summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin544687 -> 546124 bytes
-rw-r--r--metadata/glsa/glsa-202305-29.xml44
-rw-r--r--metadata/glsa/glsa-202305-30.xml73
-rw-r--r--metadata/glsa/glsa-202305-31.xml53
-rw-r--r--metadata/glsa/glsa-202305-32.xml80
-rw-r--r--metadata/glsa/glsa-202305-33.xml85
-rw-r--r--metadata/glsa/glsa-202305-34.xml85
-rw-r--r--metadata/glsa/glsa-202305-35.xml115
-rw-r--r--metadata/glsa/glsa-202305-36.xml88
-rw-r--r--metadata/glsa/glsa-202305-37.xml48
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
13 files changed, 688 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 836f6cd6ea99..d365191b2b99 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 544687 BLAKE2B f185c90f005db85bd4e0d1708998052d0d2289a9f94bfd93a7ffb51913b1e481a56e5ca19941ab2f92db9291e0e1c9e1da0d44394dec36f2b34c271c64831787 SHA512 46dc19fdb07a3192911d391fee8bca4fcd72d974b1d9edc45c622f777c5c3339e8c736786975ed154ae6b89e2520ac117c014bcb76cc8f2efcf40aad5bfd71e4
-TIMESTAMP 2023-05-30T01:40:39Z
+MANIFEST Manifest.files.gz 546124 BLAKE2B 03eedd2cb5221fcee8277950d4f0eaa63c4d89fcff016ce8237c33b86bf66d041421b4e3f1a61bf4adc37506d7e39938fe03c96872837bf059265711ec94186b SHA512 976cf7b2e2c60b59da2ac608b5352a8e04d8b7f36613abe781d8b94ac705640f28c73207f611bff76acea9c931e7346fde7aa7b850f0d9e03738d3eaa8c5ff00
+TIMESTAMP 2023-05-30T07:40:06Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmR1VBdfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmR1qFZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDiYRAAknmNDFfTUJuGUXdXgu+XJMEuov5Cx5/y1k05aarYVJgQ32T+HX9Y34H5
-Uwc4/AVEXhOjfRXuUFT36xpDlXoWOgcPYw3YWlHajIP94A4T8nblQXLFjc5OeGGV
-R7KTvrqPjokZX3m+ooURqZno91H1a0qvq3nJDrQGqu8osajk3KrFGzs/oSGCoLBJ
-vcg688SMXko9z8ujYPMjolzfzqIGjuCyPVltJOuRT8wTIgrWpxvh5Ye4VwTFoV/t
-75ah/Wv3yT4LFTswFzWIE2E0TRq7QQ11aQpLAQ24hc4nUfYDO7vEZvyKNnJua6sM
-Ea807P8R7YGMapKzdGS5Nq4nz6Ifh8+fJTaE0MAtQ7aF6QWIrbXmWk+EbSktVEOl
-aGcIp2bmq0mIAWqrtySKMrXk2cjAQ+euinF/8RsukxTZa9DmmENcoB6tYdJXck2L
-TaeZgHSjDcZk/QbTOg31A2kODRhUpet7rIEW0EjplDQsOKpB9lddBOdPU2JPvdPI
-rrBb0AX8enZj4Bu99VGx3D/NKQiW5G4KmKVXqMQBz85mpdkqL3VlDpXNqIssDqXy
-rGpelEObGr8txR9YfEd6ACAItiU8cMsqclYYC7YwW3OUc9W+1uyYfAH9iX49xNE1
-5aRKEsKhc/1NV4lGVNVtYevN+++RUa/DQMR0cUcMLjsv+ZScUzU=
-=Ap7b
+klBPxw//XylJGfUi5PU7Kk86PAwfSOAMdJdm7CePUTrGEon5omjz3cvT2V1KPeNa
+odEsYxRXD1BudmGfHYB5rYPQounN2nQaLruQSGYAd/Qqj8F0W1NySF8T87ET5IdV
+CJ46QBJan+ykdioOveQY19YmqKIiOtdaGEZCldHBktyznkqXIPgmy4ySDs3r+EcC
+DTWReA8uCSfZtfOuf0hIx1f6rGQt4/dA/SBtrsgh96GYuSEMjsnlb15Ohr7man72
+Cgpr5fVd/gVBg2fzUbROlD8iWjiutzfz91Abx8eh6mE4uPKjDwxa6EtFeZCAAe3K
+/BZljGMwkDeoBeOa90NQc/shSDarAnkXWKl1C1DuWd0uwff2ZvHMYPJPlgY3lfmZ
+DkLuCHtDyMSFJxP5ovnLgUTeHuMwV5aFc/81rv0Q05ZkS1bFMbwcIUuOsdcmdmXJ
+aPvC+mSWs3TeQkA828brRSdV3j1rG7JNN0S4kngQbbYs3OD0BfzG3/f/+2ONCuk4
+9J1FKj22qhNsajwrOJw5XxfbQksfrhZGbIB3LrYNR6zrus1oFJmdQqBhgsvOd6lg
+j1zijx30AM/aFJ2O2NK7xQlUTDhpcL2UJLhMWkpGOb12dTbcMZrzMml7tkLRblOf
+sRxD+inovK0pCvKfS3h8Ol1jISHy6DJW7eAWURjazsanjs60gAk=
+=5cra
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 036873cf9df9..9a5625ef76fc 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202305-29.xml b/metadata/glsa/glsa-202305-29.xml
new file mode 100644
index 000000000000..7e7de5c3348c
--- /dev/null
+++ b/metadata/glsa/glsa-202305-29.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-29">
+ <title>squashfs-tools: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in squashfs-tools, the worst of which can result in an arbitrary file write.</synopsis>
+ <product type="ebuild">squashfs-tools</product>
+ <announced>2023-05-30</announced>
+ <revised count="1">2023-05-30</revised>
+ <bug>810706</bug>
+ <bug>813654</bug>
+ <access>remote</access>
+ <affected>
+ <package name="sys-fs/squashfs-tools" auto="yes" arch="*">
+ <unaffected range="ge">4.5_p20210914</unaffected>
+ <vulnerable range="lt">4.5_p20210914</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in squashfs-tools. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All squashfs-tools users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-fs/squashfs-tools-4.5_p20210914"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40153">CVE-2021-40153</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41072">CVE-2021-41072</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-30T02:54:28.530142Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-30T02:54:28.552180Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-30.xml b/metadata/glsa/glsa-202305-30.xml
new file mode 100644
index 000000000000..502bd0aefbd9
--- /dev/null
+++ b/metadata/glsa/glsa-202305-30.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-30">
+ <title>X.Org X server, XWayland: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution.</synopsis>
+ <product type="ebuild">xorg-server,xwayland</product>
+ <announced>2023-05-30</announced>
+ <revised count="1">2023-05-30</revised>
+ <bug>829208</bug>
+ <bug>877459</bug>
+ <bug>885825</bug>
+ <bug>893438</bug>
+ <bug>903547</bug>
+ <access>remote</access>
+ <affected>
+ <package name="x11-base/xorg-server" auto="yes" arch="*">
+ <unaffected range="ge">21.1.8</unaffected>
+ <vulnerable range="lt">21.1.8</vulnerable>
+ </package>
+ <package name="x11-base/xwayland" auto="yes" arch="*">
+ <unaffected range="ge">23.1.1</unaffected>
+ <vulnerable range="lt">23.1.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The X Window System is a graphical windowing system based on a client/server model.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in X.Org X server, XWayland. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All X.Org X server users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.8"
+ </code>
+
