gentoo resync : 08.09.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-09-08 01:07:24 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2019-09-08 01:07:24 +0100
commit: e3cf2c86fca1750343c1885311f857f185ee4f2d (patch)
tree: d9d1fbc20509d4c90f57fb2d9e1459bc8034c831 /metadata/glsa
parent: f1af93971b7490792d8541bc790e0d8c6d787059 (diff)
10 files changed, 404 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 14342aa9db71..eba6cee644e5 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 447571 BLAKE2B 5dcbf22acab4aa936027b65cb350fd1f2f1c1e2537d9521e947b1cbe33f4d7b2b6fbb6bb4805bdf0c5ff45c77fcb33345e4c8d8b89729f3fa2275febb0067a24 SHA512 85251d26f1a84f633b1f394aeaeb284222b79a86f4ce32b3e4e3dbc431b1a27e54bd1e6b1023f766bdacf2a7c3226992247aab3e13dd008f70ff63b9b31dcd87
-TIMESTAMP 2019-09-06T08:39:04Z
+MANIFEST Manifest.files.gz 448529 BLAKE2B 70fc5fdf3704f2b7ec0033da58e9dba173720d87011ed4a8c13796a79ab719c338f43528d1a392475f724b87e95f6e187b39a6f6e92d64f4882d0f0004bffa24 SHA512 53832aafadeff79f44632a74dc19ba49106055cc3a8017511025ef2e4ca2499a5d5154766e4957167240e37b7e0bfd956e305d79053c82988ad80b673f006f8c
+TIMESTAMP 2019-09-07T23:09:08Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl1yGyhfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl10OJRfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCTtxAAhLPXP6XvR+/h9wHgS6IrEhLTQ3N5A5s8veo5JxxSv6qrosvcmz5D1Enx
-1TjSiBhfKZMacSjIbDbwn0LZ5r5e7RcZnY8wPpieL7xcYhgRF935Py4CTsjkEZXR
-EjCQWPbsSsPgTSya/RkMowmHib4ruGJtqKc12MJFB4XXGizIfGxT5sE278hJ4kKn
-oysYDsJgdq4Md9KRwr04f59oncNx3cvtfDCNfYDl9G1m57GZC/A/uuCdyx6wRk8B
-jdKDwxE7Yz3rJAHDnbiN629i3HaaN1Csu1IVgXKbUToCaKwRwno5W4uJE9tnNZjk
-RIFsdPrV/C62PdZXyxB8koPk5pVx/fmwn8hdh3Q23pITZXnUKQdEHg5gqV447KGk
-WlNi40qMmw5npaUmKWUGNCyNj4211BGPzbjn4xOKGQwZOAZZkE3eyNBWiS6kNALL
-2LkBmHjPe8It97gXBBfdyMElxMUhK1GljNFF7K8X10kT4Tnqy04q2heRN7e2pcaH
-y8H9iQlzFvi0fJt2yZZfKmc/ktlHwXiQJeFzk9ym+PiM2dmr35roCfR26aKF7yio
-LMCmGWvAW7WDxpAKDzfSmS05oavvtT9nI7H1MjZHSoHHescL6vVQU2drelNIyCuQ
-QVoSn7xRqg3yPU6F2lwhGCNKq95XcprgmmRseY8RnxHOEdddRXA=
-=x/mL
+klCN8A//SkpChS4L4qFkiOHwjHf4wtUIa7szn1dux34X7fyb3W/5uXdyyRqCarK9
+X9Y8yqKkKUWBTRP195IsRMn76nJD0AwX2v5sKvOEsJJjCMD3Ka8uxKJqb1V23JXM
+LXn0/cqFJHQCfVnZvNLQUCOg5TJEtKZQJVEojFwpicB8usWdGrvk0tuxi81bLbOB
++1ekRMfKy3Ik2sdMWKrowEoeoicOcbYTi7yGT+z8YceVIku+pDeq0Tbj8jvfOYdf
+sdo5pPJeqYFk788zYELBpUGAfM1RkMTv3uuTdQ6bIjNnjb0cp2TP62oSoEYWOWDg
+qh2Ts+j7As00AGtxjq6zv2jQj03rugy3aiz9FvEhR7aLh+acYgD66Lale9QXnHa+
+SLiA22EOXIuACTnFZr0E/IdZGU/KG3QFr2EKCmsupUVxiUINM/Ypz73bmbi6lEIW
+7/ziqcDqYBMmxTcZg5x3gyqrOU/Na/nXEJZ3dLyA7zCtkgts+W4+oh2Iwm9Vcajn
+FTHp0D0ep4hAv505JGUEKPv8tBsU4tmcdjbcpKBXaAF10OU4bkEJd3hzvcNTqrim
+0V1YIj482yNYDWuQEOrru5yBRXrZj9nr+yAkW/sqGvH5zCSAeuMxOKTvzHlO1p1p
+tEizdnKAB6hB3tFjgiF/JMZkDxx3+pMYoTnu57m0KQUjlcVTboo=
+=V6QD
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 8045ca98ae1e..81138f54ea78 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201909-01.xml b/metadata/glsa/glsa-201909-01.xml
new file mode 100644
index 000000000000..d94daf002b35
--- /dev/null
+++ b/metadata/glsa/glsa-201909-01.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-01">
+  <title>Perl: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Perl, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">perl</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>653432</bug>
+  <bug>670190</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/perl" auto="yes" arch="*">
+      <unaffected range="ge">5.28.2</unaffected>
+      <vulnerable range="lt">5.28.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Perl is a highly capable, feature-rich programming language.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Perl. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Perl users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.28.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18311">CVE-2018-18311</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18312">CVE-2018-18312</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18313">CVE-2018-18313</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18314">CVE-2018-18314</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6797">CVE-2018-6797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6798">CVE-2018-6798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6913">CVE-2018-6913</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-01T00:43:08Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:00:53Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-02.xml b/metadata/glsa/glsa-201909-02.xml
new file mode 100644
index 000000000000..14e36289adff
--- /dev/null
+++ b/metadata/glsa/glsa-201909-02.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-02">
+  <title>VLC: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in VLC, the worst of which
+    could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>689974</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">3.0.8</unaffected>
