From 43c2a85d4e20318dd3d35872e348707900870067 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Mon, 6 May 2024 00:00:52 +0100
Subject: gentoo auto-resync : 06:05:2024 - 00:00:51

---
 metadata/glsa/Manifest           |  30 +++++++-------
 metadata/glsa/Manifest.files.gz  | Bin 570922 -> 572034 bytes
 metadata/glsa/glsa-202405-10.xml |  42 ++++++++++++++++++++
 metadata/glsa/glsa-202405-11.xml |  49 +++++++++++++++++++++++
 metadata/glsa/glsa-202405-12.xml |  46 ++++++++++++++++++++++
 metadata/glsa/glsa-202405-13.xml |  41 ++++++++++++++++++++
 metadata/glsa/glsa-202405-14.xml |  57 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202405-15.xml |  82 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202405-16.xml |  43 ++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 11 files changed, 377 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-202405-10.xml
 create mode 100644 metadata/glsa/glsa-202405-11.xml
 create mode 100644 metadata/glsa/glsa-202405-12.xml
 create mode 100644 metadata/glsa/glsa-202405-13.xml
 create mode 100644 metadata/glsa/glsa-202405-14.xml
 create mode 100644 metadata/glsa/glsa-202405-15.xml
 create mode 100644 metadata/glsa/glsa-202405-16.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index aaf7a5bc04e7..3ad882f3b545 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 570922 BLAKE2B a20ec4f24eeb6769f4fdd5bd00ff1792ccc6e26c93c1c2b08c0895fb43406379af98ff13e85b945441d8d4ea41d80e54d053815bbe1d5c815a9c908c533b9ec2 SHA512 3192be04c28f462e6f5bfedc1c7ae89ae00f7410cffe7034ebcb0ea4fa6b81201a8fe37bc2773dbb03da6a69294d537152e094d11cfa73ad0531674951e1a5cd
-TIMESTAMP 2024-05-04T21:59:21Z
+MANIFEST Manifest.files.gz 572034 BLAKE2B 427e26e3706e8b7f4e943727b7a276ff31555d4a18c9abd9ac389162f60f359fabc5ad44aed1e3c3f6d38991598bc3ff3e531c1f963bfd5e7d187d907fd49f1b SHA512 3e6522dfe9208dfd01f7db32abf65212808c56cc43a74fe0a9b911b441ef07605f9d1faa6262dd0396662cdf416d987dd593b2bbc769fd24d997636dfd253b01
+TIMESTAMP 2024-05-05T22:10:08Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmY2r7pfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmY4A8BfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAwfQ/+JbT4B5j0YLSrfe407Dc3WmhxRsmNzhCJc0jlnnclX9lnkmbomUbFcR/1
-nrc1E8PKK7yUKG/FR02R2xYo7ehavMKywpN4pxyUElAYLY6i6lBQUV5A6YXD4PgY
-hNzqQA2iKKo35VNFMmDh6gVVx+JXHaE4eeHIxSv196g5+k4ws6bl2FuxcF76vTv9
-gigjuQck7Yan3zTVOAGFqOOLKZGtAuC7niwKtZMcbE9B7l+GEOu4Q4m8b28O+nnK
-neWcdj9HEDFj3/Qn00kL/jF2CJqUjSZtJCzTPBfddYIg7VnAJhlIss3mE6D+fr6S
-WO9+aGWU/BFOrCZU2x8MwipbQqzqJUMHMfD1MQx0j7C9+jwpa6mGij2GPbi9aq0d
-pHtZCSjXEbXUGbF7Q6iruyQ6U2NnspghaVUBNh4zr8v+61m1nY7evsexycFt3D6F
-VLvBwToOeJOZMLvB4WjoY6Lmp8/FIFg/d2w++h+Jsqd3XDaKBGkREMpZQ5uqZqJy
-AYFIOJdWovywnL/WzY8IsUsVVRwIrbkX6g+3haQhAm8uneuyubBDFn2yB0GznCgy
-kM/hoa5K/k6s8m0qX99qFUwHyx+CZ17/FD23wmNTAM4VqGLzTQO9ZqYxQa5hfHiB
-WdzV7CFI5qaYuy4WsjpUovjhqVWptD3/draoXyUSwr6e/byHL5U=
-=VfOY
+klB1hw/9FJWD+3z3F7GiFMQbtCpoQxH3zSbDiUwjISq74qPnkdRsaVUt+F5iB5Nc
+jsB6L/H1INR2dq0Lmubx1ZoBm0FAlUr0wQ2s61lFE+Gg+3wGK193Cij8mouCTOz+
+6ne3bvKjBuAwTzk0G+gTKk0BCQyj4J24yGd3g8qnrbqC8YU4xtT4gVu9gT8WCDqM
+CT26IIJFS95IDg/NFA3eeGYAt+qn+3YPQjQ5pSHVEYH1XMx/xvc1MTEC56GLx6QZ
+oy2MgjjktWEY0C1CjQpG9eYf0g9iBOb1Ci68nmuwqbOmb5RRSGjNSM+F+/WHVHEA
+P00orxSlZJ4XK8Et8X/Aqkhjo/lJBe9eu6UaO/A3tQvMYamVGaC9lVfYmFuzD7Sw
+rtl/FWr9EWoaDyRsnvxLer9sM3YxKPygJ3WotclSCLK/oPIVxoW6L0M7mdi3rPFL
+zmrBNfenghURVEa6JHcdXNDuk141JM8y5roiAcdIOOIWrHCWOfK9vRmwTZwRH0RC
+VYCCOdjmO0IseXocl8XT0RFuOa0mqFT+xohViMPvAyNOsLcVjBimj9qSTFK9P5W8
+kDpQsD9+1LWuVNnIvxFNdFvGBn6yWHXb6Te7UzOSBrM/K6z76ysiqSCrcs4biQFT
+YhUK33qnyxLIUoumvJPPznsaAxoUfPmdLzxomN5MYLgdybYtIaU=
+=2pMK
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 46e2455f1537..2cc0ec9712c8 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202405-10.xml b/metadata/glsa/glsa-202405-10.xml
new file mode 100644
index 000000000000..c087018a3ac5
--- /dev/null
+++ b/metadata/glsa/glsa-202405-10.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-10">
+    <title>Setuptools: Denial of Service</title>
+    <synopsis>A vulnerability has been discovered in Setuptools, which can lead to denial of service.</synopsis>
+    <product type="ebuild">setuptools</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>879813</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-python/setuptools" auto="yes" arch="*">
+            <unaffected range="ge">65.5.1</unaffected>
+            <vulnerable range="lt">65.5.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Setuptools is a manager for Python packages.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in Setuptools. See the impact field.</p>
+    </description>
+    <impact type="normal">
+        <p>An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom PackageIndex page.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Setuptools users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-python/setuptools-65.5.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40897">CVE-2022-40897</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T06:37:49.107714Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T06:37:49.110409Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-11.xml b/metadata/glsa/glsa-202405-11.xml
