From 4187bba080530c5ca1c7dae9c233e88f3fc8f535 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sat, 6 Jul 2024 08:06:16 +0100
Subject: gentoo auto-resync : 06:07:2024 - 08:06:15

---
 metadata/glsa/Manifest           |  30 +++++++++---------
 metadata/glsa/Manifest.files.gz  | Bin 577111 -> 578695 bytes
 metadata/glsa/glsa-202407-10.xml |  41 +++++++++++++++++++++++++
 metadata/glsa/glsa-202407-11.xml |  46 ++++++++++++++++++++++++++++
 metadata/glsa/glsa-202407-12.xml |  56 ++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202407-13.xml |  64 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202407-14.xml |  46 ++++++++++++++++++++++++++++
 metadata/glsa/glsa-202407-15.xml |  42 +++++++++++++++++++++++++
 metadata/glsa/glsa-202407-16.xml |  42 +++++++++++++++++++++++++
 metadata/glsa/glsa-202407-17.xml |  55 +++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202407-18.xml |  42 +++++++++++++++++++++++++
 metadata/glsa/glsa-202407-19.xml |  59 ++++++++++++++++++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 14 files changed, 510 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-202407-10.xml
 create mode 100644 metadata/glsa/glsa-202407-11.xml
 create mode 100644 metadata/glsa/glsa-202407-12.xml
 create mode 100644 metadata/glsa/glsa-202407-13.xml
 create mode 100644 metadata/glsa/glsa-202407-14.xml
 create mode 100644 metadata/glsa/glsa-202407-15.xml
 create mode 100644 metadata/glsa/glsa-202407-16.xml
 create mode 100644 metadata/glsa/glsa-202407-17.xml
 create mode 100644 metadata/glsa/glsa-202407-18.xml
 create mode 100644 metadata/glsa/glsa-202407-19.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index b41a986f64dd..32b9633dac07 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 577111 BLAKE2B 0cdb2f4b37d989ec4779ab2668429fad6726d0f8262d3b4c3b6e33e9dc73ed0cef5a69d0d12e69f34f1ea8a92d72ef9e77fd098a8c9f70b001120570e5caedac SHA512 8633861ca75b10437b48ae2c2f704cd739ad0c965fd468529f3c4310836c613f1c2c3a3a0e31e8cc9f53f73bed636d933165206a4bbd67d96bc5e4ca6bcd4b36
-TIMESTAMP 2024-07-04T06:40:42Z
+MANIFEST Manifest.files.gz 578695 BLAKE2B 83336190b9db8ef17789198cdcd94b93ded8e3517f2a97f1c20b8822eed5e6b0b5eb3ced060bb3507ec84b889e927fc798f66d29cbf9eb6e887b9965946a290d SHA512 0f0e20bf349c4697ccf022b03425f130dde9817f7156836e59ab595a116902b21ef17cfdaa931f7d352c2e0cef6812f8551245ae1736d423ae95d1dbfc08592f
+TIMESTAMP 2024-07-06T06:40:23Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaGQ+pfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmaI5tdfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAFSw//RkaTE3/KMovSf3ut7F091ch9KM6AAxYHYK36kgV1hRPgjONbYg8Rtn+S
-PtUIRIUP+mcGOQ2gV+YzRepQuEJ8bSmTJTp4PtMPL98vXFdmMxK3RovqfWy65xhx
-4ZrwUR68Wu7SqVOEES085sgVsP7H6lUACABprJHq1lKx97zqP2J/+g5q0DU9svE1
-GfyJAHAYYV6N34FQ49Tcjif6M9mh1/1G7Ne20kRoYhsxYquZgS17IxNvmBOk7xMr
-+RJ6JqG1bvjXo32fhgKI1EJS8uE5+hnIBtx52lnyqeKVOLs9hhAXbNgtgHDNNXpS
-cpZgmGligLmt7lzZrZ9fLvDJbgA0ZggSk8Zb/FK9JGG0NsDfk49Ms3dvom1XjXa4
-B/2N/HNOSo4CT9avS72Kjjz/BfXR5Y2wrW4f8JKL9WoTGbC3LFRNam1BU4U3Vtb+
-40zX4lsmS6TCYRq1oXlBQq3wS+pvkZ7jW1R07EvunY+w/v9SnsS0z9Z+ISrsZDZ1
-eZgFl3mphsy3GiCjTe6RnYOuPUPWqaBPq1+W8IaCrdQ8Mm13P8Q/sO+HT1i1qVm0
-FJgBodkn4ck0snbz0ruL5iweUulVXq0YNNUL+n9u0wV0x/73u/niZ/YXV+vAwIaK
-CuB9yPhqeGI9ZfTCia9wo3/vBgRH1X4EVRqg4WPaeHYhOV0g08s=
-=MRAW
+klD3RhAAp3CNXg4364FSyD1tR0sC2kBodwKOzSLobUMQQxe1L8aHmx0WDCQoJ0t6
+mL7WXtDH+o4JdFXt2NVLDYriML8NgKyi32GD4hohJGdftiUvu8YAogRuuIMPqfz9
+5jZ3K5BntuS4nHAGR7dlfGWl2endPZ/efKoWvm+44k/rJxJddnFZHZSZzAYZR6vp
+/RKhvxDXIiZHyt4AdxITAt2TNJXksVF+/RnJwl+3UyKJWzzrfnbXlP0xTIAQ5iax
+kBBk2PyQkRlRq6jckHx4Hp90uuc7QVqZSswSQjMGUaGM75ej2mdjFrIPIqBqHQPe
+3qmZYCe3jm55sUuh4IPr6A2h7FbjdD/NEP6Ql8bHY/wNMTkBFbfDGkTScsJ37c2b
+rcsWIQX3qAL8uaKRuz4SjFeBbPqFShhnxgLSIlVKO2wQWE149IeAkkxnPpDfABcz
+ZRvRodlfeHnH/EvIkhr8XshtueOiQIdvi0YiLErhkFS5hKw7gKUuTsHOBb1O6oI1
+gHCWwopdGJT11V/pKkzTSXsWhf+RauYkXxElccQ0R8AseAlXwGoP2jgye5w6Y2pp
+dZNCuA4ScCM1+f+CvlhVuuRxcMhSBhklWG3MdrXS1asOkcjNTW8i/2i404qrALPp
+0M9vO0V8WpF7jFt+hje97sLywtWrIdQD4VxoQVsN4/0j7PXn5zU=
+=XqTJ
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 155603e718a5..26ad6b20cf0b 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202407-10.xml b/metadata/glsa/glsa-202407-10.xml
new file mode 100644
index 000000000000..980308027fef
--- /dev/null
+++ b/metadata/glsa/glsa-202407-10.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-10">
+    <title>Sofia-SIP: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Sofia-SIP, the worst of which can lead to remote code execution.</synopsis>
+    <product type="ebuild">sofia-sip</product>
+    <announced>2024-07-05</announced>
+    <revised count="1">2024-07-05</revised>
+    <bug>891791</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-libs/sofia-sip" auto="yes" arch="*">
+            <vulnerable range="lt">1.13.16</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Sofia-SIP is an RFC3261 compliant SIP User-Agent library.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Multiple vulnerabilities have been discovered in Sofia-SIP. Please review the CVE identifiers referenced below for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>Gentoo has discontinued support for the Sofia-SIP package. We recommend that users unmerge it:</p>
+        
+        <code>
