summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-05-17 14:32:10 +0100
committerV3n3RiX <venerix@redcorelinux.org>2020-05-17 14:32:10 +0100
commit51c50bd4c895ebf56d81fecae8e45ec3b5fc3efa (patch)
tree753b6b08624c34d1ed8414bbe22c45409f7741b9 /metadata/glsa
parentbe9d77d3ac6af8f4ead98d89706f356b65578c93 (diff)
parentdeba8115d2c2af26df42966b91ef04ff4dd79cde (diff)
Merge branch 'edge' into next
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin462854 -> 464298 bytes
-rw-r--r--metadata/glsa/glsa-202004-02.xml16
-rw-r--r--metadata/glsa/glsa-202004-14.xml53
-rw-r--r--metadata/glsa/glsa-202004-15.xml51
-rw-r--r--metadata/glsa/glsa-202004-16.xml50
-rw-r--r--metadata/glsa/glsa-202004-17.xml60
-rw-r--r--metadata/glsa/glsa-202005-01.xml56
-rw-r--r--metadata/glsa/glsa-202005-02.xml50
-rw-r--r--metadata/glsa/glsa-202005-03.xml72
-rw-r--r--metadata/glsa/glsa-202005-04.xml72
-rw-r--r--metadata/glsa/glsa-202005-05.xml53
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
14 files changed, 540 insertions, 27 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 33929072fc57..d049ba8837e2 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 462854 BLAKE2B 45d9c39aed70715f733b66b45dc5f1269928044878c906083c6e7a076449bf75e0a2abc6b2094fac1caf94f820d8a437f66033fe5edd3675345689e5a3f2c6d8 SHA512 cdd4cb4b70565ed751e2fc667e7560d4b3105f046b9428886b70b2d9ea0dc778c9446a4556ccea472de31ef09973c16422f77c1b2e65175f6c4833f501c93cc8
-TIMESTAMP 2020-04-25T09:38:56Z
+MANIFEST Manifest.files.gz 464298 BLAKE2B 526a6ba1147d1a7dfd302a24bff7fbcd35795c074c66309f2769965fbf66a4030ab97ff6fe749f275ae27a9eb89af001a4da1c9034b77087136aaec3ef924db0 SHA512 9109f8b09544f23d56243b529abfacedcd6c96f06bd7ac30000b4fdc0fa196adcedd450a45aa34b2f3b9e39c5c79b21cf745580241e5a3dbd04444c94fd0e004
+TIMESTAMP 2020-05-14T09:08:22Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl6kBTBfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl69CoZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCcXg/7BNzMr/mNPnHYxDfDRe4oxPQRKDMr1qdDJpwbsh8OJkz5uJfc7W2wRUYJ
-RGaQ9tGkZ8ih3qyETN4MyLIUU28kXcKBY+BJHQtHTlt3J+idwN+vAJJG1HZbTM6G
-L4u2PxciwU2Jwnyj5Xv+R04iRpbOp03aMYk3O8vw1kE84eEWQoYzSl7rsNqVAJtO
-58bQ/ez8BxFjSERAhCviFjQL8u3izCGVwWq6Ecw/rJaI/1h17s/9ps/wytgXCB1w
-z1tLDdUHAlQKOdQ6F/htu6r2jS51ucRZr+asQRZ8UeamFTLW53n4Sqgw408WEb1C
-fWPrxE/Q834drYte/z9lORGOjn6q+Gqw5oeNcTGCbTcN4s2VtEUjvycWeG99XJY0
-zuBgJSj4JrdNfiuEJwiaFiH9L4KqCcrGjatqzSzUA2tzjrO8W1SBXFtTLaIoYA6j
-4aYutgnQqpKkjLhb+c3JblZf2BtqOFCm1Dm7C2pHDwpi/50t5w7jkKTN86sUouZw
-NvwSzhLsAAdx5S3WWnMKcVDLGm8hUkA7ye9xuLr+Mm2Mm3zfNPUrcBLhd5vkfQsJ
-LJqGMG9Wc5C8rJ3KztPMp6atUEMCGCXVFi+2zfk3qhXjfkV6Z1vUOnIDetPVpOhQ
-n4u7WpbM9EuZwBGo1FVq32+0OJXMAkuH/oo3CX+XVKH0dLAEKxc=
-=6TvA
+klBPCQ/9GLnKLMxO7qpPA4LcZCXaZst+azJ4uJlD3wZnODRItV7LeqmFFCwFnZQ/
+yCnVdhTStN8MYHAaEvacNDFVL2PHmX9MJ3zNjvOOpseWnoAZMhaL7wxZY7tYU3Cx
+vdYk43iTDT9RF3/WtAB/0gelTriIoz3bRtvTUCqdAwVO886edrb5q9dA+KN86X3K
+NndLaIwf4S7dc7GVeW7Sipch6n0G5Qi9nVB5X6+SxagJUXJzeYSbU7rtCMvDfXi2
+DR2xTXLX6MjuCKC4iUwBK1mjTuaXPFBJuS8WfC4WueNArbEKAC+3fPPM9OwC6hkk
+ZNX/x8G8LsHw31bSA0qrms0+SzKGsTugDK6PVude5BFE1yujCXzw1Q2znGXiZEch
+sy+U3cGvHh1cuJQX+3I6G/NtaDmDFs+IgfxdPU+AyMHK2ms1M7gPJ+OnamHxivz7
+q3QgAjXGLH4HqqKnVykl4PLi/2WXnq5B7j9JF5uJr7qK0OrCZurcM0vKaCLvcQHW
+f5o0GZmFq4zlWQ4o2kBwYtEXbQ7WMu3m5V71BCVixoZJWPXycD6YcroYUVbaBgBL
+Ek9mMA0cml2tbeii/IVoYLOlKw7dV97+BKLKP+HAJNTRDp1FbfNkJ5fuj5ttvR2t
+Sg6XGLfQTe31ZV0sKxaKtE2q4jGE3OmQZBdPPLqDURwNzqaa4tM=
+=+xry
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index c466aa961150..1ff792f048e2 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202004-02.xml b/metadata/glsa/glsa-202004-02.xml