+ <p>All XWayland users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xwayland-23.1.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4008">CVE-2021-4008</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4009">CVE-2021-4009</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4010">CVE-2021-4010</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4011">CVE-2021-4011</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3550">CVE-2022-3550</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3551">CVE-2022-3551</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3553">CVE-2022-3553</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4283">CVE-2022-4283</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46283">CVE-2022-46283</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46340">CVE-2022-46340</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46341">CVE-2022-46341</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46342">CVE-2022-46342</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46343">CVE-2022-46343</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46344">CVE-2022-46344</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0494">CVE-2023-0494</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1393">CVE-2023-1393</uri>
+ <uri>ZDI-CAN-19596</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-30T02:54:51.090310Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-30T02:54:51.098055Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-31.xml b/metadata/glsa/glsa-202305-31.xml
new file mode 100644
index 000000000000..6a035f95e151
--- /dev/null
+++ b/metadata/glsa/glsa-202305-31.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-31">
+ <title>LibTIFF: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">tiff</product>
+ <announced>2023-05-30</announced>
+ <revised count="1">2023-05-30</revised>
+ <bug>891839</bug>
+ <bug>895900</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/tiff" auto="yes" arch="*">
+ <unaffected range="ge">4.5.0-r2</unaffected>
+ <vulnerable range="lt">4.5.0-r2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>LibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All LibTIFF users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.5.0-r2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48281">CVE-2022-48281</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0795">CVE-2023-0795</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0796">CVE-2023-0796</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0797">CVE-2023-0797</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0798">CVE-2023-0798</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0799">CVE-2023-0799</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0800">CVE-2023-0800</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0801">CVE-2023-0801</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0802">CVE-2023-0802</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0803">CVE-2023-0803</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0804">CVE-2023-0804</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-30T03:01:32.709725Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-30T03:01:32.715272Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-32.xml b/metadata/glsa/glsa-202305-32.xml
new file mode 100644
index 000000000000..c5c8459f06f7
--- /dev/null
+++ b/metadata/glsa/glsa-202305-32.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-32">
+ <title>WebKitGTK+: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">webkit-gtk</product>
+ <announced>2023-05-30</announced>
+ <revised count="1">2023-05-30</revised>
+ <bug>871732</bug>
+ <bug>879571</bug>
+ <bug>888563</bug>
+ <bug>905346</bug>
+ <bug>905349</bug>
+ <bug>905351</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+ <unaffected range="ge">2.40.1</unaffected>
+ <vulnerable range="lt">2.40.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.40.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32885">CVE-2022-32885</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32886">CVE-2022-32886</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32888">CVE-2022-32888</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32891">CVE-2022-32891</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32923">CVE-2022-32923</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42799">CVE-2022-42799</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42823">CVE-2022-42823</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42824">CVE-2022-42824</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42826">CVE-2022-42826</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42852">CVE-2022-42852</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42856">CVE-2022-42856</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42863">CVE-2022-42863</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42867">CVE-2022-42867</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46691">CVE-2022-46691</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46692">CVE-2022-46692</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46698">CVE-2022-46698</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46699">CVE-2022-46699</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46700">CVE-2022-46700</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23517">CVE-2023-23517</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23518">CVE-2023-23518</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23529">CVE-2023-23529</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25358">CVE-2023-25358</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25360">CVE-2023-25360</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25361">CVE-2023-25361</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25362">CVE-2023-25362</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25363">CVE-2023-25363</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-27932">CVE-2023-27932</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-27954">CVE-2023-27954</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28205">CVE-2023-28205</uri>
+ <uri link="https://webkitgtk.org/security/WSA-2022-0009.html">WSA-2022-0009</uri>
+ <uri link="https://webkitgtk.org/security/WSA-2022-0010.html">WSA-2022-0010</uri>
+ <uri link="https://webkitgtk.org/security/WSA-2023-0001.html">WSA-2023-0001</uri>
+ <uri link="https://webkitgtk.org/security/WSA-2023-0002.html">WSA-2023-0002</uri>
