gentoo resync : 29.01.2021

author: V3n3RiX <venerix@redcorelinux.org> 2021-01-29 18:03:51 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2021-01-29 18:03:51 +0000
commit: d7ed2b01311f15ba54fe8ea872aab7d59ab2b193 (patch)
tree: 1814dd2b5bbf2e7639fdafbeef48d228cfaf5e9b /metadata/glsa
parent: abaa75b10f899ada8dd05b23cc03205064394bc6 (diff)
25 files changed, 1262 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 807eb9d9b2ba..bdb466ec6711 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 496888 BLAKE2B 9a8e48e705b83d0db366e4888a292cde78b191857d846a370c8c9908479c42c700f1d323d98e4aa4d9b6c2e0d3a80723d6cf76b125a273f90c8452ccb8f52fcf SHA512 d3e9efddd34ec46cab11f602c4a7b71480efc08ed49372d92ba27d45fdaf8129db8b52a169483e512d968a24c9a22f50140b178eb538444bb6200ee4eec5ef81
-TIMESTAMP 2021-01-22T20:08:39Z
+MANIFEST Manifest.files.gz 500220 BLAKE2B aabc50258bfbbe2cb5f971f25f26b6c05a6f14b711c2f736db373e7c0f145f0cf5c547efb6e1ec1d43ad7c393a98fedc6e4f0b6a62a75dea9d2737f89715f3bb SHA512 66b9eade9f3337a820d760fef65a13534a76b1b7a62212ccfc6cd15a592b34f013e749b09caeb49eab79948c7489c23ae10c93f2b39bc07cd930f362aace586e
+TIMESTAMP 2021-01-29T17:38:24Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmALMMdfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmAUSBBfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klC88Q//X2h0rP3NYa0rA8lySWj21hExpd6/llu7LS18xkxy3t7T9SG17c7CxY8z
-TTWPoQm0Ck9li0rKVfo5/GJL5gtL4jqEKWBUcfGECIzymm7ouwxn9XF8HfziX5YB
-TbuZYFjemEbmPBHclDtOxS10sxuN4GL9g/yef9kBwST1bGPZBfksNIBllaqz19VW
-P5bdRYoglf2LoH9Hp7VbppJAmyJPCEbJfsN5xvL0giqlR5V44JjRnfsh0RE1ni5I
-Om+WilXAuyDH55a3jTZzX2IrGic5q1N7JIrTI/3/wjf8GY/ecIgtJQMpijNrcHEb
-sW4OsfnbgTICm5QBLjx8IR0cFE3DQ1PkcfEJyHuStoNq2q10dIpvRdIV2dv5JeJ6
-Jy85jnXeGfXkD6PG2VoHdgqGhYmtzUoCNmyRvtIKJFXUfUoZ1Qer8kogO5xctzo5
-ro6JOuM8/vUhyyOSs7Nn08uwZ7pLTifo5omDX/pVElTxT6NQ+51Rig9ty/OQrkdt
-5n+gIRdj81ntikW4pGOPOjfqt95epN2znjxapGLiw+01wWvp4YBr3OLTDCoObTxT
-l0heXWC3+RVZ6Cm1CCoDdEYopn5fAuVPWG7FZ48KdZ00n5zwnHNIBbvSYb8+ahp3
-9ZlXb0dbyw0uSEtPBb7CWgEKKnH33BMoleap1KUvQfeJPzp3lLA=
-=2FTv
+klCamA/+PkIaOt+yq+q+7+OFtHAAlHiYG+YXTxjt4S0/SL86nCk5a3cgidEelaiW
+3YcydTbBCJj6DqPO50n0w9U/LnYp4rZUuZCGmopTbw6wePvJUg6jjr7wmMRzZr2T
+hu/YRNE3+NcN1XPiHXXUfx5JcHFMV3uVe1sxjKC3NUWy6TPfPRPun3YqMzdVRsRr
+/athvqya/wi0kbrmjZ8p3qAgbz7+jyuDmV5k/YfGjYnZSyY8W0d4LgRsHWqs36Lo
+fvDzc9LVK1jgJMIxPOwpfrU1IvYoKN4E7oVZjby/jgjN4BFNtcxlKjoieEVbPXtC
+Kp0pqT5wvzgjuX9L1gwtYExa93mT9G5skQDJTom0De1hSF+yV4/dGovUYYLQv2aF
+h9MzCOGhP+MeW4+1R6Tmhoo9JeIJ9wdev/mLRnuF5oNt74OxtRwFfMdL6GEmAtsX
+csR9kiTsGMlxtvwVqlCdJ2FKo3Vg7ztj2z644hCjzfM8hVCH5kewtF2cTj8ndQzX
+hGd7+uX3ZR6pG58o8nZE/hrfueVU6yjcLjZ7+PppWGVyZqiGq3dLJmkJnp3I+CJy
