summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-06-13 10:39:22 +0100
committerV3n3RiX <venerix@redcorelinux.org>2020-06-13 10:39:22 +0100
commit9452a6e87b6c2c70513bc47a2470bf9f1168920e (patch)
tree8ac67e26b45f34d71c5aab3621813b100a0d5f00 /metadata/glsa
parentf516638b7fe9592837389826a6152a7e1b251c54 (diff)
gentoo resync : 13.06.2020
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin465570 -> 467478 bytes
-rw-r--r--metadata/glsa/glsa-202006-01.xml49
-rw-r--r--metadata/glsa/glsa-202006-02.xml96
-rw-r--r--metadata/glsa/glsa-202006-03.xml49
-rw-r--r--metadata/glsa/glsa-202006-04.xml54
-rw-r--r--metadata/glsa/glsa-202006-05.xml55
-rw-r--r--metadata/glsa/glsa-202006-06.xml56
-rw-r--r--metadata/glsa/glsa-202006-07.xml66
-rw-r--r--metadata/glsa/glsa-202006-08.xml61
-rw-r--r--metadata/glsa/glsa-202006-09.xml51
-rw-r--r--metadata/glsa/glsa-202006-10.xml48
-rw-r--r--metadata/glsa/glsa-202006-11.xml55
-rw-r--r--metadata/glsa/glsa-202006-12.xml46
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
16 files changed, 703 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 8fd58666a2c4..576d87c190a3 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 465570 BLAKE2B a62e99817e32fd8ff7f82db3f63ecd455d8d078254d12926bca9349cd7d4cb7525d19b5ca213653d7ca3a28e5f51b7e4f978944f6a7c39fec3994650ada13ff2 SHA512 ee24891578ae08c29634185ea42adbf62dff9fd502bd411c413a0b0088f0d305dd4dba72180ac6793f6d434a7cc1a30d883831d3d40443eae468994ac283a7ef
-TIMESTAMP 2020-05-30T09:38:23Z
+MANIFEST Manifest.files.gz 467478 BLAKE2B f84f56d6f84d28d53ec12df6c1c9b351ab47c5a1f49b61ce8622c5db679861e27d7ce25da735464bfef3bcee4dd60d3b2993b39f3e35242be74b9c6a4dd0b4bf SHA512 88d1586b65d21522de591f657953bb9f61f8b1cce30f3dadef48927eb3f8eb3a3d2f22090d280a08a48c5e888e6fdd1b407f88d87a09782817743b4b23e2c92e
+TIMESTAMP 2020-06-13T09:08:29Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl7SKY9fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl7kl41fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDpWBAArRTOCjZ9aFeTFp3yciphQKhWTl4lqC33Db1d2A4lFL9c7Na5B71y98y0
-Kwur2li36+CwKKUtVqNhxGxVlM++wnF+IQQv3gMaeLmUrv73FLc0Wjme8b1Zfnz6
-JvDS0NukzNSyO1p/7YasajabpcdrQnhZ5JOsfy+2m6o0ElJx0GwQLwKT1XsiF/nX
-5dovYQNmg+zo/A++wQ8R+a8mXxpkE3Ce17AuOUqHSpasRw6HFTGDsY0OWeWKehUl
-zRVyP7WPiH0S7QMZpUFWnMoSvAM+r0QcmNCPDsU6WhxOzB6yKeoVFgkB4rCzej49
-q0JnSv1yz2ZiIRNaTn4qcSbFfl4zuElKO66IPZpok9kxadhHt+/TolvNrLhayIoU
-bug1nHW66DSaGWrkbNYhzuicncysudYqtmbD6MvMYDmYmZskATju3nDQkr3oqhKS
-MnvAWuVxiIo/B2Ukhwkhgk1YE8OzUe7CVYxBTcfTVOd2qqnqtBHAzClBnVCtwsxF
-HTHJjph+lleeTvVeAvDWHO92O7255ShuoS3XWBrSbz73OBJbMwK/eNLfynC+eQzX
-CeiY52tzd3UYeLMhzMZok7RCmnsmavBaieM1iC21karAWOk71yV+xLk7kphhiOm7
-JzmWmEyOoowkGA9TpnTQgjETK9pT/Cy+jGjshnjlPX+oL0vQ16k=
-=4h7Y
+klAmmg/+Jm295pzRFIchRjP2pTiXNnhc3h05wSjXK0IBL9I8cMNqrlHHpLEJpmSB
+jcjbdsm8+xXPnRv/m1tTAeusHoGKWOfLQ0Z6F2M5/XoJfjigUlCbL2/wES7+FflM
+/mKfFWtHWn4UiqouSpudqmnRqPb+2aOHPOge+NV6NY1jDIXb+v58f6OGvlcF+QUt
+QyVu1IDWEBsPA1uRbsUujsRBf8L5X6HdN0glgTnTdlMNQ8eCAGqsr/NWbS0tNeTC
+4CMuH++A673UiXX+M4Gh8IJ3uiO97XEFKXDQGBvuVQU9b6yBMdAmyMFzl3KWSiKe
