gentoo auto-resync : 07:01:2024 - 12:53:51

author: V3n3RiX <venerix@koprulu.sector> 2024-01-07 12:53:51 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2024-01-07 12:53:51 +0000
commit: 02814fd00146251691678aa18d9937665c677086 (patch)
tree: 5408cf868c128b241de5bab0f807058065bea7c8 /metadata/glsa
parent: 79713e75fcc5c5cb55d1b1beac008683b57c8805 (diff)
9 files changed, 341 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index f253d7702c54..25180d8f8603 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 559317 BLAKE2B 0a4d0ed654d5a43854b9b44988bdb4643495b86920de9bd246bf46fcc345ba1a5166c2103a10a186d99db77f51e6ca2fbedd4ea9de655624a90f97185dedfe19 SHA512 68b7f9edd2e18b7c9b8cde1bd8ca0c31f75b45ec27937f49a0b172c9019da731e4182b7a6489209bd8527928ac9b72c9b7758e7a8a785bc8902893a4edadd98e
-TIMESTAMP 2024-01-07T05:57:35Z
+MANIFEST Manifest.files.gz 560112 BLAKE2B 62dc2af41770d5f472a21d19df2e416ad9cbe69646a24bf9063fe3c7d7b36b835148ffdf730b030db456007d5c45044793f359e00e2a253deb71569680665419 SHA512 706f92b2205286e8d0fb7e749fe17d4549d6de84ffe61cf0dffaa61b0add9252e50b48bb8087005681251c1d71bdd6ced3ceb19b36ffd7e75d1709bc3aa98712
+TIMESTAMP 2024-01-07T12:10:48Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWaPVBfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmWalMhfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDzpxAAkidKRcM3dR7BoxM0qcCVjj+3uBAbv6xQRiKaZ2rLPD25Nk3U+DlA1HyW
-JzsIIYJFljZyqoYtMKvenP3J2JNMd9oeV+jWEKnkBp+7C8s1h0kXodj0LvHZJwS2
-XOnmuB6T8G5zgovWiefixrhfLIJr+1/+n/oawl0pFpj8iOEHYbt5f68aZGlyAtZb
-fLB+rwq3exQr1SSoB/cuR6evLahlE71lGKUN3HUlRsro9Zy7n0LJBp0KaH9g+EmM
-crM7CmPRNQYMY1I5CbEce+xrYWiHz8SDs56oWmxAIlfUJHzrEAa21/CzJI7QmBPz
-4wsEFJHm+Uv8ReIMSFcrJEG/aG5v1sKuPZzLiESC0PWGBmdN0Cm9j+yVT5I26dr5
-47HQG40rqk2fbayEx2vcSbhNCyHp8kX54A9mx3Dt1Ox9J2tozZJO4cjYJcPafpUo
-+MzfrZR3xRuYP2T+bzF6PPILFQ0F6h/EsYETsP7lI6R2tOZMC90NLUeWxJIM1LIA
-cc2sjvyzgzwNP+lgGdn05O7tK/8p151pwrskzd02BtQEZhyYj2hiXHJmIWvXdhwK
-gNVqCv/OzpTVxkBQmJHtZ871P2ZO4wBcr/EmlA9pM/Hjb5E+9eM1XJ8FD5ZXlfmn
-0N6zar7IjjCP4ZxBZstZQ2nc8GiUiaqcSCckySDNqxCnjQYto+s=
-=pv0P
+klD4UQ/+LhW4GK2h3KAOkyiSSSiMrmvjCfDwXNgLbTSF450xSbYOT09TKc0zrdZm
+mr2OYJ0XT6U0C8M/KKBEBvYp/ovtzQwhEw4wIU5wo3yn8BPIeyj3ccQVqdXggUSs
+DKNgTYi6XB5kDvQ7xxr/U7fLRzAWFnbzIkQHw9hCRyL+pCHMw0m/Tf8Mo0uK6Kl4
+eGAVMddWhHx1rbEJYIqqTqBHRHixGDDDFeAIVWZOhjXsCWbluJmQXse3Z23oMdqr
+kCIxPsngCMhtHj76wuf3YPbfCf1Dd0I5+8fpbVtwtLRb2LdPmHaCgQgLfIiBzuA5
+KFnZrpVtw6slWX00VOAAmjpx2XePxTmTUfAsyyw1N9j557LS0A7DQpoy5F8bejvy
+uZlnlA8QK6jGg1MMjFQDNPhv+2H+j8mRkb32tSl1E680qZ4qUy/BEmizJAtFgQMr
+fCCmw+gFm6so74tSbmPQlh1ojn+HAkH8mq6oh6c58T5vt1qc53+UNpq9/ZkoweL1
+bQtKwT2UGWFadm8l70UltXpUkv6Sn4ZgyejsiSKiHP44YJGuFE1nNYi+TdIzTVkF
++x0H7rXKCFSjMVlp9mhsOD501tg4aggwu2KbJBIC9Jrx//LI+CpOXmJxQJZyCk0u
+O4ieU5jl147cHtnTVdCkcmh9/v02hB4CbLXFlwBXm/37pt41YLQ=
+=qYiQ
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 126306040cc9..f70ab963dbcd 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202401-08.xml b/metadata/glsa/glsa-202401-08.xml
new file mode 100644
index 000000000000..3253401f110b
--- /dev/null
+++ b/metadata/glsa/glsa-202401-08.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-08">
+    <title>util-linux: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in util-linux which can lead to denial of service or information disclosure.</synopsis>
+    <product type="ebuild">util-linux</product>
+    <announced>2024-01-07</announced>
+    <revised count="1">2024-01-07</revised>
+    <bug>806070</bug>
+    <bug>831978</bug>
+    <bug>833365</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-apps/util-linux" auto="yes" arch="*">
+            <unaffected range="ge">2.37.4</unaffected>
+            <vulnerable range="lt">2.37.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in util-linux. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All util-linux users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.37.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3995">CVE-2021-3995</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3996">CVE-2021-3996</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37600">CVE-2021-37600</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0563">CVE-2022-0563</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-07T08:30:19.699309Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-01-07T08:30:19.701387Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202401-09.xml b/metadata/glsa/glsa-202401-09.xml
new file mode 100644
index 000000000000..af3682ee3635
--- /dev/null
+++ b/metadata/glsa/glsa-202401-09.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-09">
+    <title>Eclipse Mosquitto: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Eclipse Mosquitto which could result in denial of service.</synopsis>
+    <product type="ebuild">mosquitto</product>
+    <announced>2024-01-07</announced>
+    <revised count="1">2024-01-07</revised>
+    <bug>918540</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-misc/mosquitto" auto="yes" arch="*">
+            <unaffected range="ge">2.0.17</unaffected>
