gentoo auto-resync : 13:08:2024 - 11:06:03

author: V3n3RiX <venerix@koprulu.sector> 2024-08-13 11:06:03 +0100
committer: V3n3RiX <venerix@koprulu.sector> 2024-08-13 11:06:03 +0100
commit: be8708090362c01c6111c4b76f1e395c14d86e00 (patch)
tree: bb61ca73e867522450783849eb63c9e1f0ba1730 /metadata/glsa
parent: e93a38d535f2c29b55a5756d2de99425986b0bf3 (diff)
12 files changed, 391 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index e2ef61a24169..20502d8fac6e 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 584092 BLAKE2B b960ae534eff8fa6db49945007f40508967d9f8cf683f04174765fb5d1312a26cc5646608d3427f99807da6ff4f70b37eb7efd110add784653b5f6c70d58ab92 SHA512 4782a4da8afe0127d919ee8c4cb556cb1558a9d718055dc6bf2234a9b194e2fe866798c6207e59da2ae2b3cb0ac898c26cddd0aec96f25eb42fc5456622627c8
-TIMESTAMP 2024-08-11T09:10:22Z
+MANIFEST Manifest.files.gz 585357 BLAKE2B 90b484a7cfadba26e75b941b109643027b5530ea0e0da6565b28a1492ef9b8c6cfc7254e54f18ef93a17f476c8c87b2c8309fbac1afa85d144cc4d664931e811 SHA512 f5bbc1b0b0163958f91ecc02b4f0422622112ac5c642a105fef46e39550fd8622a03abd647b830a766a072ad993d41863d2d1d5ca05368f5af8d868f03aaeae4
+TIMESTAMP 2024-08-13T09:40:18Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAma4f/5fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAma7KgNfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAzQw/9GH4jeeTRkOkfJCngspflMWk6VWVqjNI205Wi5C87gYKlcL1AxUZFhAde
-anHJHn0RHRsjQ1esc1afMi0GHsSbJzSmCIeTZvAgSNhZ/y9c7dPGLr1xc1evpUXV
-8iDRB/a5yDFA/uE7KeLUHPcPE0yL+EFPE70kijvvDSFOJW+Bor9BDAaTNIZCbY8G
-5xBjSmBZsYhU0Cgn25sYj8MtThZAs7wectsAszxb+2bhJx1S8njP5iDAoBwGvqgv
-dbmmn2OdOA/orylgZ7JsCXeTgXswpgn/IVKtpiXtekQ7DaW11M1DWI4dymd6UDju
-hLVysXXpzx9bXVpCrAVG+eREo5cCZ+LUjvIvKu6MfQQ661BxPl7eFdZFZg59RuhI
-tAInAZArRm+/X8Wmd4rNu7dfaYW8SuTgpxFHHjPQ4bqUw0B6yfVAXwX/G8wfeDUF
-Gxe3HkqIvH+JK/hvrHvAEKOo5uJzPHKBTctYlzhWh3Br4cW8aZP+/QB9biF8+01u
-56pXoak/RXcrBVTvCxahXeuywaLgZIT3JMRzH2jujMziin9km+H8y8LgbqzChyIC
-/5YKDc3Qi/67zCqyyfTooRN/7DS4cTZ7wkr+F6Rs3+30r6VFVruhWyxXQVaYu9BZ
-kNUpwfOVmkko4ds2DqdtiAhhiCiWkDrKP5exy+uUvTWhuGYbx+w=
-=NBwO
+klCStg/8CeWGY1Ju60oUfKcbZWP9GCtPGXz7tiibM8dXaRvS5NoIrwYhb1F9HloM
+DjbEqT8WX4VLYq893hY0CXjt8hkGHQ5kkp/02u2gwI0TD3Ds5idoW7P9948zb/xM
+7GoCcaimf/NyR4ycAX0EDJqy9uMCjCV8UaeDlByV46W/lux0Vi0wIg459kSYAhmu
+NWwROtH2qQVGGGtAAB/4U7fJhYAdr7J7yTfQgka8Q2KLZLrZ5qOzzuKBOgqM/qpO
+x1DgSXNlIPbcODUF7iHUeJd4p0PYw759K6Bg6CUNt6fBN3hWS0FuQGfbeMsmbXtR
+E+cj9ZJvzm19fCmlWX0H08zeimijhGI+5YTgm5awanS71tgnaL0A/1GbefbQbWPI
+G7uaoZWp10zrlBDknAQ3laS9+RtQT1P8t3hL6eCfwS4HmH+mCZvux3/sBsUWqB4h
+47u8HbVaIzj9FiIIq87enPFYu6i7NLmW/tLCbUMOPUc2tVWdlmqqtOCWjrORhUi4
+39+yoaQ94i9n5bYBdKw5Z7wam7RI+tZT/R0sO4GHzZn9sSva63tAb7cVMMKQOnqp
+K+H0ne75T7IrNRsdNUCR0HWvJoKYjXt5/pSwnH+azhls2DpPfhzzxvBzPIsjKFQB
+LDc/cqnmdnm9LGyFRVgK0dhpva993lkhrqs4tFbAWsUTpIOQkDQ=
+=+3o+
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index e0113a974e93..0e491fc1977a 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202408-26.xml b/metadata/glsa/glsa-202408-26.xml
new file mode 100644
index 000000000000..924c5fbced4e
--- /dev/null
+++ b/metadata/glsa/glsa-202408-26.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-26">
+    <title>matio: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in matio, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">matio</product>
+    <announced>2024-08-11</announced>
+    <revised count="1">2024-08-11</revised>
+    <bug>803131</bug>
+    <access>local</access>
+    <affected>
+        <package name="sci-libs/matio" auto="yes" arch="*">
+            <unaffected range="ge">1.5.22</unaffected>
+            <vulnerable range="lt">1.5.22</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>matio is a library for reading and writing matlab files.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in matio. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All matio users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sci-libs/matio-1.5.22"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36428">CVE-2020-36428</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36977">CVE-2021-36977</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-11T14:39:15.111907Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-11T14:39:15.117732Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-27.xml b/metadata/glsa/glsa-202408-27.xml
