gentoo auto-resync : 17:09:2023 - 11:03:03

author: V3n3RiX <venerix@koprulu.sector> 2023-09-17 11:03:04 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2023-09-17 11:03:04 +0100
commit: 0968caae52d6eae7513e2ce4e0900a2e009780ee (patch)
tree: 54218d0d3baaf14b964427f98c4f90f13380ffd3 /metadata/glsa
parent: 58018a2c9504435bb719f2d60439ebe22fbeb503 (diff)
11 files changed, 398 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index b382341ad7bc..e5b07c761b1c 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 546444 BLAKE2B 427e6ba70311c66f33f8718c9e5205812a06f7180945f95cd2cc13a642ebd00b8ab6bde2ebd1ac16f0013a5d2c65c3729739daaa24b9e4c70888d6626437692d SHA512 666ed25ec3b20188903cb612d27562ec06741fff2c9cc4ee150980ae0801d6b66d3d117a8d3df13d953f8c0975e6b4fd3d287a501bb281b5093186361d8515d8
-TIMESTAMP 2023-09-17T03:39:58Z
+MANIFEST Manifest.files.gz 547551 BLAKE2B 1c8a2c44712370196d7063d9129e5418e3dfa4b013e30a5e0a4b9367b2131bb0b45949b8c8d9e8433aa0d483da04220b33d15fca9118364a0fc9d95430b13e46 SHA512 d863cabfd6bbd4b1772db2994615c985318c23ec71f69d65a91382cfdfbf51e724628c09c24586716e946026cf13fc73b968032951be742049f80dc8fa300c06
+TIMESTAMP 2023-09-17T09:40:09Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUGdQ5fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmUGyXlfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD3Wg/+MUmlXHuKrZ4bCMcUKi5LyjQqZOxKV6aHqMFdtHlKBAMokfFt8TaQ2IYS
-q7fEn7Zi54KSOHTCDn9r991xAk6cN9N+vYQoOtKmLGe1qyanWlfHG1bB7nAFtktU
-au4xHCbKriCPyMeEf2rFJXYlY2tzUeFPqqB2mx2KkdP7ChIHc7HnANhWPV4wHbDf
-oNVZaE6ATLiwh+KwV9TwmNNfwK+gUCMQ0GHeeIsYl5FcpDk2IHVQtvI2yG7wdl+r
-+ygaCOFkDHLniu/gTaQ4dMPn1RHosWzcPSEqSxrQ7psosXA3DD+uEEClUQaL86+i
-JGI+FKy3LOtiCeymkdiFGJ8XY/lMlOhLcjkH3sqRJ82f8pvA83RhXYp7O/CBrtd4
-gYQ6itGpMhceAkBfWgjUdMxygPJ1AZNn7ahAF/FCt//At3eKC4iDdzY5q6q6HOWp
-DR4JD4OXViBm5dZMEjy2fYFxKW950zbJV1iSJhRDSXZKDdt+eEnLj9tYd+ToOJva
-lBpaGLwYmJ0udvau75DbtUYRO9pvhEV18/FOLmWwdYElKZRS74D74Hswh8G9ox48
-Svkd3+hnjTrqTB6pP9+9QcZaMrODIDAW3SAQ+ZKli7gYNugMaumOH/AuX01O8DrL
-OS+b0sphsDGMlyWYPkpfBXMP0ZknYqKlVmoug7OxYNVi0ZHzbGY=
-=2d00
+klCIRg//TuO3qkaoQkBDt1oaTnq3QGtYuz/CD3kpePFU0DaTaSI9tvjb8jHA2ebA
+A5KBngMgmCqspjr+Cb5I9yecEIlsbZZvXoSBY67YqxlGA+Y/lBaDt9YP8WSDL/A/
+7p0f/M9q1Y2HgZ8+RiBKZstgbu4+2Lq/eG7zUgQgla1wyB/Lpv+FynTkE2B68+6T
+hHYgWA9tPARyA5IHp0/rVepcH4FozbPGxlPHDiidnR+2Z4Yzp56S/+AujLJ50Nyc
+OnWtmgaTHk3SdMFNQGY7r0OWh3lWhknjg3nqQL92L3LOaG9gO3OZCJdhelSXN9U0
+F4L1WF3WIAi8Fs3WDYO7tMTto6+0yUGU2VR7VMTTIZ3zr1MlkD8MLyE7NE0m3iBg
+HXRk7GLqOXfl0TPITf10fkbVUisXbDUGblQq21asf2N76WNtBWlSuPA2q2vC34AV
+6HP/hvBhqhhxazVpIVoVPE0MkHByFg+tWhc1taqn0sHR1Yvva9KEyAPyPedIEyOb
+sOGdMfixQZqj/hc+GV6U8l6wqJV6KV9CZweHpfBak2XL+GIQPyIZ6WUYNbBTdbgg
+OXWFk7vy0DN6ZbQ79ubUPRyGG4966ioaSt7GwjqzFWpeEoUtKMLUjWB00sLcgLAA
+Z+gqifpf82TiBO83uDLDHYOwaESnyMPGoBvDaLHjTXgGX2drzrk=
+=9s0c
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index a1ad35b3aa1f..9895112cb1f9 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202309-02.xml b/metadata/glsa/glsa-202309-02.xml
new file mode 100644
index 000000000000..8e65a0ee7f10
--- /dev/null
+++ b/metadata/glsa/glsa-202309-02.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202309-02">
+    <title>Wireshark: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">wireshark</product>
+    <announced>2023-09-17</announced>
+    <revised count="1">2023-09-17</revised>
+    <bug>878421</bug>
+    <bug>899548</bug>
+    <bug>904248</bug>
+    <bug>907133</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-analyzer/wireshark" auto="yes" arch="*">
+            <unaffected range="ge">4.0.6</unaffected>
+            <vulnerable range="lt">4.0.6</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Wireshark is a versatile network protocol analyzer.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Wireshark users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-4.0.6"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3725">CVE-2022-3725</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0666">CVE-2023-0666</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0667">CVE-2023-0667</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0668">CVE-2023-0668</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1161">CVE-2023-1161</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1992">CVE-2023-1992</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1993">CVE-2023-1993</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1994">CVE-2023-1994</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2854">CVE-2023-2854</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2855">CVE-2023-2855</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2856">CVE-2023-2856</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2857">CVE-2023-2857</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2858">CVE-2023-2858</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2879">CVE-2023-2879</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2952">CVE-2023-2952</uri>