+dmqMxtohPkassGhnMf5qTQZ5jeK3lAbUYG6395h3zye/ZURNe2InbLfByr8sdhxV
+kdcg5KM58/+uwXFsdNzzj4KIdTrPqe5bLYsvVeyznxc3hpvtoVKJTfeXO+wfLaP6
+dRbAdlsHd3sIDIfrkZXQHtjhtfLvrbA1hFTIirTsK++QTJyawNcf8/MiJhU4ROX3
+ax8/Mf8i/YeTBFfllkJ63uf4KgaziVJJzYKZIXfFwIVwNC5MqIspWdss/AH89G/m
+PO0D8H34b2ii4Y1RY9vP1ZdpqqFKLwacILYhqKEA3Ra7MgH+9D7a5P01PVAXZ2o/
+xb67ERgTVQ/BSXgS5WhnDuMYSBQevaDfQFTCFlmCdlkiFFIHSYA=
+=PMMM
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 192d458f15e0..14677ebaa92f 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202006-01.xml b/metadata/glsa/glsa-202006-01.xml
new file mode 100644
index 000000000000..e8768cba05db
--- /dev/null
+++ b/metadata/glsa/glsa-202006-01.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-01">
+ <title>GnuTLS: Information disclosure</title>
+ <synopsis>An information disclosure vulnerability in GnuTLS allow remote
+ attackers to obtain sensitive information.
+ </synopsis>
+ <product type="ebuild">gnutls</product>
+ <announced>2020-06-09</announced>
+ <revised count="1">2020-06-09</revised>
+ <bug>727108</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-libs/gnutls" auto="yes" arch="*">
+ <unaffected range="ge">3.6.14</unaffected>
+ <vulnerable range="lt">3.6.14</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>GnuTLS is an Open Source implementation of the TLS and SSL protocols.</p>
+ </background>
+ <description>
+ <p>A flaw was reported in the TLS session ticket key construction in
+ GnuTLS.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could recover previous conversations in TLS 1.2 and
+ obtain sensitive information or conduct a man-in-the-middle attack to
+ bypass authentication in TLS 1.3.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All GnuTLS user should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-libs/gnutls-3.6.14"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13777">CVE-2020-13777</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-06-05T15:47:41Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-09T14:41:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-02.xml b/metadata/glsa/glsa-202006-02.xml
new file mode 100644
index 000000000000..663d9d9029ec
--- /dev/null
+++ b/metadata/glsa/glsa-202006-02.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-02">
+ <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+ Chrome, the worst of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">chromium,google-chrome</product>
+ <announced>2020-06-10</announced>
+ <revised count="3">2020-06-13</revised>
+ <bug>724008</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/chromium" auto="yes" arch="*">
+ <unaffected range="ge">83.0.4103.97</unaffected>
+ <vulnerable range="lt">83.0.4103.97</vulnerable>
+ </package>
+ <package name="www-client/google-chrome" auto="yes" arch="*">
+ <unaffected range="ge">83.0.4103.97</unaffected>
+ <vulnerable range="lt">83.0.4103.97</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Chromium is an open-source browser project that aims to build a safer,
+ faster, and more stable way for all users to experience the web.
