summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin540216 -> 541169 bytes
-rw-r--r--metadata/glsa/glsa-202305-01.xml52
-rw-r--r--metadata/glsa/glsa-202305-02.xml107
-rw-r--r--metadata/glsa/glsa-202305-03.xml42
-rw-r--r--metadata/glsa/glsa-202305-04.xml43
-rw-r--r--metadata/glsa/glsa-202305-05.xml42
-rw-r--r--metadata/glsa/glsa-202305-06.xml92
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
10 files changed, 395 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 0b06afb95deb..aef754899f8c 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 540216 BLAKE2B d30aef090eaffb1f3ce91f96dfcc44f7a5d1a954885fba68126dee1aa21a3de740e45dd7106f5d3ba2b51e48eda29870b954e2a90cc8bfa9dc1ac93912daadef SHA512 f9ff42d8d58ea6e6bae5d32f95af7bcddc333ce0478d31cfefb14e85c8d99eaf4d3d9a0802c961e3f7e7d8f3696894cb1d1d0e81db3807d1796858a550f0351f
-TIMESTAMP 2023-05-03T03:40:08Z
+MANIFEST Manifest.files.gz 541169 BLAKE2B 04ddea7633f5279cfe3dc609178287731e78b26b0d04d296fb468f9943b71ce950dfa6d434af7c4eaed9b918e6c40b290caa51ffda6e4d3b91f1a49601405d8e SHA512 2a71312a2085359f0dbd859a945e0f1893e1d3b869018adaeab33289a72db7e82cc588308dfb1286ac4c794d6c6138ed4dedafa4afbabcaf7ef0514cde7b6820
+TIMESTAMP 2023-05-03T09:39:39Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmRR15hfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmRSK9tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD7VBAAhYEXLHfp+lxFqgRYqZCMEzxc6JcWmiePno1hZX9DjGU0c8FRwpMrbiAt
-7bLBcbbeU42o54d3X7g9auREC7MryaVr3XAVd9nnJU2QoAQV9WoemDl7PooYlPLc
-b/s3AVVQPOIiMHpLrKjgdw9Damw50MmA8br5LjE8hTky8HOh5qPpCpTW0qF09x88
-7C1XRreHRUbYLnAa6TEntgOz14jao/9B0nDHvZykYunTmqVQPj2+84VeUDIWkRUT
-4jxodMcRLkguXc0gHS2QvT7xNxNgCP+4W6oAg9uSaAhYzshGGj4IMWW0NgiPJOZU
-agcW5ZcL2bb9ETyQtnLW/TJcI7tQ8LXHg6MLVPW+r9spZHo0gCRPY/wT0poEcgRP
-+GE8rjUipF4TKLRhcCmGkGqPzeEsgcFSq1ZD3/Pu18VE5XLVc8jN/bmHSM7OuQRQ
-aM7xAaQKkEXkI0R2FpjEn2iKUsNx1T8RS5cxwGsYjAdCcY0vjULM0R1buXvTtWTp
-rDuaDlLff7SjI9qAFRSs2s61u1702a3TUfWTTFVVZ9s5Lx+s6TQPtDTKCMAJ5304
-sqIEVRMrPPtnj8BPp63RzxfGHMpVh15LI/rvIL9Y8DsCmD1laUi8dEqcgJAM4lBx
-QP6f8HMsGxamxdc1ix022hUlJplmrrGWzK7bQC4UMp4XswvoVAw=
-=UCZ2
+klDt8A/+OvEa+RWrPtwlLfqN+n11+CmTL/l9qnP1MzWpH8AsNpj2tKenTczWeILR
+rPGvdZrH/izJpm/AQOkKw1FQPjKwHQSmicwg452z48nzFIDm/TrEFr1h5U7h7Jdd
+e9iSVXF9H55G9L67MKp7JgfuUuBvRTbuN+bfCT0nIm2UxiS/iG6B8J9HNR3bW2sZ
+fOoc0sfRXS5zyxlnopEzvDyYEG27uZw61P53SdkH4IUPydcVP1SyF0mOWAxep9MY
+27Wrp5uLP3mOam8hz6niiwYGJSiyR0ihjHLgbt3d0lBeVF5Tn/EGtQzg++J3lZnd
+TGy+30YqKYZtagP3SPL6DB/v3As4M3iESBt7GpG6q1kyH5Q8I023EWnirkNNm5aS
+C2EEi2/T66QuylK8+Ga73VcVi+JzK3yF05oi2bwZOFScO8q0bxW0my9YTgof5zkM
+Y7XX8GT8N+sa/TdSiIPI8O9nu/aG35zYYzKAPzeiG+lXljAPrrIJAaOU9hH6AvOW
+mEyDuMfDAm78Q0J3Wmf6CwhE6mhMEh6yt+KqCH21jtW6VXMpKluFzJmeBb/kCHNt
+FfJXKFLJV7+nghbjApf8QUxDeDXNu1suJmJvOhsCJK9xmzwq26fk2A9jf/kY53mn
+ua55TdDfvh3NMRgoum8U/Yj0w3Vg2Jw9KJqqtim9IDYvM0AUqXQ=
+=2BJl
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index a630e1c41ed4..1c03b8466681 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202305-01.xml b/metadata/glsa/glsa-202305-01.xml
new file mode 100644
index 000000000000..073b217db7a0
--- /dev/null
+++ b/metadata/glsa/glsa-202305-01.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-01">
+ <title>AtomicParsley: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">atomicparsley,atomicparsley-wez</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>806845</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-video/atomicparsley" auto="yes" arch="*">
+ <unaffected range="ge">0.9.6_p20210715_p151551</unaffected>
+ <vulnerable range="lt">0.9.6_p20210715_p151551</vulnerable>
+ </package>
+ <package name="media-video/atomicparsley-wez" auto="yes" arch="*">
+ <vulnerable range="None">None</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>AtomicParsley is a command line program for manipulating iTunes-style metadata in MPEG4 files.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in AtomicParsley. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>Users can pass only trusted input to AtomicParsley.</p>
+ </workaround>
+ <resolution>
+ <p>Previously, the "wez" AtomicParsley fork was packaged in Gentoo as media-video/atomicparsley-wez. This fork is now packaged as media-video/atomicparsley, so users of the fork's package should now depclean it:</p>
+
+ <code>
+ # emerge --ask --depclean "media-video/atomicparsley-wez"
+ </code>
+
+ <p>All AtomicParsley users should upgrade to the latest version, which is a packaging of the "wez" AtomicParsley fork:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/atomicparsley-0.9.6_p20210715_p151551"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37231">CVE-2021-37231</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37232">CVE-2021-37232</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:11:30.867104Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:11:30.873823Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-02.xml b/metadata/glsa/glsa-202305-02.xml
new file mode 100644
index 000000000000..8683f8757bde
--- /dev/null
+++ b/metadata/glsa/glsa-202305-02.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-02">
+ <title>Python, PyPy3: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">pypy3,python</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>880629</bug>
+ <bug>878385</bug>
+ <bug>877851</bug>
+ <bug>876815</bug>