+      <vulnerable range="lt">3.0.8</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in VLC. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.8"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13602">CVE-2019-13602</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13962">CVE-2019-13962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14437">CVE-2019-14437</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14438">CVE-2019-14438</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14498">CVE-2019-14498</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14533">CVE-2019-14533</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14534">CVE-2019-14534</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14535">CVE-2019-14535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14776">CVE-2019-14776</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14777">CVE-2019-14777</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14778">CVE-2019-14778</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14970">CVE-2019-14970</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:22:22Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-03.xml b/metadata/glsa/glsa-201909-03.xml
new file mode 100644
index 000000000000..70b47802e0c1
--- /dev/null
+++ b/metadata/glsa/glsa-201909-03.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-03">
+  <title>Pango: Buffer overflow</title>
+  <synopsis>A buffer overflow in Pango might allow an attacker to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">pango</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>692110</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/pango" auto="yes" arch="*">
+      <unaffected range="ge">1.42.4-r2</unaffected>
+      <vulnerable range="lt">1.42.4-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Pango is a library for layout and rendering of internationalized text.</p>
+  </background>
+  <description>
+    <p>A buffer overflow has been discovered in Pango’s
+      pango_log2vis_get_embedding_levels function.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted
+      string with functions like pango_itemize, possibly resulting in execution
+      of arbitrary code with the privileges of the process or a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pango users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/pango-1.42.4-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-1010238">
+      CVE-2019-1010238
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:32:20Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:18Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-04.xml b/metadata/glsa/glsa-201909-04.xml
new file mode 100644
index 000000000000..0d229fc59291
--- /dev/null
+++ b/metadata/glsa/glsa-201909-04.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-04">
+  <title>Apache: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Apache, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">apache</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>692172</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/apache" auto="yes" arch="*">
+      <unaffected range="ge">2.4.41</unaffected>
+      <vulnerable range="lt">2.4.41</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Apache HTTP server is one of the most popular web servers on the
+      Internet.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Apache. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.4.41"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10081">CVE-2019-10081</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10082">CVE-2019-10082</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10092">CVE-2019-10092</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10097">CVE-2019-10097</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-10098">CVE-2019-10098</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9517">CVE-2019-9517</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:39:09Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:34Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-05.xml b/metadata/glsa/glsa-201909-05.xml
new file mode 100644
index 000000000000..dfe043bf6ac4
--- /dev/null
+++ b/metadata/glsa/glsa-201909-05.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-05">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkitgtk+</product>
+  <announced>2019-09-06</announced>
+  <revised count="1">2019-09-06</revised>
+  <bug>683234</bug>
+  <bug>686216</bug>
+  <bug>693122</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.24.4</unaffected>
+      <vulnerable range="lt">2.24.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by enticing a user to visit maliciously crafted web
+      content, may be able to execute arbitrary code or cause memory