new file mode 100644
index 000000000000..4274de781b85
--- /dev/null
+++ b/metadata/glsa/glsa-202408-27.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-27">
+    <title>AFLplusplus: Arbitrary Code Execution</title>
+    <synopsis>A vulnerability has been discovered in AFLplusplus, which can lead to arbitrary code execution via an untrusted CWD.</synopsis>
+    <product type="ebuild">aflplusplus</product>
+    <announced>2024-08-11</announced>
+    <revised count="1">2024-08-11</revised>
+    <bug>897924</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-forensics/aflplusplus" auto="yes" arch="*">
+            <unaffected range="ge">4.06c</unaffected>
+            <vulnerable range="lt">4.06c</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel &amp; redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!</p>
+    </background>
+    <description>
+        <p>In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.</p>
+    </description>
+    <impact type="normal">
+        <p>In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All AFLplusplus users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-forensics/aflplusplus-4.06c"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-26266">CVE-2023-26266</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-11T14:41:12.220665Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-11T14:41:12.227036Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-28.xml b/metadata/glsa/glsa-202408-28.xml
new file mode 100644
index 000000000000..4980349efa93
--- /dev/null
+++ b/metadata/glsa/glsa-202408-28.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-28">
+    <title>rsyslog: Heap Buffer Overflow</title>
+    <synopsis>A vulnerability has been discovered in rsyslog, which could possibly lead to remote code execution.</synopsis>
+    <product type="ebuild">rsyslog</product>
+    <announced>2024-08-11</announced>
+    <revised count="1">2024-08-11</revised>
+    <bug>842846</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="app-admin/rsyslog" auto="yes" arch="*">
+            <unaffected range="ge">8.2206.0</unaffected>
+            <vulnerable range="lt">8.2206.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>rsyslog is an enhanced multi-threaded syslogd with database support and more.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in rsyslog. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values, leading to data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All rsyslog users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/rsyslog-8.2206.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24903">CVE-2022-24903</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-11T14:42:54.282784Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-11T14:42:54.286434Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-29.xml b/metadata/glsa/glsa-202408-29.xml
new file mode 100644
index 000000000000..af5ebf387fce
--- /dev/null
+++ b/metadata/glsa/glsa-202408-29.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-29">
+    <title>MuPDF: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in MuPDF, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">mupdf</product>
+    <announced>2024-08-12</announced>
+    <revised count="1">2024-08-12</revised>
+    <bug>803305</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-text/mupdf" auto="yes" arch="*">
+            <unaffected range="ge">1.20.0</unaffected>
+            <vulnerable range="lt">1.20.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>A lightweight PDF, XPS, and E-book viewer.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MuPDF users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.20.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4216">CVE-2021-4216</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37220">CVE-2021-37220</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-12T07:17:27.916325Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-12T07:17:27.921110Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-30.xml b/metadata/glsa/glsa-202408-30.xml
