From b17a3ef12038de50228bade1f05502c74e135321 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Wed, 2 Sep 2020 14:09:07 +0100
Subject: gentoo resync : 02.09.2020

---
 metadata/glsa/Manifest           |  30 ++++++------
 metadata/glsa/Manifest.files.gz  | Bin 480829 -> 483364 bytes
 metadata/glsa/glsa-202008-09.xml |  49 ++++++++++++++++++++
 metadata/glsa/glsa-202008-10.xml |  72 +++++++++++++++++++++++++++++
 metadata/glsa/glsa-202008-11.xml |  80 ++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202008-12.xml |  50 ++++++++++++++++++++
 metadata/glsa/glsa-202008-13.xml |  85 ++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202008-14.xml |  47 +++++++++++++++++++
 metadata/glsa/glsa-202008-15.xml |  47 +++++++++++++++++++
 metadata/glsa/glsa-202008-16.xml |  96 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202008-17.xml |  50 ++++++++++++++++++++
 metadata/glsa/glsa-202008-18.xml |  50 ++++++++++++++++++++
 metadata/glsa/glsa-202008-19.xml |  50 ++++++++++++++++++++
 metadata/glsa/glsa-202008-20.xml |  71 +++++++++++++++++++++++++++++
 metadata/glsa/glsa-202008-21.xml |  51 +++++++++++++++++++++
 metadata/glsa/glsa-202008-22.xml |  47 +++++++++++++++++++
 metadata/glsa/glsa-202008-23.xml |  51 +++++++++++++++++++++
 metadata/glsa/glsa-202008-24.xml |  66 +++++++++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 20 files changed, 979 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-202008-09.xml
 create mode 100644 metadata/glsa/glsa-202008-10.xml
 create mode 100644 metadata/glsa/glsa-202008-11.xml
 create mode 100644 metadata/glsa/glsa-202008-12.xml
 create mode 100644 metadata/glsa/glsa-202008-13.xml
 create mode 100644 metadata/glsa/glsa-202008-14.xml
 create mode 100644 metadata/glsa/glsa-202008-15.xml
 create mode 100644 metadata/glsa/glsa-202008-16.xml
 create mode 100644 metadata/glsa/glsa-202008-17.xml
 create mode 100644 metadata/glsa/glsa-202008-18.xml
 create mode 100644 metadata/glsa/glsa-202008-19.xml
 create mode 100644 metadata/glsa/glsa-202008-20.xml
 create mode 100644 metadata/glsa/glsa-202008-21.xml
 create mode 100644 metadata/glsa/glsa-202008-22.xml
 create mode 100644 metadata/glsa/glsa-202008-23.xml
 create mode 100644 metadata/glsa/glsa-202008-24.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 560ea4376bd0..954a48c6a013 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 480829 BLAKE2B 7b875550bc3942bd6cddbe0c5c0ece578516314fe4a0a5cdd538e929c903b557ac2af9e301d5f7232331b35fdd266cec7820aab259fc68aadddb4451bc4fefc7 SHA512 3370d43afeebe4815706a4ff51c9176617549d872cfd990d379873d58909952b19ef588fb91c7597fe9a2d900bf73a12b47d7fb29760d1f6faf5537993cac3a5
