summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin509689 -> 512077 bytes
-rw-r--r--metadata/glsa/glsa-202107-05.xml58
-rw-r--r--metadata/glsa/glsa-202107-06.xml119
-rw-r--r--metadata/glsa/glsa-202107-07.xml54
-rw-r--r--metadata/glsa/glsa-202107-08.xml48
-rw-r--r--metadata/glsa/glsa-202107-09.xml80
-rw-r--r--metadata/glsa/glsa-202107-10.xml51
-rw-r--r--metadata/glsa/glsa-202107-11.xml47
-rw-r--r--metadata/glsa/glsa-202107-12.xml51
-rw-r--r--metadata/glsa/glsa-202107-13.xml52
-rw-r--r--metadata/glsa/glsa-202107-14.xml51
-rw-r--r--metadata/glsa/glsa-202107-15.xml50
-rw-r--r--metadata/glsa/glsa-202107-16.xml65
-rw-r--r--metadata/glsa/glsa-202107-17.xml48
-rw-r--r--metadata/glsa/glsa-202107-18.xml53
-rw-r--r--metadata/glsa/glsa-202107-19.xml48
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
19 files changed, 892 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 7ed09b67e1cd..7f2cd84f9c73 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 509689 BLAKE2B 008f2727db3daaad82d33cf5bd9a0f31dfe5f022adbb31b1f1fb412a0b82ff9436ee7889f7c470eb35b1631c3d998e632afcda789463ed2e8d9369bfa67f44de SHA512 7b3c6332ef44039841113d497a4cacf9d24a61b0ec7037af206ebc290571ee789c5cbc956bb71b0437250e5d305759a3f91ed4d82c58a810e1f909f68efb5647
-TIMESTAMP 2021-07-03T21:09:08Z
+MANIFEST Manifest.files.gz 512077 BLAKE2B b3a851fed4ec119529da478b2c6ab640c467b59cd6ed71ff2f31dfb0a9c99957f51e497a53950da01067cd032428548811b642889d9279a9955dbf64efffd2ce SHA512 7112ff989d4e2884b7e474492ed51f97f63f207d184a4ebe02216b0e52b94bf603a95397cb7a6644dd2c462634f0537399957d0d097ff499b816c78955fc2f22
+TIMESTAMP 2021-07-08T13:39:14Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmDg0fRfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmDnAAJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klC53xAAknouPnB60yx83ThXuzlN+9Vj4dgYO7RJTX4ZcNX2MTfUqUJOt+BlP14L
-eu3HSQe5QxbZY/yqoVfwnHYfiMmgqiO35FufpuboXQLpQyO9P3CY5zkHIiZk2Mlb
-L+zGB/wgFouq/nz4v/Q+FmMxdYrfM94sIDC3VeQkgp0ZBKd5tMKq2Op2ZSSP59z/
-Xi2sAJXQjhCkEgPn+bFqX4BqE25QyGUG4f/90FFP4gbidRp7sKtRi3Tpgn9soh/e
-UtcuUHgN3UMJlhU8p/LZZU0FUR16Ca42L6KliUbyUkt235ONc5qWWaXdZvjaiWko
-COpur7pmfTJs3kaLRM5wbdh3Sg8XbLmn6aYwQ0mLSu4ocE8kIDVrzrwo116g0NMk
-nXMNismb2whxAnTTwkWVapyzSgqKfhkC1fPrsIpQew6MSBN4FC1edV7xI1fl5n8U
-g109EzhTEIeqH9bjUHtyKAV6iQXRY5q5VY2iul0DyPTL7u0B7zYR+b/EdKYEtww+
-TT4Dg4hP5MgknuR6ERBtg0hEWxRkYAjRAyxLxUMElIB8zLHd2aUKcb95zzgZsJx1
-huJE68E1Pv5kJ2DXBDUR1qY/Y/zUZhGDo7AO00AWJtE1Qd+YhSLEuD6D4+/lvZmh
-Mc5oUwCq3bNlHE8gKDrb5ioeFmqG/j4ZuKokJ+FWF7lFZ4i0oAQ=
-=/mfk
+klANhQ/9HGufwoJIrfVn1rrOtTclE5+g2CX8iPECUNRY9XRMoLABFbvsUzdnQL8j
+lFrUlsMEKtm5jamyeMoHwtWWtXgXzrifSgUAZ7Qv9u8c9mAKBBvsVhrTIhI7GAAo
+Gny4YCPFnrUvobhVinSMWo5UnN5JG6aXvgIikzw8p6/k/Vb85sEVoU600LHcF919
+DfsszgGPQczxEW3RF67wgCD34/QlwLjCbNGf1p8VX/EAOrCKkMEF4CT6vImEO7ph
+lVo2TcoPSjBiNWzbhhNFgGSyhxtscp6uxTKxCZSCochfC6eeYABq0ZwRKKxEWkkf