index 33129dd64c29..479c9bbfe1f5 100644
--- a/metadata/glsa/glsa-202004-02.xml
+++ b/metadata/glsa/glsa-202004-02.xml
@@ -7,21 +7,17 @@
</synopsis>
<product type="ebuild">virtualbox</product>
<announced>2020-04-01</announced>
- <revised count="1">2020-04-01</revised>
+ <revised count="2">2020-04-26</revised>
<bug>714064</bug>
<access>local, remote</access>
<affected>
<package name="app-emulation/virtualbox" auto="yes" arch="*">
- <unaffected range="rge">5.2.36</unaffected>
- <unaffected range="rge">6.0.16</unaffected>
- <unaffected range="rge">6.1.2</unaffected>
- <vulnerable range="lt">6.1.2</vulnerable>
+ <unaffected range="ge">5.2.36</unaffected>
+ <vulnerable range="lt">5.2.36</vulnerable>
</package>
<package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
- <unaffected range="rge">5.2.36</unaffected>
- <unaffected range="rge">6.0.16</unaffected>
- <unaffected range="rge">6.1.2</unaffected>
- <vulnerable range="lt">6.1.2</vulnerable>
+ <unaffected range="ge">5.2.36</unaffected>
+ <vulnerable range="lt">5.2.36</vulnerable>
</package>
</affected>
<background>
@@ -118,5 +114,5 @@
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2727">CVE-2020-2727</uri>
</references>
<metadata tag="requester" timestamp="2020-04-01T19:35:27Z">whissi</metadata>
- <metadata tag="submitter" timestamp="2020-04-01T19:41:08Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-04-26T19:47:03Z">whissi</metadata>
</glsa>
diff --git a/metadata/glsa/glsa-202004-14.xml b/metadata/glsa/glsa-202004-14.xml
new file mode 100644
index 000000000000..31b09f10f695
--- /dev/null
+++ b/metadata/glsa/glsa-202004-14.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-14">
+ <title>FontForge: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in FontForge, the worst of
+ which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">fontforge</product>
+ <announced>2020-04-30</announced>
+ <revised count="1">2020-04-30</revised>
+ <bug>706778</bug>
+ <bug>715808</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="media-gfx/fontforge" auto="yes" arch="*">
+ <unaffected range="ge">20200314</unaffected>
+ <vulnerable range="lt">20200314</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>FontForge is a PostScript font editor and converter.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in FontForge. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could entice a user to open a specially crafted font
+ using FontForge, possibly resulting in execution of arbitrary code with
+ the privileges of the process or a Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All FontForge users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=media-gfx/fontforge-20200314"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15785">CVE-2019-15785</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5395">CVE-2020-5395</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5496">CVE-2020-5496</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-04-01T20:32:15Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-04-30T23:00:58Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-15.xml b/metadata/glsa/glsa-202004-15.xml
new file mode 100644
index 000000000000..29b4a35af54b
--- /dev/null
+++ b/metadata/glsa/glsa-202004-15.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-15">
+ <title>libu2f-host: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in libu2f-host, the worst
+ of which could result in the execution of code.