+oQyhvmEPIunsxAZ/MUctjydLVrGW5iynT6w8j28BGzqCufSG60XXrY9T2zRmOVEV
+xE8aprokT9xx0mdBin2FMLspjProhrmYDfxvlBK3bL9o1riX4RE=
+=JcYw
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index ab29e0fa0273..8e5c9db63e0a 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202101-18.xml b/metadata/glsa/glsa-202101-18.xml
new file mode 100644
index 000000000000..03d6e27b19ce
--- /dev/null
+++ b/metadata/glsa/glsa-202101-18.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-18">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Python, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2021-01-24</announced>
+  <revised count="1">2021-01-24</revised>
+  <bug>749339</bug>
+  <bug>759928</bug>
+  <bug>766189</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.18-r6</unaffected>
+      <unaffected range="ge" slot="3.6">3.6.12-r2</unaffected>
+      <unaffected range="ge" slot="3.7">3.7.9-r2</unaffected>
+      <unaffected range="ge" slot="3.8">3.8.7-r1</unaffected>
+      <unaffected range="ge" slot="3.9">3.9.1-r1</unaffected>
+      <vulnerable range="lt" slot="2.7">2.7.18-r6</vulnerable>
+      <vulnerable range="lt" slot="3.6">3.6.12-r2</vulnerable>
+      <vulnerable range="lt" slot="3.7">3.7.9-r2</vulnerable>
+      <vulnerable range="lt" slot="3.8">3.8.7-r1</vulnerable>
+      <vulnerable range="lt" slot="3.9">3.9.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Python. Please review
+      the bugs referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 2.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.18-r5"
+    </code>
+    
+    <p>All Python 3.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.6.12-r1"
+    </code>
+    
+    <p>All Python 3.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.7.9-r1"
+    </code>
+    
+    <p>All Python 3.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.8.6-r1"
+    </code>
+    
+    <p>All Python 3.9 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.9.0-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26116">CVE-2020-26116</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3177">CVE-2021-3177</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-04T03:36:56Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-24T23:58:22Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-19.xml b/metadata/glsa/glsa-202101-19.xml
new file mode 100644
index 000000000000..866c37dcdf8a
--- /dev/null
+++ b/metadata/glsa/glsa-202101-19.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-19">
+  <title>OpenJDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJDK, the worst of
+    which could result in the arbitrary execution of code. 