+ </p>
+
+ <p>Google Chrome is one fast, simple, and secure browser for all your
+ devices.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Chromium and Google
+ Chrome. Please review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All chromium users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/chromium-83.0.4103.97"
+ </code>
+
+ <p>All google-chrome users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/google-chrome-83.0.4103.97"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6465">CVE-2020-6465</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6466">CVE-2020-6466</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6467">CVE-2020-6467</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6468">CVE-2020-6468</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6469">CVE-2020-6469</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6470">CVE-2020-6470</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6471">CVE-2020-6471</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6472">CVE-2020-6472</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6473">CVE-2020-6473</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6474">CVE-2020-6474</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6475">CVE-2020-6475</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6476">CVE-2020-6476</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6477">CVE-2020-6477</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6478">CVE-2020-6478</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6479">CVE-2020-6479</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6480">CVE-2020-6480</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6481">CVE-2020-6481</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6482">CVE-2020-6482</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6483">CVE-2020-6483</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6484">CVE-2020-6484</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6485">CVE-2020-6485</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6486">CVE-2020-6486</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6487">CVE-2020-6487</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6488">CVE-2020-6488</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6489">CVE-2020-6489</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6490">CVE-2020-6490</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6491">CVE-2020-6491</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6493">CVE-2020-6493</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6494">CVE-2020-6494</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6495">CVE-2020-6495</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6496">CVE-2020-6496</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-06-04T09:55:12Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T00:59:41Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-03.xml b/metadata/glsa/glsa-202006-03.xml
new file mode 100644
index 000000000000..06c72762cc9c
--- /dev/null
+++ b/metadata/glsa/glsa-202006-03.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-03">
+ <title>Perl: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Perl, the worst of
+ which could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">perl</product>
+ <announced>2020-06-12</announced>
+ <revised count="1">2020-06-12</revised>
+ <bug>723792</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="dev-lang/perl" auto="yes" arch="*">
+ <unaffected range="ge">5.30.3</unaffected>
+ <vulnerable range="lt">5.30.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Perl is a highly capable, feature-rich programming language.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Perl. Please review the
+ CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Perl users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-lang/perl-5.30.3"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10543">CVE-2020-10543</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10878">CVE-2020-10878</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12723">CVE-2020-12723</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-06-09T02:23:58Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-12T04:18:23Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-04.xml b/metadata/glsa/glsa-202006-04.xml
new file mode 100644
index 000000000000..39cb805aee7a
--- /dev/null
+++ b/metadata/glsa/glsa-202006-04.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-04">
+ <title>glibc: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in glibc, the worst of
+ which could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">glibc</product>
+ <announced>2020-06-13</announced>
+ <revised count="1">2020-06-13</revised>
+ <bug>677272</bug>
+ <bug>679044</bug>
+ <bug>711558</bug>
+ <bug>717938</bug>
+ <bug>719472</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="sys-libs/glibc" auto="yes" arch="*">
+ <unaffected range="ge">2.30-r8</unaffected>
+ <vulnerable range="lt">2.30-r8</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>glibc is a package that contains the GNU C library.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in glibc. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All glibc users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.30-r8"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6488">CVE-2019-6488</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7309">CVE-2019-7309</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9169">CVE-2019-9169</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10029">CVE-2020-10029</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1751">CVE-2020-1751</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-22T01:05:58Z">BlueKnight</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T01:03:27Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-05.xml b/metadata/glsa/glsa-202006-05.xml
new file mode 100644
index 000000000000..8e2d321a301c
--- /dev/null
+++ b/metadata/glsa/glsa-202006-05.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-05">
+ <title>Nokogiri: Command injection</title>
+ <synopsis>Nokogiri has a vulnerability allowing arbitrary execution of code
+ if a certain function is used.
+ </synopsis>
+ <product type="ebuild">Nokogiri</product>
+ <announced>2020-06-13</announced>
+ <revised count="1">2020-06-13</revised>
+ <bug>691974</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-ruby/nokogiri" auto="yes" arch="*">
+ <unaffected range="ge">1.10.4</unaffected>
+ <vulnerable range="lt">1.10.4</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Nokogiri is an HTML, XML, SAX, and Reader parser.</p>
+ </background>
+ <description>
+ <p>A command injection vulnerability in Nokogiri allows commands to be
+ executed in a subprocess by Ruby’s Kernel.open method. Processes are
+ vulnerable only if the undocumented method
+ Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could possibly execute arbitrary code with the
+ privileges of the process.
+ </p>
+ </impact>
+ <workaround>
+ <p>Avoid calling the undocumented method Nokogiri::CSS::Tokenizer#load_file
+ with untrusted user input.