+        <uri>WNPA-SEC-2022-07</uri>
+        <uri>WNPA-SEC-2023-08</uri>
+        <uri>WNPA-SEC-2023-09</uri>
+        <uri>WNPA-SEC-2023-10</uri>
+        <uri>WNPA-SEC-2023-11</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-09-17T05:24:05.630380Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-09-17T05:24:05.633911Z">sam</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202309-03.xml b/metadata/glsa/glsa-202309-03.xml
new file mode 100644
index 000000000000..71c1f8f027a3
--- /dev/null
+++ b/metadata/glsa/glsa-202309-03.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202309-03">
+    <title>GPL Ghostscript: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">ghostscript-gpl</product>
+    <announced>2023-09-17</announced>
+    <revised count="1">2023-09-17</revised>
+    <bug>904245</bug>
+    <bug>910294</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+            <unaffected range="ge">10.01.2</unaffected>
+            <vulnerable range="lt">10.01.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-10.01.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2085">CVE-2022-2085</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28879">CVE-2023-28879</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-36664">CVE-2023-36664</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-09-17T05:24:21.503128Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-09-17T05:24:21.506324Z">sam</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202309-04.xml b/metadata/glsa/glsa-202309-04.xml
new file mode 100644
index 000000000000..2e5d9dd4cb1c
--- /dev/null
+++ b/metadata/glsa/glsa-202309-04.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202309-04">
+    <title>RAR, UnRAR: Arbitrary File Overwrite</title>
+    <synopsis>An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution.</synopsis>
+    <product type="ebuild">rar,unrar</product>
+    <announced>2023-09-17</announced>
+    <revised count="1">2023-09-17</revised>
+    <bug>843611</bug>
+    <bug>849686</bug>
+    <bug>912652</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-arch/rar" auto="yes" arch="*">
+            <unaffected range="ge">6.23</unaffected>
+            <vulnerable range="lt">6.23</vulnerable>
+        </package>
+        <package name="app-arch/unrar" auto="yes" arch="*">
+            <unaffected range="ge">6.2.10</unaffected>
+            <vulnerable range="lt">6.2.10</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.</p>
+    </background>
+    <description>
+        <p>Due to an error in the validation of symbolic links within archives, RAR and UnRAR can potentially write files to a directory which is outside of the intended unpack directory.</p>
+    </description>
+    <impact type="normal">
+        <p>If the user running RAR or UnRAR extracts a malicious archive, the archive could overwrite a file such as the user&#39;s shell initialization scripts, potentially resulting in arbitrary code execution in the context of that user.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All RAR users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-arch/rar-6.23"
+        </code>
+        
+        <p>All UnRAR users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-arch/unrar-6.2.10"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30333">CVE-2022-30333</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40477">CVE-2023-40477</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-09-17T05:24:38.613653Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-09-17T05:24:38.615853Z">sam</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202309-05.xml b/metadata/glsa/glsa-202309-05.xml
new file mode 100644
index 000000000000..db6582797f2a
--- /dev/null
+++ b/metadata/glsa/glsa-202309-05.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202309-05">
