gentoo resync : 25.11.2020

author: V3n3RiX <venerix@redcorelinux.org> 2020-11-25 22:39:15 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2020-11-25 22:39:15 +0000
commit: d934827bf44b7cfcf6711964418148fa60877668 (patch)
tree: 0625f358789b5e015e49db139cc1dbc9be00428f /metadata/glsa
parent: 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff)
32 files changed, 1711 insertions, 22 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 6bec4882a062..1291ab5e49c8 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 486217 BLAKE2B a2e8388c21e11622400955df84cf5750d3dc1ed97260561adcf8593401f8ff3776aefdf5d04f851eb00ee9174b5b2687221348810862c270d26525ad93d576a6 SHA512 b61762e35911592950f03484850ed8e6736359d874b45a8dc2f8c3e462bef78fc8623da4842eeba0a994b89218e6ced81235ec4b0d1cee904aa59dd83fa038b1
-TIMESTAMP 2020-10-01T21:38:34Z
+MANIFEST Manifest.files.gz 490524 BLAKE2B be35a1d153e1ba81293ae8ab5c825660ca94c79791160c09b03110828197671a59a74fda786aa87df0a823f5f18368ee4bdb024182195c06d7785f78d4cdfc02 SHA512 92605b968213805888bbe32f28bff22d2b23ff8e28d68962bb98d751b39f639824fc3891bdf662b3c74e0cdbff6403326e6a81180cc9ca128519d4ae6770b3d7
+TIMESTAMP 2020-11-25T22:08:37Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl92TFpfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl++1eVfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCQ1hAAn1G6/fYQF+DWncvR8C2oN3/roLLP7GLjC8YAD9FqwItZ3MvL/M9Gq84L
-2IQjH5lHXunvYnTwK020RsgBvrsIVHIaSaEqiawGh+mYkGMXnLHOAnt/M6h5RIPL
-ewNXHil2WSY0erX0f3AGccPVoq601b1XHkAUw91MPw5ArOAKOPM88EWhOBjVB6L/
-r/jY98/InLkT9pp66QbnU1JWzX1O3fotBsLDpLYcbO6TH/2VD1HSpG9Wbwj03T+S
-ZUJgaR08UGQEQsqRHB3uoH3mPgH2lWoTzp/5l6dRuygVrIaPdZti18JPPnBhKYj7
-G+f/6uIaIC16J5J3ghgIwEqGRPnlq3cBeUye5x4jEC6dmgN0p7NdSpDJY4sAOGOI
-x8ThoJWCCaM/LQQKGTYWKJi7n8DDjj7a1UgFZia/WScy0yAuJKz/I0db1tFO/LGC
-p6YHyTXZMb8z+mFnDFaw1Vhms3yoIdIF4O1pgsVtMcGKz1xKaiAe/qgYv/jO/LwG
-XD+ADmtT0hiaUEZ3+MAL5An7LOFubPQS/WUmTbZfY7vL4WZHx+UeZheJpdzVKyI7
-xpq06kYoJPzwRRy9boDCo+E08PhC8IOe9Hm/8bhX0prSkcU4LuAGBYcdjOiLlBTu
-BsOrUt9p+TenQJsoi6oVnX+xZ5kZ2ZRAxCwJ4lI9Dmw/UP9nIxE=
-=NxjY
+klAzHg/+PfhpYrjCraKDC0jPkS8kA97Gy/PuTtQ7snQSQo2n4+97Lybcrr0aD03Y
+LyICts7YTS8JRekiQokiFyJdQMX3y7gw0tBcsDhsPxftXgHPJf3iQ1SKmcwENOih
+Il5D17e7yUpav/63X49dFSGUAUrJ0B0b1a/cqmPzrGbIpqbJYqY4tgfackJMl8NK
+qd9P8oLBnjU53LSrkrmdAEwaUUuWbR2Y5tOEV0XgbrC8VIJwJtAaVu/zZLkqrG8w
+vfqeQQ3MKl/jbh95NGOgJMFV9B1TcBYVvvXRMwujZFFizK6LlNg/6S1vwcXluz7W
+jdtpgYKzBSFfW7FPC7Z0ABQmum8e1Qo+uAttCyyUDoB/7xQ2LuA/noSLi3NjyHYG
+RETPm0Rk+nUlY51Uv1XydRK9cLOFhUgSOS5A1ERAjJR3h3UZDF2PVugA1/awhMgk
+v370YKvJyNGY7xroHeHMeFdZLOrV7GTWXcuANAMa0ihcTrgZlNeulCdkILDqRHBZ
+mAxhsoPc1L/Xy5NxbLJD17b6dDryg4MSZbtlPESiAz1AXoQo+EhpwVa00KI3l//L
+dTwgPQ3kmG1WbsJ9BNK1ExHI2y9d4fz1nUvaMPvQrrg1O8q9DpAGtdYZMhlHNIhb
+eCJ70ExqVRU9Rrz7N2zFaVQCa17ld79lZOCrELULxobHyc0z0DA=
+=fBZY
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 57704eac4cbc..cfb40c7df80f 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202005-09.xml b/metadata/glsa/glsa-202005-09.xml
index 332036b90775..0968323af7b0 100644
--- a/metadata/glsa/glsa-202005-09.xml
+++ b/metadata/glsa/glsa-202005-09.xml
@@ -7,16 +7,17 @@
   </synopsis>
   <product type="ebuild">python</product>
   <announced>2020-05-14</announced>
-  <revised count="1">2020-05-14</revised>
+  <revised count="2">2020-10-18</revised>
   <bug>707822</bug>
+  <bug>741502</bug>
   <access>remote</access>
   <affected>
     <package name="dev-lang/python" auto="yes" arch="*">
-      <unaffected range="ge" slot="2.7">2.7.18</unaffected>
+      <unaffected range="ge" slot="2.7">2.7.18-r2</unaffected>
       <unaffected range="ge" slot="3.6">3.6.10-r2</unaffected>
       <unaffected range="ge" slot="3.7">3.7.7-r2</unaffected>
       <unaffected range="ge" slot="3.8">3.8.2-r2</unaffected>
-      <vulnerable range="lt" slot="2.7">2.7.18</vulnerable>
+      <vulnerable range="lt" slot="2.7">2.7.18-r2</vulnerable>
       <vulnerable range="lt" slot="3.6">3.6.10-r2</vulnerable>
       <vulnerable range="lt" slot="3.7">3.7.7-r2</vulnerable>
       <vulnerable range="lt" slot="3.8">3.8.2-r2</vulnerable>