new file mode 100644
index 000000000000..5acd36cb1c0d
--- /dev/null
+++ b/metadata/glsa/glsa-202408-30.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-30">
+    <title>dpkg: Directory Traversal</title>
+    <synopsis>A vulnerability has been discovered in dpkg, which allows for directory traversal.</synopsis>
+    <product type="ebuild">dpkg</product>
+    <announced>2024-08-12</announced>
+    <revised count="1">2024-08-12</revised>
+    <bug>847976</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-arch/dpkg" auto="yes" arch="*">
+            <unaffected range="ge">1.20.9-r1</unaffected>
+            <vulnerable range="lt">1.20.9-r1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Debian package management system.</p>
+    </background>
+    <description>
+        <p>Please review the CVE indentifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Dpkg::Source::Archive in dpkg, the Debian package management system, is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All dpkg users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-arch/dpkg-1.20.9-r1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1664">CVE-2022-1664</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-12T07:19:16.088421Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-12T07:19:16.091312Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-31.xml b/metadata/glsa/glsa-202408-31.xml
new file mode 100644
index 000000000000..a12aaf308106
--- /dev/null
+++ b/metadata/glsa/glsa-202408-31.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-31">
+    <title>protobuf, protobuf-python: Denial of Service</title>
+    <synopsis>A vulnerability has been discovered in protobuf and protobuf-python, which can lead to a denial of service.</synopsis>
+    <product type="ebuild">protobuf,protobuf-python</product>
+    <announced>2024-08-12</announced>
+    <revised count="1">2024-08-12</revised>
+    <bug>872434</bug>
+    <access>local</access>
+    <affected>
+        <package name="dev-libs/protobuf" auto="yes" arch="*">
+            <unaffected range="ge">3.20.3</unaffected>
+            <vulnerable range="lt">3.20.3</vulnerable>
+        </package>
+        <package name="dev-python/protobuf-python" auto="yes" arch="*">
+            <unaffected range="ge">3.19.6</unaffected>
+            <vulnerable range="lt">3.19.6</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Google&#39;s Protocol Buffers are an extensible mechanism for serializing structured data.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in protobuf and protobuf-python. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>A parsing vulnerability for the MessageSet type can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All protobuf and protobuf-python users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/protobuf-3.20.3"
+          # emerge --ask --oneshot --verbose ">=dev-python/protobuf-python-3.19.6"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1941">CVE-2022-1941</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-12T07:20:36.807024Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-12T07:20:36.811154Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202408-32.xml b/metadata/glsa/glsa-202408-32.xml
new file mode 100644
index 000000000000..286bc0aee520
--- /dev/null
+++ b/metadata/glsa/glsa-202408-32.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-32">
+    <title>PHP: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.</synopsis>
+    <product type="ebuild">php</product>
+    <announced>2024-08-12</announced>
+    <revised count="2">2024-08-13</revised>
+    <bug>889882</bug>
+    <bug>895416</bug>
+    <bug>908259</bug>
+    <bug>912331</bug>
+    <bug>929929</bug>
+    <bug>933752</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="dev-lang/php" auto="yes" arch="*">
+            <unaffected range="ge" slot="8.1">8.1.29</unaffected>
+            <unaffected range="ge" slot="8.2">8.2.20</unaffected>
