summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin566926 -> 568062 bytes
-rw-r--r--metadata/glsa/glsa-202402-22.xml44
-rw-r--r--metadata/glsa/glsa-202402-23.xml84
-rw-r--r--metadata/glsa/glsa-202402-24.xml42
-rw-r--r--metadata/glsa/glsa-202402-25.xml129
-rw-r--r--metadata/glsa/glsa-202402-26.xml88
-rw-r--r--metadata/glsa/glsa-202402-27.xml42
-rw-r--r--metadata/glsa/glsa-202402-28.xml54
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
11 files changed, 500 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 80f56d6f4ff7..a7e9e87afe41 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 566926 BLAKE2B 662f6b629a94bee49b81ce5e7c79890f472857985014164c59582532a367c029a6006250d334fa4649ce628cfecd09ece880332a7434e27f63860495755cb92e SHA512 b38db85707ee45700d87f79d57491088f18bc5d8420212ca7f2563366ffd1783a5720d4428bca32016af1cb46ad1318a365cc1af3ee918a4b435469f68cab028
-TIMESTAMP 2024-02-19T04:49:32Z
+MANIFEST Manifest.files.gz 568062 BLAKE2B 63354e36b00357ecbdd68ddac0a4e722f998e8aade0b5025f1a84caf5470d97f6b2ce7020f42bbd802a1beb63f88f2e3287b060dbc4a695da224e6ab93006e93 SHA512 106f89b00b29ed2c754a2a2fe054b6b0b6f2413fdf8d113f7ddc7bf427a1474d7f8e333da8fd87a95983c6a19f014980c8f0c2c7ae9b46e4e7091b87323240fc
+TIMESTAMP 2024-02-19T11:10:01Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmXS3dxfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmXTNwlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD57w/9Er2QEpxNcr9gQIzz8dswnUNRzqg/TWOdLS7iE9F8ri3MFBwB76i8KEfI
-umEtFpUo/HeUaOgHgi7xqAVMgJEgIQj16nYj3RzrS5ommQF7+v+TX6ZAmzymQEWT
-Wwk4kCgpu5dFXtf5hgCZrRTtI0w1NwlXhQ1fixGu92UfUpadE6xPhIZWSkoiZ33k
-KWk3ylZxPTlZ2heQ8h9YyJ5PdQWLOA182zTB5XHApGdbyhCxli77xYZREHZYwHuq
-YVmSdzjLFD8EYv8eEuhLtQZ153A0pCIkuh/aPUr9lB20UFBaFFb2hWlewezF/Rrh
-4EKPY7KLXCnyYrVroeKZZwBfuQ06g41q5Fq/5yBNBVLMomSJijznhXdCeymQ6tKR
-/xD4XxV7GKmNq3DGB8z3ZZ/5gvL7CumbHISvdOQqUYNoPelCxTNN9JpkdNEXsqAc
-gORUG2W+bUfSiT0ckNYtVqd2nzVIfzXltkW1fc/Ud6Mxq1zptjUQLLjgh+/0Iwmu
-yMnY/61vhv5yD6Dhj7rpX1lPVTtSC3qGL/iyC6tBaAQFZqXU9Ahbqjsu9xCW4GH5
-P70OPR6L9rt9LNplXf5Y72dMiujijIx+RtOIQbAtBs8r1OUQE7+9yu5XyFoAYjC9
-KR1hshC8YOYRQwVbB8MTdny4K3an5fJV/qQHt/85j9SjzHHf8vs=
-=g/1f
+klDX/A/+Lg9i5DbYW4Nk/NupqbjuZNeCc0qW0zIwq5Ip1fMkrXNfFBx6ghcIoYHn
+HqITrkRknPeEFELx3z+J9tHIjr8aNKLMmrjX06myPzquNhmh91yWOErpfzjIKAUb
+y4tpoiStxO7X1wp4OcuH2loNLTKyd9G6SwCv0cojgZMe2Zs1KnTZCPp+OyrJy6n3
+qAHr8MKTWjI0OxwglRgm6uuQ7dlENCxMM2yJjaFXWo0c6+P/b3fhRQCa7o+yJ+PI
+8BIKxEn+P9oasQwD7ZRX8WFr5LNcJsb7uTlZWHU+wXUTj9/4+ExojnlFZrBKc3+A
+a1XvcEYv7nzMC8bBE+C/+e/E/TtxsuVP4NAOdnR6H8xa1CygTP0qYb9lU7uSoqhw
+AR1g350iSvgrS5zmREht9Fpz49jF03HD4Xw5l8j9QbhLB5iehj3D4Yn2MT+Hy7Jb
+YDEdGxvp6wOr+6b5JZY8E5BHdrln2bFXnWmYhZLHojXegv95E3BuYPsq5KLMnWL8
+DvKjo3WxyhHh1ouswYkZfpN/ge0n+41AbPKR4NnqNrwK/cmvVBJEljTsMgjuBE/+
+v5rIhnOdeUAdJvzvebLry8MQqbTt9bm2/OGBbaLRuKIz0AbZLccIZAI9WlEVInx/
+fivq3Xx+JoluCNVZqCEhNnRYns4lBNV5sJwjYHXlVm1FiIJI93Y=
+=LKPT
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index c628bc944922..2352cc66c21e 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202402-22.xml b/metadata/glsa/glsa-202402-22.xml
new file mode 100644
index 000000000000..789dcb28159d
--- /dev/null
+++ b/metadata/glsa/glsa-202402-22.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-22">
+ <title>intel-microcode: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation.</synopsis>
+ <product type="ebuild">intel-microcode</product>
+ <announced>2024-02-19</announced>
+ <revised count="1">2024-02-19</revised>
+ <bug>832985</bug>
+ <bug>894474</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-firmware/intel-microcode" auto="yes" arch="*">
+ <unaffected range="ge">20230214_p20230212</unaffected>
+ <vulnerable range="lt">20230214_p20230212</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Intel IA32/IA64 microcode update data.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All intel-microcode users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-firmware/intel-microcode-20230214_p20230212"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-0127">CVE-2021-0127</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-0146">CVE-2021-0146</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-19T05:57:31.402960Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-02-19T05:57:31.405318Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202402-23.xml b/metadata/glsa/glsa-202402-23.xml
new file mode 100644
index 000000000000..237b585827ba
--- /dev/null
+++ b/metadata/glsa/glsa-202402-23.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-23">
+ <title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.</synopsis>
+ <product type="ebuild">chromium,google-chrome,microsoft-edge</product>
+ <announced>2024-02-19</announced>
+ <revised count="1">2024-02-19</revised>
+ <bug>922062</bug>
+ <bug>922340</bug>
+ <bug>922903</bug>
+ <bug>923370</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/chromium" auto="yes" arch="*">
+ <unaffected range="ge">121.0.6167.139</unaffected>
+ <vulnerable range="lt">121.0.6167.139</vulnerable>
+ </package>
+ <package name="www-client/google-chrome" auto="yes" arch="*">
+ <unaffected range="ge">121.0.6167.139</unaffected>
+ <vulnerable range="lt">121.0.6167.139</vulnerable>
+ </package>
+ <package name="www-client/microsoft-edge" auto="yes" arch="*">
+ <unaffected range="ge">121.0.2277.83</unaffected>