@@ -44,7 +45,7 @@
     
     <code>
       # emerge --sync
-      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.18:2.7"
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.18-r2:2.7"
     </code>
     
     <p>All Python 3.6 users should upgrade to the latest version:</p>
@@ -73,5 +74,5 @@
     <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8492">CVE-2020-8492</uri>
   </references>
   <metadata tag="requester" timestamp="2020-05-07T23:04:03Z">sam_c</metadata>
-  <metadata tag="submitter" timestamp="2020-05-14T22:18:15Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-18T00:59:06Z">sam_c</metadata>
 </glsa>
diff --git a/metadata/glsa/glsa-202010-01.xml b/metadata/glsa/glsa-202010-01.xml
new file mode 100644
index 000000000000..855bac0279af
--- /dev/null
+++ b/metadata/glsa/glsa-202010-01.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-01">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium, google-chrome</product>
+  <announced>2020-10-17</announced>
+  <revised count="1">2020-10-17</revised>
+  <bug>747013</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.75</unaffected>
+      <vulnerable range="lt">86.0.4240.75</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.75</unaffected>
+      <vulnerable range="lt">86.0.4240.75</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-86.0.4240.75"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-86.0.4240.75"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15967">CVE-2020-15967</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15968">CVE-2020-15968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15969">CVE-2020-15969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15970">CVE-2020-15970</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15971">CVE-2020-15971</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15972">CVE-2020-15972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15973">CVE-2020-15973</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15974">CVE-2020-15974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15975">CVE-2020-15975</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15976">CVE-2020-15976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15977">CVE-2020-15977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15978">CVE-2020-15978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15979">CVE-2020-15979</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15980">CVE-2020-15980</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15981">CVE-2020-15981</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15982">CVE-2020-15982</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15983">CVE-2020-15983</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15984">CVE-2020-15984</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15985">CVE-2020-15985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15986">CVE-2020-15986</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15987">CVE-2020-15987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15988">CVE-2020-15988</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15989">CVE-2020-15989</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15990">CVE-2020-15990</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15991">CVE-2020-15991</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15992">CVE-2020-15992</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6557">CVE-2020-6557</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-08T02:31:49Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-17T09:03:37Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-02.xml b/metadata/glsa/glsa-202010-02.xml
new file mode 100644
index 000000000000..e67ad5cb8917
--- /dev/null
+++ b/metadata/glsa/glsa-202010-02.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-02">
+  <title>Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+    Mozilla Thunderbird, the worst of which could result in the arbitrary
+    execution of code.