-TIMESTAMP 2020-08-25T08:08:43Z
+MANIFEST Manifest.files.gz 483364 BLAKE2B 60cb97b03631cf8e2ae2dc903bd9513cac6afc60670d0423e1cab2611545e32583d3cb6ec2628b442c618e39c0dfdf0a41a4e059ac3f323c3c8841b043b7d7cf SHA512 fb8ac7dcc2d9321108b64db583eaeee4a860f2b22afca3fbbd447088e69446c3286299604418071d8c2b233df8f2a4fc97ca2f2a7cc68829b3f5c007c7214a87
+TIMESTAMP 2020-09-02T12:38:34Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl9ExwtfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl9PkkpfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCudBAAoNc9I702Ky7EuFyvbLNr5P2Kr1CAC3PbKVHa2oFwvQBVIEdT0dCVhCpO
-mF85IrizBXh6z7OTAMPMW4QEcghCu3VSsaCbxt3r8Vi90dNDXClmU7/Dxy0YyyYV
-xe0HuWhhRyqkzYgxp4rLfBw2Btcuc1regHrIVWnAF+2Trp/3sKR3+nCDYBQgnbMq
-1aXjVzCmNkfCZek7ySpxDj3qzUaNMErMAzv6eCaJh1GI1nMT1yscdKJtAtP9FT0Y
-QB7FtdCoek6RHqGqdy7aX4xdMbxdX27X+nluRDb3rRMgnAyu2HdW7egAz/fEgJAh
-38nEstcXQVplrIA9zipwXs2M8zg6QbTg48CMqzEhhJhYPSUTI69KQFwH+3B4KGON
-IUPGckNU1VmyedXr7mKINaGshM+xp3Sjtl599KsAzNmDlPCJ8EYm3VtzucrbCV2e
-l7tBIr9TsI7KEy2d64wLfvD2AA3sJNGhwvO7B5cLD0Q0iSetcHyvUyJclNrQZYRN
-Gj43L4m5JblwhMG8QASNT1wFQ8baxiMVsF/qMzC7seFfpvEzw/nz2rpMtjoI/JRh
-CSQ0w8FXzpgNHjk9kAPYKe91TZ8SZSU1/PEYFXxxtrRHDZuf5pYK+9UFdZKNI8RS
-62lBJKykUoI65vV3xFlaUGnNgMzx2zbfe7JfgRX263Xdb3aCo70=
-=DunG
+klDPzQ//T3T681/eHoAPg4b/QKVB+/3J5EERVYoJcK+9jO9o9FF13k8nJ052Wysa
+d2RHZ7FnVCwLv45hhzqz1bnKcCJkvNB9m4L3mIWTKLoNZLoNN4MOU0Ynrio92CMT
+3TAOViLTtglSOUWrEL2speNZoc1hwxMjGeLUZ6TIWKKKfY+oP5miM8Z/DMsMCY61
+9z4xaBP9DjCmOvhdvcuQCk+OOu1bBlQc/uEKhGXUC8DffwYL4JJooNskHEmzO771
+UImbjGurYXPgqBTdF8MRPjrJVM3u1cP1a3sVBwvjQ4mDSDFcNuEwu5hsk2yVqQVS
++hSTHoHdDybAb/EF68UPqRsVl2En4H5hMKiR4Civr7dMO1mR5ft0U0wN9k1y+Bmg
+VZhAOhWPdPZ1X5/P3Jioz11HfFt9o3Y8Pw7pHMDL6hWqwndmVoYZjosPvya9NYEn
+sRxBaxiiYnxG153ZP5tVM5vcNciKQ6/aMs9bDWOWSlibObzaZTR/WFRIO2oBub3z
+8E0k/KDKeqwjJu7PLg4/ah1UzColwE4L+mDC4Xm/5/aZbXSeLPN4+kiIQ2mNWZmc
+NITiZcDUaKmJO7eaofcEcvQw5cpJ0211vswgOZYxqJnuAzG2EurtPYDfgmrTg2Lb
+Wb8D69VJDmh5Xe5/7+oVlyFGeWHr7NAyV3r+c6GaHPHm5c6iE5s=
+=ysAp
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 769ddee349ad..900daea608e2 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202008-09.xml b/metadata/glsa/glsa-202008-09.xml
new file mode 100644
index 000000000000..b70ae35ee79f
--- /dev/null
+++ b/metadata/glsa/glsa-202008-09.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-09">
+  <title>Shadow: Privilege escalation</title>
+  <synopsis>Multiple Shadow utilities were installed with setuid permissions,
+    allowing possible root privilege escalation.