+ <uri link="https://webkitgtk.org/security/WSA-2023-0003.html">WSA-2023-0003</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-30T03:01:57.042063Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-30T03:01:57.045898Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-33.xml b/metadata/glsa/glsa-202305-33.xml
new file mode 100644
index 000000000000..a4f315de2700
--- /dev/null
+++ b/metadata/glsa/glsa-202305-33.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-33">
+ <title>OpenImageIO: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in OpenImageIO, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">openimageio</product>
+ <announced>2023-05-30</announced>
+ <revised count="1">2023-05-30</revised>
+ <bug>879255</bug>
+ <bug>884085</bug>
+ <bug>888045</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/openimageio" auto="yes" arch="*">
+ <unaffected range="ge">2.4.6.0</unaffected>
+ <vulnerable range="lt">2.4.6.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OpenImageIO is a library for reading and writing images.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OpenImageIO users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/openimageio-2.4.6.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4198">CVE-2022-4198</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36354">CVE-2022-36354</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38143">CVE-2022-38143</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41639">CVE-2022-41639</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41649">CVE-2022-41649</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41684">CVE-2022-41684</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41794">CVE-2022-41794</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41837">CVE-2022-41837</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41838">CVE-2022-41838</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41977">CVE-2022-41977</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41981">CVE-2022-41981</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41988">CVE-2022-41988</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41999">CVE-2022-41999</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43592">CVE-2022-43592</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43593">CVE-2022-43593</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43594">CVE-2022-43594</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43595">CVE-2022-43595</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43596">CVE-2022-43596</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43597">CVE-2022-43597</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43598">CVE-2022-43598</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43599">CVE-2022-43599</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43600">CVE-2022-43600</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43601">CVE-2022-43601</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43602">CVE-2022-43602</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43603">CVE-2022-43603</uri>
+ <uri>TALOS-2022-1626</uri>
+ <uri>TALOS-2022-1627</uri>
+ <uri>TALOS-2022-1628</uri>
+ <uri>TALOS-2022-1629</uri>
+ <uri>TALOS-2022-1630</uri>
+ <uri>TALOS-2022-1632</uri>
+ <uri>TALOS-2022-1633</uri>
+ <uri>TALOS-2022-1634</uri>
+ <uri>TALOS-2022-1635</uri>
+ <uri>TALOS-2022-1643</uri>
+ <uri>TALOS-2022-1651</uri>
+ <uri>TALOS-2022-1652</uri>
+ <uri>TALOS-2022-1653</uri>
+ <uri>TALOS-2022-1654</uri>
+ <uri>TALOS-2022-1655</uri>
+ <uri>TALOS-2022-1656</uri>
+ <uri>TALOS-2022-1657</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-30T03:02:13.174119Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-30T03:02:13.176617Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-34.xml b/metadata/glsa/glsa-202305-34.xml
new file mode 100644
index 000000000000..602cbbcbd79f
--- /dev/null
+++ b/metadata/glsa/glsa-202305-34.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-34">
+ <title>CGAL: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in CGAL, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">cgal</product>
+ <announced>2023-05-30</announced>
+ <revised count="1">2023-05-30</revised>
+ <bug>774261</bug>
+ <access>remote</access>
+ <affected>
+ <package name="sci-mathematics/cgal" auto="yes" arch="*">
+ <unaffected range="ge">5.4.1</unaffected>
+ <vulnerable range="lt">5.4.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>CGAL is a C++ library for geometric algorithms and data structures.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in CGAL. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All CGAL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sci-mathematics/cgal-5.4.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28601">CVE-2020-28601</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28602">CVE-2020-28602</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28603">CVE-2020-28603</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28604">CVE-2020-28604</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28605">CVE-2020-28605</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28606">CVE-2020-28606</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28607">CVE-2020-28607</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28608">CVE-2020-28608</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28610">CVE-2020-28610</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28611">CVE-2020-28611</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28612">CVE-2020-28612</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28613">CVE-2020-28613</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28614">CVE-2020-28614</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28615">CVE-2020-28615</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28616">CVE-2020-28616</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28617">CVE-2020-28617</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28618">CVE-2020-28618</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28619">CVE-2020-28619</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