From b9fc63c20df1fdeead24c989c4aca4090830f9d4 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Tue, 1 Nov 2022 03:06:32 +0000
Subject: gentoo auto-resync : 01:11:2022 - 03:06:31

---
 metadata/glsa/Manifest           |  30 ++++++++++----------
 metadata/glsa/Manifest.files.gz  | Bin 534819 -> 535926 bytes
 metadata/glsa/glsa-202210-36.xml |  42 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202210-37.xml |  60 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202210-38.xml |  42 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202210-39.xml |  43 ++++++++++++++++++++++++++++
 metadata/glsa/glsa-202210-40.xml |  44 ++++++++++++++++++++++++++++
 metadata/glsa/glsa-202210-41.xml |  43 ++++++++++++++++++++++++++++
 metadata/glsa/glsa-202210-42.xml |  44 ++++++++++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 11 files changed, 335 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-202210-36.xml
 create mode 100644 metadata/glsa/glsa-202210-37.xml
 create mode 100644 metadata/glsa/glsa-202210-38.xml
 create mode 100644 metadata/glsa/glsa-202210-39.xml
 create mode 100644 metadata/glsa/glsa-202210-40.xml
 create mode 100644 metadata/glsa/glsa-202210-41.xml
 create mode 100644 metadata/glsa/glsa-202210-42.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 3468dca39d38..e56b845cfa25 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 534819 BLAKE2B d1b75b8595407c89720bffe60de9ef926b1b2fa554d41f72384a1ef574e8143c7b19376a3a952ce0891748b7e20ae130a308a1d484c5608ff67945bce9aced54 SHA512 8fa7a0539dd3497dd7b1179e79b7856ac1a8e5187769d1e550a5b52ec09f9738f6c5c6939fee08ddc950dc6d06c0e39438349fd56e7d1579e8b40ebbdc3f0f26
-TIMESTAMP 2022-10-31T20:09:41Z
+MANIFEST Manifest.files.gz 535926 BLAKE2B 7e9b114515adc37e042d0429c05c612bcd37904f6b0e36bb719022725a4c1368a02f1c681914401ccbd4e7d79b897cc0a5bc5cba7a40b3414033dc0ad825e3ad SHA512 9eb1f214127edcde3efe4a83f3f692a941753cc1403b9d080cffc6f566f30dbc3f8933ceb8f23653cbe17e6341f056577f75cf8eb955ad5c636486da9f629092
+TIMESTAMP 2022-11-01T02:11:37Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNgK4VfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNggFlfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD4IBAAjTq9SIDEgJXwRFYJyv8ml6Ww45gXq39gLz0ZsFNTAkFmqDnAt//URujz
-ONSK4M6yY1WZc+WcmLWHs5qSHBG/ed6l10AAvxV02+GlpC4QpfedZeQUjm8e2pfL
-5IWzPDzp+IzhVwDPheUmT5VS0AqGpx+stWLj7P2hkK7N5lExDtcN2BV73cV8IOVz
-DXfop0Psbp25/hmpoawqG6jOYX8fexEa0BHufRKCdQmtroPW3hWhzssl6ZM9hesJ
-Vtqr7gqtXIe0/jRKZqCGnuBgLx6+Exa0JeD2nRdUWSNpR/3a6rpMI8P23p0Lt6Vs
-8VKmPwnmg1iROnvMEQZcyVMoqjde1UTSDTzVTZ8AvbKf9FcqUqoBGMbvriXfKdl9
-3SiO7eaaTHla7EwyIGQc7C/RyvAY+E1wzrPrX3QRHDVDLfihdF6hojfDWlCVI4LQ
-7mLySE/vNcKpae071WcW9t3cT4rqAsnl3WzCdRRc826bmzaQEoVMUFIG3bic2+OJ
-5/3p4V55yoW6IkbPgmI8x5VBaTVljhQzNEGnvJyr12jKSMhOCquL2SRPhT4N2tkz
-koFIrS1djAFPCzq8pQgJr292fbjdaLoC/ATsFaA/2tOKEayZ1nCxxL2UMwc0aLs8
-xp7Q/wec31w/56bVn/WuwAx0RNfYxrkev7rAGLg0d1zNQhkK0Q0=
-=ra8K
+klCMyhAAquA5bUgbpLXNPHVDWec0qs0r3NOq+I/y77XTbyEbjmyR5qehaosbUgCh
+j5YhCU3gb3/D1dX/yOrZGkHynxqEe5z2glzLMqOKzqW/qM2YTMMhqvkGl7YfIFQ2
+0JQbL/mcKNLklqxdMTQxLxWkxFJP4Yo0EqawLMz4R/jE0VOrWA2ITHFA6jKfHzVo
+LfagACiliZtuQXBwqk7o50+fYBqcfG++C95WhLmQ7tzhS3hMvF3ohztyvb55ipnP
+dKQ1FDU1eFW1fZpgPk5mBZmnC0oIeenamgX5eDMylcMv2Jq42C/4KsxF6RlQsL9m
+W9r0ds8var3uweSWt/YFjBVwmTsqh83zcX7xAsWOxyCVOsYtbKY0K/u03rchqUi4
+q+B/+HuRQXS5HBTu8Wl3WvAfGbfWIKX3uyIBT4sIaWINQBPZ26NSoefdeZ8f5Vnp
+nBpxurBU4nJVKnT57DzXCzmkBcgqJLR9SHkw9mA0FRnZQHpWg8pmYFpOAzzZ0I7l
+xSuCSGef+ZT7XnGBleut+kqEUTSnGYTeXntahYNTGnvGlSrRYqBLoDbKCY9GvKK6
+XQH7u6/7pPw2dPXMHCk9cBm4I07IIqC6A2J3Z0vzwJ6ysUJJEe2AdcF0i4yse5DU
+Y9LUGfHwabKi2CoBla7tTyvgtdP36BxBKQ7qGnPA+bhQOgC/jt4=
+=OQEG
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 8e591d03ea6d..5dae7a8bf4e8 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202210-36.xml b/metadata/glsa/glsa-202210-36.xml
new file mode 100644
index 000000000000..04ac36eb67fd
--- /dev/null
+++ b/metadata/glsa/glsa-202210-36.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-36">
+    <title>libjxl: Denial of Service</title>
+    <synopsis>A vulnerability has been found in libjxl which could result in denial of service.</synopsis>
+    <product type="ebuild">libjxl</product>
+    <announced>2022-10-31</announced>
+    <revised count="1">2022-10-31</revised>
+    <bug>856037</bug>
+    <access>remote</access>
+    <affected>
+        <package name="media-libs/libjxl" auto="yes" arch="*">
+            <unaffected range="ge">0.7.0_pre20220825</unaffected>
+            <vulnerable range="lt">0.7.0_pre20220825</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libjxl is the JPEG XL image format reference implementation.</p>
+    </background>
+    <description>
+        <p>libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init.</p>
+    </description>
+    <impact type="low">