+  </synopsis>
+  <product type="ebuild">openjdk</product>
+  <announced>2021-01-25</announced>
+  <revised count="1">2021-01-25</revised>
+  <bug>705992</bug>
+  <bug>750833</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/openjdk" auto="yes" arch="*">
+      <unaffected range="ge">8.272_p10</unaffected>
+      <vulnerable range="lt">8.272_p10</vulnerable>
+    </package>
+    <package name="dev-java/openjdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">8.272_p10</unaffected>
+      <vulnerable range="lt">8.272_p10</vulnerable>
+    </package>
+    <package name="dev-java/openjdk-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">8.272_p10</unaffected>
+      <vulnerable range="lt">8.272_p10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJDK is a free and open-source implementation of the Java Platform,
+      Standard Edition.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJDK. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJDK users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-8.272_p10"
+    </code>
+    
+    <p>All OpenJDK (binary) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-bin-8.272_p10"
+    </code>
+    
+    <p>All OpenJDK JRE (binary) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/openjdk-jre-bin-8.272_p10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14779">CVE-2020-14779</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14781">CVE-2020-14781</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14782">CVE-2020-14782</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14792">CVE-2020-14792</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14796">CVE-2020-14796</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14797">CVE-2020-14797</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14798">CVE-2020-14798</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14803">CVE-2020-14803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2583">CVE-2020-2583</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2590">CVE-2020-2590</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2593">CVE-2020-2593</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2601">CVE-2020-2601</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2604">CVE-2020-2604</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2654">CVE-2020-2654</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2659">CVE-2020-2659</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-01T10:46:07Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-25T00:02:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-20.xml b/metadata/glsa/glsa-202101-20.xml
new file mode 100644
index 000000000000..c4fc0f6dd37c
--- /dev/null
+++ b/metadata/glsa/glsa-202101-20.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-20">
+  <title>glibc: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in glibc, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">glibc</product>
+  <announced>2021-01-25</announced>
+  <revised count="1">2021-01-25</revised>
+  <bug>611344</bug>
+  <bug>717058</bug>
+  <bug>720730</bug>
+  <bug>758359</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-libs/glibc" auto="yes" arch="*">
+      <unaffected range="ge">2.32-r5</unaffected>
+      <vulnerable range="lt">2.32-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>glibc is a package that contains the GNU C library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in glibc. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All glibc users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.32-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10228">CVE-2016-10228</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1752">CVE-2020-1752</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29562">CVE-2020-29562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29573">CVE-2020-29573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6096">CVE-2020-6096</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-12-27T17:59:30Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-25T00:05:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-21.xml b/metadata/glsa/glsa-202101-21.xml
new file mode 100644
index 000000000000..38c63fc9f4d1
--- /dev/null
+++ b/metadata/glsa/glsa-202101-21.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-21">
+  <title>Flatpak: Sandbox escape</title>
+  <synopsis>A vulnerability was discovered in Flatpak which could allow a
+    remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">flatpak</product>
+  <announced>2021-01-25</announced>
+  <revised count="1">2021-01-25</revised>
+  <bug>765457</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/flatpak" auto="yes" arch="*">
+      <unaffected range="ge">1.10.0</unaffected>
+      <vulnerable range="lt">1.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Flatpak is a Linux application sandboxing and distribution framework.</p>
+  </background>
+  <description>
+    <p>A bug was discovered in the flatpak-portal service that can allow
+      sandboxed applications to execute arbitrary code on the host system (a
+      sandbox escape).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      Flatpak app possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>As a workaround, this vulnerability can be mitigated by preventing the
+      flatpak-portal service from starting, but that mitigation will prevent
+      many Flatpak apps from working correctly. It is highly recommended to
+      upgrade.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Flatpak users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/flatpak-1.10.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21261">CVE-2021-21261</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-22T00:26:55Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-25T00:07:24Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-22.xml b/metadata/glsa/glsa-202101-22.xml
new file mode 100644
index 000000000000..36a94ff168ac
--- /dev/null
+++ b/metadata/glsa/glsa-202101-22.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-22">
+  <title>libvirt: Unintended access to /dev/mapper/control</title>
+  <synopsis>A vulnerability in libvirt may allow root privilege escalation.</synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>739948</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">6.7.0</unaffected>
