summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-12-25 23:06:25 +0000
committerV3n3RiX <venerix@redcorelinux.org>2020-12-25 23:06:25 +0000
commit441d1370330332b7d78f238d2f5e13f7aed5e4e0 (patch)
tree6a5171dd615dfeee62a45044144c66e864738fb0 /metadata/glsa
parentab3da91fb6c91a9df52fff8f991570f456fd3c7a (diff)
gentoo christmass resync : 25.12.2020
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin491803 -> 494188 bytes
-rw-r--r--metadata/glsa/glsa-202012-09.xml50
-rw-r--r--metadata/glsa/glsa-202012-10.xml60
-rw-r--r--metadata/glsa/glsa-202012-11.xml46
-rw-r--r--metadata/glsa/glsa-202012-12.xml53
-rw-r--r--metadata/glsa/glsa-202012-13.xml51
-rw-r--r--metadata/glsa/glsa-202012-14.xml51
-rw-r--r--metadata/glsa/glsa-202012-15.xml50
-rw-r--r--metadata/glsa/glsa-202012-16.xml73
-rw-r--r--metadata/glsa/glsa-202012-17.xml52
-rw-r--r--metadata/glsa/glsa-202012-18.xml55
-rw-r--r--metadata/glsa/glsa-202012-19.xml52
-rw-r--r--metadata/glsa/glsa-202012-20.xml122
-rw-r--r--metadata/glsa/glsa-202012-22.xml58
-rw-r--r--metadata/glsa/glsa-202012-23.xml59
-rw-r--r--metadata/glsa/glsa-202012-24.xml51
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
19 files changed, 900 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 132d1ba25db9..9bf188744404 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 491803 BLAKE2B 78c7b315718b290681f17c40a54b26e436d02ce9c07c7af217a95b8ba814d80acc88d2663352de1ae84551e2ca2c3599522f47f220f7729a6058ea3424c7371f SHA512 ab40e1589be1f2a6217a23c90ec3460c0358c487f815e9eedbe4164a7eadf4bd9b00bc1444285fbffeeff87fdc732a5321cd9e70839cc4622c40fa254a9b51a2
-TIMESTAMP 2020-12-18T10:38:43Z
+MANIFEST Manifest.files.gz 494188 BLAKE2B 06bbe4de83e86ba40cd9d32af0f5c629f7193a7b2d45313f5bbf32584c1872d72e37301ba735e9b855e0277581de211e930f66477a0bb84e9dd623fe6440fecc SHA512 f1a00ed1160522175a46c088034a8eb2afd13d41fa33354a8d74917618abeaa144f3c942f458ca2dc736b92823fe045919c4edbd9749f72b8ea031e46de95411
+TIMESTAMP 2020-12-25T22:38:29Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl/chrNfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl/maeVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAw9A/7BNyBDsJ+AcdcQIxEX4Jq+yOVc8m9pfDOesex8y+qlOWm2820Uf220Fp+
-NscNT1kPmvScHDr8o8neadrsX5oxvizg6EmFDSClHdrZDl5k+TekbxjK6t36xS+/
-3ZcrVXmW7BzKmCv7OKwve/vpABOFloAbVuH0NnQMGJncOGF50bGwUu05gOFoFFHO
-lmtYOGI4EDXQtTxIbqt79xlu5zw3dEhAuhN1S0UjDfUDl8jHRKmGXgboKlvwJ7oR
-eADv/bizjvtcHWg7XkPmDN/OdXGnkw11RwhLLIH6jeurWtXCa0RjveEDqsAhwe4j
-+x1edU4hdfCEw2j2pSrGhdoVL/I2sH120Qfm0GztGOgPiLw5i1EeF2qR+uVcG0d3
-prVDVhuocoP1G9dn5c1gmnBYOO+tL4Djd+CBF+SeEgX/Bby6klBskSzHfemjMOV+
-6Kdl6SFBDPQeoCYLZUAqr2C7NJ5PG5atOljE48RREGE2JZs09AjqRVr8RGDKkBGJ
-WP1GwhofAcDrljNjQXE+NYbKxmmQp69Z9C9lp7TWkDqqHwUcapVWJOO4dGtWDvUd
-h+I5qZTFcncU9PW1gdeh6Q8dx8cPx2jQ3tP/sEJLckfkqYfDlNQCIGD55SoSgEw8
-Trr5k860757ncsKs/9HnWQvt7qcSp6SkADIQ2qiO1GBbQt8uKTA=
-=5oUm
+klArLA/+JCCLRIMC3NN6LfUBrUnuFC7+VRXOZeIfFgWcCO0JYbtyAwRE/C/bwduJ
+WQaShhh4xOQvlzSFCz2CxY1NHv2fL811hUA6BIoSRC5cGmYribPiwD4qA/ckbavw
+RhHH25rE3YajaiZ5nUGFFxRUpJNBKtOk1eAgoS1lH+aTkiDpQSj+jRjTVx/Rs+/f
+YyczZRRUA90PLOLAW/jGCrXyCjfUL+ca15z7lBmfkkx2fU3N4QsdXkFAGgVigzej
+bCCXYu7bphKdCUXWZ0sALWC+uYZRhW6DqUSEz+dW88WiSCD1HQvh+Q4NUlYnGgRS
+U6fnvW32oofgNBOgpUgzpteszJbQsxEAphlCPXkvz5ic3uVZE1nvMXlSeVPPtuzM
+GKFazch/vM2EVaZ+c6DOfyzjZ8Ekui3HmahJJuvW21pM6deoGt0k2MvTOc8t/SiA
+vV4zQL8P+SPKxlnV7WrR6wedGXkW3mtC8uAaOQKjYXV2LLkfN3kJnLJ66uavTads
+VbJXqlLAaT3jY6q76BmBmZHbGNgufhqZhdUE4Z9VDXMeakACnl4KI+4bZ8pa197Z
+tcxT5B+BHLAOahXISif4LEEm4qlsE29LW8jtg6XC/xFQ05pOOoN5jrJ1z9XMffvt
+zXLWxaITW2yFNkVVhJjrr2I1lt4Ue7avIRX3bKatG6VzSDOZ2nA=
+=4Mzp
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index c21bcf6ee949..20ab6831b3d6 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202012-09.xml b/metadata/glsa/glsa-202012-09.xml
new file mode 100644
index 000000000000..98367ceec438
--- /dev/null
+++ b/metadata/glsa/glsa-202012-09.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-09">
+ <title>Cherokee: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Cherokee, the worst of
+ which could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">cherokee</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>715204</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-servers/cherokee" auto="yes" arch="*">