+  </synopsis>
+  <product type="ebuild">firefox,thunderbird</product>
+  <announced>2020-10-17</announced>
+  <revised count="1">2020-10-17</revised>
+  <bug>744208</bug>
+  <bug>745432</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">81.0</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.3.0</unaffected>
+      <vulnerable range="lt">81.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">81.0</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.3.0</unaffected>
+      <vulnerable range="lt">81.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.3.1</unaffected>
+      <vulnerable range="lt">78.3.1</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.3.1</unaffected>
+      <vulnerable range="lt">78.3.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+    
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+      Mozilla Thunderbird. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-81.0"
+    </code>
+    
+    <p>All Mozilla Firefox (bin) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-81.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-78.3.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-78.3.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.3.1"
+    </code>
+    
+    <p>All Mozilla Thunderbird (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.3.1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15673">CVE-2020-15673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15676">CVE-2020-15676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15677">CVE-2020-15677</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15678">CVE-2020-15678</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/">
+      Mozilla Foundation Security Advisory 2020-43
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/">
+      Mozilla Foundation Security Advisory 2020-44
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-03T20:27:12Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-17T09:03:41Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-03.xml b/metadata/glsa/glsa-202010-03.xml
new file mode 100644
index 000000000000..192d449c539a
--- /dev/null
+++ b/metadata/glsa/glsa-202010-03.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-03">
+  <title>libjpeg-turbo: Information disclosure</title>
+  <synopsis>An information disclosure vulnerability in libjpeg-turbo allow
+    remote attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">libjpeg-turbo</product>
+  <announced>2020-10-20</announced>
+  <revised count="1">2020-10-20</revised>
+  <bug>727010</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libjpeg-turbo" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/0.1">1.5.3-r3</unaffected>
+      <unaffected range="ge" slot="0/0.2">2.0.4-r1</unaffected>
+      <vulnerable range="lt">2.0.4-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.</p>
+  </background>
+  <description>
+    <p>It was discovered that libjpeg-turbo incorrectly handled certain PPM
+      files.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted PPM
+      file using an application linked against libjpeg-turbo, possibly allowing
+      attacker to obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libjpeg-turbo 1.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/libjpeg-turbo-1.5.3-r3:0/0.1"
+    </code>
+    
+    <p>All libjpeg-turbo 2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/libjpeg-turbo-2.0.4-r1:0/0.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13790">CVE-2020-13790</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-08T04:33:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-20T10:43:26Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-04.xml b/metadata/glsa/glsa-202010-04.xml
new file mode 100644
index 000000000000..78c3523463bb
--- /dev/null
+++ b/metadata/glsa/glsa-202010-04.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-04">
+  <title>libxml2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libxml2, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">libxml2</product>
+  <announced>2020-10-20</announced>
+  <revised count="1">2020-10-20</revised>
+  <bug>710748</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-libs/libxml2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.10</unaffected>
+      <vulnerable range="lt">2.9.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libxml2 is the XML (eXtended Markup Language) C parser and toolkit
+      initially developed for the Gnome project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libxml2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libxml2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.10"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20388">CVE-2019-20388</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7595">CVE-2020-7595</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-02T01:04:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-20T10:44:05Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-05.xml b/metadata/glsa/glsa-202010-05.xml
new file mode 100644
index 000000000000..06ea01608cb7
--- /dev/null
+++ b/metadata/glsa/glsa-202010-05.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-05">
+  <title>LibRaw: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibRaw, the worst of
+    which may allow attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libraw</product>
+  <announced>2020-10-20</announced>
+  <revised count="1">2020-10-20</revised>
+  <bug>744190</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/libraw" auto="yes" arch="*">
+      <unaffected range="ge">0.20.0</unaffected>
+      <vulnerable range="lt">0.20.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>LibRaw is a library for reading RAW files obtained from digital photo
+      cameras.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibRaw. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted image
+      file using an application linked against LibRaw, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibRaw users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libraw-0.20.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24889">CVE-2020-24889</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24890">CVE-2020-24890</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-03T15:57:15Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-20T10:44:44Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-06.xml b/metadata/glsa/glsa-202010-06.xml
new file mode 100644
index 000000000000..6996a19ab11a
--- /dev/null
+++ b/metadata/glsa/glsa-202010-06.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-06">
+  <title>Ark: Arbitrary code execution</title>
+  <synopsis>Ark was found to allow arbitrary file overwrite, possibly allowing
+    arbitrary code execution.
