title>
+ <synopsis>
+ Mulitple overflows and vulnerabilities exist in Ethereal which may allow an
+ attacker to crash the program or run arbitrary code.
+ </synopsis>
+ <product type="ebuild">ethereal</product>
+ <announced>March 28, 2004</announced>
+ <revised>March 28, 2004: 01</revised>
+ <bug>45543</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/ethereal" auto="yes" arch="*">
+ <unaffected range="ge">0.10.3</unaffected>
+ <vulnerable range="le">0.10.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>
+ Quote from http://www.ethereal.com
+ </p>
+ <p>
+ &quot;Ethereal is used by network professionals around the world for
+ troubleshooting, analysis, software and protocol development, and
+ education. It has all of the standard features you would expect in a
+ protocol analyzer, and several features not seen in any other product. Its
+ open source license allows talented experts in the networking community to
+ add enhancements. It runs on all popular computing platforms, including
+ Unix, Linux, and Windows.&quot;
+ </p>
+ </background>
+ <description>
+ <p>There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:</p>
+ <ul>
+ <li>Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.</li>
+ <li>A zero-length Presentation protocol selector could make Ethereal crash.</li>
+ <li>A vulnerability in the RADIUS packet dissector which may crash ethereal.</li>
+ <li>A corrupt color filter file could cause a segmentation fault.</li>
+ </ul>
+ </description>
+ <impact type="high">
+ <p>
+ These vulnerabilities may cause Ethereal to crash or may allow an attacker
+ to run arbitrary code on the user's computer.
+ </p>
+ </impact>
+ <workaround>
+ <p>
+ While a workaround is not currently known for this issue, all users are
+ advised to upgrade to the latest version of the affected package.
+ </p>
+ </workaround>
+ <resolution>
+ <p>
+ All users should upgrade to the current version of the affected package:
+ </p>
+ <code>
+ # emerge sync
+
+ # emerge -pv ">=net-analyzer/ethereal-0.10.3"
+ # emerge ">=net-analyzer/ethereal-0.10.3"</code>
+ </resolution>
+ <references>
+ <uri link="http://www.ethereal.com/appnotes/enpa-sa-00013.html">Multiple security problems in Ethereal 0.10.2</uri>
+ <uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176">CAN-2004-0176</uri>
+ <uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365">CAN-2004-0365</uri>
+ <uri link="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367">CAN-2004-0367</uri>
+ </references>
+</glsa>
diff --git a/glsa-200403-08.xml b/glsa-200403-08.xml
new file mode 100644
index 0000000..3a7f2