+      <vulnerable range="lt">6.7.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+  </background>
+  <description>
+    <p>A file descriptor for /dev/mapper/control was insufficiently protected.</p>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to escalate to root privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-6.7.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14339">CVE-2020-14339</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-05T23:25:12Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:10:19Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-23.xml b/metadata/glsa/glsa-202101-23.xml
new file mode 100644
index 000000000000..d3ba7f305498
--- /dev/null
+++ b/metadata/glsa/glsa-202101-23.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-23">
+  <title>PEAR Archive_Tar: Directory traversal</title>
+  <synopsis>Multiple vulnerabilities have been found in PEAR Archive_Tar, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">PEAR-Archive_Tar</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>755653</bug>
+  <bug>766036</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/PEAR-Archive_Tar" auto="yes" arch="*">
+      <unaffected range="ge">1.4.12</unaffected>
+      <vulnerable range="lt">1.4.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>This class provides handling of tar files in PHP.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PEAR Archive_Tar.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PEAR-Archive_Tar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-Archive_Tar-1.4.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28948">CVE-2020-28948</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28949">CVE-2020-28949</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36193">CVE-2020-36193</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T23:43:27Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:10:53Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-24.xml b/metadata/glsa/glsa-202101-24.xml
new file mode 100644
index 000000000000..3e9fb3f77765
--- /dev/null
+++ b/metadata/glsa/glsa-202101-24.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-24">
+  <title>cfitsio: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cfitsio, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">cfitsio</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>673944</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sci-libs/cfitsio" auto="yes" arch="*">
+      <unaffected range="ge">3.490</unaffected>
+      <vulnerable range="lt">3.490</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A C and Fortran library for manipulating FITS files.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cfitsio. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cfitsio users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sci-libs/cfitsio-3.490"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3846">CVE-2018-3846</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3847">CVE-2018-3847</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3848">CVE-2018-3848</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-3849">CVE-2018-3849</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T23:40:35Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:12:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-25.xml b/metadata/glsa/glsa-202101-25.xml
new file mode 100644
index 000000000000..6914662437b5
--- /dev/null
+++ b/metadata/glsa/glsa-202101-25.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-25">
+  <title>Mutt: Denial of service</title>
+  <synopsis>A vulnerability in Mutt could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">mutt</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>765790</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">2.0.4-r1</unaffected>
+      <vulnerable range="lt">2.0.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but very powerful text-based mail client.</p>
+  </background>
+  <description>
+    <p>A memory leak could occur when a crafted email message is received.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/mutt-2.0.4-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3181">CVE-2021-3181</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T23:33:22Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:13:00Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-26.xml b/metadata/glsa/glsa-202101-26.xml
new file mode 100644
index 000000000000..64fbf2c1b631
--- /dev/null
+++ b/metadata/glsa/glsa-202101-26.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-26">
+  <title>f2fs-tools: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in f2fs-tools, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">f2fs-tools</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>749318</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-fs/f2fs-tools" auto="yes" arch="*">
+      <unaffected range="ge">1.14.0</unaffected>
+      <vulnerable range="lt">1.14.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tools for Flash-Friendly File System (F2FS).</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in f2fs-tools. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All f2fs-tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-fs/f2fs-tools-1.14.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6104">CVE-2020-6104</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6105">CVE-2020-6105</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6106">CVE-2020-6106</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6107">CVE-2020-6107</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6108">CVE-2020-6108</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-01T10:45:37Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:13:26Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-27.xml b/metadata/glsa/glsa-202101-27.xml
new file mode 100644
index 000000000000..776a91822460
--- /dev/null
+++ b/metadata/glsa/glsa-202101-27.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-27">
+  <title>FreeRADIUS: Root privilege escalation</title>
+  <synopsis>Multiple vulnerabilities were discovered in Gentoo's systemd unit
+    for FreeRADIUS which could lead to root privilege escalation.