+          # emerge --ask --depclean "net-libs/sofia-sip"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22741">CVE-2023-22741</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-32307">CVE-2023-32307</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-05T06:01:03.002442Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-05T06:01:03.007447Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-11.xml b/metadata/glsa/glsa-202407-11.xml
new file mode 100644
index 000000000000..247f229724a1
--- /dev/null
+++ b/metadata/glsa/glsa-202407-11.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-11">
+    <title>PuTTY: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in PuTTY, the worst of which could lead to compromised keys.</synopsis>
+    <product type="ebuild">putty</product>
+    <announced>2024-07-05</announced>
+    <revised count="1">2024-07-05</revised>
+    <bug>920304</bug>
+    <bug>930082</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/putty" auto="yes" arch="*">
+            <unaffected range="ge">0.81</unaffected>
+            <vulnerable range="lt">0.81</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All PuTTY users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/putty-0.81"
+        </code>
+        
+        <p>In addition, any keys generated with PuTTY versions 0.68 to 0.80 should be considered breached and should be regenerated.</p>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-48795">CVE-2023-48795</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-31497">CVE-2024-31497</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-05T06:43:24.794955Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-05T06:43:24.797373Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-12.xml b/metadata/glsa/glsa-202407-12.xml
new file mode 100644
index 000000000000..4834b8028c6e
--- /dev/null
+++ b/metadata/glsa/glsa-202407-12.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-12">
+    <title>podman: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation.</synopsis>
+    <product type="ebuild">podman</product>
+    <announced>2024-07-05</announced>
+    <revised count="1">2024-07-05</revised>
+    <bug>829896</bug>
+    <bug>870931</bug>
+    <bug>896372</bug>
+    <bug>921290</bug>
+    <bug>923751</bug>
+    <bug>927500</bug>
+    <bug>927501</bug>
+    <access>local</access>
+    <affected>
+        <package name="app-containers/podman" auto="yes" arch="*">
+            <unaffected range="ge">4.9.4</unaffected>
+            <vulnerable range="lt">4.9.4</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Podman is a tool for managing OCI containers and pods with a Docker-compatible CLI.</p>
+    </background>
+    <description>
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Podman users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-containers/podman-4.9.4"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4024">CVE-2021-4024</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2989">CVE-2022-2989</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0778">CVE-2023-0778</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-48795">CVE-2023-48795</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1753">CVE-2024-1753</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23651">CVE-2024-23651</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23652">CVE-2024-23652</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23653">CVE-2024-23653</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24786">CVE-2024-24786</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-05T07:05:25.139225Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-05T07:05:25.142869Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-13.xml b/metadata/glsa/glsa-202407-13.xml
new file mode 100644
index 000000000000..d988629f655d
--- /dev/null
+++ b/metadata/glsa/glsa-202407-13.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-13">
+    <title>WebKitGTK+: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution</synopsis>
+    <product type="ebuild">webkit-gtk</product>
+    <announced>2024-07-05</announced>
+    <revised count="1">2024-07-05</revised>
+    <bug>923851</bug>
+    <bug>930116</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+            <unaffected range="ge" slot="4">2.44.0</unaffected>
+            <unaffected range="ge" slot="4.1">2.44.0</unaffected>
+            <unaffected range="ge" slot="6">2.44.0</unaffected>
+            <vulnerable range="lt" slot="4">2.44.0</vulnerable>
+            <vulnerable range="lt" slot="4.1">2.44.0</vulnerable>
+            <vulnerable range="lt" slot="6">2.44.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All WebKitGTK+ users should upgrade to the latest version (depending on the installed slots):</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.44.0:4"
+          # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.44.0:4.1"
+          # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.44.0:6"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745">CVE-2014-1745</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40414">CVE-2023-40414</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42833">CVE-2023-42833</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42843">CVE-2023-42843</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42950">CVE-2023-42950</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-42956">CVE-2023-42956</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23206">CVE-2024-23206</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23213">CVE-2024-23213</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23222">CVE-2024-23222</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23252">CVE-2024-23252</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23254">CVE-2024-23254</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23263">CVE-2024-23263</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23280">CVE-2024-23280</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23284">CVE-2024-23284</uri>