+  </synopsis>
+  <product type="ebuild">ark</product>
+  <announced>2020-10-20</announced>
+  <revised count="1">2020-10-20</revised>
+  <bug>743959</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="kde-apps/ark" auto="yes" arch="*">
+      <unaffected range="ge">20.04.3-r2</unaffected>
+      <vulnerable range="lt">20.04.3-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ark is a graphical file compression/decompression utility with support
+      for multiple formats.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that Ark incorrectly handled symbolic links in tar
+      archive files.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive using Ark, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KDE Ark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/ark-20.04.3-r2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24654">CVE-2020-24654</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-02T23:33:15Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-20T10:45:10Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-07.xml b/metadata/glsa/glsa-202010-07.xml
new file mode 100644
index 000000000000..8e52bf4fa560
--- /dev/null
+++ b/metadata/glsa/glsa-202010-07.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-07">
+  <title>FreeType: Arbitrary code execution</title>
+  <synopsis>A buffer overflow in FreeType might allow remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">freetype</product>
+  <announced>2020-10-23</announced>
+  <revised count="1">2020-10-23</revised>
+  <bug>750275</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/freetype" auto="yes" arch="*">
+      <unaffected range="ge">2.10.3-r1</unaffected>
+      <vulnerable range="lt">2.10.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FreeType is a high-quality and portable font engine.</p>
+  </background>
+  <description>
+    <p>A flaw in FreeType’s handling of embedded PNG bitmaps was discovered
+      where the image height and width was not checked to be within bounds.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted font
+      file using FreeType possibly resulting in the execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FreeType users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.10.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15999">CVE-2020-15999</uri>
+    <uri link="https://savannah.nongnu.org/bugs/?59308">Upstream bug</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-20T09:45:14Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-23T03:42:18Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202010-08.xml b/metadata/glsa/glsa-202010-08.xml
new file mode 100644
index 000000000000..f206b1a07441
--- /dev/null
+++ b/metadata/glsa/glsa-202010-08.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202010-08">
+  <title>Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+    Mozilla Thunderbird, the worst of which could result in the arbitrary
+    execution of code.
+  </synopsis>
+  <product type="ebuild">firefox,thunderbird</product>
+  <announced>2020-10-28</announced>
+  <revised count="1">2020-10-28</revised>
+  <bug>750446</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">82.0</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.4.0</unaffected>
+      <vulnerable range="lt">82.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">82.0</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.4.0</unaffected>
+      <vulnerable range="lt">82.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.4.0</unaffected>
+      <vulnerable range="lt">78.4.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.4.0</unaffected>
+      <vulnerable range="lt">78.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+    
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+      Mozilla Thunderbird. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-82.0"
+    </code>
+    
+    <p>All Mozilla Firefox (bin) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-82.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-78.4.0:0/esr78"
+    </code>
+    
+    <p>All Mozilla Firefox ESR (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-bin-78.4.0:0/esr78"
+    </code>
+    
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.4.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird (bin) users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.4.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15683">CVE-2020-15683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15969">CVE-2020-15969</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/">
+      MFSA-2020-45
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/">
+      MFSA-2020-46
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/">
+      MFSA-2020-47
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-22T14:24:38Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-10-28T00:27:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-01.xml b/metadata/glsa/glsa-202011-01.xml
new file mode 100644
index 000000000000..8050a84cb56f
--- /dev/null
+++ b/metadata/glsa/glsa-202011-01.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-01">
+  <title>BlueZ: Arbitrary code execution</title>
+  <synopsis>A vulnerability in BlueZ might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">bluez</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>749285</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-wireless/bluez" auto="yes" arch="*">
+      <unaffected range="ge">5.55</unaffected>
+      <vulnerable range="lt">5.55</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Set of tools to manage Bluetooth devices for Linux.</p>
+  </background>
+  <description>
+    <p>It was discovered that there was a double-free vulnerability in Bluez
+      after the service discovery which occurs after a Bluetoth Low Energy
+      (BLE) connection has been established to a device.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to connect to a malicious GATT
+      server or device, could cause the execution of arbitrary code with the
+      privileges of the user running gatttool client or cause a Denial of
+      Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BlueZ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/bluez-5.55"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27153">CVE-2020-27153</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-20T10:51:04Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:32:28Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-02.xml b/metadata/glsa/glsa-202011-02.xml
new file mode 100644
index 000000000000..b718c8d628dc
--- /dev/null
+++ b/metadata/glsa/glsa-202011-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-02">
+  <title>OpenDMARC: Heap-based buffer overflow</title>
+  <synopsis>A heap-based buffer overflow in OpenDMARC might allow remote
+    attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">opendmarc</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>734158</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-filter/opendmarc" auto="yes" arch="*">
+      <unaffected range="ge">1.3.3</unaffected>
+      <vulnerable range="lt">1.3.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenDMARC is an open source DMARC implementation.</p>
+  </background>
+  <description>
+    <p>It was found that OpenDMARC did not properly handle DMARC aggregate
+      reports.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending a specially crafted DMARC aggregate
+      report, could possibly cause a Denial of Service condition and depending
+      on how OpenDMARC library is used in linked application execute arbitrary
+      code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenDMARC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-filter/opendmarc-1.3.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12460">CVE-2020-12460</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-15T18:55:45Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:33:08Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-03.xml b/metadata/glsa/glsa-202011-03.xml
new file mode 100644
index 000000000000..e1b77427335f
--- /dev/null
+++ b/metadata/glsa/glsa-202011-03.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-03">
+  <title>KPMCore: Root privilege escalation</title>
+  <synopsis>A vulnerability in kpmcore could result in privilege escalation.</synopsis>
+  <product type="ebuild">kpmcore</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>749822</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-libs/kpmcore" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0</unaffected>
+      <vulnerable range="lt">4.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>KPMcore, the KDE Partition Manager core, is a library for examining and
+      modifying partitions, disk devices, and filesystems on a Linux system. It
+      provides a unified programming interface over top of (external)
+      system-manipulation tools.