+  </synopsis>
+  <product type="ebuild">freeradius</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>630910</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-dialup/freeradius" auto="yes" arch="*">
+      <unaffected range="ge">3.0.20-r1</unaffected>
+      <vulnerable range="lt">3.0.20-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeRADIUS is a modular, high performance free RADIUS suite.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s FreeRADIUS systemd unit set
+      permissions on an unsafe directory on start.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeRADIUS users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dialup/freeradius-3.0.20-r1"
+    </code>
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T21:55:08Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:13:46Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-28.xml b/metadata/glsa/glsa-202101-28.xml
new file mode 100644
index 000000000000..8ba014862bfd
--- /dev/null
+++ b/metadata/glsa/glsa-202101-28.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-28">
+  <title>ncurses: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ncurses, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">ncurses</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>698210</bug>
+  <access>remote</access>
+  <affected>
+    <package name="sys-apps/ncurses" auto="yes" arch="*">
+      <unaffected range="ge">6.2</unaffected>
+      <vulnerable range="lt">6.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A console display library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ncurses. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ncurses users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/ncurses-6.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17594">CVE-2019-17594</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17595">CVE-2019-17595</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T17:12:09Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:14:57Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-29.xml b/metadata/glsa/glsa-202101-29.xml
new file mode 100644
index 000000000000..5f2c0b02b104
--- /dev/null
+++ b/metadata/glsa/glsa-202101-29.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-29">
+  <title>OpenJPEG: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJPEG, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">openjpeg</product>
+  <announced>2021-01-26</announced>
+  <revised count="2">2021-01-26</revised>
+  <bug>711260</bug>
+  <bug>718918</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openjpeg" auto="yes" arch="*">
+      <unaffected range="ge" slot="2">2.4.0</unaffected>
+      <vulnerable range="lt" slot="2">2.4.0</vulnerable>
+      <vulnerable range="lt" slot="1">1.5.2-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJPEG is an open-source JPEG 2000 library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJPEG. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJPEG 2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openjpeg-2.4.0:2"
+    </code>
+    
+    <p>Gentoo has discontinued support OpenJPEG 1.x and any dependent packages
+      should now be using OpenJPEG 2 or have dropped support for the library.
+      We recommend that users unmerge OpenJPEG 1.x:
+    </p>
+    
+    <code>
+      # emerge --unmerge "media-libs/openjpeg:1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-21010">CVE-2018-21010</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12973">CVE-2019-12973</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15389">CVE-2020-15389</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27814">CVE-2020-27814</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27841">CVE-2020-27841</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27842">CVE-2020-27842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27843">CVE-2020-27843</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27844">CVE-2020-27844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27845">CVE-2020-27845</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T20:17:39Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T02:54:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-30.xml b/metadata/glsa/glsa-202101-30.xml
new file mode 100644
index 000000000000..0c4e07eeaaa7
--- /dev/null
+++ b/metadata/glsa/glsa-202101-30.xml
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-30">
+  <title>Qt WebEngine: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Qt WebEngine, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">qtwebengine</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>734600</bug>
+  <bug>754852</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-qt/qtwebengine" auto="yes" arch="*">
+      <unaffected range="ge">5.15.2</unaffected>
+      <vulnerable range="lt">5.15.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Library for rendering dynamic web content in Qt5 C++ and QML
+      applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Qt WebEngine. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Qt WebEngine users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-qt/qtwebengine-5.15.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15959">CVE-2020-15959</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15959">CVE-2020-15959</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15960">CVE-2020-15960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15960">CVE-2020-15960</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15961">CVE-2020-15961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15961">CVE-2020-15961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15962">CVE-2020-15962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15962">CVE-2020-15962</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15963">CVE-2020-15963</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15963">CVE-2020-15963</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15964">CVE-2020-15964</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15964">CVE-2020-15964</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15965">CVE-2020-15965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15965">CVE-2020-15965</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15966">CVE-2020-15966</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15966">CVE-2020-15966</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15968">CVE-2020-15968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15968">CVE-2020-15968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15969">CVE-2020-15969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15969">CVE-2020-15969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15972">CVE-2020-15972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15972">CVE-2020-15972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15974">CVE-2020-15974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15974">CVE-2020-15974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15976">CVE-2020-15976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15976">CVE-2020-15976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15977">CVE-2020-15977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15977">CVE-2020-15977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15978">CVE-2020-15978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15978">CVE-2020-15978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15979">CVE-2020-15979</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