+gPfvAlj8sSExN/cjc345DOde6b8yYqFZcMXrxuBVNxlyTBTwURqNsazq2p8xRvZU
+HvKOoOfD8ZTnhHvEbs+FS8beHIltARIJ4aI1bM+SwYPu2tAVxNIlhkNobPwaCsod
+LsRAywPUsvkMAjLDKCEUOWM8/LlevHwC8RrKDNdZLHD+WyI0/tbEH3ubx+DEsTU2
+ynFgqDIUFI8re77D+7WZTEL1wNTNm6DmiAHpfetvBywrq6dzV0w1IkJVHE9SHZ4O
+U+CwUOMse8aK++i2N9btjPxYhA8ZzfHpXwxnoXEl+q2jC3PTkl09bE1DM9B+Nqp6
+hg8Rb9IX2grC6Tn1urxv+75hkAaEK1reh9tKLh5l2oXk8gI4ZTg=
+=8BwF
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 92b8d40924f6..a1398261b9ab 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202107-05.xml b/metadata/glsa/glsa-202107-05.xml
new file mode 100644
index 000000000000..292c32b550aa
--- /dev/null
+++ b/metadata/glsa/glsa-202107-05.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-05">
+ <title>libxml2: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in libxml2, the worst of
+ which could result in a Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">libxml2</product>
+ <announced>2021-07-06</announced>
+ <revised count="1">2021-07-06</revised>
+ <bug>749849</bug>
+ <bug>790002</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="dev-libs/libxml2" auto="yes" arch="*">
+ <unaffected range="ge">2.9.11</unaffected>
+ <vulnerable range="lt">2.9.11</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libxml2 is the XML (eXtended Markup Language) C parser and toolkit
+ initially developed for the GNOME project.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libxml2. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="low">
+ <p>A remote attacker could entice a user to process a specially crafted XML
+ document using an application linked against libxml2, possibly resulting
+ in a Denial of Service condition or obtaining sensitive information.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libxml2 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-libs/libxml2-2.9.12-r3"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24977">CVE-2020-24977</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3516">CVE-2021-3516</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3517">CVE-2021-3517</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3518">CVE-2021-3518</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3537">CVE-2021-3537</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3541">CVE-2021-3541</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-05-24T00:17:09Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2021-07-06T03:13:56Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-06.xml b/metadata/glsa/glsa-202107-06.xml
new file mode 100644
index 000000000000..369536037a98
--- /dev/null
+++ b/metadata/glsa/glsa-202107-06.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-06">
+ <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabillities have been found in Chromium and Google
+ Chrome, the worst of which could allow remote attackers to execute
+ arbitrary code.
