gentoo auto-resync : 29:09:2024 - 01:25:46

author: V3n3RiX <venerix@koprulu.sector> 2024-09-29 01:25:46 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2024-09-29 01:25:46 +0100
commit: 04ac238703da84168e02b06fb131d1d17d85be23 (patch)
tree: f32aa3a6b6a6c879a798006535ad544bf888df73 /metadata/glsa
parent: 6405cba4bf18141460bc9fcb8f5580532d4b46f8 (diff)
11 files changed, 398 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 9cb3c11d36b8..25283758b50d 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 589322 BLAKE2B 6789f452bb091cab1551fd39d1eb24aad056758ab4927e345d12b32324a84240dc49fd5fbc0c8eddd74cdd9181d8eadd04df6c040625d04494a51f9fe347a4f8 SHA512 2ec038957c010fa082d365808e04a0bfd93388a083821ce8a50b3347e2e7bfed61bc8686450f62c8347c91a57ede6dc514c9b54f8164db4e2ad4d04c0268e09c
-TIMESTAMP 2024-09-27T23:40:44Z
+MANIFEST Manifest.files.gz 590436 BLAKE2B 15aabc4185729e136cdcfaf5f8f985f8037a950c2674b40f4a60d6db55b6e66ddf62465183eec797a8745737731f08c9f5b7997b3092ca23932abe139760e3a2 SHA512 d4bc062a4c9898005fcd53314c2db40baaef3e5725ab92e762d55ae3747dcb34a1602299c2aa4bdf60a06b6f322e89ee0b897eafffb10de6e5392274ab828bc5
+TIMESTAMP 2024-09-28T23:40:40Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmb3QnxfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmb4k/hfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klA/+A/8D7L6MmWT1Rw2sOGr6AsN+xIlX5MuJXFZSF/ejTsbwm4O/VZbqcbSAsG+
-jVg3RqAq2VIgNN0X0s82s2Oowb66I69Hv1IjZ0/atA2M3jsmdk3NP22ShiUo9+uo
-hObF4O5m998nMmYRoDs8zSpSW5cfA/VEr/zP/kXLagIzEVFOw3HjNHT0jsMVLhy+
-7KmYyIXczK3sih+GqsfYm8+ox00Z7a5/gypAKMBdPuCHCanXSRfeNaOWfn6kOHBr
-M703XWLjOUJEVCXWj73+xr3KphRTYRhr3Y1o0E/YD3oUSMifC1ZyZajem1RC/ifG
-6Z8MWF6jsnn7dqfs0uq8gulwkcAcFQ6v7kZOD2Y2kob5y+BkUUEmVf/AtMxEnU0d
-82y+FmY2V08OxMxKOewLX1sa9GvJcbck5U3GcxuafZW2E46gASrl5l+Qju4/ElJF
-FVMFH13fTrnKXw9ZmpSHmJZqNp0+elJs0o3d60fqiBf5rdo6z+ZcEQwP956Q/iaS
-BXOCfFOB2xDToI1rkRDMSu1lUMwnn8Aw65TAoEtkwhEqgzJdQ3VjgQWjzx2UHjv0
-6Um88/32JEsNBEq9joUeXJjuPi6wRLPyNxRFTyV+2YQ5izzO0PaLnOXCBGunTbeX
-cU7xrAID8WvraE8QmFl4QgfGvzkOSvPjn5gsJTzK6qG25h1lUEI=
-=RkMh
+klCZYxAApNKNELRSlYb2jQ+E+WJJO6M8PIYSWXgvJeD/4dPGdJrc+XGbD8hXWbyW
+Nn4ZY1tTLz6mrxexjJHCti+JDvKRerqEI6mxPPF+qsMf4T7P8Vhk5OjKLWYzELwU
+M9JVYftlrelkMwZUU2XiC79AhfnT1bHmfq33MA/rw6TFCEEkIu06APu4QjKRZP3b
+RdNp9JyC+ZG0yTlTwV/Jvh/FgR4yXqdeOSVJ2Cthq4bXvVpWNMdeNwZnorVY0RX3
+4grchRQKaFt2G+0skAiZqtC/DQ5A9w2suCYgPs7PVZ77MMM4HOgfSor+ibk8vYEi
+CYUnqQVlcI5rKlEnX2fy9iiGG+6fHEWHeB1B47r072w/uKwhyUg5DBA/4iXM3U7V
+NKLAUwsRtW4Mll4niBuDlaY3aQgj0Fh4xkJaXcmASWVML62w92jwL1IZCqOa0f5b
+k2PkVFr9Z/joS7d9eNRRah3m3rTFoEYkKIn4eW9Vs3tIjiJtXVPsxVBcALx7LZDW
++AmHcon9G/0DePk1un60oGbdw43QMA0SBBWW1AMF0yWr1C2lIsh1UBlVkknCtf1K
+MkVk4aj4EN+V1fUrB6i0jatkRrPl1c2Iyn4g8A3ShBgB4nMzlXmr67V/xdcF8gnE
+fa2AxlrJomKBKatBeAih4J0pVcVoapYyp2iMpk+7we+GryT6xVg=
+=8rKm
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 946bc1adaad4..3b2eab36a094 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202409-26.xml b/metadata/glsa/glsa-202409-26.xml
new file mode 100644
index 000000000000..c06fb1aaa200
--- /dev/null
+++ b/metadata/glsa/glsa-202409-26.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-26">
+    <title>IcedTea: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in IcedTea, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">icedtea,icedtea-bin</product>
+    <announced>2024-09-28</announced>
+    <revised count="1">2024-09-28</revised>
+    <bug>732628</bug>
+    <bug>803608</bug>
+    <bug>877599</bug>
+    <access>local</access>
+    <affected>
+        <package name="dev-java/icedtea" auto="yes" arch="*">
+            <vulnerable range="le">3.21.0</vulnerable>
+        </package>
+        <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+            <vulnerable range="le">3.16.0-r2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>Gentoo has discontinued support for IcedTea. We recommend that users unmerge it:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --depclean "dev-java/icedtea" "dev-java/icedtea-bin"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14556">CVE-2020-14556</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14562">CVE-2020-14562</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14573">CVE-2020-14573</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14577">CVE-2020-14577</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14578">CVE-2020-14578</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14579">CVE-2020-14579</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14581">CVE-2020-14581</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14583">CVE-2020-14583</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14593">CVE-2020-14593</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14621">CVE-2020-14621</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14664">CVE-2020-14664</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14779">CVE-2020-14779</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14781">CVE-2020-14781</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14782">CVE-2020-14782</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14792">CVE-2020-14792</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14796">CVE-2020-14796</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14797">CVE-2020-14797</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14798">CVE-2020-14798</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14803">CVE-2020-14803</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2341">CVE-2021-2341</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2369">CVE-2021-2369</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2388">CVE-2021-2388</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2432">CVE-2021-2432</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35550">CVE-2021-35550</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35556">CVE-2021-35556</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35559">CVE-2021-35559</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35561">CVE-2021-35561</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35564">CVE-2021-35564</