+ <bug>864747</bug>
+ <bug>838250</bug>
+ <bug>835443</bug>
+ <bug>834533</bug>
+ <bug>787260</bug>
+ <bug>811165</bug>
+ <bug>793833</bug>
+ <access>local and remote</access>
+ <affected>
+ <package name="dev-lang/python" auto="yes" arch="*">
+ <unaffected range="ge" slot="3.8">3.8.15_p3</unaffected>
+ <unaffected range="ge" slot="3.9">3.9.15_p3</unaffected>
+ <unaffected range="ge" slot="3.10">3.10.8_p3</unaffected>
+ <unaffected range="ge" slot="3.11">3.11.0_p2</unaffected>
+ <unaffected range="ge" slot="12">3.12.0_alpha1_p2</unaffected>
+ <vulnerable range="lt" slot="3.8">3.8.15_p3</vulnerable>
+ <vulnerable range="lt" slot="3.9">3.9.15_p3</vulnerable>
+ <vulnerable range="lt" slot="3.10">3.10.8_p3</vulnerable>
+ <vulnerable range="lt" slot="3.11">3.11.0_p2</vulnerable>
+ <vulnerable range="lt" slot="12">3.12.0_alpha1_p2</vulnerable>
+ </package>
+ <package name="dev-python/pypy3" auto="yes" arch="*">
+ <unaffected range="ge">7.3.9_p9</unaffected>
+ <vulnerable range="lt">7.3.9_p9</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Python is an interpreted, interactive, object-oriented, cross-platform programming language.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Python and PyPy3. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Python 3.8 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.15_p3:3.8"
+ </code>
+
+ <p>All Python 3.9 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.15_p3:3.9"
+ </code>
+
+ <p>All Python 3.10 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.8_p3:3.10"
+ </code>
+
+ <p>All Python 3.11 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.0_p2:3.11"
+ </code>
+
+ <p>All Python 3.12 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.0_alpha1_p2"
+ </code>
+
+ <p>All PyPy3 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pypy3-7.3.9_p9"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2015-20107">CVE-2015-20107</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3654">CVE-2021-3654</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28363">CVE-2021-28363</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28861">CVE-2021-28861</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29921">CVE-2021-29921</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0391">CVE-2022-0391</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37454">CVE-2022-37454</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42919">CVE-2022-42919</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45061">CVE-2022-45061</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:12:43.325618Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:12:43.330732Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-03.xml b/metadata/glsa/glsa-202305-03.xml
new file mode 100644
index 000000000000..256ecb1d9a25
--- /dev/null
+++ b/metadata/glsa/glsa-202305-03.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-03">
+ <title>ProFTPd: Memory Disclosure</title>
+ <synopsis>A vulnerability has been discovered in ProFTPd which could result in memory disclosure.</synopsis>
+ <product type="ebuild">proftpd</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>811495</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-ftp/proftpd" auto="yes" arch="*">
+ <unaffected range="ge">1.3.7c</unaffected>
+ <vulnerable range="lt">1.3.7c</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>ProFTPD is an advanced and very configurable FTP server.</p>
+ </background>
+ <description>
+ <p>ProFTPd unconditionally sends passwords to Radius servers for authentication in multiples of 16 bytes. If a password is not of a length that is a multiple of 16 bytes, ProFTPd will read beyond the end of the password string and send bytes beyond the end of the string buffer.</p>
+ </description>
+ <impact type="low">
+ <p>Radius servers used for authentication can receive the contents of the ProFTPd process&#39; memory.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All ProFTPd users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-ftp/proftpd-1.3.7c"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-46854">CVE-2021-46854</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:13:03.619655Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:13:03.623017Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-04.xml b/metadata/glsa/glsa-202305-04.xml
new file mode 100644
index 000000000000..b5937284e354
--- /dev/null
+++ b/metadata/glsa/glsa-202305-04.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-04">
+ <title>dbus-broker: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in dbus-broker, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">dbus-broker</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>851696</bug>
+ <access>remote</access>
+ <affected>
+ <package name="sys-apps/dbus-broker" auto="yes" arch="*">
+ <unaffected range="ge">31</unaffected>
+ <vulnerable range="lt">31</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>dbus-broker is a Linux D-Bus message broker.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in dbus-broker. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All dbus-broker users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-broker-31"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31212">CVE-2022-31212</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31213">CVE-2022-31213</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:13:30.551831Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:13:30.556193Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-05.xml b/metadata/glsa/glsa-202305-05.xml