+ </p>
+ </workaround>
+ <resolution>
+ <p>All Nokogiri users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-ruby/nokogiri-1.10.4"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-5477">CVE-2019-5477</uri>
+ <uri link="https://github.com/sparklemotion/nokogiri/issues/1915">Upstream
+ bug
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-22T01:52:12Z">BlueKnight</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T01:06:32Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-06.xml b/metadata/glsa/glsa-202006-06.xml
new file mode 100644
index 000000000000..132e827b53ec
--- /dev/null
+++ b/metadata/glsa/glsa-202006-06.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-06">
+ <title>ssvnc: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in ssvnc, the worst of
+ which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">ssvnc</product>
+ <announced>2020-06-13</announced>
+ <revised count="1">2020-06-13</revised>
+ <bug>701820</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-misc/ssvnc" auto="yes" arch="*">
+ <vulnerable range="le">1.0.29-r2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC
+ connections.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in ssvnc. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>Gentoo has discontinued support for ssvnc. We recommend that users
+ unmerge ssvnc:
+ </p>
+
+ <code>
+ # emerge --unmerge "net-misc/ssvnc"
+ </code>
+
+ <p>NOTE: The Gentoo developer(s) maintaining ssvnc have discontinued
+ support at this time. It may be possible that a new Gentoo developer will
+ update ssvnc at a later date. An alternative may be a manual SSH tunnel.
+ </p>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20020">CVE-2018-20020</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20021">CVE-2018-20021</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20022">CVE-2018-20022</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20024">CVE-2018-20024</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-24T17:26:39Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T01:09:16Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-07.xml b/metadata/glsa/glsa-202006-07.xml
new file mode 100644
index 000000000000..9d5ea5d25600
--- /dev/null
+++ b/metadata/glsa/glsa-202006-07.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-07">
+ <title>Mozilla Firefox: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+ worst of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">firefox</product>
+ <announced>2020-06-13</announced>
+ <revised count="2">2020-06-13</revised>
+ <bug>726844</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge">68.9.0</unaffected>
+ <vulnerable range="lt">68.9.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge">68.9.0</unaffected>
+ <vulnerable range="lt">68.9.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+ Project.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.9.0"
+ </code>
+
+ <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.9.0"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12405">CVE-2020-12405</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12406">CVE-2020-12406</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12407">CVE-2020-12407</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12408">CVE-2020-12408</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12409">CVE-2020-12409</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12410">CVE-2020-12410</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12411">CVE-2020-12411</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-06-04T09:53:31Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T01:14:36Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-08.xml b/metadata/glsa/glsa-202006-08.xml
new file mode 100644
index 000000000000..e6a391fc9c30
--- /dev/null
+++ b/metadata/glsa/glsa-202006-08.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-08">
+ <title>WebKitGTK+: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+ of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">webkitgtk+</product>
+ <announced>2020-06-13</announced>
+ <revised count="1">2020-06-13</revised>
+ <bug>712260</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+ <unaffected range="ge">2.28.2</unaffected>
+ <vulnerable range="lt">2.28.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+ suitable for projects requiring any kind of web integration, from hybrid
+ HTML/CSS applications to full-fledged web browsers.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.28.2"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10018">CVE-2020-10018</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10018">CVE-2020-10018</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11793">CVE-2020-11793</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11793">CVE-2020-11793</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3885">CVE-2020-3885</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3894">CVE-2020-3894</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3895">CVE-2020-3895</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3897">CVE-2020-3897</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3899">CVE-2020-3899</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3900">CVE-2020-3900</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3901">CVE-2020-3901</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-3902">CVE-2020-3902</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-14T21:48:07Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T01:41:16Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-09.xml b/metadata/glsa/glsa-202006-09.xml
new file mode 100644
index 000000000000..8943a422203f
--- /dev/null
+++ b/metadata/glsa/glsa-202006-09.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-09">
+ <title>Adobe Flash Player: Arbitrary code execution</title>
+ <synopsis>A flaw in Adobe Flash Player may allow local or remote attacker(s)
+ to execute arbitrary code.
+ </synopsis>
+ <product type="ebuild">adobe-flash</product>
+ <announced>2020-06-13</announced>
+ <revised count="1">2020-06-13</revised>
+ <bug>727812</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-plugins/adobe-flash" auto="yes" arch="*">
+ <unaffected range="ge">32.0.0.387</unaffected>
+ <vulnerable range="lt">32.0.0.387</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The Adobe Flash Player is a renderer for the SWF file format, which is
+ commonly used to provide interactive websites.