+    <title>WebP: Multiple vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in WebP, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">libwebp</product>
+    <announced>2023-09-17</announced>
+    <revised count="1">2023-09-17</revised>
+    <bug>909369</bug>
+    <bug>914010</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/libwebp" auto="yes" arch="*">
+            <unaffected range="ge">1.3.1_p20230908</unaffected>
+            <vulnerable range="lt">1.3.1_p20230908</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>WebP is an image format employing both lossy and lossless compression.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in WebP. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the CVE identifiers referenced below for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All WebP users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/libwebp-1.3.1_p20230908"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1999">CVE-2023-1999</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4863">CVE-2023-4863</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-09-17T05:52:57.540704Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2023-09-17T05:52:57.543709Z">sam</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202309-06.xml b/metadata/glsa/glsa-202309-06.xml
new file mode 100644
index 000000000000..0451d2193b50
--- /dev/null
+++ b/metadata/glsa/glsa-202309-06.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202309-06">
+    <title>Samba: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution.</synopsis>
+    <product type="ebuild">samba</product>
+    <announced>2023-09-17</announced>
+    <revised count="1">2023-09-17</revised>
+    <bug>820566</bug>
+    <bug>821688</bug>
+    <bug>830983</bug>
+    <bug>832433</bug>
+    <bug>861512</bug>
+    <bug>866225</bug>
+    <bug>869122</bug>
+    <bug>878273</bug>
+    <bug>880437</bug>
+    <bug>886153</bug>
+    <bug>903621</bug>
+    <bug>905320</bug>
+    <bug>910334</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-fs/samba" auto="yes" arch="*">
+            <unaffected range="ge">4.18.4</unaffected>
+            <vulnerable range="lt">4.18.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Samba users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-fs/samba-4.18.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2007-4559">CVE-2007-4559</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-2124">CVE-2016-2124</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17049">CVE-2020-17049</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25717">CVE-2020-25717</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25718">CVE-2020-25718</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25719">CVE-2020-25719</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25721">CVE-2020-25721</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25722">CVE-2020-25722</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3670">CVE-2021-3670</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3738">CVE-2021-3738</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20251">CVE-2021-20251</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20316">CVE-2021-20316</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23192">CVE-2021-23192</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44141">CVE-2021-44141</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44142">CVE-2021-44142</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0336">CVE-2022-0336</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1615">CVE-2022-1615</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2031">CVE-2022-2031</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3437">CVE-2022-3437</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3592">CVE-2022-3592</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32742">CVE-2022-32742</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32743">CVE-2022-32743</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32744">CVE-2022-32744</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32745">CVE-2022-32745</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32746">CVE-2022-32746</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37966">CVE-2022-37966</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37967">CVE-2022-37967