+        <uri link="https://webkitgtk.org/security/WSA-2024-0001.html">WSA-2024-0001</uri>
+        <uri link="https://webkitgtk.org/security/WSA-2024-0002.html">WSA-2024-0002</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-05T07:33:55.537227Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-05T07:33:55.540478Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-14.xml b/metadata/glsa/glsa-202407-14.xml
new file mode 100644
index 000000000000..4037c006b564
--- /dev/null
+++ b/metadata/glsa/glsa-202407-14.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-14">
+    <title>TigerVNC: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in TigerVNC, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">tigervnc</product>
+    <announced>2024-07-05</announced>
+    <revised count="1">2024-07-05</revised>
+    <bug>700464</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/tigervnc" auto="yes" arch="*">
+            <unaffected range="ge">1.12.0-r2</unaffected>
+            <vulnerable range="lt">1.12.0-r2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>TigerVNC is a high-performance VNC server/client.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in TigerVNC. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All TigerVNC users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/tigervnc-1.12.0-r2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15691">CVE-2019-15691</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15692">CVE-2019-15692</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15694">CVE-2019-15694</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15695">CVE-2019-15695</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-26117">CVE-2020-26117</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-05T08:04:14.901340Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-05T08:04:14.904899Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-15.xml b/metadata/glsa/glsa-202407-15.xml
new file mode 100644
index 000000000000..fc4f96ecc7e3
--- /dev/null
+++ b/metadata/glsa/glsa-202407-15.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-15">
+    <title>GraphicsMagick: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">graphicsmagick</product>
+    <announced>2024-07-05</announced>
+    <revised count="1">2024-07-05</revised>
+    <bug>888545</bug>
+    <bug>890851</bug>
+    <access>local</access>
+    <affected>
+        <package name="media-gfx/graphicsmagick" auto="yes" arch="*">
+            <unaffected range="ge">1.3.40</unaffected>
+            <vulnerable range="lt">1.3.40</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>GraphicsMagick is a collection of tools and libraries which support reading, writing, and manipulating images in many major formats.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All GraphicsMagick users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.40"
+        </code>
+    </resolution>
+    <references>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-05T08:23:55.078128Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-05T08:23:55.084776Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-16.xml b/metadata/glsa/glsa-202407-16.xml
new file mode 100644
index 000000000000..e586167715d3
--- /dev/null
+++ b/metadata/glsa/glsa-202407-16.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-16">
+    <title>GNU Coreutils: Buffer Overflow Vulnerability</title>
+    <synopsis>A vulnerability has been discovered in Coreutils, which can lead to a heap buffer overflow and possibly aribitrary code execution.</synopsis>
+    <product type="ebuild">coreutils</product>
+    <announced>2024-07-05</announced>
+    <revised count="1">2024-07-05</revised>
+    <bug>922474</bug>
+    <access>local</access>
+    <affected>
+        <package name="sys-apps/coreutils" auto="yes" arch="*">
+            <unaffected range="ge">9.4-r1</unaffected>
+            <vulnerable range="lt">9.4-r1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in the Coreutils &#34;split&#34; program that can lead to a heap buffer overflow and possibly arbitrary code execution.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Coreutils users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/coreutils-9.4-r1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0684">CVE-2024-0684</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-05T09:26:36.559921Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-05T09:26:36.562608Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-17.xml b/metadata/glsa/glsa-202407-17.xml
new file mode 100644
index 000000000000..ce7d5704e671
--- /dev/null
+++ b/metadata/glsa/glsa-202407-17.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-17">
+    <title>BusyBox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">busybox</product>
+    <announced>2024-07-05</announced>