+            <vulnerable range="lt">2.0.17</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Eclipse Mosquitto is an open source MQTT v3 broker.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Eclipse Mosquitto. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Eclipse Mosquitto users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-misc/mosquitto-2.0.17"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0809">CVE-2023-0809</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3592">CVE-2023-3592</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28366">CVE-2023-28366</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-07T09:13:27.446170Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-07T09:13:27.448434Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202401-10.xml b/metadata/glsa/glsa-202401-10.xml
new file mode 100644
index 000000000000..ea5f16ba40ef
--- /dev/null
+++ b/metadata/glsa/glsa-202401-10.xml
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-10">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2024-01-07</announced>
+    <revised count="1">2024-01-07</revised>
+    <bug>908245</bug>
+    <bug>914073</bug>
+    <bug>918433</bug>
+    <bug>920507</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">121.0</unaffected>
+            <unaffected range="ge" slot="esr">115.6.0</unaffected>
+            <vulnerable range="lt" slot="rapid">121.0</vulnerable>
+            <vulnerable range="lt" slot="esr">115.6.0</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">121.0</unaffected>
+            <unaffected range="ge" slot="esr">115.6.0</unaffected>
+            <vulnerable range="lt" slot="rapid">121.0</vulnerable>
+            <vulnerable range="lt" slot="esr">115.6.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.6.0:esr"
+        </code>
+        
+        <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-115.6.0:esr"
+        </code>
+        
+        <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-121.0:rapid"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-121.0:rapid"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3482">CVE-2023-3482</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4058">CVE-2023-4058</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4579">CVE-2023-4579</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4863">CVE-2023-4863</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5129">CVE-2023-5129</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5170">CVE-2023-5170</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5172">CVE-2023-5172</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5173">CVE-2023-5173</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5175">CVE-2023-5175</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5722">CVE-2023-5722</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5723">CVE-2023-5723</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5729">CVE-2023-5729</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5731">CVE-2023-5731</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5758">CVE-2023-5758</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6135">CVE-2023-6135</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6210">CVE-2023-6210</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6211">CVE-2023-6211</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6213">CVE-2023-6213</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6856">CVE-2023-6856</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6857">CVE-2023-6857</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6858">CVE-2023-6858</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6859">CVE-2023-6859</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6860">CVE-2023-6860</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6861">CVE-2023-6861</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6862">CVE-2023-6862</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6863">CVE-2023-6863</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6864">CVE-2023-6864</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6865">CVE-2023-6865</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6866">CVE-2023-6866</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6867">CVE-2023-6867</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6868">CVE-2023-6868</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6869">CVE-2023-6869</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6870">CVE-2023-6870</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6871">CVE-2023-6871</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6872">CVE-2023-6872</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6873">CVE-2023-6873</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32205">CVE-2023-32205</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32206">CVE-2023-32206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32207">CVE-2023-32207</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32208">CVE-2023-32208</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32209">CVE-2023-32209</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32210">CVE-2023-32210</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32211">CVE-2023-32211</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32212">CVE-2023-32212</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32213">CVE-2023-32213</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32214">CVE-2023-32214</