+ </synopsis>
+ <product type="ebuild">libu2f-host</product>
+ <announced>2020-04-30</announced>
+ <revised count="1">2020-04-30</revised>
+ <bug>678580</bug>
+ <bug>679724</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="app-crypt/libu2f-host" auto="yes" arch="*">
+ <unaffected range="ge">1.1.10</unaffected>
+ <vulnerable range="lt">1.1.10</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Yubico Universal 2nd Factor (U2F) Host C Library.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libu2f-host. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="high">
+ <p>A remote attacker could entice a user to plug-in a malicious USB device,
+ possibly resulting in execution of arbitrary code with the privileges of
+ the process or a Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libu2f-host users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=app-crypt/libu2f-host-1.1.10"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20340">CVE-2018-20340</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9578">CVE-2019-9578</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-04-16T07:16:39Z">BlueKnight</metadata>
+ <metadata tag="submitter" timestamp="2020-04-30T23:12:17Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-16.xml b/metadata/glsa/glsa-202004-16.xml
new file mode 100644
index 000000000000..247dbbc2c38b
--- /dev/null
+++ b/metadata/glsa/glsa-202004-16.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-16">
+ <title>Cacti: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
+ which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">cacti</product>
+ <announced>2020-04-30</announced>
+ <revised count="1">2020-04-30</revised>
+ <bug>715166</bug>
+ <bug>716406</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/cacti" auto="yes" arch="*">
+ <unaffected range="ge">1.2.11</unaffected>
+ <vulnerable range="lt">1.2.11</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Cacti is a complete frontend to rrdtool.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Cacti. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Cacti users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-1.2.11"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8813">CVE-2020-8813</uri>
+ <uri link="https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11">
+ Cacti 1.2.11 Release Notes
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-04-08T05:48:28Z">BlueKnight</metadata>
+ <metadata tag="submitter" timestamp="2020-04-30T23:18:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-17.xml b/metadata/glsa/glsa-202004-17.xml
new file mode 100644
index 000000000000..48d400b6927f
--- /dev/null
+++ b/metadata/glsa/glsa-202004-17.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-17">
+ <title>Django: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Django, the worst of
+ which could result in privilege escalation.
+ </synopsis>
+ <product type="ebuild">django</product>
+ <announced>2020-04-30</announced>
+ <revised count="1">2020-04-30</revised>
+ <bug>692384</bug>
+ <bug>701744</bug>
+ <bug>706204</bug>
+ <bug>707998</bug>
+ <bug>711522</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-python/django" auto="yes" arch="*">
+ <unaffected range="ge">2.2.11</unaffected>
+ <vulnerable range="lt">2.2.11</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Django is a Python-based web framework.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Django. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker, by sending specially crafted input, could possibly
+ cause a Denial of Service condition, or alter the database.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Django users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-python/django-2.2.11"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12308">CVE-2019-12308</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14232">CVE-2019-14232</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14233">CVE-2019-14233</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14234">CVE-2019-14234</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14235">CVE-2019-14235</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19118">CVE-2019-19118</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19844">CVE-2019-19844</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7471">CVE-2020-7471</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9402">CVE-2020-9402</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-04-08T04:55:21Z">BlueKnight</metadata>
+ <metadata tag="submitter" timestamp="2020-04-30T23:30:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-01.xml b/metadata/glsa/glsa-202005-01.xml
new file mode 100644
index 000000000000..3aab94ef2438
--- /dev/null
+++ b/metadata/glsa/glsa-202005-01.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-01">
+ <title>Long Range ZIP: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Long Range ZIP, the
+ worst of which could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">lrzip</product>
+ <announced>2020-05-12</announced>
+ <revised count="1">2020-05-12</revised>
+ <bug>617930</bug>
+ <bug>624462</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="app-arch/lrzip" auto="yes" arch="*">
+ <unaffected range="ge">0.631_p20190619</unaffected>
+ <vulnerable range="lt">0.631_p20190619</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Optimized for compressing large files</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Long Range ZIP. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="low">
+ <p>A remote attacker could entice a user to open a specially crafted
+ archive file possibly resulting in a Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Long Range ZIP users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=app-arch/lrzip-0.631_p20190619"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8842">CVE-2017-8842</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8843">CVE-2017-8843</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8844">CVE-2017-8844</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8845">CVE-2017-8845</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8846">CVE-2017-8846</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8847">CVE-2017-8847</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9928">CVE-2017-9928</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9929">CVE-2017-9929</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-04-05T23:09:43Z">BlueKnight</metadata>
+ <metadata tag="submitter" timestamp="2020-05-12T23:29:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-02.xml b/metadata/glsa/glsa-202005-02.xml