+  </synopsis>
+  <product type="ebuild">shadow</product>
+  <announced>2020-08-25</announced>
+  <revised count="1">2020-08-25</revised>
+  <bug>702252</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/shadow" auto="yes" arch="*">
+      <unaffected range="ge">4.8-r3</unaffected>
+      <vulnerable range="lt">4.8-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Shadow is a set of tools to deal with user accounts.</p>
+  </background>
+  <description>
+    <p>When Shadow was installed with the PAM use flag, setuid binaries
+      provided by Shadow were not properly restricted.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could escalate privileges to root.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Shadow users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/shadow-4.8-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19882">CVE-2019-19882</uri>
+    <uri link="https://github.com/shadow-maint/shadow/pull/199">Upstream
+      mitigation
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-24T00:55:20Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-25T12:51:43Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-10.xml b/metadata/glsa/glsa-202008-10.xml
new file mode 100644
index 000000000000..4dd751b4bc8b
--- /dev/null
+++ b/metadata/glsa/glsa-202008-10.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-10">
+  <title>Chromium, Google Chrome: Heap buffer overflow</title>
+  <synopsis>
+    A vulnerablity has been found in Chromium and Google Chrome that could
+    allow a remote attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-08-25</announced>
+  <revised count="1">2020-08-25</revised>
+  <bug>737942</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.135</unaffected>
+      <vulnerable range="lt">84.0.4147.135</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">84.0.4147.135</unaffected>
+      <vulnerable range="lt">84.0.4147.135</vulnerable>
+    </package>
+  </affected>
+  <background>
+    
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow has been discovered in Chromium and Google Chrome’s
+      SwiftShader component.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to visit a specially crafted
+      website, could execute arbitrary code with the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-84.0.4147.135"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-84.0.4147.135"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6556">CVE-2020-6556</uri>
+    <uri link="https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-24T00:46:35Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-25T12:53:21Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-11.xml b/metadata/glsa/glsa-202008-11.xml
new file mode 100644
index 000000000000..41360a2feaa9
--- /dev/null
+++ b/metadata/glsa/glsa-202008-11.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-11">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>738998</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">85.0.4183.83</unaffected>
+      <vulnerable range="lt">85.0.4183.83</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">85.0.4183.83</unaffected>
+      <vulnerable range="lt">85.0.4183.83</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-85.0.4183.83"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-85.0.4183.83"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6559">CVE-2020-6559</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6560">CVE-2020-6560</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6561">CVE-2020-6561</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6562">CVE-2020-6562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6563">CVE-2020-6563</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6564">CVE-2020-6564</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6565">CVE-2020-6565</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6566">CVE-2020-6566</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6567">CVE-2020-6567</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6568">CVE-2020-6568</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6569">CVE-2020-6569</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6570">CVE-2020-6570</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6571">CVE-2020-6571</uri>
+    <uri link="https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html">
+      Upstream advisory
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-25T22:23:14Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:30:54Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-12.xml b/metadata/glsa/glsa-202008-12.xml
new file mode 100644
index 000000000000..cdcf07b1438c
--- /dev/null
+++ b/metadata/glsa/glsa-202008-12.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-12">
+  <title>Net-SNMP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Net-SNMP, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">Net-SNMP</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>729610</bug>
+  <bug>734994</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/net-snmp" auto="yes" arch="*">
+      <unaffected range="ge">5.8.1_pre1</unaffected>
+      <vulnerable range="lt">5.8.1_pre1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Net-SNMP bundles software for generating and retrieving SNMP data.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Net-SNMP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Net-SNMP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=net-analyzer/net-snmp-5.8.1_pre1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20892">CVE-2019-20892</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15861">CVE-2020-15861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15862">CVE-2020-15862</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-24T01:05:52Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:31:52Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-13.xml b/metadata/glsa/glsa-202008-13.xml
new file mode 100644
index 000000000000..a55d62208320
--- /dev/null
+++ b/metadata/glsa/glsa-202008-13.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-13">
+  <title>PostgreSQL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PostgreSQL, the worst
+    of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">postgresql</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>737032</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/postgresql" auto="yes" arch="*">
+      <unaffected range="ge" slot="9.5">9.5.23</unaffected>
+      <unaffected range="ge" slot="9.6">9.6.19</unaffected>
+      <unaffected range="ge" slot="10">10.14</unaffected>
+      <unaffected range="ge" slot="11">11.9</unaffected>
+      <unaffected range="ge" slot="12">12.4</unaffected>
+      <vulnerable range="lt" slot="9.5">9.5.23</vulnerable>
+      <vulnerable range="lt" slot="9.6">9.6.19</vulnerable>
+      <vulnerable range="lt" slot="10">10.14</vulnerable>