new file mode 100644
index 000000000000..8274d0a300db
--- /dev/null
+++ b/metadata/glsa/glsa-202405-11.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-11">
+    <title>MIT krb5: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">mit-krb5</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>803434</bug>
+    <bug>809845</bug>
+    <bug>879875</bug>
+    <bug>917464</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-crypt/mit-krb5" auto="yes" arch="*">
+            <unaffected range="ge">1.21.2</unaffected>
+            <vulnerable range="lt">1.21.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in MIT krb5. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All MIT krb5 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.21.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36222">CVE-2021-36222</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37750">CVE-2021-37750</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42898">CVE-2022-42898</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-36054">CVE-2023-36054</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39975">CVE-2023-39975</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T07:13:18.708629Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T07:13:18.710959Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-12.xml b/metadata/glsa/glsa-202405-12.xml
new file mode 100644
index 000000000000..8d46bab161f7
--- /dev/null
+++ b/metadata/glsa/glsa-202405-12.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-12">
+    <title>Pillow: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">pillow</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>889594</bug>
+    <bug>903664</bug>
+    <bug>916907</bug>
+    <bug>922577</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-python/pillow" auto="yes" arch="*">
+            <unaffected range="ge">10.2.0</unaffected>
+            <vulnerable range="lt">10.2.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The friendly PIL fork.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Pillow users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-python/pillow-10.2.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44271">CVE-2023-44271</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50447">CVE-2023-50447</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T07:36:46.186094Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T07:36:46.190008Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-13.xml b/metadata/glsa/glsa-202405-13.xml
new file mode 100644
index 000000000000..18cc95cd51f7
--- /dev/null
+++ b/metadata/glsa/glsa-202405-13.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-13">
+    <title>borgmatic: Shell Injection</title>
+    <synopsis>A vulnerability has been discovered in borgmatic, which can lead to shell injection.</synopsis>
+    <product type="ebuild">borgmatic</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>924892</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-backup/borgmatic" auto="yes" arch="*">
+            <unaffected range="ge">1.8.8</unaffected>
+            <vulnerable range="lt">1.8.8</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>borgmatic is simple, configuration-driven backup software for servers and workstations.</p>
+    </background>
+    <description>
+        <p>Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the &#34;borgmatic borg&#34; action, and command hook variable/constant interpolation.</p>
+    </description>
+    <impact type="high">
+        <p>Shell injection may be used in several borgmatic backends to execute arbitrary code.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All borgmatic users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-backup/borgmatic-1.8.8"
+        </code>
+    </resolution>
+    <references>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T07:55:00.732358Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T07:55:00.739533Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-14.xml b/metadata/glsa/glsa-202405-14.xml
new file mode 100644
index 000000000000..b66d4faff83d
--- /dev/null
+++ b/metadata/glsa/glsa-202405-14.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-14">
+    <title>QtWebEngine: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">qtwebengine</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>927746</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-qt/qtwebengine" auto="yes" arch="*">
+            <unaffected range="ge">5.15.13_p20240322</unaffected>
