From deba8115d2c2af26df42966b91ef04ff4dd79cde Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Thu, 14 May 2020 11:09:11 +0100
Subject: gentoo resync : 14.05.2020

---
 metadata/glsa/Manifest           |  30 ++++++++--------
 metadata/glsa/Manifest.files.gz  | Bin 462854 -> 464298 bytes
 metadata/glsa/glsa-202004-02.xml |  16 ++++-----
 metadata/glsa/glsa-202004-14.xml |  53 ++++++++++++++++++++++++++++
 metadata/glsa/glsa-202004-15.xml |  51 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202004-16.xml |  50 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202004-17.xml |  60 ++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202005-01.xml |  56 ++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202005-02.xml |  50 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202005-03.xml |  72 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202005-04.xml |  72 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202005-05.xml |  53 ++++++++++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 14 files changed, 540 insertions(+), 27 deletions(-)
 create mode 100644 metadata/glsa/glsa-202004-14.xml
 create mode 100644 metadata/glsa/glsa-202004-15.xml
 create mode 100644 metadata/glsa/glsa-202004-16.xml
 create mode 100644 metadata/glsa/glsa-202004-17.xml
 create mode 100644 metadata/glsa/glsa-202005-01.xml
 create mode 100644 metadata/glsa/glsa-202005-02.xml
 create mode 100644 metadata/glsa/glsa-202005-03.xml
 create mode 100644 metadata/glsa/glsa-202005-04.xml
 create mode 100644 metadata/glsa/glsa-202005-05.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 33929072fc57..d049ba8837e2 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 462854 BLAKE2B 45d9c39aed70715f733b66b45dc5f1269928044878c906083c6e7a076449bf75e0a2abc6b2094fac1caf94f820d8a437f66033fe5edd3675345689e5a3f2c6d8 SHA512 cdd4cb4b70565ed751e2fc667e7560d4b3105f046b9428886b70b2d9ea0dc778c9446a4556ccea472de31ef09973c16422f77c1b2e65175f6c4833f501c93cc8
-TIMESTAMP 2020-04-25T09:38:56Z
+MANIFEST Manifest.files.gz 464298 BLAKE2B 526a6ba1147d1a7dfd302a24bff7fbcd35795c074c66309f2769965fbf66a4030ab97ff6fe749f275ae27a9eb89af001a4da1c9034b77087136aaec3ef924db0 SHA512 9109f8b09544f23d56243b529abfacedcd6c96f06bd7ac30000b4fdc0fa196adcedd450a45aa34b2f3b9e39c5c79b21cf745580241e5a3dbd04444c94fd0e004
+TIMESTAMP 2020-05-14T09:08:22Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl6kBTBfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl69CoZfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCcXg/7BNzMr/mNPnHYxDfDRe4oxPQRKDMr1qdDJpwbsh8OJkz5uJfc7W2wRUYJ
-RGaQ9tGkZ8ih3qyETN4MyLIUU28kXcKBY+BJHQtHTlt3J+idwN+vAJJG1HZbTM6G
-L4u2PxciwU2Jwnyj5Xv+R04iRpbOp03aMYk3O8vw1kE84eEWQoYzSl7rsNqVAJtO
-58bQ/ez8BxFjSERAhCviFjQL8u3izCGVwWq6Ecw/rJaI/1h17s/9ps/wytgXCB1w
-z1tLDdUHAlQKOdQ6F/htu6r2jS51ucRZr+asQRZ8UeamFTLW53n4Sqgw408WEb1C
-fWPrxE/Q834drYte/z9lORGOjn6q+Gqw5oeNcTGCbTcN4s2VtEUjvycWeG99XJY0
-zuBgJSj4JrdNfiuEJwiaFiH9L4KqCcrGjatqzSzUA2tzjrO8W1SBXFtTLaIoYA6j
-4aYutgnQqpKkjLhb+c3JblZf2BtqOFCm1Dm7C2pHDwpi/50t5w7jkKTN86sUouZw
-NvwSzhLsAAdx5S3WWnMKcVDLGm8hUkA7ye9xuLr+Mm2Mm3zfNPUrcBLhd5vkfQsJ
-LJqGMG9Wc5C8rJ3KztPMp6atUEMCGCXVFi+2zfk3qhXjfkV6Z1vUOnIDetPVpOhQ
-n4u7WpbM9EuZwBGo1FVq32+0OJXMAkuH/oo3CX+XVKH0dLAEKxc=
-=6TvA
+klBPCQ/9GLnKLMxO7qpPA4LcZCXaZst+azJ4uJlD3wZnODRItV7LeqmFFCwFnZQ/
+yCnVdhTStN8MYHAaEvacNDFVL2PHmX9MJ3zNjvOOpseWnoAZMhaL7wxZY7tYU3Cx
+vdYk43iTDT9RF3/WtAB/0gelTriIoz3bRtvTUCqdAwVO886edrb5q9dA+KN86X3K
+NndLaIwf4S7dc7GVeW7Sipch6n0G5Qi9nVB5X6+SxagJUXJzeYSbU7rtCMvDfXi2
+DR2xTXLX6MjuCKC4iUwBK1mjTuaXPFBJuS8WfC4WueNArbEKAC+3fPPM9OwC6hkk
+ZNX/x8G8LsHw31bSA0qrms0+SzKGsTugDK6PVude5BFE1yujCXzw1Q2znGXiZEch
+sy+U3cGvHh1cuJQX+3I6G/NtaDmDFs+IgfxdPU+AyMHK2ms1M7gPJ+OnamHxivz7
+q3QgAjXGLH4HqqKnVykl4PLi/2WXnq5B7j9JF5uJr7qK0OrCZurcM0vKaCLvcQHW
+f5o0GZmFq4zlWQ4o2kBwYtEXbQ7WMu3m5V71BCVixoZJWPXycD6YcroYUVbaBgBL