+    </p>
+  </background>
+  <description>
+    <p>Improper checks on the D-Bus request received resulted in improper
+      protection for /etc/fstab.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could esclate privileges to root by exploiting this
+      vulnerability.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All KPMCore users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-libs/kpmcore-4.2.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27187">CVE-2020-27187</uri>
+    <uri link="https://mail.kde.org/pipermail/kde-announce/2020-October/000124.html">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-23T04:10:26Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:33:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-04.xml b/metadata/glsa/glsa-202011-04.xml
new file mode 100644
index 000000000000..6cef70d8b7af
--- /dev/null
+++ b/metadata/glsa/glsa-202011-04.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-04">
+  <title>Fossil: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Fossil, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">fossil</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>738220</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-vcs/fossil" auto="yes" arch="*">
+      <unaffected range="ge">2.12.1</unaffected>
+      <vulnerable range="lt">2.12.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Fossil is a simple, high-reliability, distributed software configuration
+      management system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Fossil. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted
+      repository using Fossil, possibly resulting in execution of arbitrary
+      code with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Fossil users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/fossil-2.12.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24614">CVE-2020-24614</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-04T13:56:09Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:34:02Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-05.xml b/metadata/glsa/glsa-202011-05.xml
new file mode 100644
index 000000000000..3301038aa721
--- /dev/null
+++ b/metadata/glsa/glsa-202011-05.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-05">
+  <title>libssh: Denial of Service</title>
+  <synopsis>A vulnerability in libssh could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libssh</product>
+  <announced>2020-11-03</announced>
+  <revised count="1">2020-11-03</revised>
+  <bug>734624</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/libssh" auto="yes" arch="*">
+      <unaffected range="ge">0.9.5</unaffected>
+      <vulnerable range="lt">0.9.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libssh is a multiplatform C library implementing the SSHv2 protocol on
+      client and server side.
+    </p>
+  </background>
+  <description>
+    <p>libssh was found to have a NULL pointer dereference in tftpserver.c if
+      the function ssh_buffer_new returns NULL.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libssh users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh-0.9.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16135">CVE-2020-16135</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-15T18:56:19Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-03T00:34:45Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-06.xml b/metadata/glsa/glsa-202011-06.xml
new file mode 100644
index 000000000000..f3f187929c41
--- /dev/null
+++ b/metadata/glsa/glsa-202011-06.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-06">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2020-11-11</announced>
+  <revised count="3">2020-11-11</revised>
+  <bug>744202</bug>
+  <bug>750779</bug>
+  <bug>753692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.13.2</unaffected>
+      <vulnerable range="lt">4.13.2</vulnerable>
+    </package>
+    <package name="app-emulation/xen-tools" auto="yes" arch="*">
+      <unaffected range="ge">4.13.2</unaffected>
+      <vulnerable range="lt">4.13.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.13.1-r5"
+    </code>
+    
+    <p>All Xen Tools users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/xen-tools-4.13.1-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25595">CVE-2020-25595</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25596">CVE-2020-25596</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25597">CVE-2020-25597</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25598">CVE-2020-25598</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25599">CVE-2020-25599</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25600">CVE-2020-25600</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25601">CVE-2020-25601</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25602">CVE-2020-25602</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25603">CVE-2020-25603</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25604">CVE-2020-25604</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27670">CVE-2020-27670</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27671">CVE-2020-27671</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27672">CVE-2020-27672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27673">CVE-2020-27673</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27674">CVE-2020-27674</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27675">CVE-2020-27675</uri>
+    <uri link="https://xenbits.xen.org/xsa/advisory-345.html">XSA-345</uri>
+    <uri link="https://xenbits.xen.org/xsa/advisory-346.html">XSA-346</uri>