new file mode 100644
index 000000000000..10428dc5ea6c
--- /dev/null
+++ b/metadata/glsa/glsa-202005-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-02">
+ <title>QEMU: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+ which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">qemu</product>
+ <announced>2020-05-12</announced>
+ <revised count="1">2020-05-12</revised>
+ <bug>716518</bug>
+ <bug>717154</bug>
+ <bug>717770</bug>
+ <access>local</access>
+ <affected>
+ <package name="app-emulation/qemu" auto="yes" arch="*">
+ <unaffected range="ge">4.2.0-r5</unaffected>
+ <vulnerable range="lt">4.2.0-r5</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+ CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All QEMU users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-4.2.0-r5"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11102">CVE-2020-11102</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1711">CVE-2020-1711</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7039">CVE-2020-7039</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-04T02:29:17Z">b-man</metadata>
+ <metadata tag="submitter" timestamp="2020-05-12T23:31:56Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-03.xml b/metadata/glsa/glsa-202005-03.xml
new file mode 100644
index 000000000000..0311ac6901f8
--- /dev/null
+++ b/metadata/glsa/glsa-202005-03.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-03">
+ <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+ the worst of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">thunderbird</product>
+ <announced>2020-05-12</announced>
+ <revised count="1">2020-05-12</revised>
+ <bug>721324</bug>
+ <access>remote</access>
+ <affected>
+ <package name="mail-client/thunderbird" auto="yes" arch="*">
+ <unaffected range="ge">68.8.0</unaffected>
+ <vulnerable range="lt">68.8.0</vulnerable>
+ </package>
+ <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+ <unaffected range="ge">68.8.0</unaffected>
+ <vulnerable range="lt">68.8.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Thunderbird is a popular open-source email client from the
+ Mozilla project.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+ Please review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker may be able to execute arbitrary code, cause a Denial
+ of Service condition or spoof sender email address.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.8.0"
+ </code>
+
+ <p>All Mozilla Thunderbird binary users should upgrade to the latest
+ version:
+ </p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=mail-client/thunderbird-bin-68.8.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12397">CVE-2020-12397</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri>
+ <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/">
+ MFSA-2020-18
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-06T20:22:31Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-05-12T23:34:15Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-04.xml b/metadata/glsa/glsa-202005-04.xml
new file mode 100644
index 000000000000..d5c267fdd883
--- /dev/null
+++ b/metadata/glsa/glsa-202005-04.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-04">
+ <title>Mozilla Firefox: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+ worst of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">firefox</product>
+ <announced>2020-05-12</announced>
+ <revised count="1">2020-05-12</revised>
+ <bug>721090</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge">68.8.0</unaffected>
+ <vulnerable range="lt">68.8.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge">68.8.0</unaffected>
+ <vulnerable range="lt">68.8.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+ Project.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could entice a user to view a specially crafted web
+ page, possibly resulting in the execution of arbitrary code with the
+ privileges of the process, an information leak or a Denial of Service
+ condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.8.0"
+ </code>
+
+ <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.8.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12394">CVE-2020-12394</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12396">CVE-2020-12396</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri>
+ <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/">
+ MFSA-2020-17
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-06T14:48:10Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-05-12T23:36:01Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-05.xml b/metadata/glsa/glsa-202005-05.xml
new file mode 100644
index 000000000000..3e3855c771f2
--- /dev/null
+++ b/metadata/glsa/glsa-202005-05.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-05">
+ <title>Squid: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Squid, the worst of
+ which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">squid</product>
+ <announced>2020-05-12</announced>
+ <revised count="1">2020-05-12</revised>
+ <bug>719046</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-proxy/squid" auto="yes" arch="*">
+ <unaffected range="ge">4.11</unaffected>
+ <vulnerable range="lt">4.11</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Squid is a full-featured Web proxy cache designed to run on Unix
+ systems. It supports proxying and caching of HTTP, FTP, and other URLs,
+ as well as SSL support, cache hierarchies, transparent caching, access
+ control lists and many other features.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Squid. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Squid users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-4.11"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12519">CVE-2019-12519</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12521">CVE-2019-12521</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11945">CVE-2020-11945</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-04T11:10:13Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-05-12T23:40:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 64d6d4b98f8d..a8a4210fb03b 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 25 Apr 2020 09:38:53 +0000
+Thu, 14 May 2020 09:08:19 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index eab48bd233f7..42d3e919a17e 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-5f514a6bc0b6082d08328fcc290cbba6761ee102 1587655514 2020-04-23T15:25:14+00:00
+87a3185d1d1560e7d00df11c54ac0f9e63c64368 1589326875 2020-05-12T23:41:15+00:00