</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38023">CVE-2022-38023</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42898">CVE-2022-42898</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45141">CVE-2022-45141</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0225">CVE-2023-0225</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0614">CVE-2023-0614</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0922">CVE-2023-0922</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-09-17T05:56:23.727556Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-09-17T05:56:23.731410Z">sam</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202309-07.xml b/metadata/glsa/glsa-202309-07.xml
new file mode 100644
index 000000000000..86b977373702
--- /dev/null
+++ b/metadata/glsa/glsa-202309-07.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202309-07">
+    <title>Binwalk: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Binwalk, the worst of which could result in remote code execution.</synopsis>
+    <product type="ebuild">binwalk</product>
+    <announced>2023-09-17</announced>
+    <revised count="1">2023-09-17</revised>
+    <bug>820614</bug>
+    <bug>903652</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-misc/binwalk" auto="yes" arch="*">
+            <unaffected range="ge">2.3.4</unaffected>
+            <vulnerable range="lt">2.3.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Binwalk is a tool for identifying files embedded inside firmware images.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Binwalk. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Binwalk users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-misc/binwalk-2.3.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4510">CVE-2022-4510</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-09-17T06:32:11.831863Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-09-17T06:32:11.834505Z">sam</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202309-08.xml b/metadata/glsa/glsa-202309-08.xml
new file mode 100644
index 000000000000..0b12314c2221
--- /dev/null
+++ b/metadata/glsa/glsa-202309-08.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202309-08">
+    <title>Requests: Information Leak</title>
+    <synopsis>A vulnerability has been discovered in Requests which could result in the disclosure of plaintext secrets.</synopsis>
+    <product type="ebuild">requests</product>
+    <announced>2023-09-17</announced>
+    <revised count="1">2023-09-17</revised>
+    <bug>906970</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-python/requests" auto="yes" arch="*">
+            <unaffected range="ge">2.31.0</unaffected>
+            <vulnerable range="lt">2.31.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Requests is an HTTP library for human beings.</p>
+    </background>
+    <description>
+        <p>Requests is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin with authentication credentials encoded into the URL.</p>
+    </description>
+    <impact type="low">
+        <p>Users&#39; proxy authentication secrets could be disclosed to parties beyond the used HTTP proxy server.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Requests users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-python/requests-2.31.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</uri>
+        <uri>GHSA-j8r2-6x86-q33q</uri>
+    </references>
+    <metadata tag="requester" timestamp="2023-09-17T06:32:25.550438Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2023-09-17T06:32:25.553604Z">sam</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index fbd8348470a2..80fd1cc6356a 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 17 Sep 2023 03:39:55 +0000
+Sun, 17 Sep 2023 09:40:07 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 00b1e1be74c7..8c507dfb8ce9 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-c436d88493a5c8eec9b1f8a63799d35dd75d3372 1694200711 2023-09-08T19:18:31+00:00
+350089607fb03a112b8ef41490ac5428b2edf828 1694932402 2023-09-17T06:33:22+00:00
author	V3n3RiX <venerix@koprulu.sector>	2023-09-17 11:03:04 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2023-09-17 11:03:04 +0100
commit	0968caae52d6eae7513e2ce4e0900a2e009780ee (patch)
tree	54218d0d3baaf14b964427f98c4f90f13380ffd3 /metadata/glsa
parent	58018a2c9504435bb719f2d60439ebe22fbeb503 (diff)