+    <uri link="https://xenbits.xen.org/xsa/advisory-347.html">XSA-347</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-23T04:14:51Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:40:50Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-07.xml b/metadata/glsa/glsa-202011-07.xml
new file mode 100644
index 000000000000..19e8efe6d69a
--- /dev/null
+++ b/metadata/glsa/glsa-202011-07.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-07">
+  <title>Mozilla Firefox: Remote code execution</title>
+  <synopsis>A use-after-free in Mozilla Firefox might allow remote attacker(s)
+    to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>753773</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">82.0.3</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.4.1</unaffected>
+      <vulnerable range="lt">82.0.3</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">82.0.3</unaffected>
+      <unaffected range="ge" slot="0/esr78">78.4.1</unaffected>
+      <vulnerable range="lt">78.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+  </background>
+  <description>
+    <p>Invalid assumptions when emitting the the MCallGetProperty opcode in the
+      JavaScript JIT may result in a use-after-free condition.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-82.0.3"
+    </code>
+    
+    <p>All Mozilla Firefox (bin) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-bin-78.4.1:0/esr78"
+    </code>
+    
+    <p>All Mozilla Firefox (ESR) users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-82.0.3"
+    </code>
+    
+    <p>All Mozilla Firefox (ESR) bin users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/firefox-bin-78.4.1:0/esr78"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26950">CVE-2020-26950</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/">
+      MFSA-2020-49
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-09T20:03:19Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:36:43Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-08.xml b/metadata/glsa/glsa-202011-08.xml
new file mode 100644
index 000000000000..c91c014dc588
--- /dev/null
+++ b/metadata/glsa/glsa-202011-08.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-08">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>750692</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">3.4.0</unaffected>
+      <vulnerable range="lt">3.4.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-3.4.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26575">CVE-2020-26575</uri>
+    <uri link="https://www.wireshark.org/security/wnpa-sec-2020-14">
+      wnpa-sec-2020-14
+    </uri>
+    <uri link="https://www.wireshark.org/security/wnpa-sec-2020-15">
+      wnpa-sec-2020-15
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-08T10:31:07Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:36:48Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-09.xml b/metadata/glsa/glsa-202011-09.xml
new file mode 100644
index 000000000000..fba58488bdff
--- /dev/null
+++ b/metadata/glsa/glsa-202011-09.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-09">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>720896</bug>
+  <bug>725634</bug>
+  <bug>743649</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">5.1.0-r1</unaffected>
+      <vulnerable range="lt">5.1.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-5.1.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10717">CVE-2020-10717</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10761">CVE-2020-10761</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13253">CVE-2020-13253</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13361">CVE-2020-13361</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13362">CVE-2020-13362</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13659">CVE-2020-13659</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13754">CVE-2020-13754</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13791">CVE-2020-13791</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13800">CVE-2020-13800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14364">CVE-2020-14364</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-07T02:00:43Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:36:56Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-10.xml b/metadata/glsa/glsa-202011-10.xml
new file mode 100644
index 000000000000..3126f1b174d5
--- /dev/null
+++ b/metadata/glsa/glsa-202011-10.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-10">
+  <title>tmux: Buffer overflow</title>
+  <synopsis>A buffer overflow in tmux might allow remote attacker(s) to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">tmux</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>753206</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-misc/tmux" auto="yes" arch="*">
+      <unaffected range="ge">3.1c</unaffected>
+      <vulnerable range="lt">3.1c</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>tmux is a terminal multiplexer.</p>
+  </background>
+  <description>
+    <p>A flaw in tmux’s handling of escape characters was discovered which
+      may allow a buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All tmux users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-misc/tmux-3.1c"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27347">CVE-2020-27347</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-09T23:15:04Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:36:59Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-11.xml b/metadata/glsa/glsa-202011-11.xml
new file mode 100644
index 000000000000..ee062a506924
--- /dev/null
+++ b/metadata/glsa/glsa-202011-11.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-11">
+  <title>Blueman: Local privilege escalation</title>
+  <synopsis>A privilege escalation vulnerability has been discovered in
+    Blueman.