+      <vulnerable range="lt" slot="11">11.9</vulnerable>
+      <vulnerable range="lt" slot="12">12.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PostgreSQL is an open source object-relational database management
+      system.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PostgreSQL 9.5 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.5.23:9.5"
+    </code>
+    
+    <p>All PostgreSQL 9.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-9.6.19:9.6"
+    </code>
+    
+    <p>All PostgreSQL 10 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-10.14:10"
+    </code>
+    
+    <p>All PostgreSQL 11 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-11.9:11"
+    </code>
+    
+    <p>All PostgreSQL 12 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/postgresql-12.4:12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14349">CVE-2020-14349</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14350">CVE-2020-14350</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-24T15:56:48Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:32:33Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-14.xml b/metadata/glsa/glsa-202008-14.xml
new file mode 100644
index 000000000000..e7a8b15cd1c8
--- /dev/null
+++ b/metadata/glsa/glsa-202008-14.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-14">
+  <title>Wireshark: Denial of service</title>
+  <synopsis>A vulnerability in Wireshark could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>736914</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">3.2.6</unaffected>
+      <vulnerable range="lt">3.2.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>A double free error was discovered in Wireshark’s Kafka dissector.</p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could exploit these vulnerabilities by sending a
+      malformed packet or enticing a user to read a malformed packet trace
+      file, causing a Denial of Service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-3.2.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17498">CVE-2020-17498</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-26T14:35:43Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:33:02Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-15.xml b/metadata/glsa/glsa-202008-15.xml
new file mode 100644
index 000000000000..20e4c75b7c10
--- /dev/null
+++ b/metadata/glsa/glsa-202008-15.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-15">
+  <title>Docker: Information disclosure</title>
+  <synopsis>A flaw in Docker allowed possible information leakage.</synopsis>
+  <product type="ebuild">docker</product>
+  <announced>2020-08-26</announced>
+  <revised count="1">2020-08-26</revised>
+  <bug>729208</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/docker" auto="yes" arch="*">
+      <unaffected range="ge">19.03.12</unaffected>
+      <vulnerable range="lt">19.03.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Docker is the world’s leading software containerization platform.</p>
+  </background>
+  <description>
+    <p>It was found that Docker created network bridges which by default accept
+      IPv6 router advertisements.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker who gained access to a container with CAP_NET_RAW capability
+      may be able to to spoof router advertisements, resulting in information
+      disclosure or denial of service.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Docker users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/docker-19.03.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13401">CVE-2020-13401</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-26T14:40:16Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-26T21:33:28Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-16.xml b/metadata/glsa/glsa-202008-16.xml
new file mode 100644
index 000000000000..7ffbf3730c6c
--- /dev/null
+++ b/metadata/glsa/glsa-202008-16.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-16">
+  <title>Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox and
+    Mozilla Thunderbird, the worst of which could result in the arbitrary
+    execution of code.
+  </synopsis>
+  <product type="ebuild">firefox,thunderbird</product>
+  <announced>2020-08-27</announced>
+  <revised count="1">2020-08-27</revised>
+  <bug>739006</bug>
+  <bug>739164</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.12.0</unaffected>
+      <vulnerable range="lt">68.12.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.12.0</unaffected>
+      <vulnerable range="lt">68.12.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">68.12.0</unaffected>
+      <vulnerable range="lt">68.12.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.12.0</unaffected>
+      <vulnerable range="lt">68.12.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+    
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox and
+      Mozilla Thunderbird. Please review the CVE identifiers referenced below
+      for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.12.0"
+    </code>
+    
+    <p>All Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.12.0"
+    </code>
+    
+    <p>All Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.12.0"
+    </code>
+    
+    <p>All Thunderbird binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-68.12.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15664">CVE-2020-15664</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15669">CVE-2020-15669</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/">
+      Upstream advisory (MFSA-2020-37)
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/">
+      Upstream advisory (MFSA-2020-38)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-25T22:21:54Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-27T00:54:51Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-17.xml b/metadata/glsa/glsa-202008-17.xml
new file mode 100644
index 000000000000..dc913a9dec8d
--- /dev/null
+++ b/metadata/glsa/glsa-202008-17.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-17">
+  <title>Redis: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Redis, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">redis</product>
+  <announced>2020-08-27</announced>
+  <revised count="1">2020-08-27</revised>
+  <bug>633824</bug>
+  <bug>724776</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/redis" auto="yes" arch="*">
+      <unaffected range="ge">5.0.9</unaffected>
+      <vulnerable range="lt">5.0.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Redis is an open source (BSD licensed), in-memory data structure store,