+ <vulnerable range="le">1.2.104-r2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Cherokee is an extra-light web server.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Cherokee. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>Gentoo has discontinued support for Cherokee. We recommend that users
+ unmerge package:
+ </p>
+
+ <code>
+ # emerge --unmerge "www-servers/cherokee"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2006-1681">CVE-2006-1681</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20798">CVE-2019-20798</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20799">CVE-2019-20799</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20800">CVE-2019-20800</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12845">CVE-2020-12845</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-23T16:51:00Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:47:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-10.xml b/metadata/glsa/glsa-202012-10.xml
new file mode 100644
index 000000000000..d3fcad05f767
--- /dev/null
+++ b/metadata/glsa/glsa-202012-10.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-10">
+ <title>WebkitGTK+: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+ of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">webkit-gtk</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>755947</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+ <unaffected range="ge">2.30.3</unaffected>
+ <vulnerable range="lt">2.30.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+ suitable for projects requiring any kind of web integration, from hybrid
+ HTML/CSS applications to full-fledged web browsers.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>An attacker, by enticing a user to visit maliciously crafted web
+ content, may be able to execute arbitrary code or cause memory
+ corruption.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.30.3"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13543">CVE-2020-13543</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13584">CVE-2020-13584</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9948">CVE-2020-9948</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9951">CVE-2020-9951</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9952">CVE-2020-9952</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9983">CVE-2020-9983</uri>
+ <uri link="https://webkitgtk.org/security/WSA-2020-0008.html">WSA-2020-0008</uri>
+ <uri link="https://webkitgtk.org/security/WSA-2020-0009.html">WSA-2020-0009</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-22T22:19:16Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:48:49Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-11.xml b/metadata/glsa/glsa-202012-11.xml
new file mode 100644
index 000000000000..f3d69f2db485
--- /dev/null
+++ b/metadata/glsa/glsa-202012-11.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-11">
+ <title>c-ares: Denial of service</title>
+ <synopsis>A Denial of Service vulnerability was discovered in c-ares.</synopsis>
+ <product type="ebuild">c-ares</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>754939</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="net-dns/c-ares" auto="yes" arch="*">
+ <unaffected range="ge">1.17.1</unaffected>
+ <vulnerable range="lt">1.17.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>c-ares is an asynchronous resolver library.</p>
+ </background>
+ <description>
+ <p>It was discovered that c-ares incorrectly handled certain DNS requests.</p>
+ </description>
+ <impact type="low">
+ <p>A remote attacker, able to trigger a DNS request for a host of their
+ choice by an application linked against c-ares, could possibly cause a
+ Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All c-ares users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-dns/c-ares-1.17.1"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8277">CVE-2020-8277</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-22T22:25:15Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:49:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-12.xml b/metadata/glsa/glsa-202012-12.xml
new file mode 100644
index 000000000000..ea229f22c983
--- /dev/null
+++ b/metadata/glsa/glsa-202012-12.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-12">
+ <title>libass: User-assisted execution of arbitrary code</title>
+ <synopsis>A vulnerability has been found in libass that could allow a remote
+ attacker to execute arbitrary code.