+      corruption.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.24.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-11070">CVE-2019-11070</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6201">CVE-2019-6201</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6251">CVE-2019-6251</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7285">CVE-2019-7285</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7292">CVE-2019-7292</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8503">CVE-2019-8503</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8506">CVE-2019-8506</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8515">CVE-2019-8515</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8518">CVE-2019-8518</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8523">CVE-2019-8523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8524">CVE-2019-8524</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8535">CVE-2019-8535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8536">CVE-2019-8536</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8544">CVE-2019-8544</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8551">CVE-2019-8551</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8558">CVE-2019-8558</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8559">CVE-2019-8559</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8563">CVE-2019-8563</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8595">CVE-2019-8595</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8607">CVE-2019-8607</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8615">CVE-2019-8615</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8644">CVE-2019-8644</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8649">CVE-2019-8649</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8658">CVE-2019-8658</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8666">CVE-2019-8666</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8669">CVE-2019-8669</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8671">CVE-2019-8671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8672">CVE-2019-8672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8673">CVE-2019-8673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8676">CVE-2019-8676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8677">CVE-2019-8677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8678">CVE-2019-8678</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8679">CVE-2019-8679</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8680">CVE-2019-8680</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8681">CVE-2019-8681</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8683">CVE-2019-8683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8684">CVE-2019-8684</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8686">CVE-2019-8686</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8687">CVE-2019-8687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8688">CVE-2019-8688</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8689">CVE-2019-8689</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-8690">CVE-2019-8690</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2019-0002.html">WSA-2019-0002</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2019-0004.html">WSA-2019-0004</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-02T22:15:30Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2019-09-06T16:01:55Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201909-06.xml b/metadata/glsa/glsa-201909-06.xml
new file mode 100644
index 000000000000..b8780c59022a
--- /dev/null
+++ b/metadata/glsa/glsa-201909-06.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201909-06">
+  <title>Exim: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Exim, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2019-09-07</announced>
+  <revised count="1">2019-09-07</revised>
+  <bug>692394</bug>
+  <bug>693494</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.92.2</unaffected>
+      <vulnerable range="lt">4.92.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Exim. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by connecting to the SMTP listener daemon, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.92.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13917">CVE-2019-13917</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15846">CVE-2019-15846</uri>
+  </references>
+  <metadata tag="requester" timestamp="2019-09-06T15:35:36Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2019-09-07T00:22:35Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 2f6a7762bf94..36c3392d5556 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 06 Sep 2019 08:39:01 +0000
+Sat, 07 Sep 2019 23:09:04 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index ac1358016db9..82f2e1957979 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-b3e8c925d3f6eb29b568169ff67ed18a2ff264c2 1567285941 2019-08-31T21:12:21+00:00
+68b71b2cbc79a9ef9e8701eb09586b9f2f9eb7b2 1567815781 2019-09-07T00:23:01+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2019-09-08 01:07:24 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2019-09-08 01:07:24 +0100
commit	e3cf2c86fca1750343c1885311f857f185ee4f2d (patch)
tree	d9d1fbc20509d4c90f57fb2d9e1459bc8034c831 /metadata/glsa
parent	f1af93971b7490792d8541bc790e0d8c6d787059 (diff)