7 files changed, 161 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index a186763f710a..5f67523ba8ec 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 579171 BLAKE2B c503f3149ac98a81a2a72d2364a46176b3c285a1621a8af77978b4ede84a80db1977b0d8f154263b7c2bcc353216537aa1b1e8484ae4df3253f17c00c81c0761 SHA512 74d7e8c7054b78d2f3183d3c0366fa4a3d83835c364cd7b13c4eaf7bde990556a6cb8101a1ea11386306381222e788d3c418bebff9f98a1b2d701dcad1904056
-TIMESTAMP 2024-07-09T10:10:15Z
+MANIFEST Manifest.files.gz 579649 BLAKE2B d1b796ba5c81fee046c2e8c50455a5b776ebdd09dbedb326c8b97fd5a0d51be46e3603ca79b91a71dddcacfb3c0dcbadcc62be2abe02515b84ef69f62cf23d68 SHA512 6c576e78234ac4cfe0606f825efe9766e6c0c6089da4549966b3883ac5df1b6a6d7f6f6061ae2839e5d62620ccb8ae330b1e639ff04bdc50050fb951bed139e2
+TIMESTAMP 2024-07-10T10:40:43Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaNDIdfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaOZSxfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCpcg//ff91BFc6l8eAsaRVOHG2v62+yxJIiFc6PSTit7vv3zHK4hAYJjEe5EI0
-yAcwMowGpB4cVPf4+7TQYqaAousZyT0Lu8arEW3+Fbn5MXHTwzN/Q6ZJQbBG7VNN
-ruFefkF18aGnrDQCE6wFjd2FaiYkQ7j3eldfPPm+ng3jZTOHAJL7+WL4z9FARgah
-9dFXqNS4xAQTRFmXRnlsIBvYJrG5BkzL34IHnExYdECEvWvKtWKNz8aZV8siqHk0
-WzIQfIZKQCrBdk2ITxNrHEAt665EaJIw61q172U339C8PxJAdjmOEhHn3Wv0QCKG
-1zcqd+QLKVh3l+WtBBR/csPi7IsIA04iIsynJ9w+hucONJDPF1e1tXeNZEPUJPNv
-Znn4CPt7cpvSBpK3NjdFRs7UaucymBoDc3AJ6r3+mJpD67YgeaxU5TjLJCcrVGY2
-QVHqGg8cIjDCc4+dz6FExaXbsVzjEOcla7nY97XBa1XyvQmlx5YbotGS+0Bx7OrI
-+FKfNmJT3bf3wq+DyfdlTS7q7nEQhaMWK8+9LKJ9kX/UWUwkaMcYjQax4Qn7daCK
-oIKIYw2dVKk69oEvfCj2T0pkqRwdGDz8KF4kEe3HL8xfgG9Ry9dSR/2ssrdGhQla
-GrCMmHx+y1ixI1OBAU+JP3N345RInbiKNP/FfvZRlt6XDnFVTTg=
-=sDm4
+klA+1g//YLNn185sKEPS+4Ted7zhXcHWRDBSN3ZM4hyWm0rAVksW4rkcOK85d6dQ
+GGb4d2K0UGRXX4xNdFo9SSGRVzzJN3i1evTMbEqtUOv8vvI/eo7mE0t6NyQyifK1
+y2UDF5895CuyoilANRPbDyJOIgAYl7KWZlZiEyCk9J98wLKMyhY3+mm3vaIC8bfe
+erLdicqYmeVIsmfxg+y5el8MrAqsJtyCJFeQxU/woF5hNsXwkntIweTdUkrZHMMp
+IlIVeI+s6Sh/WDHsMnBTUEq28ffAKTE4os9NhRNHy7lDLSnEehaEhYEbAP/ZE3im
+bQp7Njgcy+OcT3Bi4tu4/bD9A7JejEgLfvBgzrgXrlFWo2HHeFE6wFksTwM5DNdJ
+6643NfuIZSkmh2eoj+H++vatxMziPzE1KX/Gx4DQ7dm130RwqEOdlqcTjCCf0UwH
+YDLu6OR0y8bYdDC+lF3dotXdA2fmLkNfATQf7Y5AZNOZX0iC0NzrXV0flWI9Y5R1
+2ItK59MZCZ7wEvIzaqi7iYfhtvoLp0InB0ypDhHa+Dsnr0DsIbSUMEEprSVhd2rV
+WG4znTZR3xn/WMUalgvmhE8Gc3EOTNNhkGHOAnfnuodGq5owDKu57NAG+u/vDkx5
+HN2GiYSnFf47J3iRdBXy6UmMbJb7okrtVYv65D2G8TM4LMGLKkY=
+=Lqgo
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index d4c1d9b1a29b..0f55c8b38244 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202407-23.xml b/metadata/glsa/glsa-202407-23.xml
new file mode 100644
index 000000000000..3015033820b0
--- /dev/null
+++ b/metadata/glsa/glsa-202407-23.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-23">
+    <title>LIVE555 Media Server: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in LIVE555 Media Server, the worst of which could lead to a denial of service.</synopsis>
+    <product type="ebuild">live</product>
+    <announced>2024-07-09</announced>
+    <revised count="1">2024-07-09</revised>
+    <bug>732598</bug>
+    <bug>807622</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="media-plugins/live" auto="yes" arch="*">
+            <unaffected range="ge">2021.08.24</unaffected>
+            <vulnerable range="lt">2021.08.24</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>LIVE555 Media Server is a set of libraries for multimedia streaming.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in LIVE555 Media Server. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All LIVE555 Media Server users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-plugins/live-2021.08.24"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24027">CVE-2020-24027</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38380">CVE-2021-38380</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38381">CVE-2021-38381</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38382">CVE-2021-38382</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39282">CVE-2021-39282</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39283">CVE-2021-39283</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-09T13:09:03.649511Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-09T13:09:03.653871Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-24.xml b/metadata/glsa/glsa-202407-24.xml