+            <unaffected range="ge" slot="8.3">8.3.8</unaffected>
+            <vulnerable range="lt">8.1</vulnerable>
+            <vulnerable range="lt" slot="8.1">8.1.29</vulnerable>
+            <vulnerable range="lt" slot="8.2">8.2.20</vulnerable>
+            <vulnerable range="lt" slot="8.3">8.3.8</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All PHP users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/php-8.1.29:8.1"
+          # emerge --ask --oneshot --verbose ">=dev-lang/php-8.2.20:8.2"
+          # emerge --ask --oneshot --verbose ">=dev-lang/php-8.3.8:8.3"
+        </code>
+        
+        <p>Support for older version has been discontinued:</p>
+        
+        <code>
+          # emerge --ask --verbose --depclean "&lt;dev-lang/php-8.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31631">CVE-2022-31631</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0567">CVE-2023-0567</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0568">CVE-2023-0568</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0662">CVE-2023-0662</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3823">CVE-2023-3823</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3824">CVE-2023-3824</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2756">CVE-2024-2756</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2757">CVE-2024-2757</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3096">CVE-2024-3096</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4577">CVE-2024-4577</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5458">CVE-2024-5458</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5585">CVE-2024-5585</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-12T07:39:21.009398Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-08-12T07:39:21.012299Z">graaff</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202408-33.xml b/metadata/glsa/glsa-202408-33.xml
new file mode 100644
index 000000000000..83ae515b0017
--- /dev/null
+++ b/metadata/glsa/glsa-202408-33.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202408-33">
+    <title>protobuf-c: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in protobuf-c, the worst of which could result in denial of service.</synopsis>
+    <product type="ebuild">protobuf-c</product>
+    <announced>2024-08-12</announced>
+    <revised count="1">2024-08-12</revised>
+    <bug>856043</bug>
+    <bug>904423</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-libs/protobuf-c" auto="yes" arch="*">
+            <unaffected range="ge">1.4.1</unaffected>
+            <vulnerable range="lt">1.4.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>protobuf-c is a protocol buffers implementation in C.</p>
+    </background>
+    <description>
+        <p>Multiple denial of service vulnerabilities have been discovered in protobuf-c.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All protobuf-c users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/protobuf-c-1.4.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33070">CVE-2022-33070</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48468">CVE-2022-48468</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-08-12T09:21:36.523749Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2024-08-12T09:21:36.527843Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index ecc5e94eb91b..a1dd1e49543f 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 11 Aug 2024 09:10:18 +0000
+Tue, 13 Aug 2024 09:40:15 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index bffbe71e66a6..295e40287b6d 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-68a8d508cf9f0faa2bd942edbbb2cbf358d169d3 1723355180 2024-08-11T05:46:20Z
+7bcc5ebd7295c3c12ac47de41519dc019b4ba538 1723530188 2024-08-13T06:23:08Z
author	V3n3RiX <venerix@koprulu.sector>	2024-08-13 11:06:03 +0100
committer	V3n3RiX <venerix@koprulu.sector>	2024-08-13 11:06:03 +0100
commit	be8708090362c01c6111c4b76f1e395c14d86e00 (patch)
tree	bb61ca73e867522450783849eb63c9e1f0ba1730 /metadata/glsa
parent	e93a38d535f2c29b55a5756d2de99425986b0bf3 (diff)