+ </p>
+ </background>
+ <description>
+ <p>An unspecified flaw has been discovered in Adobe Flash Player.</p>
+ </description>
+ <impact type="normal">
+ <p>This flaw can be exploited by attackers for remote code execution.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Adobe Flash Player users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-plugins/adobe-flash-32.0.0.387"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9633">CVE-2020-9633</uri>
+ <uri link="https://helpx.adobe.com/security/products/flash-player/apsb20-30.html">
+ Upstream advisory (APSB20-30)
+ </uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-06-11T00:59:03Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T01:44:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-10.xml b/metadata/glsa/glsa-202006-10.xml
new file mode 100644
index 000000000000..0291e53cf3e5
--- /dev/null
+++ b/metadata/glsa/glsa-202006-10.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-10">
+ <title>GNU Readline: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in GNU Readline, the worst
+ of which could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">readline</product>
+ <announced>2020-06-13</announced>
+ <revised count="1">2020-06-13</revised>
+ <bug>717924</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-libs/readline" auto="yes" arch="*">
+ <unaffected range="ge">8.0</unaffected>
+ <vulnerable range="lt">8.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The GNU Readline library provides a set of functions for use by
+ applications that allow users to edit command lines as they are typed in.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in GNU Readline. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All GNU Readline users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=sys-libs/readline-8.0"
+ </code>
+
+ </resolution>
+ <references>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-21T23:21:08Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T01:47:15Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-11.xml b/metadata/glsa/glsa-202006-11.xml
new file mode 100644
index 000000000000..39a9974e3ffd
--- /dev/null
+++ b/metadata/glsa/glsa-202006-11.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-11">
+ <title>Ansible: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Ansible, the worst of
+ which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">ansible</product>
+ <announced>2020-06-13</announced>
+ <revised count="1">2020-06-13</revised>
+ <bug>711974</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-admin/ansible" auto="yes" arch="*">
+ <unaffected range="ge">2.9.7</unaffected>
+ <vulnerable range="lt">2.9.7</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Ansible is a radically simple IT automation platform.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Ansible. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Ansible users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=app-admin/ansible-2.9.7"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10684">CVE-2020-10684</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10685">CVE-2020-10685</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1733">CVE-2020-1733</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1735">CVE-2020-1735</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1736">CVE-2020-1736</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1737">CVE-2020-1737</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1738">CVE-2020-1738</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1740">CVE-2020-1740</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1753">CVE-2020-1753</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-15T14:41:54Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T01:49:30Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-12.xml b/metadata/glsa/glsa-202006-12.xml
new file mode 100644
index 000000000000..d55a1902c21c
--- /dev/null
+++ b/metadata/glsa/glsa-202006-12.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-12">
+ <title>GNU Mailutils: Privilege escalation</title>
+ <synopsis>A vulnerability has been found in GNU Mailutils allowing privilege
+ escalation.
+ </synopsis>
+ <product type="ebuild">mailutils</product>
+ <announced>2020-06-13</announced>
+ <revised count="1">2020-06-13</revised>
+ <bug>700806</bug>
+ <access>local</access>
+ <affected>
+ <package name="net-mail/mailutils" auto="yes" arch="*">
+ <unaffected range="ge">3.8</unaffected>
+ <vulnerable range="lt">3.8</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The GNU Mailutils are a collection of mail-related utilities, including
+ an IMAP4 server (imap4d).
+ </p>
+ </background>
+ <description>
+ <p>GNU Mailutils runs maidag by default with setuid root permissions.</p>
+ </description>
+ <impact type="high">
+ <p>An attacker can use this to write to arbitrary files as root.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All GNU Mailutils users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-mail/mailutils-3.8"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-18862">CVE-2019-18862</uri>
+ </references>
+ <metadata tag="requester" timestamp="2020-05-12T21:52:25Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2020-06-13T01:51:38Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index ec5ba1b6a782..88cdcb72a7ae 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 30 May 2020 09:38:20 +0000
+Sat, 13 Jun 2020 09:08:26 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 1e05047643a2..ee8db8673cd1 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-8f997a18382e6fd1fe9722aff738fb088141123c 1589546660 2020-05-15T12:44:20+00:00
+d201bee5ad23e8472de3397c356e66a559081d7f 1592013107 2020-06-13T01:51:47+00:00