new file mode 100644
index 000000000000..d03be8aaa8e8
--- /dev/null
+++ b/metadata/glsa/glsa-202305-05.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-05">
+ <title>xfce4-settings: Browser Argument Injection</title>
+ <synopsis>A vulnerability has been discovered in xfce4-settings which could result in universal cross site scripting (&#34;uXSS&#34;).</synopsis>
+ <product type="ebuild">xfce4-settings</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>880257</bug>
+ <access>remote</access>
+ <affected>
+ <package name="xfce-base/xfce4-settings" auto="yes" arch="*">
+ <unaffected range="ge">4.17.1</unaffected>
+ <vulnerable range="lt">4.17.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>xfce4-settings contains the configuration system for the Xfce desktop environment.</p>
+ </background>
+ <description>
+ <p>xfce4-settings does not sufficiently sanitize URLs opened via xdg4-mime-helper-tool (which is called when a user clicks a link in e.g. Firefox).</p>
+ </description>
+ <impact type="normal">
+ <p>The vulnerability can be leveraged into 1-click universal cross site scripting in some browsers, or potentially other unspecified impact.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All xfce4-settings users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=xfce-base/xfce4-settings-4.17.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45062">CVE-2022-45062</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:14:46.477138Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:14:46.480051Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-06.xml b/metadata/glsa/glsa-202305-06.xml
new file mode 100644
index 000000000000..1f1a927ee3fb
--- /dev/null
+++ b/metadata/glsa/glsa-202305-06.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-06">
+ <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">firefox,firefox-bin</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>885813</bug>
+ <bug>891213</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge" slot="esr">102.7.0</unaffected>
+ <unaffected range="ge" slot="rapid">109.0</unaffected>
+ <vulnerable range="lt" slot="esr">102.7.0</vulnerable>
+ <vulnerable range="lt" slot="rapid">109.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="esr">102.7.0</unaffected>
+ <unaffected range="ge" slot="rapid">109.0</unaffected>
+ <vulnerable range="lt" slot="esr">102.7.0</vulnerable>
+ <vulnerable range="lt" slot="rapid">109.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.7.0:esr"
+ </code>
+
+ <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-102.7.0:esr"
+ </code>
+
+ <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-109.0:rapid"
+ </code>
+
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-109.0:rapid"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46871">CVE-2022-46871</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46872">CVE-2022-46872</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46873">CVE-2022-46873</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46874">CVE-2022-46874</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46875">CVE-2022-46875</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46877">CVE-2022-46877</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46878">CVE-2022-46878</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46879">CVE-2022-46879</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46880">CVE-2022-46880</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46881">CVE-2022-46881</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46882">CVE-2022-46882</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23597">CVE-2023-23597</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23598">CVE-2023-23598</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23599">CVE-2023-23599</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23600">CVE-2023-23600</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23601">CVE-2023-23601</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23602">CVE-2023-23602</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23603">CVE-2023-23603</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23604">CVE-2023-23604</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23605">CVE-2023-23605</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23606">CVE-2023-23606</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:15:03.866930Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:15:03.869869Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index a610c67c2845..d82f0bf9f814 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 03 May 2023 03:40:05 +0000
+Wed, 03 May 2023 09:39:36 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index e80ce1ae2cf5..27fdda67f379 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-da9b5483883fcc611753d44d34c0ede9188ce21c 1673414531 2023-01-11T05:22:11+00:00
+5f136da08cc28aa97d67b66cdaeb4c59046fd70d 1683106306 2023-05-03T09:31:46+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-09 05:18:40 +0000