+  </synopsis>
+  <product type="ebuild">blueman</product>
+  <announced>2020-11-11</announced>
+  <revised count="2">2020-11-11</revised>
+  <bug>751556</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-wireless/blueman" auto="yes" arch="*">
+      <unaffected range="ge">2.1.4</unaffected>
+      <vulnerable range="lt">2.1.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Blueman is a simple and intuitive GTK+ Bluetooth Manager.</p>
+  </background>
+  <description>
+    <p>Where Polkit is not used and the default permissions have been changed
+      on a specific rule file, control of a local DHCP daemon may be possible.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker may be able to achieve root privilege escalation.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Blueman users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-wireless/blueman-2.1.4"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15238">CVE-2020-15238</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-01T02:23:14Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:43:42Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-12.xml b/metadata/glsa/glsa-202011-12.xml
new file mode 100644
index 000000000000..03f1f501dfbc
--- /dev/null
+++ b/metadata/glsa/glsa-202011-12.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-12">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>750854</bug>
+  <bug>752375</bug>
+  <bug>753848</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.193</unaffected>
+      <vulnerable range="lt">86.0.4240.193</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.193</unaffected>
+      <vulnerable range="lt">86.0.4240.193</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-86.0.4240.193"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-86.0.4240.193"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15999">CVE-2020-15999</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16004">CVE-2020-16004</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16005">CVE-2020-16005</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16006">CVE-2020-16006</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16008">CVE-2020-16008</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16009">CVE-2020-16009</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16016">CVE-2020-16016</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-10T22:00:45Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:37:14Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-13.xml b/metadata/glsa/glsa-202011-13.xml
new file mode 100644
index 000000000000..b5f28160775e
--- /dev/null
+++ b/metadata/glsa/glsa-202011-13.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-13">
+  <title>Salt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Salt, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">salt</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>753266</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-admin/salt" auto="yes" arch="*">
+      <unaffected range="ge">3000.5</unaffected>
+      <vulnerable range="lt">3000.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Salt is a remote execution and configuration manager.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Salt. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Salt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-admin/salt-3000.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16846">CVE-2020-16846</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17490">CVE-2020-17490</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25592">CVE-2020-25592</uri>
+    <uri link="https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-09T23:14:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:38:41Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-14.xml b/metadata/glsa/glsa-202011-14.xml
new file mode 100644
index 000000000000..2ae7a8c2ec92
--- /dev/null
+++ b/metadata/glsa/glsa-202011-14.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-14">
+  <title>MariaDB: Remote code execution</title>
+  <synopsis>A vulnerability has been discovered in MariaDB which could result
+    in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">mariadb</product>
+  <announced>2020-11-11</announced>
+  <revised count="1">2020-11-11</revised>
+  <bug>747166</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-db/mariadb" auto="yes" arch="*">
+      <unaffected range="ge" slot="10.5">10.5.6</unaffected>
+      <unaffected range="ge" slot="10.4">10.4.13-r3</unaffected>
+      <unaffected range="ge" slot="10.3">10.3.23-r3</unaffected>
+      <unaffected range="ge" slot="10.2">10.2.22-r3</unaffected>
+      <vulnerable range="lt">10.5.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>MariaDB is an enhanced, drop-in replacement for MySQL.</p>
+  </background>
+  <description>
+    <p>It was discovered that MariaDB did not properly validate the content of
+      a packet received from a server.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could send a specially crafted packet to WSREP
+      service, possibly resulting in execution of arbitrary code with the
+      privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MariaDB 10.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.5.6:10.5"
+    </code>
+    
+    <p>All MariaDB 10.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.4.13-r3:10.4"
+    </code>
+    
+    <p>All MariaDB 10.3.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.3.23-r3:10.3"
+    </code>
+    
+    <p>All MariaDB 10.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/mariadb-10.2.22-r3:10.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15180">CVE-2020-15180</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-08T21:17:21Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-11-11T03:38:51Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-15.xml b/metadata/glsa/glsa-202011-15.xml
new file mode 100644
index 000000000000..91f3acadcd3b
--- /dev/null
+++ b/metadata/glsa/glsa-202011-15.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-15">
+  <title>libmaxminddb: Denial of service</title>
+  <synopsis>A vulnerability in libmaxminddb could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">libmaxminddb</product>
+  <announced>2020-11-14</announced>
+  <revised count="1">2020-11-14</revised>
+  <bug>753275</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/libmaxminddb" auto="yes" arch="*">
+      <unaffected range="ge">1.4.3</unaffected>
+      <vulnerable range="lt">1.4.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The libmaxminddb library provides a C library for reading MaxMind DB
+      files, including the GeoIP2 databases from MaxMind.