28620">CVE-2020-28620</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28621">CVE-2020-28621</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28622">CVE-2020-28622</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28623">CVE-2020-28623</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28624">CVE-2020-28624</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28625">CVE-2020-28625</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28626">CVE-2020-28626</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28627">CVE-2020-28627</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28628">CVE-2020-28628</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28629">CVE-2020-28629</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28630">CVE-2020-28630</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28631">CVE-2020-28631</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28632">CVE-2020-28632</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28633">CVE-2020-28633</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28634">CVE-2020-28634</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28635">CVE-2020-28635</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28636">CVE-2020-28636</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35628">CVE-2020-35628</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35629">CVE-2020-35629</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35630">CVE-2020-35630</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35631">CVE-2020-35631</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35632">CVE-2020-35632</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35633">CVE-2020-35633</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35634">CVE-2020-35634</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35635">CVE-2020-35635</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35636">CVE-2020-35636</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-30T03:02:29.788917Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-30T03:02:29.791841Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-35.xml b/metadata/glsa/glsa-202305-35.xml
new file mode 100644
index 000000000000..46e5337b62b3
--- /dev/null
+++ b/metadata/glsa/glsa-202305-35.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-35">
+ <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">firefox,firefox-bin</product>
+ <announced>2023-05-30</announced>
+ <revised count="1">2023-05-30</revised>
+ <bug>895962</bug>
+ <bug>903618</bug>
+ <bug>905889</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge" slot="esr">102.10.0</unaffected>
+ <unaffected range="ge" slot="rapid">112.0</unaffected>
+ <vulnerable range="lt" slot="esr">102.10.0</vulnerable>
+ <vulnerable range="lt" slot="rapid">112.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="esr">102.10.0</unaffected>
+ <unaffected range="ge" slot="rapid">112.0</unaffected>
+ <vulnerable range="lt" slot="esr">102.10.0</vulnerable>
+ <vulnerable range="lt" slot="rapid">112.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.10.0:esr"
+ </code>
+
+ <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-102.10.0:esr"
+ </code>
+
+ <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-112.0:rapid"
+ </code>
+
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-112.0:rapid"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0767">CVE-2023-0767</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1945">CVE-2023-1945</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1999">CVE-2023-1999</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25728">CVE-2023-25728</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25729">CVE-2023-25729</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25730">CVE-2023-25730</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25731">CVE-2023-25731</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25732">CVE-2023-25732</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25734">CVE-2023-25734</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25735">CVE-2023-25735</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25737">CVE-2023-25737</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25738">CVE-2023-25738</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25739">CVE-2023-25739</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25742">CVE-2023-25742</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25746">CVE-2023-25746</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25748">CVE-2023-25748</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25749">CVE-2023-25749</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25750">CVE-2023-25750</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25751">CVE-2023-25751</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25752">CVE-2023-25752</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28159">CVE-2023-28159</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28160">CVE-2023-28160</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28161">CVE-2023-28161</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28162">CVE-2023-28162</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28163">CVE-2023-28163</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28164">CVE-2023-28164</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28176">CVE-2023-28176</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28177">CVE-2023-28177</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29533">CVE-2023-29533</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29535">CVE-2023-29535</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29536">CVE-2023-29536</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29537">CVE-2023-29537</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29538">CVE-2023-29538</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29539">CVE-2023-29539</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29540">CVE-2023-29540</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29541">CVE-2023-29541</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29543">CVE-2023-29543</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29544">CVE-2023-29544</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29547">CVE-2023-29547</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29548">CVE-2023-29548</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29549">CVE-2023-29549</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29550">CVE-2023-29550</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29551">CVE-2023-29551</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-30T03:02:42.943248Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-30T03:02:42.946108Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-36.xml b/metadata/glsa/glsa-202305-36.xml