+ </synopsis>
+ <product type="ebuild">libass</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>746413</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="media-libs/libass" auto="yes" arch="*">
+ <unaffected range="ge">0.15.0</unaffected>
+ <vulnerable range="lt">0.15.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libass is a portable subtitle renderer for the ASS/SSA (Advanced
+ Substation Alpha/Substation Alpha) subtitle format.
+ </p>
+ </background>
+ <description>
+ <p>It was discovered that libass did not properly handle Advanced
+ Substation Alpha/Substation Alpha subtitle format files.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could entice a user to process an a specially crafted
+ subtitle format file using an application linked against libass, possibly
+ resulting in execution of arbitrary code with the privileges of the
+ process or a Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libass users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=media-libs/libass-0.15.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26682">CVE-2020-26682</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-22T22:35:27Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:52:17Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-13.xml b/metadata/glsa/glsa-202012-13.xml
new file mode 100644
index 000000000000..5bd290db05f7
--- /dev/null
+++ b/metadata/glsa/glsa-202012-13.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-13">
+ <title>OpenSSL: Denial of service</title>
+ <synopsis>A vulnerability in OpenSSL might allow remote attackers to cause a
+ Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">openssl</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>759079</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="dev-libs/openssl" auto="yes" arch="*">
+ <unaffected range="ge">1.1.1i</unaffected>
+ <vulnerable range="lt">1.1.1i</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+ (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well
+ as a general purpose cryptography library.
+ </p>
+ </background>
+ <description>
+ <p>A null pointer dereference flaw was found in OpenSSL.</p>
+ </description>
+ <impact type="low">
+ <p>A remote attacker, able to control the arguments of the GENERAL_NAME_cmp
+ function in an application linked against OpenSSL, could possibly cause a
+ Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OpenSSL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.1.1i"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1971">CVE-2020-1971</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-22T22:47:12Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:52:34Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-14.xml b/metadata/glsa/glsa-202012-14.xml
new file mode 100644
index 000000000000..6d7c215154f7
--- /dev/null
+++ b/metadata/glsa/glsa-202012-14.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-14">
+ <title>cURL: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+ which could result in information disclosure or data loss.
+ </synopsis>
+ <product type="ebuild">curl</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>737990</bug>
+ <bug>759259</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-misc/curl" auto="yes" arch="*">
+ <unaffected range="ge">7.74.0</unaffected>
+ <vulnerable range="lt">7.74.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>A command line tool and library for transferring data with URLs.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+ CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All cURL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.74.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8231">CVE-2020-8231</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8284">CVE-2020-8284</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8285">CVE-2020-8285</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8286">CVE-2020-8286</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-22T22:55:43Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:52:57Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-15.xml b/metadata/glsa/glsa-202012-15.xml
new file mode 100644
index 000000000000..771f8956fd74
--- /dev/null
+++ b/metadata/glsa/glsa-202012-15.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-15">
+ <title>GDK-PixBuf: Denial of service</title>
+ <synopsis>A vulnerability in GDK-PixBuf library could lead to a Denial of
+ Service condition.
+ </synopsis>
+ <product type="ebuild">gdk-pixbuf</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>759094</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="x11-libs/gdk-pixbuf" auto="yes" arch="*">
+ <unaffected range="ge">2.42.2</unaffected>
+ <vulnerable range="lt">2.42.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>GDK-PixBuf is an image loading library for GTK+.</p>
+ </background>
+ <description>
+ <p>It was discovered that the GDK-PixBuf library did not properly handle
+ certain GIF images.