+ <vulnerable range="lt">121.0.2277.83</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Google Chrome users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-121.0.6167.139"
+ </code>
+
+ <p>All Chromium users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-121.0.6167.139"
+ </code>
+
+ <p>All Microsoft Edge users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-121.0.2277.83"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0333">CVE-2024-0333</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0517">CVE-2024-0517</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0518">CVE-2024-0518</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0519">CVE-2024-0519</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0804">CVE-2024-0804</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0805">CVE-2024-0805</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0806">CVE-2024-0806</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0807">CVE-2024-0807</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0808">CVE-2024-0808</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0809">CVE-2024-0809</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0810">CVE-2024-0810</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0811">CVE-2024-0811</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0812">CVE-2024-0812</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0813">CVE-2024-0813</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0814">CVE-2024-0814</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1059">CVE-2024-1059</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1060">CVE-2024-1060</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1077">CVE-2024-1077</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-19T05:58:06.874508Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-02-19T05:58:06.876972Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202402-24.xml b/metadata/glsa/glsa-202402-24.xml
new file mode 100644
index 000000000000..d46938afd0ac
--- /dev/null
+++ b/metadata/glsa/glsa-202402-24.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-24">
+ <title>Seamonkey: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution.</synopsis>
+ <product type="ebuild">seamonkey</product>
+ <announced>2024-02-19</announced>
+ <revised count="1">2024-02-19</revised>
+ <bug>767400</bug>
+ <bug>828479</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/seamonkey" auto="yes" arch="*">
+ <unaffected range="ge">2.53.10.2</unaffected>
+ <vulnerable range="lt">2.53.10.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The Seamonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla Application Suite’.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Seamonkey. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Seamonkey users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.10.2"
+ </code>
+ </resolution>
+ <references>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-19T05:58:31.869833Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-02-19T05:58:31.878346Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202402-25.xml b/metadata/glsa/glsa-202402-25.xml
new file mode 100644
index 000000000000..0c7703a83f08
--- /dev/null
+++ b/metadata/glsa/glsa-202402-25.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-25">
+ <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis>
+ <product type="ebuild">thunderbird,thunderbird-bin</product>
+ <announced>2024-02-19</announced>
+ <revised count="1">2024-02-19</revised>
+ <bug>918444</bug>
+ <bug>920508</bug>
+ <bug>924845</bug>
+ <access>remote</access>
+ <affected>
+ <package name="mail-client/thunderbird" auto="yes" arch="*">
+ <unaffected range="ge">115.7.0</unaffected>
+ <vulnerable range="lt">115.7.0</vulnerable>
+ </package>
+ <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+ <unaffected range="ge">115.7.0</unaffected>
+ <vulnerable range="lt">115.7.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.7.0"
+ </code>
+
+ <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.7.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3417">CVE-2023-3417</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3600">CVE-2023-3600</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4045">CVE-2023-4045</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4046">CVE-2023-4046</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4047">CVE-2023-4047</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4048">CVE-2023-4048</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4049">CVE-2023-4049</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4050">CVE-2023-4050</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4051">CVE-2023-4051</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4052">CVE-2023-4052</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4053">CVE-2023-4053</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4054">CVE-2023-4054</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4055">CVE-2023-4055</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4056">CVE-2023-4056</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4057">CVE-2023-4057</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4573">CVE-2023-4573</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4574">CVE-2023-4574</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4575">CVE-2023-4575</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