+ </synopsis>
+ <product type="ebuild">google-chrome,chromium</product>
+ <announced>2021-07-06</announced>
+ <revised count="1">2021-07-06</revised>
+ <bug>789420</bug>
+ <bug>792084</bug>
+ <bug>795204</bug>
+ <bug>796338</bug>
+ <bug>796521</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/google-chrome" auto="yes" arch="*">
+ <unaffected range="ge">91.0.4472.114</unaffected>
+ <vulnerable range="lt">91.0.4472.114</vulnerable>
+ </package>
+ <package name="www-client/chromium" auto="yes" arch="*">
+ <unaffected range="ge">91.0.4472.114</unaffected>
+ <vulnerable range="lt">91.0.4472.114</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Chromium is an open-source browser project that aims to build a safer,
+ faster, and more stable way for all users to experience the web.
+ </p>
+
+ <p>Google Chrome is one fast, simple, and secure browser for all your
+ devices.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Chromium and Google
+ Chrome. Please review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="high">
+ <p>A remote attacker could execute arbitrary code, escalate privileges,
+ obtain sensitive information, spoof a URL or cause a Denial of Service
+ condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Google Chrome users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/google-chrome-91.0.4472.114"
+ </code>
+
+ <p>All Chromium users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=www-client/chromium-91.0.4472.114"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30506">CVE-2021-30506</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30507">CVE-2021-30507</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30508">CVE-2021-30508</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30509">CVE-2021-30509</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30510">CVE-2021-30510</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30511">CVE-2021-30511</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30512">CVE-2021-30512</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30513">CVE-2021-30513</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30514">CVE-2021-30514</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30515">CVE-2021-30515</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30516">CVE-2021-30516</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30517">CVE-2021-30517</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30518">CVE-2021-30518</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30519">CVE-2021-30519</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30520">CVE-2021-30520</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30521">CVE-2021-30521</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30522">CVE-2021-30522</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30523">CVE-2021-30523</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30524">CVE-2021-30524</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30525">CVE-2021-30525</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30526">CVE-2021-30526</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30527">CVE-2021-30527</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30528">CVE-2021-30528</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30530">CVE-2021-30530</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30531">CVE-2021-30531</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30532">CVE-2021-30532</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30533">CVE-2021-30533</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30534">CVE-2021-30534</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30536">CVE-2021-30536</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30537">CVE-2021-30537</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30538">CVE-2021-30538</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30539">CVE-2021-30539</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30540">CVE-2021-30540</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30544">CVE-2021-30544</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30545">CVE-2021-30545</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30546">CVE-2021-30546</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30548">CVE-2021-30548</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30549">CVE-2021-30549</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30550">CVE-2021-30550</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30551">CVE-2021-30551</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30552">CVE-2021-30552</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30553">CVE-2021-30553</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30554">CVE-2021-30554</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30555">CVE-2021-30555</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30556">CVE-2021-30556</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30557">CVE-2021-30557</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-07-05T03:25:38Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2021-07-06T03:30:34Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-07.xml b/metadata/glsa/glsa-202107-07.xml
new file mode 100644
index 000000000000..9a915ff4592f
--- /dev/null
+++ b/metadata/glsa/glsa-202107-07.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-07">
+ <title>glibc: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities in glibc could result in Denial of
+ Service.
+ </synopsis>
+ <product type="ebuild">glibc</product>
+ <announced>2021-07-06</announced>
+ <revised count="1">2021-07-06</revised>
+ <bug>764176</bug>
+ <bug>767718</bug>
+ <bug>772425</bug>
+ <bug>792261</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="sys-libs/glibc" auto="yes" arch="*">
+ <unaffected range="ge">2.33-r1</unaffected>
+ <vulnerable range="lt">2.33-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>glibc is a package that contains the GNU C library.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in glibc. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>An attacker could cause a possible Denial of Service condition.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All glibc users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=sys-libs/glibc-2.33-r1"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-25013">CVE-2019-25013</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27618">CVE-2020-27618</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27645">CVE-2021-27645</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3326">CVE-2021-3326</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33574">CVE-2021-33574</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-07-05T02:27:53Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2021-07-06T03:37:10Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-08.xml b/metadata/glsa/glsa-202107-08.xml
new file mode 100644
index 000000000000..07a104b936be
--- /dev/null
+++ b/metadata/glsa/glsa-202107-08.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-08">
+ <title>PostSRSd: Denial of service</title>
+ <synopsis>Multiple vulnerabilities in PostSRSd could lead to a Denial of
+ Service condition.