15979">CVE-2020-15979</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15985">CVE-2020-15985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15985">CVE-2020-15985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15987">CVE-2020-15987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15987">CVE-2020-15987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15989">CVE-2020-15989</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15989">CVE-2020-15989</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15992">CVE-2020-15992</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15992">CVE-2020-15992</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16001">CVE-2020-16001</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16001">CVE-2020-16001</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16002">CVE-2020-16002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16002">CVE-2020-16002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16003">CVE-2020-16003</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16003">CVE-2020-16003</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6467">CVE-2020-6467</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6467">CVE-2020-6467</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6470">CVE-2020-6470</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6470">CVE-2020-6470</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6471">CVE-2020-6471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6471">CVE-2020-6471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6472">CVE-2020-6472</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6473">CVE-2020-6473</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6474">CVE-2020-6474</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6475">CVE-2020-6475</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6476">CVE-2020-6476</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6480">CVE-2020-6480</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6481">CVE-2020-6481</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6482">CVE-2020-6482</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6483">CVE-2020-6483</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6486">CVE-2020-6486</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6487">CVE-2020-6487</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6489">CVE-2020-6489</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6490">CVE-2020-6490</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6506">CVE-2020-6506</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6510">CVE-2020-6510</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6511">CVE-2020-6511</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6512">CVE-2020-6512</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6513">CVE-2020-6513</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6514">CVE-2020-6514</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6518">CVE-2020-6518</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6523">CVE-2020-6523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6524">CVE-2020-6524</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6526">CVE-2020-6526</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6529">CVE-2020-6529</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6530">CVE-2020-6530</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6531">CVE-2020-6531</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6532">CVE-2020-6532</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6533">CVE-2020-6533</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6534">CVE-2020-6534</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6535">CVE-2020-6535</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6540">CVE-2020-6540</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6541">CVE-2020-6541</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6542">CVE-2020-6542</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6543">CVE-2020-6543</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6544">CVE-2020-6544</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6545">CVE-2020-6545</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6548">CVE-2020-6548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6549">CVE-2020-6549</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6550">CVE-2020-6550</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6551">CVE-2020-6551</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6555">CVE-2020-6555</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6557">CVE-2020-6557</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6559">CVE-2020-6559</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6561">CVE-2020-6561</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6562">CVE-2020-6562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6569">CVE-2020-6569</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6570">CVE-2020-6570</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6571">CVE-2020-6571</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6573">CVE-2020-6573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6575">CVE-2020-6575</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6576">CVE-2020-6576</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-25T23:03:36Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T00:15:52Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-31.xml b/metadata/glsa/glsa-202101-31.xml
new file mode 100644
index 000000000000..3d7dcd82f908
--- /dev/null
+++ b/metadata/glsa/glsa-202101-31.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-31">
+  <title>Cacti: Remote code execution</title>
+  <synopsis>A vulnerability in Cacti could lead to remote code execution.</synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>765019</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">1.2.16-r1</unaffected>
+      <vulnerable range="lt">1.2.16-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool.</p>
+  </background>
+  <description>
+    <p>The side_id parameter in data_debug.php does not properly verify input
+      allowing SQL injection.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-1.2.16-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35701">CVE-2020-35701</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-26T00:34:29Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T23:38:21Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-32.xml b/metadata/glsa/glsa-202101-32.xml
new file mode 100644
index 000000000000..2c1a6dd3ef52
--- /dev/null
+++ b/metadata/glsa/glsa-202101-32.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-32">
+  <title>Mutt, NeoMutt: Information disclosure</title>
+  <synopsis>A weakness was discovered in Mutt and NeoMutt's TLS handshake
+    handling
+  </synopsis>
+  <product type="ebuild">NeoMutt</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>755833</bug>
+  <bug>755866</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mutt" auto="yes" arch="*">
+      <unaffected range="ge">2.0.2</unaffected>
+      <vulnerable range="lt">2.0.2</vulnerable>
+    </package>
+    <package name="mail-client/neomutt" auto="yes" arch="*">
+      <unaffected range="ge">20201120</unaffected>
+      <vulnerable range="lt">20201120</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mutt is a small but very powerful text-based mail client.</p>
+    
+    <p>NeoMutt is a command line mail reader (or MUA). It’s a fork of Mutt
+      with added features.