+        <p>An attacker can cause a denial of service of the libjxl process via a crafted input file.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=media-libs/libjxl-0.7.0_pre20220825"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34000">CVE-2022-34000</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-10-31T20:21:23.265436Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-10-31T20:21:23.274675Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-37.xml b/metadata/glsa/glsa-202210-37.xml
new file mode 100644
index 000000000000..2d82af3c3df0
--- /dev/null
+++ b/metadata/glsa/glsa-202210-37.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-37">
+    <title>PJSIP: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">pjproject</product>
+    <announced>2022-10-31</announced>
+    <revised count="1">2022-10-31</revised>
+    <bug>803614</bug>
+    <bug>829894</bug>
+    <bug>875863</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-libs/pjproject" auto="yes" arch="*">
+            <unaffected range="ge">2.12.1</unaffected>
+            <vulnerable range="lt">2.12.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in PJSIP. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All PJSIP users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/pjproject-2.12.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32686">CVE-2021-32686</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37706">CVE-2021-37706</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-41141">CVE-2021-41141</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43804">CVE-2021-43804</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43845">CVE-2021-43845</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21722">CVE-2022-21722</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21723">CVE-2022-21723</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23608">CVE-2022-23608</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24754">CVE-2022-24754</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24763">CVE-2022-24763</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24764">CVE-2022-24764</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24786">CVE-2022-24786</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24792">CVE-2022-24792</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24793">CVE-2022-24793</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31031">CVE-2022-31031</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39244">CVE-2022-39244</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-39269">CVE-2022-39269</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-10-31T20:22:18.091924Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-10-31T20:22:18.099528Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-38.xml b/metadata/glsa/glsa-202210-38.xml
new file mode 100644
index 000000000000..82ab94939724
--- /dev/null
+++ b/metadata/glsa/glsa-202210-38.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-38">
+    <title>Expat: Denial of Service</title>
+    <synopsis>A vulnerability has been found in Expat which could result in denial of service.</synopsis>
+    <product type="ebuild">expat</product>
+    <announced>2022-10-31</announced>
+    <revised count="1">2022-10-31</revised>
+    <bug>878271</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-libs/expat" auto="yes" arch="*">
+            <unaffected range="ge">2.5.0</unaffected>
+            <vulnerable range="lt">2.5.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Expat is a set of XML parsing libraries.</p>
+    </background>
+    <description>
+        <p>In certain out-of-memory situations, Expat may free memory before it should, leading to a use-after-free.</p>
+    </description>
+    <impact type="low">
+        <p>A use-after-free can result in denial of service.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Expat users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.5.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-43680">CVE-2022-43680</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-10-31T20:22:43.385930Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-10-31T20:22:43.392589Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-39.xml b/metadata/glsa/glsa-202210-39.xml
new file mode 100644
index 000000000000..ef2d7e2ae394
--- /dev/null
+++ b/metadata/glsa/glsa-202210-39.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-39">
+    <title>libxml2: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">libxml2</product>
+    <announced>2022-10-31</announced>
+    <revised count="1">2022-10-31</revised>
+    <bug>877149</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-libs/libxml2" auto="yes" arch="*">
+            <unaffected range="ge">2.10.3</unaffected>
+            <vulnerable range="lt">2.10.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>libxml2 is the XML C parser and toolkit developed for the GNOME project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All libxml2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40303">CVE-2022-40303</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-40304">CVE-2022-40304</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-10-31T20:24:32.137926Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-10-31T20:24:32.143989Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-40.xml b/metadata/glsa/glsa-202210-40.xml