+      used as a database, cache and message broker.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Redis. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Redis users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-5.0.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15047">CVE-2017-15047</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14147">CVE-2020-14147</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-07-26T15:46:59Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-27T23:54:53Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-18.xml b/metadata/glsa/glsa-202008-18.xml
new file mode 100644
index 000000000000..5989b06e8b6e
--- /dev/null
+++ b/metadata/glsa/glsa-202008-18.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-18">
+  <title>X.Org X11 library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.org X11 library, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">xorg x11 library</product>
+  <announced>2020-08-27</announced>
+  <revised count="1">2020-08-27</revised>
+  <bug>734974</bug>
+  <bug>738984</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-libs/libX11" auto="yes" arch="*">
+      <unaffected range="ge">1.6.12</unaffected>
+      <vulnerable range="lt">1.6.12</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org is an implementation of the X Window System. The X.Org X11 library
+      provides the X11 protocol library files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.org X11 library.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.org X11 library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libX11-1.6.12"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14344">CVE-2020-14344</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14363">CVE-2020-14363</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-25T22:22:34Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-27T23:55:44Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-19.xml b/metadata/glsa/glsa-202008-19.xml
new file mode 100644
index 000000000000..c19d5d126c5e
--- /dev/null
+++ b/metadata/glsa/glsa-202008-19.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-19">
+  <title>BIND: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in BIND, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">bind</product>
+  <announced>2020-08-29</announced>
+  <revised count="1">2020-08-29</revised>
+  <bug>738250</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-dns/bind" auto="yes" arch="*">
+      <unaffected range="ge">9.16.6</unaffected>
+      <vulnerable range="lt">9.16.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>BIND (Berkeley Internet Name Domain) is a Name Server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in BIND. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All BIND users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-dns/bind-9.16.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8620">CVE-2020-8620</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8621">CVE-2020-8621</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8622">CVE-2020-8622</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8623">CVE-2020-8623</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8624">CVE-2020-8624</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-29T20:46:51Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-29T22:10:45Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-20.xml b/metadata/glsa/glsa-202008-20.xml
new file mode 100644
index 000000000000..58f28b0be441
--- /dev/null
+++ b/metadata/glsa/glsa-202008-20.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-20">
+  <title>GPL Ghostscript: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GPL Ghostscript, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">ghostscript</product>
+  <announced>2020-08-29</announced>
+  <revised count="1">2020-08-29</revised>
+  <bug>734322</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+      <unaffected range="ge">9.52</unaffected>
+      <vulnerable range="lt">9.52</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/ghostscript-gpl-9.52"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15900">CVE-2020-15900</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16287">CVE-2020-16287</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16288">CVE-2020-16288</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16289">CVE-2020-16289</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16290">CVE-2020-16290</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16291">CVE-2020-16291</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16292">CVE-2020-16292</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16293">CVE-2020-16293</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16294">CVE-2020-16294</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16295">CVE-2020-16295</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16296">CVE-2020-16296</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16297">CVE-2020-16297</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16298">CVE-2020-16298</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16299">CVE-2020-16299</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16300">CVE-2020-16300</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16301">CVE-2020-16301</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16302">CVE-2020-16302</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16303">CVE-2020-16303</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16304">CVE-2020-16304</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16305">CVE-2020-16305</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16306">CVE-2020-16306</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16307">CVE-2020-16307</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16308">CVE-2020-16308</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16309">CVE-2020-16309</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-16310">CVE-2020-16310</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-17538">CVE-2020-17538</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-29T18:24:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-29T22:11:16Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-21.xml b/metadata/glsa/glsa-202008-21.xml
new file mode 100644
index 000000000000..95b86052c097
--- /dev/null
+++ b/metadata/glsa/glsa-202008-21.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-21">
+  <title>Kleopatra: Remote code execution</title>
+  <synopsis>A vulnerability in Kleopatra allows arbitrary execution of code.</synopsis>
+  <product type="ebuild">kleopatra</product>
+  <announced>2020-08-30</announced>
+  <revised count="1">2020-08-30</revised>
+  <bug>739556</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="kde-apps/kleopatra" auto="yes" arch="*">
+      <unaffected range="ge">20.04.3-r1</unaffected>
+      <vulnerable range="lt">20.04.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Kleopatra is a certificate manager and a universal crypto GUI. It
+      supports managing X.509 and OpenPGP certificates in the GpgSM keybox and
+      retrieving certificates from LDAP servers.