+    </p>
+  </background>
+  <description>
+    <p>A weakness in TLS handshake handling was found which may allow
+      information disclosure.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to cause information disclosure.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/mutt-2.0.2"
+    </code>
+    
+    <p>All NeoMutt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/neomutt-20201120"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28896">CVE-2020-28896</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-26T00:28:06Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T23:39:28Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-33.xml b/metadata/glsa/glsa-202101-33.xml
new file mode 100644
index 000000000000..a53bfabd5cd9
--- /dev/null
+++ b/metadata/glsa/glsa-202101-33.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-33">
+  <title>sudo: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in sudo, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">sudo</product>
+  <announced>2021-01-26</announced>
+  <revised count="1">2021-01-26</revised>
+  <bug>764986</bug>
+  <bug>767364</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-admin/sudo" auto="yes" arch="*">
+      <unaffected range="ge">1.9.5_p2</unaffected>
+      <vulnerable range="lt">1.9.5_p2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>sudo (su “do”) allows a system administrator to delegate authority
+      to give certain users (or groups of users) the ability to run some (or
+      all) commands as root or another user while providing an audit trail of
+      the commands and their arguments.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in sudo. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Local users are able to gain unauthorized privileges on the system or
+      determine the existence of files.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All sudo users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/sudo-1.9.5_p2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23239">CVE-2021-23239</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23240">CVE-2021-23240</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3156">CVE-2021-3156</uri>
+    <uri link="https://www.sudo.ws/alerts/sudoedit_selinux.html">Upstream
+      advisory (CVE-2020-23240)
+    </uri>
+    <uri link="https://www.sudo.ws/alerts/unescape_overflow.html">Upstream
+      advisory (CVE-2021-3156)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-26T22:52:21Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-26T23:40:46Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-34.xml b/metadata/glsa/glsa-202101-34.xml
new file mode 100644
index 000000000000..bedeea759a1d
--- /dev/null
+++ b/metadata/glsa/glsa-202101-34.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-34">
+  <title>Telegram Desktop: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Telegram, the worst of
+    which could result in information disclosure.
+  </synopsis>
+  <product type="ebuild">telegram</product>
+  <announced>2021-01-27</announced>
+  <revised count="1">2021-01-27</revised>
+  <bug>736774</bug>
+  <bug>749288</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-im/telegram-desktop" auto="yes" arch="*">
+      <unaffected range="ge">2.4.4</unaffected>
+      <vulnerable range="lt">2.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Telegram is a messaging app with a focus on speed and security.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Telegram Desktop.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Telegram Desktop users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-im/telegram-desktop-2.4.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17448">CVE-2020-17448</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25824">CVE-2020-25824</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-27T04:40:13Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-27T16:13:13Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-35.xml b/metadata/glsa/glsa-202101-35.xml
new file mode 100644
index 000000000000..974a6a240ef5
--- /dev/null
+++ b/metadata/glsa/glsa-202101-35.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-35">
+  <title>phpMyAdmin: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in phpMyAdmin, allowing
+    remote attackers to conduct XSS.
+  </synopsis>
+  <product type="ebuild">phpmyadmin</product>
+  <announced>2021-01-27</announced>
+  <revised count="1">2021-01-27</revised>
+  <bug>747805</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/phpmyadmin" auto="yes" arch="*">
+      <unaffected range="ge" slot="4.9.6">4.9.6</unaffected>
+      <vulnerable range="lt" slot="4.9.6">4.9.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>phpMyAdmin is a web-based management tool for MySQL databases.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in phpMyAdmin. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All phpMyAdmin users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/phpmyadmin-4.9.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26934">CVE-2020-26934</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26935">CVE-2020-26935</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-19T19:31:06Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-01-27T16:14:41Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-36.xml b/metadata/glsa/glsa-202101-36.xml
new file mode 100644
index 000000000000..7b5b52d6a17b
--- /dev/null
+++ b/metadata/glsa/glsa-202101-36.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-36">
+  <title>ImageMagick: Command injection</title>
+  <synopsis>A vulnerability in ImageMagick's handling of PDF was discovered
+    possibly allowing code execution.