+ </synopsis>
+ <product type="ebuild">postsrsd</product>
+ <announced>2021-07-06</announced>
+ <revised count="1">2021-07-06</revised>
+ <bug>760821</bug>
+ <bug>793674</bug>
+ <access>remote</access>
+ <affected>
+ <package name="mail-filter/postsrsd" auto="yes" arch="*">
+ <unaffected range="ge">1.11</unaffected>
+ <vulnerable range="lt">1.11</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>PostSRSd is a Postfix sender rewriting scheme daemon</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in PostSRSd. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>An attacker could cause a possible Denial of Service condition.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All postsrsd users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=mail-filter/postsrsd-1.11"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35573">CVE-2020-35573</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-35525">CVE-2021-35525</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-02-20T19:48:10Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2021-07-06T03:43:40Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-09.xml b/metadata/glsa/glsa-202107-09.xml
new file mode 100644
index 000000000000..355d53f8722a
--- /dev/null
+++ b/metadata/glsa/glsa-202107-09.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-09">
+ <title>Mozilla Firefox: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+ worst of which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">firefox</product>
+ <announced>2021-07-07</announced>
+ <revised count="1">2021-07-07</revised>
+ <bug>794082</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge" slot="0/esr78">78.11.0</unaffected>
+ <unaffected range="ge">89.0</unaffected>
+ <vulnerable range="lt">89.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="0/esr78">78.11.0</unaffected>
+ <unaffected range="ge">89.0</unaffected>
+ <vulnerable range="lt">89.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+ project.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-78.11.0"
+ </code>
+
+ <p>All Mozilla Firefox ESR binary users should upgrade to the latest
+ version:
+ </p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-78.11.0"
+ </code>
+
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-89.0"
+ </code>
+
+ <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-89.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29959">CVE-2021-29959</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29960">CVE-2021-29960</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29961">CVE-2021-29961</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29966">CVE-2021-29966</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-07-06T03:15:54Z">sam_c</metadata>
+ <metadata tag="submitter" timestamp="2021-07-07T07:46:37Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-10.xml b/metadata/glsa/glsa-202107-10.xml
new file mode 100644
index 000000000000..b271ec42cba4
--- /dev/null
+++ b/metadata/glsa/glsa-202107-10.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-10">
+ <title>TCG TPM2 Software Stack: Information disclosure</title>
+ <synopsis>A bug in TCG TPM2 Software Stack may result in information
+ disclosure to a local attacker.
+ </synopsis>
+ <product type="ebuild">tpm2-tss</product>
+ <announced>2021-07-07</announced>
+ <revised count="1">2021-07-07</revised>
+ <bug>746563</bug>
+ <access>local</access>
+ <affected>
+ <package name="app-crypt/tpm2-tss" auto="yes" arch="*">
+ <unaffected range="ge">2.4.3</unaffected>
+ <vulnerable range="lt">2.4.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>TCG TPM2 Software Stack is a library to interface with trusted platform
+ modules.
