gentoo auto-resync : 05:05:2024 - 00:00:45

author: V3n3RiX <venerix@koprulu.sector> 2024-05-05 00:00:45 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2024-05-05 00:00:45 +0100
commit: b594445f39d99066071d80fc8efeba5c8f72cc35 (patch)
tree: 9bf469821b12ac103807e30a6f7751d955648125 /metadata/glsa
parent: 7f3fecbb5b871825fe9632f46659869cab6a3769 (diff)
13 files changed, 522 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index b39eb978d3c7..aaf7a5bc04e7 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 569494 BLAKE2B 475196fd0ff28d6023f45e6c22284bded2028bbe891778e3828fb75c3727438168bcd5ab63fe48683bb5874710c096e12470eee93163ae90c07d1f9d79810710 SHA512 94822c7f83b3b68b28e1885c442c2d9b5794eb5f861b8a0862162601a2c2b03cdc2bb6144d8b4a1d61befedf2ff1952e540c518e34c7f15ff5af14b7dc567fcb
-TIMESTAMP 2024-05-03T22:10:31Z
+MANIFEST Manifest.files.gz 570922 BLAKE2B a20ec4f24eeb6769f4fdd5bd00ff1792ccc6e26c93c1c2b08c0895fb43406379af98ff13e85b945441d8d4ea41d80e54d053815bbe1d5c815a9c908c533b9ec2 SHA512 3192be04c28f462e6f5bfedc1c7ae89ae00f7410cffe7034ebcb0ea4fa6b81201a8fe37bc2773dbb03da6a69294d537152e094d11cfa73ad0531674951e1a5cd
+TIMESTAMP 2024-05-04T21:59:21Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmY1YNdfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmY2r7pfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAuww/+KjU5VyxTxNMr5S09Pj5W2bUq9lx2LnqS+PQMJBwkJ//95ayji5TasG/Q
-2K3vUBFhb+Idw7hmBERM9dHxMYC6ccqXOJePjpa6J+4fX9zaM/+FDWr2QoNum3GX
-EKY3kEm5PKDCUbBzdJlFUaWS/Vo+59xwHbH4aYVlc38ppYdu+QGjLEfO2FFV/MUd
-T7QBZ8Icg5tBTIdA0RCilvyp80iAbgw9otTOey+kJwj2hyWkdzbRPAFKOIAuNQw5
-Eh4T7Ob+/Hl5/IzApoWusP2voDWWou3GtIoDM2IC0NxbYMOiNomUgwxuwhH15Caa
-uoXwXwgIyvy5lpxOMiB0TyasaNIFoXOenO90u2fk2PAqS7+n0KnMzcV2tTiV4Kr1
-JzSsqHlLKCfPq5/RgW8EJNGpnmI9RExtlGppzNfXtygbCG5S4n6NecMrLEyBc/b9
-RZ4g7U42WM8D508/EwKXglR4ePvCIhrgppmNl6kpzgSYSbS2sDvmA0xgZNQGFX0/
-lZyMOiM7c3yorq3ieoDi/F5lvlIMedCzn7D3+dGHyQxEl4QMGZB2/EUFMCoSzLpp
-CdHZ8lByDSJqiZSJmGAfcOJcrnMclVF6ednZGV4eKlYhvAOoj6WFdJ9LVudFhOZV
-IwdNnhT7fwufcOUPYmv3xI1VNIyuPH35vEX4L3h/cvEPnqhNGEU=
-=jqKl
+klAwfQ/+JbT4B5j0YLSrfe407Dc3WmhxRsmNzhCJc0jlnnclX9lnkmbomUbFcR/1
+nrc1E8PKK7yUKG/FR02R2xYo7ehavMKywpN4pxyUElAYLY6i6lBQUV5A6YXD4PgY
+hNzqQA2iKKo35VNFMmDh6gVVx+JXHaE4eeHIxSv196g5+k4ws6bl2FuxcF76vTv9
+gigjuQck7Yan3zTVOAGFqOOLKZGtAuC7niwKtZMcbE9B7l+GEOu4Q4m8b28O+nnK
+neWcdj9HEDFj3/Qn00kL/jF2CJqUjSZtJCzTPBfddYIg7VnAJhlIss3mE6D+fr6S
+WO9+aGWU/BFOrCZU2x8MwipbQqzqJUMHMfD1MQx0j7C9+jwpa6mGij2GPbi9aq0d
+pHtZCSjXEbXUGbF7Q6iruyQ6U2NnspghaVUBNh4zr8v+61m1nY7evsexycFt3D6F
+VLvBwToOeJOZMLvB4WjoY6Lmp8/FIFg/d2w++h+Jsqd3XDaKBGkREMpZQ5uqZqJy
+AYFIOJdWovywnL/WzY8IsUsVVRwIrbkX6g+3haQhAm8uneuyubBDFn2yB0GznCgy
+kM/hoa5K/k6s8m0qX99qFUwHyx+CZ17/FD23wmNTAM4VqGLzTQO9ZqYxQa5hfHiB
+WdzV7CFI5qaYuy4WsjpUovjhqVWptD3/draoXyUSwr6e/byHL5U=
+=VfOY
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index ae360fd1f8a3..46e2455f1537 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202405-01.xml b/metadata/glsa/glsa-202405-01.xml
new file mode 100644
index 000000000000..a6e2cd89d1fc
--- /dev/null
+++ b/metadata/glsa/glsa-202405-01.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-01">
+    <title>Python, PyPy3: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation.</synopsis>
+    <product type="ebuild">pypy3,pypy3_10,pypy3_9,python</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>884653</bug>
+    <bug>897958</bug>
+    <bug>908018</bug>
+    <bug>912976</bug>
+    <bug>919475</bug>
+    <bug>927299</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-lang/python" auto="yes" arch="*">
+            <unaffected range="ge" slot="3.12">3.12.1</unaffected>
+            <unaffected range="ge" slot="3.11">3.11.8</unaffected>
+            <unaffected range="ge" slot="3.10">3.10.14</unaffected>
+            <unaffected range="ge" slot="3.9">3.9.19</unaffected>
+            <unaffected range="ge" slot="3.8">3.8.19</unaffected>
+            <vulnerable range="lt" slot="3.12">3.12.1</vulnerable>
+            <vulnerable range="lt" slot="3.11">3.11.8</vulnerable>
+            <vulnerable range="lt" slot="3.10">3.10.14</vulnerable>
+            <vulnerable range="lt" slot="3.9">3.9.19</vulnerable>
+            <vulnerable range="lt" slot="3.8">3.8.19</vulnerable>
+        </package>
+        <package name="dev-python/pypy3" auto="yes" arch="*">
+            <unaffected range="ge">7.3.16</unaffected>
+            <vulnerable range="lt">7.3.16</vulnerable>
+        </package>
+        <package name="dev-python/pypy3_10" auto="yes" arch="*">
+            <unaffected range="ge">7.3.16</unaffected>
+            <vulnerable range="lt">7.3.16</vulnerable>
+        </package>
+        <package name="dev-python/pypy3_9" auto="yes" arch="*">
+            <unaffected range="ge">7.3.16</unaffected>
+            <vulnerable range="lt">7.3.16</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Python is an interpreted, interactive, object-oriented, cross-platform programming language.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Python, PyPy3 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.1:3.12"
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.9:3.11"
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.14:3.10"
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.19:3.9"