+Ek9mMA0cml2tbeii/IVoYLOlKw7dV97+BKLKP+HAJNTRDp1FbfNkJ5fuj5ttvR2t
+Sg6XGLfQTe31ZV0sKxaKtE2q4jGE3OmQZBdPPLqDURwNzqaa4tM=
+=+xry
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index c466aa961150..1ff792f048e2 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202004-02.xml b/metadata/glsa/glsa-202004-02.xml
index 33129dd64c29..479c9bbfe1f5 100644
--- a/metadata/glsa/glsa-202004-02.xml
+++ b/metadata/glsa/glsa-202004-02.xml
@@ -7,21 +7,17 @@
   </synopsis>
   <product type="ebuild">virtualbox</product>
   <announced>2020-04-01</announced>
-  <revised count="1">2020-04-01</revised>
+  <revised count="2">2020-04-26</revised>
   <bug>714064</bug>
   <access>local, remote</access>
   <affected>
     <package name="app-emulation/virtualbox" auto="yes" arch="*">
-      <unaffected range="rge">5.2.36</unaffected>
-      <unaffected range="rge">6.0.16</unaffected>
-      <unaffected range="rge">6.1.2</unaffected>
-      <vulnerable range="lt">6.1.2</vulnerable>
+      <unaffected range="ge">5.2.36</unaffected>
+      <vulnerable range="lt">5.2.36</vulnerable>
     </package>
     <package name="app-emulation/virtualbox-bin" auto="yes" arch="*">
-      <unaffected range="rge">5.2.36</unaffected>
-      <unaffected range="rge">6.0.16</unaffected>
-      <unaffected range="rge">6.1.2</unaffected>
-      <vulnerable range="lt">6.1.2</vulnerable>
+      <unaffected range="ge">5.2.36</unaffected>
+      <vulnerable range="lt">5.2.36</vulnerable>
     </package>
   </affected>
   <background>
@@ -118,5 +114,5 @@
     <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2727">CVE-2020-2727</uri>
   </references>
   <metadata tag="requester" timestamp="2020-04-01T19:35:27Z">whissi</metadata>
-  <metadata tag="submitter" timestamp="2020-04-01T19:41:08Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-26T19:47:03Z">whissi</metadata>
 </glsa>
diff --git a/metadata/glsa/glsa-202004-14.xml b/metadata/glsa/glsa-202004-14.xml
new file mode 100644
index 000000000000..31b09f10f695
--- /dev/null
+++ b/metadata/glsa/glsa-202004-14.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-14">
+  <title>FontForge: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FontForge, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">fontforge</product>
+  <announced>2020-04-30</announced>
+  <revised count="1">2020-04-30</revised>
+  <bug>706778</bug>
+  <bug>715808</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-gfx/fontforge" auto="yes" arch="*">
+      <unaffected range="ge">20200314</unaffected>
+      <vulnerable range="lt">20200314</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FontForge is a PostScript font editor and converter.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FontForge. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted font
+      using FontForge, possibly resulting in execution of arbitrary code with
+      the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FontForge users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-gfx/fontforge-20200314"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15785">CVE-2019-15785</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5395">CVE-2020-5395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-5496">CVE-2020-5496</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-01T20:32:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2020-04-30T23:00:58Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-15.xml b/metadata/glsa/glsa-202004-15.xml
new file mode 100644
index 000000000000..29b4a35af54b
--- /dev/null
+++ b/metadata/glsa/glsa-202004-15.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-15">
+  <title>libu2f-host: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libu2f-host, the worst
+    of which could result in the execution of code.