+ </p>
+ </background>
+ <description>
+ <p>TCG TPM2 Software Stack did not appropriately apply FAPI policies to
+ protect data encrypted with the trusted platform module.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Data encrypted using TCG TPM2 Software Stack (tpm2-tss) may not be
+ protected from an attacker.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All tpm2-tss users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=app-crypt/tpm2-tss-2.4.3"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24455">CVE-2020-24455</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-05-24T14:04:16Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2021-07-07T07:58:39Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-11.xml b/metadata/glsa/glsa-202107-11.xml
new file mode 100644
index 000000000000..33c7a57948fd
--- /dev/null
+++ b/metadata/glsa/glsa-202107-11.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-11">
+ <title>OpenDoas: Insufficient environment filtering</title>
+ <synopsis>A vulnerability in OpenDoas could lead to privilege escalation.</synopsis>
+ <product type="ebuild">doas</product>
+ <announced>2021-07-07</announced>
+ <revised count="1">2021-07-07</revised>
+ <bug>767781</bug>
+ <access>local</access>
+ <affected>
+ <package name="app-admin/doas" auto="yes" arch="*">
+ <unaffected range="ge">6.8.1</unaffected>
+ <vulnerable range="lt">6.8.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OpenDoas allows users to run commands as other users.</p>
+ </background>
+ <description>
+ <p>OpenDoas does not properly filter the PATH variable from the resulting
+ shell after escalating privileges.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A local attacker with control of a user’s PATH variable could escalate
+ privileges if that user uses OpenDoas with a poisoned PATH variable.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OpenDoas users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=app-admin/doas-6.8.1"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-25016">CVE-2019-25016</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-05-30T16:48:56Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2021-07-07T07:59:33Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-12.xml b/metadata/glsa/glsa-202107-12.xml
new file mode 100644
index 000000000000..3dc6bc469258
--- /dev/null
+++ b/metadata/glsa/glsa-202107-12.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-12">
+ <title>Schism Tracker: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Schism Tracker, the
+ worst of which could result in denial of service.
+ </synopsis>
+ <product type="ebuild">schismtracker</product>
+ <announced>2021-07-07</announced>
+ <revised count="1">2021-07-07</revised>
+ <bug>711210</bug>
+ <access>local</access>
+ <affected>
+ <package name="media-sound/schismtracker" auto="yes" arch="*">
+ <unaffected range="ge">20190805</unaffected>
+ <vulnerable range="lt">20190805</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Schism Tracker is a free implementation of Impulse Tracker, a tool used
+ to create high quality music.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Schism Tracker. Please
+ review the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Schism Tracker users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=media-sound/schismtracker-20190805"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14465">CVE-2019-14465</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14523">CVE-2019-14523</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-06-02T11:30:32Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2021-07-07T08:00:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-13.xml b/metadata/glsa/glsa-202107-13.xml
new file mode 100644
index 000000000000..bb98e4f0139c
--- /dev/null
+++ b/metadata/glsa/glsa-202107-13.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-13">
+ <title>GLib: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in GLib, the worst of
+ which could result in the arbitrary execution of code.
+ </synopsis>
+ <product type="ebuild">glib</product>
+ <announced>2021-07-07</announced>
+ <revised count="1">2021-07-07</revised>
+ <bug>768753</bug>
+ <bug>775632</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="dev-libs/glib" auto="yes" arch="*">
+ <unaffected range="ge">2.66.8</unaffected>
+ <vulnerable range="lt">2.66.8</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>GLib is a library providing a number of GNOME’s core objects and
+ functions.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in GLib. Please review the
+ CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All GLib users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-libs/glib-2.66.8"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27218">CVE-2021-27218</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27219">CVE-2021-27219</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28153">CVE-2021-28153</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-05-24T01:51:26Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2021-07-07T08:01:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-14.xml b/metadata/glsa/glsa-202107-14.xml
new file mode 100644
index 000000000000..5a10a179d0c8
--- /dev/null
+++ b/metadata/glsa/glsa-202107-14.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-14">
+ <title>rclone: Weak random number generation</title>
+ <synopsis>rclone uses weak random number generation such that generated
+ passwords can be easily cracked.
+ </synopsis>
+ <product type="ebuild">rclone</product>
+ <announced>2021-07-08</announced>
+ <revised count="1">2021-07-08</revised>
+ <bug>755638</bug>
+ <access>local</access>
+ <affected>
+ <package name="net-misc/rclone" auto="yes" arch="*">
+ <unaffected range="ge">1.53.3</unaffected>
+ <vulnerable range="lt">1.53.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>rclone is a problem to sync files to and from various cloud storage
+ providers.