+          # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.19:3.8"
+          # emerge --ask --oneshot --verbose ">=dev-python/pypy3-7.3.16"
+          # emerge --ask --oneshot --verbose ">=dev-python/pypy3_10-7.3.16"
+          # emerge --ask --oneshot --verbose ">=dev-python/pypy3_9-7.3.16"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6507">CVE-2023-6507</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6597">CVE-2023-6597</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24329">CVE-2023-24329</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40217">CVE-2023-40217</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-41105">CVE-2023-41105</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0450">CVE-2024-0450</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T05:59:08.361678Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T05:59:08.364851Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-02.xml b/metadata/glsa/glsa-202405-02.xml
new file mode 100644
index 000000000000..edf6010e2701
--- /dev/null
+++ b/metadata/glsa/glsa-202405-02.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-02">
+    <title>ImageMagick: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution.</synopsis>
+    <product type="ebuild">imagemagick</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>835931</bug>
+    <bug>843833</bug>
+    <bug>852947</bug>
+    <bug>871954</bug>
+    <bug>893526</bug>
+    <bug>904357</bug>
+    <bug>908082</bug>
+    <bug>917594</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-gfx/imagemagick" auto="yes" arch="*">
+            <unaffected range="ge">6.9.13.0</unaffected>
+            <unaffected range="ge">7.1.1.22</unaffected>
+            <vulnerable range="lt">6.9.12.88</vulnerable>
+            <vulnerable range="lt">7.1.1.11</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All ImageMagick 6.x users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.13.0" =media-gfx/imagemagick-6*"
+        </code>
+        
+        <p>All ImageMagick 7.x users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-7.1.1.22"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4219">CVE-2021-4219</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20224">CVE-2021-20224</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0284">CVE-2022-0284</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1115">CVE-2022-1115</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2719">CVE-2022-2719</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3213">CVE-2022-3213</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28463">CVE-2022-28463</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32545">CVE-2022-32545</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32546">CVE-2022-32546</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32547">CVE-2022-32547</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44267">CVE-2022-44267</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44268">CVE-2022-44268</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1906">CVE-2023-1906</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2157">CVE-2023-2157</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5341">CVE-2023-5341</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34151">CVE-2023-34151</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34153">CVE-2023-34153</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T06:13:28.990846Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T06:13:28.993140Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-03.xml b/metadata/glsa/glsa-202405-03.xml
new file mode 100644
index 000000000000..71fc1600b28e
--- /dev/null
+++ b/metadata/glsa/glsa-202405-03.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-03">
+    <title>Dalli: Code Injection</title>
+    <synopsis>A vulnerability has been discovered in Dalli, which can lead to code injection.</synopsis>
+    <product type="ebuild">dalli</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>882077</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="dev-ruby/dalli" auto="yes" arch="*">
+            <unaffected range="ge">3.2.3</unaffected>
+            <vulnerable range="lt">3.2.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Dalli is a high performance pure Ruby client for accessing memcached servers.</p>
+    </background>
+    <description>
+        <p>A vulnerability was found in Dalli. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Dalli users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-ruby/dalli-3.2.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4064">CVE-2022-4064</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T06:43:24.230534Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T06:43:24.233626Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-04.xml b/metadata/glsa/glsa-202405-04.xml
new file mode 100644
index 000000000000..d3736199ded8
--- /dev/null
+++ b/metadata/glsa/glsa-202405-04.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-04">
+    <title>systemd: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service.</synopsis>
+    <product type="ebuild">systemd</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>882769</bug>
+    <bug>887581</bug>
+    <access>local</access>
+    <affected>