+    </p>
+  </background>
+  <description>
+    <p>Kleopatra did not safely escape command line parameters provided by
+      URLs, which it configures itself to handle.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to process a specially crafted URL
+      via openpgp4fpr handler, possibly resulting in execution of arbitrary
+      code with the privileges of the process, or cause a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Kleopatra users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/kleopatra-20.04.3-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-24972">CVE-2020-24972</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-30T18:54:35Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-30T21:04:03Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-22.xml b/metadata/glsa/glsa-202008-22.xml
new file mode 100644
index 000000000000..acef962fdfde
--- /dev/null
+++ b/metadata/glsa/glsa-202008-22.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-22">
+  <title>targetcli-fb: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in targetcli-fb, the worst
+    of which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">targetcli-fb</product>
+  <announced>2020-08-30</announced>
+  <revised count="1">2020-08-30</revised>
+  <bug>736086</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-block/targetcli-fb" auto="yes" arch="*">
+      <unaffected range="ge">2.1.53</unaffected>
+      <vulnerable range="lt">2.1.53</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tool for managing the Linux LIO kernel target.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in targetcli-fb. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All targetcli-fb users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-block/targetcli-fb-2.1.53"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10699">CVE-2020-10699</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13867">CVE-2020-13867</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-29T02:17:40Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-30T21:08:50Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-23.xml b/metadata/glsa/glsa-202008-23.xml
new file mode 100644
index 000000000000..c4ea9bb57133
--- /dev/null
+++ b/metadata/glsa/glsa-202008-23.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-23">
+  <title>chrony: Symlink vulnerability</title>
+  <synopsis>A vulnerability in chrony may allow a privileged attacker to cause
+    data loss via a symlink.
+  </synopsis>
+  <product type="ebuild">chrony</product>
+  <announced>2020-08-30</announced>
+  <revised count="1">2020-08-30</revised>
+  <bug>738154</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/chrony" auto="yes" arch="*">
+      <unaffected range="ge">3.5.1</unaffected>
+      <vulnerable range="lt">3.5.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>chrony is a versatile implementation of the Network Time Protocol (NTP).</p>
+  </background>
+  <description>
+    <p>It was found that chrony did not check whether its PID file was a
+      symlink.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could perform symlink attack(s) to overwrite arbitrary
+      files with root privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All chrony users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/chrony-3.5.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14367">CVE-2020-14367</uri>
+    <uri link="https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html">
+      chrony-3.5.1 release announcement
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-25T23:32:37Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-30T21:09:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202008-24.xml b/metadata/glsa/glsa-202008-24.xml
new file mode 100644
index 000000000000..a8c11cd49f78
--- /dev/null
+++ b/metadata/glsa/glsa-202008-24.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202008-24">
+  <title>OpenJDK: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJDK, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">openjdk</product>
+  <announced>2020-08-30</announced>
+  <revised count="1">2020-08-30</revised>
+  <bug>732624</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/openjdk" auto="yes" arch="*">
+      <unaffected range="ge" slot="8">8.262_p01</unaffected>
+      <vulnerable range="lt" slot="8">8.262_p01</vulnerable>
+    </package>
+    <package name="dev-java/openjdk-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="8">8.262_p01</unaffected>
+      <vulnerable range="lt" slot="8">8.262_p01</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJDK is a free and open-source implementation of the Java Platform,
+      Standard Edition.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJDK. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJDK users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-8.262_p01"
+    </code>
+    
+    <p>All OpenJDK binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-bin-8.262_p01"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14556">CVE-2020-14556</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14562">CVE-2020-14562</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14573">CVE-2020-14573</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14578">CVE-2020-14578</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14579">CVE-2020-14579</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14583">CVE-2020-14583</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14593">CVE-2020-14593</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14621">CVE-2020-14621</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-08-26T14:46:09Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-08-30T21:12:11Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 2a502486c9de..0d602e3dd4cf 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Tue, 25 Aug 2020 08:08:40 +0000
+Wed, 02 Sep 2020 12:38:30 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index f48ce2bd341f..1a7e9cc72562 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-46214b1b461f1f9ad005b644d885569d46e4e959 1597835404 2020-08-19T11:10:04+00:00
+ea9671c73a3b7457c7e4487c1c538557855dfa44 1598822050 2020-08-30T21:14:10+00:00
-- 
cgit v1.2.3