new file mode 100644
index 000000000000..118703bb07d5
--- /dev/null
+++ b/metadata/glsa/glsa-202407-24.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-24">
+    <title>HarfBuzz: Denial of Service</title>
+    <synopsis>A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service.</synopsis>
+    <product type="ebuild">harfbuzz</product>
+    <announced>2024-07-10</announced>
+    <revised count="1">2024-07-10</revised>
+    <bug>905310</bug>
+    <access>local</access>
+    <affected>
+        <package name="media-libs/harfbuzz" auto="yes" arch="*">
+            <unaffected range="ge">7.1.0</unaffected>
+            <vulnerable range="lt">7.1.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>HarfBuzz is an OpenType text shaping engine.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in HarfBuzz. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All HarfBuzz users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-7.1.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22006">CVE-2023-22006</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22036">CVE-2023-22036</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22041">CVE-2023-22041</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22044">CVE-2023-22044</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22045">CVE-2023-22045</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22049">CVE-2023-22049</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-25193">CVE-2023-25193</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-10T06:11:01.173024Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-10T06:11:01.176040Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-25.xml b/metadata/glsa/glsa-202407-25.xml
new file mode 100644
index 000000000000..4b13514271a9
--- /dev/null
+++ b/metadata/glsa/glsa-202407-25.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-25">
+    <title>Buildah: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Buildah, the worst of which could lead to privilege escalation.</synopsis>
+    <product type="ebuild">buildah</product>
+    <announced>2024-07-10</announced>
+    <revised count="1">2024-07-10</revised>
+    <bug>923650</bug>
+    <bug>927499</bug>
+    <bug>927502</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-containers/buildah" auto="yes" arch="*">
+            <unaffected range="ge">1.35.3</unaffected>
+            <vulnerable range="lt">1.35.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Buildah is a tool that facilitates building Open Container Initiative (OCI) container images</p>
+    </background>
+    <description>
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Buildah users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-containers/buildah-1.35.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1753">CVE-2024-1753</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23651">CVE-2024-23651</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23652">CVE-2024-23652</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23653">CVE-2024-23653</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24786">CVE-2024-24786</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-10T06:35:05.025996Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-10T06:35:05.030840Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index d051cfa8a1ab..611effcb9caa 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 09 Jul 2024 10:10:12 +0000
+Wed, 10 Jul 2024 10:40:40 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 1bc9b09c57fb..d58735345345 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-212a4b375c557073cdfba6c10bc0bf6cb57b54c6 1720249915 2024-07-06T07:11:55Z
+f5c4590ccc7fba60f1b11c716c6abb083c0f5ddd 1720593316 2024-07-10T06:35:16Z