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35565">CVE-2021-35565</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35567">CVE-2021-35567</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35578">CVE-2021-35578</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35586">CVE-2021-35586</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35588">CVE-2021-35588</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35603">CVE-2021-35603</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21618">CVE-2022-21618</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21619">CVE-2022-21619</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21624">CVE-2022-21624</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21626">CVE-2022-21626</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21628">CVE-2022-21628</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39399">CVE-2022-39399</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21830">CVE-2023-21830</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21835">CVE-2023-21835</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21843">CVE-2023-21843</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-28T06:22:32.677309Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-28T06:22:32.681950Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202409-27.xml b/metadata/glsa/glsa-202409-27.xml
new file mode 100644
index 000000000000..829708a77229
--- /dev/null
+++ b/metadata/glsa/glsa-202409-27.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-27">
+    <title>tmux: Null Pointer Dereference</title>
+    <synopsis>A vulnerability has been found in tmux which could result in application crash.</synopsis>
+    <product type="ebuild">tmux</product>
+    <announced>2024-09-28</announced>
+    <revised count="1">2024-09-28</revised>
+    <bug>891783</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-misc/tmux" auto="yes" arch="*">
+            <unaffected range="ge">3.4</unaffected>
+            <vulnerable range="lt">3.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>tmux is a terminal multiplexer.</p>
+    </background>
+    <description>
+        <p>A null pointer dereference issue was discovered in function window_pane_set_event in window.c in which allows attackers to cause denial of service or other unspecified impacts.</p>
+    </description>
+    <impact type="normal">
+        <p>Manipulating tmux window state could result in a null pointer dereference.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All tmux users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-misc/tmux-3.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47016">CVE-2022-47016</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-28T07:06:23.951339Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-28T07:06:23.955977Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202409-28.xml b/metadata/glsa/glsa-202409-28.xml
new file mode 100644
index 000000000000..014f558570ed
--- /dev/null
+++ b/metadata/glsa/glsa-202409-28.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-28">
+    <title>HashiCorp Consul: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">consul</product>
+    <announced>2024-09-28</announced>
+    <revised count="1">2024-09-28</revised>
+    <bug>885997</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-admin/consul" auto="yes" arch="*">
+            <unaffected range="ge">1.15.10</unaffected>
+            <vulnerable range="lt">1.15.10</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>HashiCorp Consul is a tool for service discovery, monitoring and configuration.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been found in HashiCorp Consul. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the CVE identifiers referenced below for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All HashiCorp Consul users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/consul-1.15.10"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41717">CVE-2022-41717</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-28T07:08:23.818242Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-28T07:08:23.822296Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202409-29.xml b/metadata/glsa/glsa-202409-29.xml
new file mode 100644
index 000000000000..6450cffbf690
--- /dev/null
+++ b/metadata/glsa/glsa-202409-29.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-29">
+    <title>Docker: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Docker, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">docker</product>
+    <announced>2024-09-28</announced>
+    <revised count="1">2024-09-28</revised>
+    <bug>816273</bug>
+    <bug>869407</bug>
+    <bug>877653</bug>
+    <bug>886509</bug>
+    <bug>903804</bug>
+    <bug>905336</bug>
+    <bug>925022</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-containers/docker" auto="yes" arch="*">
+            <unaffected range="ge">25.0.4</unaffected>
+            <vulnerable range="lt">25.0.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Docker contains the the core functions you need to create Docker images and run Docker containers</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Docker users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-containers/docker-25.0.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41089">CVE-2021-41089</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41091">CVE-2021-41091</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36109">CVE-2022-36109</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41717">CVE-2022-41717</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-26054">CVE-2023-26054</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28840">CVE-2023-28840</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28841">CVE-2023-28841</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28842">CVE-2023-28842</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23650">CVE-2024-23650</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23651">CVE-2024-23651</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23652">CVE-2024-23652</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23653">CVE-2024-23653</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24557">CVE-2024-24557</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-28T07:32:55.226701Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-28T07:32:55.232252Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202409-30.xml b/metadata/glsa/glsa-202409-30.xml