+    </p>
+  </background>
+  <description>
+    <p>libmaxminddb used uninitialised memory when reading from a corrupt
+      database file.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to use a specially crafted
+      database with libmaxminddb, possibly resulting in a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libmaxminddb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/libmaxminddb-1.4.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28241">CVE-2020-28241</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-12T15:42:40Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-14T18:14:48Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-16.xml b/metadata/glsa/glsa-202011-16.xml
new file mode 100644
index 000000000000..1ffe1738d62b
--- /dev/null
+++ b/metadata/glsa/glsa-202011-16.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-16">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-11-16</announced>
+  <revised count="1">2020-11-16</revised>
+  <bug>754093</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.198</unaffected>
+      <vulnerable range="lt">86.0.4240.198</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">86.0.4240.198</unaffected>
+      <vulnerable range="lt">86.0.4240.198</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-86.0.4240.198"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-86.0.4240.198"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16013">CVE-2020-16013</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16017">CVE-2020-16017</uri>
+    <uri link="https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html">
+      Google Chrome 86.0.4240.198 release announcement
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-12T12:59:44Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-16T02:34:43Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-17.xml b/metadata/glsa/glsa-202011-17.xml
new file mode 100644
index 000000000000..8de429e1f0a3
--- /dev/null
+++ b/metadata/glsa/glsa-202011-17.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-17">
+  <title>MIT Kerberos 5: Denial of service</title>
+  <synopsis>A vulnerability in MIT Kerberos 5 could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">mit-krb5</product>
+  <announced>2020-11-16</announced>
+  <revised count="1">2020-11-16</revised>
+  <bug>753281</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+      <unaffected range="ge">1.18.2-r2</unaffected>
+      <vulnerable range="lt">1.18.2-r2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The MIT Kerberos 5 implementation provides a command line telnet client
+      which is used for remote login via the telnet protocol.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that MIT Kerberos network authentication system, krb5,
+      did not properly handle ASN.1-encoded Kerberos messages.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send a specially crafted Kerberos message,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All MIT Kerberos 5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/mit-krb5-1.18.2-r2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28196">CVE-2020-28196</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-13T18:08:33Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-16T02:42:29Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-18.xml b/metadata/glsa/glsa-202011-18.xml
new file mode 100644
index 000000000000..5e570091d36a
--- /dev/null
+++ b/metadata/glsa/glsa-202011-18.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-18">
+  <title>Apache Ant: Insecure temporary file</title>
+  <synopsis>Apache Ant uses various insecure temporary files possibly allowing
+    local code execution. 
+  </synopsis>
+  <product type="ebuild">ant</product>
+  <announced>2020-11-16</announced>
+  <revised count="1">2020-11-16</revised>
+  <bug>745768</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-java/ant" auto="yes" arch="*">
+      <unaffected range="ge">1.10.9</unaffected>
+      <vulnerable range="lt">1.10.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ant is a Java-based build tool similar to ‘make’ that uses XML
+      configuration files.
+    </p>
+  </background>
+  <description>
+    <p>A previous fix for a security vulnerability involving insecure temporary
+      files has been found to be incomplete.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attacks to overwrite arbitrary
+      files with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Ant users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/ant-1.10.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11979">CVE-2020-11979</uri>
+    <uri link="https://security.gentoo.org/glsa/202007-34">GLSA-202007-34</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-10-15T12:30:53Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-16T02:44:41Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202011-19.xml b/metadata/glsa/glsa-202011-19.xml
new file mode 100644
index 000000000000..3f0a5cc981f9
--- /dev/null
+++ b/metadata/glsa/glsa-202011-19.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202011-19">
+  <title>libexif: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libexif, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">libexif</product>
+  <announced>2020-11-16</announced>
+  <revised count="1">2020-11-16</revised>
+  <bug>754681</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libexif" auto="yes" arch="*">
+      <unaffected range="ge">0.6.22_p20201105</unaffected>
+      <vulnerable range="lt">0.6.22_p20201105</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libexif is a library for parsing, editing and saving Exif metadata from
+      images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libexif. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libexif users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=media-libs/libexif-0.6.22_p20201105"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0181">CVE-2020-0181</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0198">CVE-2020-0198</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-0452">CVE-2020-0452</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-11-16T19:18:32Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-11-16T20:51:51Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 251b1b6a1d70..43b544e08290 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Thu, 01 Oct 2020 21:38:30 +0000
+Wed, 25 Nov 2020 22:08:33 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 25e643fc27d2..972525befa14 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-785de3f76c77159a620986af784b88d221fb335c 1601425319 2020-09-30T00:21:59+00:00
+41b92ddadb281165194d571c52b3240cf7b140e5 1605559931 2020-11-16T20:52:11+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2020-11-25 22:39:15 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2020-11-25 22:39:15 +0000
commit	d934827bf44b7cfcf6711964418148fa60877668 (patch)
tree	0625f358789b5e015e49db139cc1dbc9be00428f /metadata/glsa
parent	2e34d110f164bf74d55fced27fe0000201b3eec5 (diff)