+ </p>
+ </description>
+ <impact type="low">
+ <p>A remote attacker could entice a user to open a specially crafted GIF
+ image in an application linked against GDK-PixBuf library, possibly
+ resulting in a Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All GDK-PixBuf library users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=x11-libs/gdk-pixbuf-2.42.2"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29385">CVE-2020-29385</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-22T23:01:46Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:53:21Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-16.xml b/metadata/glsa/glsa-202012-16.xml
new file mode 100644
index 000000000000..30556bb56e1f
--- /dev/null
+++ b/metadata/glsa/glsa-202012-16.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-16">
+ <title>PHP: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in PHP, the worst of which
+ could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">php</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>711140</bug>
+ <bug>745993</bug>
+ <bug>756775</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="dev-lang/php" auto="yes" arch="*">
+ <unaffected range="ge" slot="7.2">7.2.34-r1</unaffected>
+ <unaffected range="ge" slot="7.3">7.3.25</unaffected>
+ <unaffected range="ge" slot="7.4">7.4.13</unaffected>
+ <vulnerable range="lt">8.0.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>PHP is an open source general-purpose scripting language that is
+ especially suited for web development.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in PHP. Please review the
+ CVE identifiers and change log referenced below for details.
+ </p>
+ </description>
+ <impact type="low">
+ <p>An attacker could cause a Denial of Service condition or obtain
+ sensitive information.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All PHP 7.2.x users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.2.34-r1:7.2"
+ </code>
+
+ <p>All PHP 7.3.x users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.3.25:7.3"
+ </code>
+
+ <p>All PHP 7.4.x users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-lang/php-7.4.13:7.4"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7069">CVE-2020-7069</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7070">CVE-2020-7070</uri>
+ <uri link="https://www.php.net/ChangeLog-7.php#7.4.13">PHP 7.4.13 Change
+ Log
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-22T23:21:19Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:53:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-17.xml b/metadata/glsa/glsa-202012-17.xml
new file mode 100644
index 000000000000..80b1db8fc462
--- /dev/null
+++ b/metadata/glsa/glsa-202012-17.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-17">
+ <title>D-Bus: Denial of service</title>
+ <synopsis>A local Denial of Service vulnerability was discovered in D-Bus.</synopsis>
+ <product type="ebuild">dbus</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>755392</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-apps/dbus" auto="yes" arch="*">
+ <unaffected range="ge">1.12.20</unaffected>
+ <vulnerable range="lt">1.12.20</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>D-Bus is a message bus system which processes can use to talk to each
+ other.
+ </p>
+ </background>
+ <description>
+ <p>It was discovered that D-Bus did not properly handle the situation when
+ two usernames have the same numeric UID.
+ </p>
+ </description>
+ <impact type="low">
+ <p>An attacker could possibly cause a Denial of Service condition or
+ trigger other undefined behavior, possibly including incorrect
+ authorization decisions.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All D-Bus users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=sys-apps/dbus-1.12.20"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://lists.freedesktop.org/archives/ftp-release/2020-July/000758.html">
+ dbus 1.12.20 security update announcement
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-23T00:47:59Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:54:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-18.xml b/metadata/glsa/glsa-202012-18.xml
new file mode 100644
index 000000000000..f7fbf13a6da1
--- /dev/null
+++ b/metadata/glsa/glsa-202012-18.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-18">
+ <title>PowerDNS: information disclosure</title>
+ <synopsis>An information disclosure vulnerability in PowerDNS allow remote
+ attackers to obtain sensitive information.
+ </synopsis>
+ <product type="ebuild">pdns</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>744160</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-dns/pdns" auto="yes" arch="*">
+ <unaffected range="ge">4.3.1</unaffected>
+ <vulnerable range="lt">4.3.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The PowerDNS nameserver is an authoritative-only nameserver which uses a
+ flexible backend architecture.
+ </p>
+ </background>
+ <description>
+ <p>It was discovered that PowerDNS did not properly handle certain unknown
+ records.
+ </p>
+ </description>
+ <impact type="low">
+ <p>An authorized attacker with the ability to insert crafted records into a
+ zone might be able to leak the content of uninitialized memory. Crafted
+ records cannot be inserted via AXFR.