new file mode 100644
index 000000000000..6f4199b2230c
--- /dev/null
+++ b/metadata/glsa/glsa-202210-40.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-40">
+    <title>SQLite: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in SQLite, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">sqlite</product>
+    <announced>2022-10-31</announced>
+    <revised count="1">2022-10-31</revised>
+    <bug>777990</bug>
+    <bug>863431</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-db/sqlite" auto="yes" arch="*">
+            <unaffected range="ge">3.39.2</unaffected>
+            <vulnerable range="lt">3.39.2</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>SQLite is a C library that implements an SQL database engine.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All SQLite users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.39.2"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20227">CVE-2021-20227</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-35737">CVE-2022-35737</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-10-31T20:24:49.875919Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-10-31T20:24:49.881750Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-41.xml b/metadata/glsa/glsa-202210-41.xml
new file mode 100644
index 000000000000..ef96ac8f4e1b
--- /dev/null
+++ b/metadata/glsa/glsa-202210-41.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-41">
+    <title>android-tools: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been found in android-tools, the worst of which could result in arbitrary code execution.</synopsis>
+    <product type="ebuild">android-tools</product>
+    <announced>2022-10-31</announced>
+    <revised count="1">2022-10-31</revised>
+    <bug>878281</bug>
+    <access>remote</access>
+    <affected>
+        <package name="dev-util/android-tools" auto="yes" arch="*">
+            <unaffected range="ge">33.0.3</unaffected>
+            <vulnerable range="lt">33.0.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>android-tools contains Android platform tools (adb, fastboot, and mkbootimg).</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in android-tools. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All android-tools users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-util/android-tools-33.0.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3168">CVE-2022-3168</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-20128">CVE-2022-20128</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-10-31T20:25:11.012259Z">ajak</metadata>
+    <metadata tag="submitter" timestamp="2022-10-31T20:25:11.018064Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-42.xml b/metadata/glsa/glsa-202210-42.xml
new file mode 100644
index 000000000000..608226a9c77f
--- /dev/null
+++ b/metadata/glsa/glsa-202210-42.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-42">
+    <title>zlib: Multiple vulnerabilities</title>
+    <synopsis>A buffer overflow in zlib might allow an attacker to cause remote code execution.</synopsis>
+    <product type="ebuild">zlib</product>
+    <announced>2022-10-31</announced>
+    <revised count="1">2022-10-31</revised>
+    <bug>863851</bug>
+    <bug>835958</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-libs/zlib" auto="yes" arch="*">
+            <unaffected range="ge">1.2.12-r3</unaffected>
+            <vulnerable range="lt">1.2.12-r3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>zlib is a widely used free and patent unencumbered data compression library.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Maliciously crafted input handled by zlib may result in remote code execution.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All zlib users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.12-r3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">CVE-2018-25032</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37434">CVE-2022-37434</uri>
+    </references>
+    <metadata tag="requester" timestamp="2022-10-31T20:36:54.413772Z">sam</metadata>
+    <metadata tag="submitter" timestamp="2022-10-31T20:36:54.421673Z">ajak</metadata>
+</glsa>
\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 334485abf617..45732226a8e4 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Mon, 31 Oct 2022 20:09:38 +0000
+Tue, 01 Nov 2022 02:11:34 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 7d73b3116d6b..1ed7e2bb76fb 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-794e005ddee1af19fec133f96c714f4b8786a377 1667246504 2022-10-31T20:01:44+00:00
+19befd853907b89ff1a5ea81ae63b19dbb1d7655 1667248658 2022-10-31T20:37:38+00:00
-- 
cgit v1.2.3