+    <revised count="1">2024-07-05</revised>
+    <bug>824222</bug>
+    <access>local</access>
+    <affected>
+        <package name="sys-apps/busybox" auto="yes" arch="*">
+            <unaffected range="ge">1.34.0</unaffected>
+            <vulnerable range="lt">1.34.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>BusyBox is set of tools for embedded systems and is a replacement for GNU Coreutils.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in BusyBox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All BusyBox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.34.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42373">CVE-2021-42373</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42374">CVE-2021-42374</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42375">CVE-2021-42375</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42376">CVE-2021-42376</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42377">CVE-2021-42377</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42378">CVE-2021-42378</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42379">CVE-2021-42379</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42380">CVE-2021-42380</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42381">CVE-2021-42381</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42382">CVE-2021-42382</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42383">CVE-2021-42383</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42384">CVE-2021-42384</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42385">CVE-2021-42385</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42386">CVE-2021-42386</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-05T09:49:36.081859Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-05T09:49:36.086656Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-18.xml b/metadata/glsa/glsa-202407-18.xml
new file mode 100644
index 000000000000..ea2c242f8af4
--- /dev/null
+++ b/metadata/glsa/glsa-202407-18.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-18">
+    <title>Stellarium: Arbitrary File Write</title>
+    <synopsis>A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes.</synopsis>
+    <product type="ebuild">stellarium</product>
+    <announced>2024-07-05</announced>
+    <revised count="1">2024-07-05</revised>
+    <bug>905300</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="sci-astronomy/stellarium" auto="yes" arch="*">
+            <unaffected range="ge">23.1</unaffected>
+            <vulnerable range="lt">23.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Stellarium is a free open source planetarium for your computer. It shows a realistic sky in 3D, just like what you see with the naked eye, binoculars or a telescope.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Stellarium. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Stellarium users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sci-astronomy/stellarium-23.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28371">CVE-2023-28371</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-05T17:31:39.463505Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-05T17:31:39.467808Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202407-19.xml b/metadata/glsa/glsa-202407-19.xml
new file mode 100644
index 000000000000..2c2a7294893a
--- /dev/null
+++ b/metadata/glsa/glsa-202407-19.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202407-19">
+    <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">thunderbird,thunderbird-bin</product>
+    <announced>2024-07-06</announced>
+    <revised count="1">2024-07-06</revised>
+    <bug>932375</bug>
+    <access>remote</access>
+    <affected>
+        <package name="mail-client/thunderbird" auto="yes" arch="*">
+            <unaffected range="ge">115.11.0</unaffected>
+            <vulnerable range="lt">115.11.0</vulnerable>
+        </package>
+        <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+            <unaffected range="ge">115.11.0</unaffected>
+            <vulnerable range="lt">115.11.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.11.0"
+        </code>
+        
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.11.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2609">CVE-2024-2609</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3302">CVE-2024-3302</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3854">CVE-2024-3854</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3857">CVE-2024-3857</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3859">CVE-2024-3859</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3861">CVE-2024-3861</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3864">CVE-2024-3864</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-07-06T06:14:39.955147Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-07-06T06:14:39.959045Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index ea1e49452112..01f0f7485ab4 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Thu, 04 Jul 2024 06:40:39 +0000
+Sat, 06 Jul 2024 06:40:19 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 3406d37a3716..e9b24c1dea7c 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-a5ba53361826e62d69077fdabaf2da4664fc05ba 1719873210 2024-07-01T22:33:30Z
+b5d405cb92c7978530ba2683a461c9cb819d4d38 1720246492 2024-07-06T06:14:52Z
-- 
cgit v1.2.3