+        <package name="sys-apps/systemd" auto="yes" arch="*">
+            <unaffected range="ge">252.4</unaffected>
+            <vulnerable range="lt">252.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>A system and service manager.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All systemd users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/systemd-252.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4415">CVE-2022-4415</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45873">CVE-2022-45873</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T07:18:38.700106Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T07:18:38.703836Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-05.xml b/metadata/glsa/glsa-202405-05.xml
new file mode 100644
index 000000000000..6a9805c47e6e
--- /dev/null
+++ b/metadata/glsa/glsa-202405-05.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-05">
+    <title>MPlayer: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">mplayer</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>870406</bug>
+    <access>local</access>
+    <affected>
+        <package name="media-video/mplayer" auto="yes" arch="*">
+            <unaffected range="ge">1.5</unaffected>
+            <vulnerable range="lt">1.5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>MPlayer is a media player capable of handling multiple multimedia file formats.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MPlayer. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MPlayer users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38600">CVE-2022-38600</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38850">CVE-2022-38850</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38851">CVE-2022-38851</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38853">CVE-2022-38853</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38855">CVE-2022-38855</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38856">CVE-2022-38856</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38858">CVE-2022-38858</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38860">CVE-2022-38860</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38861">CVE-2022-38861</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38862">CVE-2022-38862</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38863">CVE-2022-38863</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38864">CVE-2022-38864</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38865">CVE-2022-38865</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38866">CVE-2022-38866</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T07:42:15.329279Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T07:42:15.332064Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-06.xml b/metadata/glsa/glsa-202405-06.xml
new file mode 100644
index 000000000000..9d940ce8ac4a
--- /dev/null
+++ b/metadata/glsa/glsa-202405-06.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-06">
+    <title>mujs: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">mujs</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>833453</bug>
+    <bug>845399</bug>
+    <bug>882775</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-lang/mujs" auto="yes" arch="*">
+            <unaffected range="ge">1.3.2</unaffected>
+            <vulnerable range="lt">1.3.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>mujs is an embeddable Javascript interpreter in C.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in mujs. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All mujs users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/mujs-1.3.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45005">CVE-2021-45005</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30974">CVE-2022-30974</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30975">CVE-2022-30975</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44789">CVE-2022-44789</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T08:04:01.742392Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T08:04:01.746124Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-07.xml b/metadata/glsa/glsa-202405-07.xml
new file mode 100644
index 000000000000..af058486e8fd
--- /dev/null
+++ b/metadata/glsa/glsa-202405-07.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-07">
+    <title>HTMLDOC: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">htmldoc</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>780489</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="app-text/htmldoc" auto="yes" arch="*">
+            <unaffected range="ge">1.9.16</unaffected>