+  </synopsis>
+  <product type="ebuild">imagemagick</product>
+  <announced>2021-01-29</announced>
+  <revised count="1">2021-01-29</revised>
+  <bug>756829</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-gfx/imagemagick" auto="yes" arch="*">
+      <unaffected range="ge">7.0.10.41-r1</unaffected>
+      <unaffected range="ge">6.9.11.41-r1</unaffected>
+      <vulnerable range="lt">7.0.10.41-r1</vulnerable>
+      <vulnerable range="lt">6.9.11.41-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A collection of tools and libraries for many image formats.</p>
+  </background>
+  <description>
+    <p>A flaw in ImageMagick’s handling of password protected PDFs was
+      discovered.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PDF
+      using ImageMagick possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>Do not open untrusted PDFs.</p>
+  </workaround>
+  <resolution>
+    <p>All ImageMagick 7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-gfx/imagemagick-7.0.10.41-r1"
+    </code>
+    
+    <p>All ImageMagick 6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-gfx/imagemagick-6.9.11.41-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29599">CVE-2020-29599</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-28T02:24:26Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-29T00:02:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-37.xml b/metadata/glsa/glsa-202101-37.xml
new file mode 100644
index 000000000000..52b09f41e0a2
--- /dev/null
+++ b/metadata/glsa/glsa-202101-37.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-37">
+  <title>VLC: Buffer overflow</title>
+  <synopsis>A buffer overflow in VLC might allow remote attacker(s) to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">vlc</product>
+  <announced>2021-01-29</announced>
+  <revised count="1">2021-01-29</revised>
+  <bug>765040</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-video/vlc" auto="yes" arch="*">
+      <unaffected range="ge">3.0.12.1</unaffected>
+      <vulnerable range="lt">3.0.12.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>VLC is a cross-platform media player and streaming server.</p>
+  </background>
+  <description>
+    <p>VLC was found to have a buffer overflow when handling crafted MKV files.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted MKV
+      file using VLC possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All VLC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/vlc-3.0.12.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26664">CVE-2020-26664</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-01-28T02:32:59Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-01-29T00:04:09Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202101-38.xml b/metadata/glsa/glsa-202101-38.xml
new file mode 100644
index 000000000000..11ca507fa1e1
--- /dev/null
+++ b/metadata/glsa/glsa-202101-38.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202101-38">
+  <title>NSD: Symbolic link traversal</title>
+  <synopsis>A vulnerability was discovered in NSD which could allow a local
+    attacker to cause a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">nsd</product>
+  <announced>2021-01-29</announced>
+  <revised count="1">2021-01-29</revised>
+  <bug>758977</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-dns/nsd" auto="yes" arch="*">
+      <unaffected range="ge">4.3.4</unaffected>
+      <vulnerable range="lt">4.3.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>An authoritative only, high performance, open source name server</p>
+  </background>
+  <description>
+    <p>A local vulnerability was discovered that would allow for a local
+      symlink attack due to how NSD handles PID files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could cause a Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All NSD users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/nsd-4.3.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28935">CVE-2020-28935</uri>
+    <uri link="https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-22T15:47:22Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-01-29T00:05:16Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index a5dbbef5e51f..5a5c0130df7c 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 22 Jan 2021 20:08:35 +0000
+Fri, 29 Jan 2021 17:38:21 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 55000c1dfc6e..67da988a6843 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-fc457c57148901f04674f1d427ad8bb280eb3c72 1611338159 2021-01-22T17:55:59+00:00
+efd0aa32fd2ca278747b075a2c8f414bb8aadead 1611878727 2021-01-29T00:05:27+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2021-01-29 18:03:51 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2021-01-29 18:03:51 +0000
commit	d7ed2b01311f15ba54fe8ea872aab7d59ab2b193 (patch)
tree	1814dd2b5bbf2e7639fdafbeef48d228cfaf5e9b /metadata/glsa
parent	abaa75b10f899ada8dd05b23cc03205064394bc6 (diff)