new file mode 100644
index 000000000000..efba568c154a
--- /dev/null
+++ b/metadata/glsa/glsa-202305-36.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-36">
+ <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">thunderbird,thunderbird-bin</product>
+ <announced>2023-05-30</announced>
+ <revised count="1">2023-05-30</revised>
+ <bug>895960</bug>
+ <bug>903619</bug>
+ <bug>905890</bug>
+ <access>remote</access>
+ <affected>
+ <package name="mail-client/thunderbird" auto="yes" arch="*">
+ <unaffected range="ge">102.10.0</unaffected>
+ <vulnerable range="lt">102.10.0</vulnerable>
+ </package>
+ <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+ <unaffected range="ge">102.10.0</unaffected>
+ <vulnerable range="lt">102.10.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.10.0"
+ </code>
+
+ <p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.10.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0616">CVE-2023-0616</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0767">CVE-2023-0767</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1945">CVE-2023-1945</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1999">CVE-2023-1999</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25728">CVE-2023-25728</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25729">CVE-2023-25729</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25730">CVE-2023-25730</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25732">CVE-2023-25732</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25734">CVE-2023-25734</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25735">CVE-2023-25735</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25737">CVE-2023-25737</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25738">CVE-2023-25738</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25739">CVE-2023-25739</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25740">CVE-2023-25740</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25741">CVE-2023-25741</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25742">CVE-2023-25742</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25743">CVE-2023-25743</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25744">CVE-2023-25744</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25745">CVE-2023-25745</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25746">CVE-2023-25746</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25751">CVE-2023-25751</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25752">CVE-2023-25752</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28162">CVE-2023-28162</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28163">CVE-2023-28163</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28164">CVE-2023-28164</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28176">CVE-2023-28176</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28427">CVE-2023-28427</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29533">CVE-2023-29533</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29535">CVE-2023-29535</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29536">CVE-2023-29536</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29539">CVE-2023-29539</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29541">CVE-2023-29541</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29548">CVE-2023-29548</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-29550">CVE-2023-29550</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-30T03:02:57.393863Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-30T03:02:57.397152Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-37.xml b/metadata/glsa/glsa-202305-37.xml
new file mode 100644
index 000000000000..2382658ef7eb
--- /dev/null
+++ b/metadata/glsa/glsa-202305-37.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-37">
+ <title>Apache Tomcat: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">tomcat</product>
+ <announced>2023-05-30</announced>
+ <revised count="1">2023-05-30</revised>
+ <bug>878911</bug>
+ <bug>889596</bug>
+ <bug>896370</bug>
+ <bug>907387</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-servers/tomcat" auto="yes" arch="*">
+ <unaffected range="ge">10.1.8</unaffected>
+ <vulnerable range="lt">10.1.8</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Apache Tomcat users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.1.8"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42252">CVE-2022-42252</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45143">CVE-2022-45143</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-24998">CVE-2023-24998</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28709">CVE-2023-28709</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-30T03:03:08.445610Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-30T03:03:08.449048Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index d1a3241b7044..e40e47dcea3e 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 30 May 2023 01:40:36 +0000
+Tue, 30 May 2023 07:40:03 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 017e9675d21e..d6ce6e44c475 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-a6a400bae6d717caa4806a3987d3810b3c66d0f3 1685319141 2023-05-29T00:12:21+00:00
+a8b85191c046076a4e4d12c8541d49e1473aaa66 1685415904 2023-05-30T03:05:04+00:00