+            <vulnerable range="lt">1.9.16</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>HTMLDOC is a HTML indexer and HTML to PS and PDF converter.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in HTMLDOC. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All HTMLDOC users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/htmldoc-1.9.16"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20308">CVE-2021-20308</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23158">CVE-2021-23158</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23165">CVE-2021-23165</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23180">CVE-2021-23180</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23191">CVE-2021-23191</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23206">CVE-2021-23206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26252">CVE-2021-26252</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26259">CVE-2021-26259</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26948">CVE-2021-26948</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33235">CVE-2021-33235</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33236">CVE-2021-33236</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40985">CVE-2021-40985</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43579">CVE-2021-43579</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0137">CVE-2022-0137</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0534">CVE-2022-0534</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24191">CVE-2022-24191</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27114">CVE-2022-27114</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28085">CVE-2022-28085</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34033">CVE-2022-34033</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34035">CVE-2022-34035</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T08:44:19.188140Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T08:44:19.190127Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-08.xml b/metadata/glsa/glsa-202405-08.xml
new file mode 100644
index 000000000000..5bbf79184273
--- /dev/null
+++ b/metadata/glsa/glsa-202405-08.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-08">
+    <title>strongSwan: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution.</synopsis>
+    <product type="ebuild">strongswan</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>818841</bug>
+    <bug>832460</bug>
+    <bug>878887</bug>
+    <bug>899964</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-vpn/strongswan" auto="yes" arch="*">
+            <unaffected range="ge">5.9.10</unaffected>
+            <vulnerable range="lt">5.9.10</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>strongSwan is an IPSec implementation for Linux.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All strongSwan users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.9.10"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41991">CVE-2021-41991</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45079">CVE-2021-45079</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40617">CVE-2022-40617</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-26463">CVE-2023-26463</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T09:05:41.308308Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T09:05:41.311063Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-09.xml b/metadata/glsa/glsa-202405-09.xml
new file mode 100644
index 000000000000..8a896de227e1
--- /dev/null
+++ b/metadata/glsa/glsa-202405-09.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-09">
+    <title>MediaInfo, MediaInfoLib: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution.</synopsis>
+    <product type="ebuild">libmediainfo,mediainfo</product>
+    <announced>2024-05-04</announced>
+    <revised count="1">2024-05-04</revised>
+    <bug>778992</bug>
+    <bug>836564</bug>
+    <bug>875374</bug>
+    <bug>917612</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/libmediainfo" auto="yes" arch="*">
+            <unaffected range="ge">23.10</unaffected>
+            <vulnerable range="lt">23.10</vulnerable>
+        </package>
+        <package name="media-video/mediainfo" auto="yes" arch="*">
+            <unaffected range="ge">23.10</unaffected>
+            <vulnerable range="lt">23.10</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>MediaInfo supplies technical and tag information about media files. MediaInfoLib contains MediaInfo libraries.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MediaInfo and MediaInfoLib. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MediaInfo users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-video/mediainfo-23.10"
+        </code>
+        
+        <p>All MediaInfolib users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/libmediainfo-23.10"
+        </code>
+    </resolution>
+    <references>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-04T09:27:38.638046Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-05-04T09:27:38.656198Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index c7b31c3eee85..8ecc7a1cbe74 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Fri, 03 May 2024 22:10:27 +0000
+Sat, 04 May 2024 21:59:17 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 2db000c912a8..53aa7d984b53 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-ad7cf37eb216318a2076f79b7aceee6389bc887b 1711749190 2024-03-29T21:53:10+00:00
+3f0835df81643a2316838781489d1870a408b6c9 1714814889 2024-05-04T09:28:09+00:00
author	V3n3RiX <venerix@koprulu.sector>	2024-05-05 00:00:45 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2024-05-05 00:00:45 +0100
commit	b594445f39d99066071d80fc8efeba5c8f72cc35 (patch)
tree	9bf469821b12ac103807e30a6f7751d955648125 /metadata/glsa
parent	7f3fecbb5b871825fe9632f46659869cab6a3769 (diff)