+ </p>
+ </background>
+ <description>
+ <p>Passwords generated with rclone were insecurely generated and are
+ vulnerable to brute force attacks.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>Data kept secret with a password generated by rclone may be disclosed to
+ a local attacker.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All rclone users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-misc/rclone-1.53.3"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28924">CVE-2020-28924</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-05-31T20:48:28Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2021-07-08T03:19:54Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-15.xml b/metadata/glsa/glsa-202107-15.xml
new file mode 100644
index 000000000000..79b937641f54
--- /dev/null
+++ b/metadata/glsa/glsa-202107-15.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-15">
+ <title>blktrace: Buffer overflow</title>
+ <synopsis>A buffer overflow in blktrace might allow arbitrary code execution.</synopsis>
+ <product type="ebuild">blktrace</product>
+ <announced>2021-07-08</announced>
+ <revised count="1">2021-07-08</revised>
+ <bug>655146</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="sys-block/blktrace" auto="yes" arch="*">
+ <unaffected range="ge">1.2.0_p20210419122502</unaffected>
+ <vulnerable range="lt">1.2.0_p20210419122502</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>blktrace shows detailed information about what is happening on a block
+ device IO queue.
+ </p>
+ </background>
+ <description>
+ <p>A crafted file could cause a buffer overflow in the ‘dev_map_read’
+ function because the device and devno arrays are too small.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could entice a user to open a specially crafted file
+ using blktrace, possibly resulting in execution of arbitrary code with
+ the privileges of the process or a Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All blktrace users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ "&gt;=sys-block/blktrace-1.2.0_p20210419122502"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-10689">CVE-2018-10689</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-07-06T00:11:19Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2021-07-08T03:29:36Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-16.xml b/metadata/glsa/glsa-202107-16.xml
new file mode 100644
index 000000000000..389a5b9374de
--- /dev/null
+++ b/metadata/glsa/glsa-202107-16.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-16">
+ <title>Privoxy: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Privoxy, the worst of
+ which could result in Denial of Service.
+ </synopsis>
+ <product type="ebuild">privoxy</product>
+ <announced>2021-07-08</announced>
+ <revised count="1">2021-07-08</revised>
+ <bug>758428</bug>
+ <bug>768096</bug>
+ <bug>771960</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-proxy/privoxy" auto="yes" arch="*">
+ <unaffected range="ge">3.0.32</unaffected>
+ <vulnerable range="lt">3.0.32</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Privoxy is a web proxy with advanced filtering capabilities for
+ enhancing privacy.
+ </p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in privoxy. Please review
+ the CVE identifiers referenced below for details.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>An attacker could cause a possible Denial of Service condition.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Privoxy users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=net-proxy/privoxy-3.0.32"
+ </code>
+
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35502">CVE-2020-35502</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20209">CVE-2021-20209</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20210">CVE-2021-20210</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20211">CVE-2021-20211</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20212">CVE-2021-20212</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20213">CVE-2021-20213</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20214">CVE-2021-20214</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20215">CVE-2021-20215</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20216">CVE-2021-20216</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20217">CVE-2021-20217</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20272">CVE-2021-20272</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20273">CVE-2021-20273</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20274">CVE-2021-20274</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20275">CVE-2021-20275</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20276">CVE-2021-20276</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-05-31T21:51:37Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2021-07-08T03:36:21Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-17.xml b/metadata/glsa/glsa-202107-17.xml
new file mode 100644
index 000000000000..4646661b6380
--- /dev/null
+++ b/metadata/glsa/glsa-202107-17.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-17">
+ <title>Mechanize: Command injection</title>
+ <synopsis>A file named by an attacker being utilized by Mechanize could
+ result in arbitrary code execution.
+ </synopsis>
+ <product type="ebuild">mechanize</product>
+ <announced>2021-07-08</announced>
+ <revised count="1">2021-07-08</revised>
+ <bug>768609</bug>
+ <access>local, remote</access>
+ <affected>
+ <package name="dev-ruby/mechanize" auto="yes" arch="*">
+ <unaffected range="ge">2.7.7</unaffected>
+ <vulnerable range="lt">2.7.7</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mechanize is a Ruby library used for automating interaction with
+ websites.