new file mode 100644
index 000000000000..3f0096074d63
--- /dev/null
+++ b/metadata/glsa/glsa-202409-30.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-30">
+    <title>yt-dlp: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in yt-dlp, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">yt-dlp</product>
+    <announced>2024-09-28</announced>
+    <revised count="1">2024-09-28</revised>
+    <bug>909780</bug>
+    <bug>917355</bug>
+    <bug>935316</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/yt-dlp" auto="yes" arch="*">
+            <unaffected range="ge">2024.07.01</unaffected>
+            <vulnerable range="lt">2024.07.01</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>yt-dlp is a youtube-dl fork with additional features and fixes.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All yt-dlp users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/yt-dlp-2024.07.01"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-35934">CVE-2023-35934</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-46121">CVE-2023-46121</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-38519">CVE-2024-38519</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-28T07:39:28.885110Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-28T07:39:28.889248Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202409-31.xml b/metadata/glsa/glsa-202409-31.xml
new file mode 100644
index 000000000000..cf98ba3e87e2
--- /dev/null
+++ b/metadata/glsa/glsa-202409-31.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-31">
+    <title>Apache HTTPD: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">apache</product>
+    <announced>2024-09-28</announced>
+    <revised count="1">2024-09-28</revised>
+    <bug>928540</bug>
+    <bug>935296</bug>
+    <bug>935427</bug>
+    <bug>936257</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-servers/apache" auto="yes" arch="*">
+            <unaffected range="ge">2.4.62</unaffected>
+            <vulnerable range="lt">2.4.62</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The Apache HTTP server is one of the most popular web servers on the Internet.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Apache HTTPD users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.62"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38709">CVE-2023-38709</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24795">CVE-2024-24795</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-27316">CVE-2024-27316</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-36387">CVE-2024-36387</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-38472">CVE-2024-38472</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-38473">CVE-2024-38473</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-38474">CVE-2024-38474</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-38475">CVE-2024-38475</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-38476">CVE-2024-38476</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-38477">CVE-2024-38477</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-39573">CVE-2024-39573</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-39884">CVE-2024-39884</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-40725">CVE-2024-40725</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-40898">CVE-2024-40898</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-28T08:01:45.203406Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-28T08:01:45.208096Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202409-32.xml b/metadata/glsa/glsa-202409-32.xml
new file mode 100644
index 000000000000..d9784c35e645
--- /dev/null
+++ b/metadata/glsa/glsa-202409-32.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202409-32">
+    <title>nginx: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in nginx, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">nginx</product>
+    <announced>2024-09-28</announced>
+    <revised count="1">2024-09-28</revised>
+    <bug>924619</bug>
+    <bug>937938</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-servers/nginx" auto="yes" arch="*">
+            <unaffected range="ge">1.26.2-r2</unaffected>
+            <vulnerable range="lt">1.26.2-r2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>nginx is a robust, small, and high performance HTTP and reverse proxy server.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All nginx users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.26.2-r2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7347">CVE-2024-7347</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24989">CVE-2024-24989</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24990">CVE-2024-24990</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-09-28T08:27:19.566049Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-09-28T08:27:19.571457Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index a81507ba4d98..c692a8b72177 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 27 Sep 2024 23:40:41 +0000
+Sat, 28 Sep 2024 23:40:35 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 4f92925ecd18..7474dc84acd3 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-fe5f44a92c358b6196f8c599e9199edaa35a33ad 1727245785 2024-09-25T06:29:45Z
+93155fde00088b123d8b46acf068ecadcf7bcfdb 1727512056 2024-09-28T08:27:36Z
author	V3n3RiX <venerix@koprulu.sector>	2024-09-29 01:25:46 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2024-09-29 01:25:46 +0100
commit	04ac238703da84168e02b06fb131d1d17d85be23 (patch)
tree	f32aa3a6b6a6c879a798006535ad544bf888df73 /metadata/glsa
parent	6405cba4bf18141460bc9fcb8f5580532d4b46f8 (diff)