+ </p>
+ </impact>
+ <workaround>
+ <p>Do not take zone data from untrusted users.</p>
+ </workaround>
+ <resolution>
+ <p>All PowerDNS users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-dns/pdns-4.3.1"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17482">CVE-2020-17482</uri>
+ <uri link="https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html">
+ PowerDNS Security Advisory 2020-05
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-23T16:32:50Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:54:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-19.xml b/metadata/glsa/glsa-202012-19.xml
new file mode 100644
index 000000000000..939cc25c34e8
--- /dev/null
+++ b/metadata/glsa/glsa-202012-19.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-19">
+ <title>PowerDNS Recursor: Denial of service</title>
+ <synopsis>A vulnerability in PowerDNS Recursor could lead to a Denial of
+ Service condition.
+ </synopsis>
+ <product type="ebuild">pdns-recursor</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>746923</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-dns/pdns-recursor" auto="yes" arch="*">
+ <unaffected range="ge">4.3.5</unaffected>
+ <vulnerable range="lt">4.3.5</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>PowerDNS Recursor is a high-end, high-performance resolving name server.</p>
+ </background>
+ <description>
+ <p>It was discovered that it was possible to update the DNSSEC validation
+ state to a bogus state for a cached record via DNS ANY query.
+ </p>
+ </description>
+ <impact type="low">
+ <p>A remote attacker could send specially crafted DNS queries to deny
+ DNSSEC validation.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All PowerDNS Recursor users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-dns/pdns-recursor-4.3.5"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25829">CVE-2020-25829</uri>
+ <uri link="https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html">
+ PowerDNS Security Advisory 2020-07
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-23T17:00:31Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:54:43Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-20.xml b/metadata/glsa/glsa-202012-20.xml
new file mode 100644
index 000000000000..883bfb84112a
--- /dev/null
+++ b/metadata/glsa/glsa-202012-20.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-20">
+ <title>Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+ Mozilla Thunderbird, the worst of which could result in the arbitrary
+ execution of code.
+ </synopsis>
+ <product type="ebuild">firefox,thunderbird</product>
+ <announced>2020-12-23</announced>
+ <revised count="1">2020-12-23</revised>
+ <bug>759097</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge" slot="0/esr78">78.6.0</unaffected>
+ <unaffected range="ge">84.0</unaffected>
+ <vulnerable range="lt">84.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="0/esr78">78.6.0</unaffected>
+ <unaffected range="ge">84.0</unaffected>
+ <vulnerable range="lt">84.0</vulnerable>
+ </package>
+ <package name="mail-client/thunderbird" auto="yes" arch="*">
+ <unaffected range="ge">78.6.0</unaffected>
+ <vulnerable range="lt">78.6.0</vulnerable>
+ </package>
+ <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+ <unaffected range="ge">78.6.0</unaffected>
+ <vulnerable range="lt">78.6.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+ project.
+ </p>
+
+ <p>Mozilla Thunderbird is a popular open-source email client from the
+ Mozilla project.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+ Mozilla Thunderbird. Please review the CVE identifiers referenced below
+ for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-84.0"
+ </code>
+
+ <p>All Mozilla Firefox (bin) users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-84.0"
+ </code>
+
+ <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/firefox-78.6.0:0/esr78"
+ </code>
+
+ <p>All Mozilla Firefox ESR (bin) users should upgrade to the latest
+ version:
+ </p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/firefox-bin-78.6.0:0/esr78"
+ </code>
+
+ <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.6.0"
+ </code>
+
+ <p>All Mozilla Thunderbird (bin) users should upgrade to the latest
+ version:
+ </p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=mail-client/thunderbird-bin-78.6.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16042">CVE-2020-16042</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26971">CVE-2020-26971</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26973">CVE-2020-26973</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26974">CVE-2020-26974</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26978">CVE-2020-26978</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35111">CVE-2020-35111</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35113">CVE-2020-35113</uri>
+ <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/">
+ MFSA-2020-55
+ </uri>
+ <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/">
+ MFSA-2020-56
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-22T22:07:43Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-23T19:56:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-22.xml b/metadata/glsa/glsa-202012-22.xml
new file mode 100644
index 000000000000..083b6e2777cd
--- /dev/null
+++ b/metadata/glsa/glsa-202012-22.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-22">
+ <title>HAProxy: Arbitrary code execution</title>
+ <synopsis>A buffer overflow in HAProxy might allow an attacker to execute
+ arbitrary code.