4576">CVE-2023-4576</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4577">CVE-2023-4577</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4578">CVE-2023-4578</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4580">CVE-2023-4580</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4581">CVE-2023-4581</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4582">CVE-2023-4582</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4583">CVE-2023-4583</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4584">CVE-2023-4584</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4585">CVE-2023-4585</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5168">CVE-2023-5168</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5169">CVE-2023-5169</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5171">CVE-2023-5171</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5174">CVE-2023-5174</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5176">CVE-2023-5176</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5721">CVE-2023-5721</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5724">CVE-2023-5724</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5725">CVE-2023-5725</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5726">CVE-2023-5726</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5727">CVE-2023-5727</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5728">CVE-2023-5728</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5730">CVE-2023-5730</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5732">CVE-2023-5732</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6204">CVE-2023-6204</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6205">CVE-2023-6205</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6206">CVE-2023-6206</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6207">CVE-2023-6207</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6208">CVE-2023-6208</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6209">CVE-2023-6209</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6212">CVE-2023-6212</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6856">CVE-2023-6856</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6857">CVE-2023-6857</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6858">CVE-2023-6858</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6859">CVE-2023-6859</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6860">CVE-2023-6860</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6861">CVE-2023-6861</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6862">CVE-2023-6862</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6863">CVE-2023-6863</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-6864">CVE-2023-6864</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37201">CVE-2023-37201</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37202">CVE-2023-37202</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37207">CVE-2023-37207</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37208">CVE-2023-37208</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37211">CVE-2023-37211</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50761">CVE-2023-50761</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50762">CVE-2023-50762</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0741">CVE-2024-0741</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0742">CVE-2024-0742</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0746">CVE-2024-0746</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0747">CVE-2024-0747</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0749">CVE-2024-0749</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0750">CVE-2024-0750</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0751">CVE-2024-0751</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0753">CVE-2024-0753</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0755">CVE-2024-0755</uri>
+ <uri>MFSA-2024-01</uri>
+ <uri>MFSA-2024-02</uri>
+ <uri>MFSA-2024-04</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-19T05:59:00.992641Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-02-19T05:59:00.995575Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202402-26.xml b/metadata/glsa/glsa-202402-26.xml
new file mode 100644
index 000000000000..07596137d7e3
--- /dev/null
+++ b/metadata/glsa/glsa-202402-26.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-26">
+ <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">firefox,firefox-bin</product>
+ <announced>2024-02-19</announced>
+ <revised count="1">2024-02-19</revised>
+ <bug>924844</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge" slot="rapid">122.0</unaffected>
+ <unaffected range="ge" slot="esr">115.7.0</unaffected>
+ <vulnerable range="lt" slot="rapid">122.0</vulnerable>
+ <vulnerable range="lt" slot="esr">115.7.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="rapid">122.0</unaffected>
+ <unaffected range="ge" slot="esr">115.7.0</unaffected>
+ <vulnerable range="lt" slot="rapid">122.0</vulnerable>
+ <vulnerable range="lt" slot="esr">115.7.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-115.7.0:esr"
+ </code>
+
+ <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.7.0:esr"
+ </code>
+
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-122.0:rapid"
+ </code>
+