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32215">CVE-2023-32215</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32216">CVE-2023-32216</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34414">CVE-2023-34414</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34415">CVE-2023-34415</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34416">CVE-2023-34416</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34417">CVE-2023-34417</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37203">CVE-2023-37203</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37204">CVE-2023-37204</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37205">CVE-2023-37205</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37206">CVE-2023-37206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37209">CVE-2023-37209</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37210">CVE-2023-37210</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37212">CVE-2023-37212</uri>
+        <uri>MFSA-2023-40</uri>
+        <uri>MFSA-TMP-2023-0002</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-07T09:38:31.185976Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-01-07T09:38:31.188129Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202401-11.xml b/metadata/glsa/glsa-202401-11.xml
new file mode 100644
index 000000000000..049860c19e01
--- /dev/null
+++ b/metadata/glsa/glsa-202401-11.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-11">
+    <title>Apache Batik: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">batik</product>
+    <announced>2024-01-07</announced>
+    <revised count="1">2024-01-07</revised>
+    <bug>724534</bug>
+    <bug>872689</bug>
+    <bug>918088</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-java/batik" auto="yes" arch="*">
+            <unaffected range="ge">1.17</unaffected>
+            <vulnerable range="lt">1.17</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Apache Batik. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Apache Batik users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-8013">CVE-2018-8013</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-17566">CVE-2019-17566</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11987">CVE-2020-11987</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38398">CVE-2022-38398</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38648">CVE-2022-38648</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40146">CVE-2022-40146</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41704">CVE-2022-41704</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42890">CVE-2022-42890</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44729">CVE-2022-44729</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44730">CVE-2022-44730</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-07T10:19:19.481297Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-07T10:19:19.484005Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202401-12.xml b/metadata/glsa/glsa-202401-12.xml
new file mode 100644
index 000000000000..840328ed0886
--- /dev/null
+++ b/metadata/glsa/glsa-202401-12.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202401-12">
+    <title>Synapse: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilites have been found in Synapse, the worst of which could result in information leaks.</synopsis>
+    <product type="ebuild">synapse</product>
+    <announced>2024-01-07</announced>
+    <revised count="1">2024-01-07</revised>
+    <bug>914765</bug>
+    <bug>916609</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-im/synapse" auto="yes" arch="*">
+            <unaffected range="ge">1.96.0</unaffected>
+            <vulnerable range="lt">1.96.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Synapse is a Matrix homeserver written in Python/Twisted.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Synapse. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Synapse users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-im/synapse-1.96.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-41335">CVE-2023-41335</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42453">CVE-2023-42453</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-43796">CVE-2023-43796</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-45129">CVE-2023-45129</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-01-07T10:31:28.910221Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-01-07T10:31:28.912325Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index e7fb4da38f1c..6421b6110235 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 07 Jan 2024 05:57:27 +0000
+Sun, 07 Jan 2024 12:10:46 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index c6d503ae307d..a60608a945db 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-6de45d78fb7f4cf3386f767a9e6b4d48cc85ce88 1704531859 2024-01-06T09:04:19+00:00
+17e2b155a748af5cd1276229d389b4641fec18c7 1704623514 2024-01-07T10:31:54+00:00
author	V3n3RiX <venerix@koprulu.sector>	2024-01-07 12:53:51 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2024-01-07 12:53:51 +0000
commit	02814fd00146251691678aa18d9937665c677086 (patch)
tree	5408cf868c128b241de5bab0f807058065bea7c8 /metadata/glsa
parent	79713e75fcc5c5cb55d1b1beac008683b57c8805 (diff)