+ </synopsis>
+ <product type="ebuild">haproxy</product>
+ <announced>2020-12-24</announced>
+ <revised count="1">2020-12-24</revised>
+ <bug>715944</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-proxy/haproxy" auto="yes" arch="*">
+ <unaffected range="ge" slot="0/2.0">2.0.13</unaffected>
+ <unaffected range="ge">2.1.4</unaffected>
+ <vulnerable range="lt">2.1.4</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>HAProxy is a TCP/HTTP reverse proxy for high availability environments.</p>
+ </background>
+ <description>
+ <p>It was discovered that HAProxy incorrectly handled certain HTTP/2
+ headers.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker, by sending a specially crafted HTTP/2 request, could
+ possibly execute arbitrary code with the privileges of the process, or
+ cause a Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>Disable HTTP/2 support.</p>
+ </workaround>
+ <resolution>
+ <p>All HAProxy 2.0.x users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-proxy/haproxy-2.0.13:0/2.0"
+ </code>
+
+ <p>All other HAProxy users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-proxy/haproxy-2.1.4"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11100">CVE-2020-11100</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-20T16:01:15Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-12-24T14:09:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-23.xml b/metadata/glsa/glsa-202012-23.xml
new file mode 100644
index 000000000000..15ee7d69256d
--- /dev/null
+++ b/metadata/glsa/glsa-202012-23.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-23">
+ <title>Apache Tomcat: Information disclosure</title>
+ <synopsis>A vulnerability has been discovered in Apache Tomcat that allows
+ for the disclosure of sensitive information.
+ </synopsis>
+ <product type="ebuild">tomcat</product>
+ <announced>2020-12-24</announced>
+ <revised count="1">2020-12-24</revised>
+ <bug>758338</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-servers/tomcat" auto="yes" arch="*">
+ <unaffected range="ge" slot="8.5">8.5.60</unaffected>
+ <unaffected range="ge" slot="9">9.0.40</unaffected>
+ <vulnerable range="lt" slot="8.5">8.5.60</vulnerable>
+ <vulnerable range="lt" slot="9">9.0.40</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+ </background>
+ <description>
+ <p>It was discovered that Apache Tomcat could re-use an HTTP request header
+ value from the previous stream received on an HTTP/2 connection for the
+ request associated with the subsequent stream.
+ </p>
+ </description>
+ <impact type="low">
+ <p>A remote attacker, by sending well-timed HTTP/2 requests, could possibly
+ obtain sensitive information.
+ </p>
+ </impact>
+ <workaround>
+ <p>Disable HTTP/2 support.</p>
+ </workaround>
+ <resolution>
+ <p>All Apache Tomcat 8.5.x users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-8.5.60:8.5"
+ </code>
+
+ <p>All Apache Tomcat 9.x users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-9.0.40:9"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17527">CVE-2020-17527</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-23T01:20:53Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-24T14:11:02Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202012-24.xml b/metadata/glsa/glsa-202012-24.xml
new file mode 100644
index 000000000000..b0f388729a48
--- /dev/null
+++ b/metadata/glsa/glsa-202012-24.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202012-24">
+ <title>Samba: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Samba, the worst of
+ which could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">samba</product>
+ <announced>2020-12-24</announced>
+ <revised count="1">2020-12-24</revised>
+ <bug>743433</bug>
+ <bug>751724</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-fs/samba" auto="yes" arch="*">
+ <unaffected range="ge">4.12.9</unaffected>
+ <vulnerable range="lt">4.12.9</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Samba. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Samba users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-fs/samba-4.12.9"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14318">CVE-2020-14318</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14323">CVE-2020-14323</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14383">CVE-2020-14383</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1472">CVE-2020-1472</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-12-23T17:13:10Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2020-12-24T14:11:44Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 3566219e0db0..698dafaf84e1 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 18 Dec 2020 10:38:40 +0000
+Fri, 25 Dec 2020 22:38:26 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index d6f3da74af96..53f93d093df4 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-2d6a7eded7a3cf117b214efd061a0ad33a26510d 1607301079 2020-12-07T00:31:19+00:00
+ea35db4303f80b8dc5f6dffe7a6c3111e9e37b5a 1608819368 2020-12-24T14:16:08+00:00