+ <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-122.0:rapid"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0741">CVE-2024-0741</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0742">CVE-2024-0742</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0743">CVE-2024-0743</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0744">CVE-2024-0744</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0745">CVE-2024-0745</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0746">CVE-2024-0746</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0747">CVE-2024-0747</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0748">CVE-2024-0748</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0749">CVE-2024-0749</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0750">CVE-2024-0750</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0751">CVE-2024-0751</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0752">CVE-2024-0752</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0753">CVE-2024-0753</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0754">CVE-2024-0754</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0755">CVE-2024-0755</uri>
+ <uri>MFSA-2024-01</uri>
+ <uri>MFSA-2024-02</uri>
+ <uri>MFSA-2024-04</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-19T05:59:26.896253Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2024-02-19T05:59:26.899882Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202402-27.xml b/metadata/glsa/glsa-202402-27.xml
new file mode 100644
index 000000000000..4fd31aef7a5c
--- /dev/null
+++ b/metadata/glsa/glsa-202402-27.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-27">
+ <title>Glade: Denial of Service</title>
+ <synopsis>A vulnerability has been discovered in Glade which can lead to a denial of service.</synopsis>
+ <product type="ebuild">glade</product>
+ <announced>2024-02-19</announced>
+ <revised count="1">2024-02-19</revised>
+ <bug>747451</bug>
+ <access>local and remote</access>
+ <affected>
+ <package name="dev-util/glade" auto="yes" arch="*">
+ <unaffected range="ge">3.38.2</unaffected>
+ <vulnerable range="lt">3.38.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Glade is a RAD tool to enable quick &amp; easy development of user interfaces for the GTK+ toolkit (Version 3 only) and the GNOME desktop environment.</p>
+ </background>
+ <description>
+ <p>A vulnerability has been found in Glade which can lead to a denial of service when working with specific glade files.</p>
+ </description>
+ <impact type="normal">
+ <p>A crafted file may lead to crashes in Glade.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Glade users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-util/glade-3.38.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36774">CVE-2020-36774</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-19T06:02:10.382734Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-02-19T06:02:10.385523Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202402-28.xml b/metadata/glsa/glsa-202402-28.xml
new file mode 100644
index 000000000000..f8a410fa3a7e
--- /dev/null
+++ b/metadata/glsa/glsa-202402-28.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-28">
+ <title>Samba: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution.</synopsis>
+ <product type="ebuild">samba</product>
+ <announced>2024-02-19</announced>
+ <revised count="1">2024-02-19</revised>
+ <bug>891267</bug>
+ <bug>910606</bug>
+ <bug>915556</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-fs/samba" auto="yes" arch="*">
+ <unaffected range="ge">4.18.9</unaffected>
+ <vulnerable range="lt">4.18.9</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Samba is a suite of SMB and CIFS client/server programs.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Samba users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-fs/samba-4.18.9"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14628">CVE-2018-14628</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2127">CVE-2022-2127</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3347">CVE-2023-3347</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3961">CVE-2023-3961</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4091">CVE-2023-4091</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4154">CVE-2023-4154</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34966">CVE-2023-34966</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34967">CVE-2023-34967</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34968">CVE-2023-34968</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42669">CVE-2023-42669</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42670">CVE-2023-42670</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-19T06:05:38.330272Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-02-19T06:05:38.333066Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 73d4d4c144fa..bdd15cd7a11b 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 19 Feb 2024 04:49:28 +0000
+Mon, 19 Feb 2024 11:09:57 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 65f7aa0e9c6c..970b20578ebf 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-6b93b2b9cf3ff334a58b58d960113c71066c1748 1708303300 2024-02-19T00:41:40+00:00
+9df376ebb50854c82bdbbc1e4f71d408e449fc54 1708323022 2024-02-19T06:10:22+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 10:00:21 +0000