+ </p>
+ </background>
+ <description>
+ <p>Mechanize does not neutralize filename input and could allow arbitrary
+ code execution if an attacker can control filenames used by Mechanize.
+ </p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mechanize users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-ruby/mechanize-2.7.7"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21289">CVE-2021-21289</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-05-31T21:54:48Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2021-07-08T03:38:36Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-18.xml b/metadata/glsa/glsa-202107-18.xml
new file mode 100644
index 000000000000..f05d598c50b4
--- /dev/null
+++ b/metadata/glsa/glsa-202107-18.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-18">
+ <title>BladeEnc: Buffer overflow</title>
+ <synopsis>A buffer overflow in BladeEnc might allow arbitrary code execution.</synopsis>
+ <product type="ebuild">bladeenc</product>
+ <announced>2021-07-08</announced>
+ <revised count="1">2021-07-08</revised>
+ <bug>631394</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-sound/bladeenc" auto="yes" arch="*">
+ <vulnerable range="lt">0.94.2-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>BladeEnc is an mp3 encoder.</p>
+ </background>
+ <description>
+ <p>A crafted file could cause a buffer overflow in the iteration_loop
+ function in BladeEnc.
+ </p>
+ </description>
+ <impact type="normal">
+ <p>A remote attacker could entice a user to open a specially crafted using
+ BladeEnc, possibly resulting in execution of arbitrary code with the
+ privileges of the process or a Denial of Service condition.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>Gentoo has discontinued support for BladeEnc. We recommend that users
+ unmerge ssvnc:
+ </p>
+
+ <code>
+ # emerge --ask --depclean "media-sound/bladeenc"
+ </code>
+
+ <p>NOTE: The Gentoo developer(s) maintaining BladeEnc have discontinued
+ support at this time. It may be possible that a new Gentoo developer will
+ update BladeEnc at a later date. We do not have a suggestion for a
+ replacement at this time.
+ </p>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14648">CVE-2017-14648</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-07-05T23:50:22Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2021-07-08T03:44:12Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-19.xml b/metadata/glsa/glsa-202107-19.xml
new file mode 100644
index 000000000000..75efc2f17de5
--- /dev/null
+++ b/metadata/glsa/glsa-202107-19.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-19">
+ <title>Jinja: Denial of service</title>
+ <synopsis>An inefficient regular expression could be exploited to cause a
+ Denial of Service condition.
+ </synopsis>
+ <product type="ebuild">jinja2</product>
+ <announced>2021-07-08</announced>
+ <revised count="1">2021-07-08</revised>
+ <bug>768300</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-python/jinja" auto="yes" arch="*">
+ <unaffected range="ge">2.11.3</unaffected>
+ <vulnerable range="lt">2.11.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Jinja is a template engine written in pure Python.</p>
+ </background>
+ <description>
+ <p>The ‘urlize’ filter in Jinja utilized an inefficient regular
+ expression that could be exploited to consume excess CPU.
+ </p>
+ </description>
+ <impact type="low">
+ <p>An attacker could cause a Denial of Service condition via crafted input
+ to the ‘urlize’ Jinja filter.
+ </p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Jinja users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose "&gt;=dev-python/jinja-2.11.3"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28493">CVE-2020-28493</uri>
+ </references>
+ <metadata tag="requester" timestamp="2021-05-31T21:46:47Z">whissi</metadata>
+ <metadata tag="submitter" timestamp="2021-07-08T04:02:25Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 1fe8be64523e..89029127bb67 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 03 Jul 2021 21:09:05 +0000
+Thu, 08 Jul 2021 13:39:09 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 0fbb29b111c8..62b17ac292ce 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-d293bbd455c078508ed7f2ca6e48c2cebbf19c5c 1625283274 2021-07-03T03:34:34+00:00
+87db1c532ba9e64836890a3c105fac77e62cbc0e 1625717020 2021-07-08T04:03:40+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 19:42:49 +0000