+            <vulnerable range="lt">5.15.13_p20240322</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All QtWebEngine users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.13_p20240322"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0804">CVE-2024-0804</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0805">CVE-2024-0805</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0806">CVE-2024-0806</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0807">CVE-2024-0807</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0808">CVE-2024-0808</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0809">CVE-2024-0809</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0810">CVE-2024-0810</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0811">CVE-2024-0811</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0812">CVE-2024-0812</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0813">CVE-2024-0813</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0814">CVE-2024-0814</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1059">CVE-2024-1059</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1060">CVE-2024-1060</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1077">CVE-2024-1077</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1283">CVE-2024-1283</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1284">CVE-2024-1284</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T08:20:02.905138Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T08:20:02.908263Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-15.xml b/metadata/glsa/glsa-202405-15.xml
new file mode 100644
index 000000000000..3e9f5e37a085
--- /dev/null
+++ b/metadata/glsa/glsa-202405-15.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-15">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>925122</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">123.0</unaffected>
+            <unaffected range="ge" slot="esr">115.8.0</unaffected>
+            <vulnerable range="lt">123.0</vulnerable>
+            <vulnerable range="lt" slot="esr">115.8.0</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">123.0</unaffected>
+            <unaffected range="ge" slot="esr">115.8.0</unaffected>
+            <vulnerable range="lt">123.0</vulnerable>
+            <vulnerable range="lt" slot="esr">115.8.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox rapid release users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-123.0"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-123.0"
+        </code>
+        
+        <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.8.0:esr"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-115.8.0:esr"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1546">CVE-2024-1546</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1547">CVE-2024-1547</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1548">CVE-2024-1548</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1549">CVE-2024-1549</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1550">CVE-2024-1550</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1551">CVE-2024-1551</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1552">CVE-2024-1552</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1553">CVE-2024-1553</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1554">CVE-2024-1554</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1555">CVE-2024-1555</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1556">CVE-2024-1556</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1557">CVE-2024-1557</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T08:35:38.912286Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T08:35:38.915811Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202405-16.xml b/metadata/glsa/glsa-202405-16.xml
new file mode 100644
index 000000000000..04da4682d8dd
--- /dev/null
+++ b/metadata/glsa/glsa-202405-16.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202405-16">
+    <title>Apache Commons BCEL: Remote Code Execution</title>
+    <synopsis>A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution.</synopsis>
+    <product type="ebuild">bcel</product>
+    <announced>2024-05-05</announced>
+    <revised count="1">2024-05-05</revised>
+    <bug>880447</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-java/bcel" auto="yes" arch="*">
+            <unaffected range="ge">6.6.0</unaffected>
+            <vulnerable range="lt">6.6.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class).</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifier for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Apache Commons BCEL users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-java/bcel-6.6.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34169">CVE-2022-34169</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42920">CVE-2022-42920</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-05-05T08:54:04.174105Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-05-05T08:54:04.177186Z">graaff</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 8ecc7a1cbe74..49b43657b5bd 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 04 May 2024 21:59:17 +0000
+Sun, 05 May 2024 22:10:03 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 53aa7d984b53..5f16a0b231ca 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-3f0835df81643a2316838781489d1870a408b6c9 1714814889 2024-05-04T09:28:09+00:00
+c767a7641029f069d1d45e5c732d96ab77a03a45 1714899266 2024-05-05T08:54:26+00:00
-- 
cgit v1.2.3