+  </synopsis>
+  <product type="ebuild">libu2f-host</product>
+  <announced>2020-04-30</announced>
+  <revised count="1">2020-04-30</revised>
+  <bug>678580</bug>
+  <bug>679724</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-crypt/libu2f-host" auto="yes" arch="*">
+      <unaffected range="ge">1.1.10</unaffected>
+      <vulnerable range="lt">1.1.10</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Yubico Universal 2nd Factor (U2F) Host C Library.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libu2f-host. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker could entice a user to plug-in a malicious USB device,
+      possibly resulting in execution of arbitrary code with the privileges of
+      the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libu2f-host users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-crypt/libu2f-host-1.1.10"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20340">CVE-2018-20340</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9578">CVE-2019-9578</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-16T07:16:39Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-04-30T23:12:17Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-16.xml b/metadata/glsa/glsa-202004-16.xml
new file mode 100644
index 000000000000..247dbbc2c38b
--- /dev/null
+++ b/metadata/glsa/glsa-202004-16.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-16">
+  <title>Cacti: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Cacti, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">cacti</product>
+  <announced>2020-04-30</announced>
+  <revised count="1">2020-04-30</revised>
+  <bug>715166</bug>
+  <bug>716406</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/cacti" auto="yes" arch="*">
+      <unaffected range="ge">1.2.11</unaffected>
+      <vulnerable range="lt">1.2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Cacti is a complete frontend to rrdtool.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Cacti. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Cacti users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/cacti-1.2.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-8813">CVE-2020-8813</uri>
+    <uri link="https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11">
+      Cacti 1.2.11 Release Notes
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-08T05:48:28Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-04-30T23:18:03Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202004-17.xml b/metadata/glsa/glsa-202004-17.xml
new file mode 100644
index 000000000000..48d400b6927f
--- /dev/null
+++ b/metadata/glsa/glsa-202004-17.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202004-17">
+  <title>Django: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Django, the worst of
+    which could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">django</product>
+  <announced>2020-04-30</announced>
+  <revised count="1">2020-04-30</revised>
+  <bug>692384</bug>
+  <bug>701744</bug>
+  <bug>706204</bug>
+  <bug>707998</bug>
+  <bug>711522</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-python/django" auto="yes" arch="*">
+      <unaffected range="ge">2.2.11</unaffected>
+      <vulnerable range="lt">2.2.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Django is a Python-based web framework.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Django. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending specially crafted input, could possibly
+      cause a Denial of Service condition, or alter the database.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Django users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-python/django-2.2.11"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12308">CVE-2019-12308</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14232">CVE-2019-14232</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14233">CVE-2019-14233</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14234">CVE-2019-14234</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-14235">CVE-2019-14235</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19118">CVE-2019-19118</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19844">CVE-2019-19844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7471">CVE-2020-7471</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9402">CVE-2020-9402</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-08T04:55:21Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-04-30T23:30:28Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-01.xml b/metadata/glsa/glsa-202005-01.xml
new file mode 100644
index 000000000000..3aab94ef2438
--- /dev/null
+++ b/metadata/glsa/glsa-202005-01.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-01">
+  <title>Long Range ZIP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Long Range ZIP, the
+    worst of which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">lrzip</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>617930</bug>
+  <bug>624462</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-arch/lrzip" auto="yes" arch="*">
+      <unaffected range="ge">0.631_p20190619</unaffected>
+      <vulnerable range="lt">0.631_p20190619</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Optimized for compressing large files</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Long Range ZIP. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could entice a user to open a specially crafted
+      archive file possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Long Range ZIP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-arch/lrzip-0.631_p20190619"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8842">CVE-2017-8842</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8843">CVE-2017-8843</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8844">CVE-2017-8844</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8845">CVE-2017-8845</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8846">CVE-2017-8846</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-8847">CVE-2017-8847</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9928">CVE-2017-9928</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-9929">CVE-2017-9929</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-04-05T23:09:43Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:29:01Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-02.xml b/metadata/glsa/glsa-202005-02.xml
new file mode 100644
index 000000000000..10428dc5ea6c
--- /dev/null
+++ b/metadata/glsa/glsa-202005-02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-02">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>716518</bug>
+  <bug>717154</bug>
+  <bug>717770</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0-r5</unaffected>
+      <vulnerable range="lt">4.2.0-r5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-4.2.0-r5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11102">CVE-2020-11102</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1711">CVE-2020-1711</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-7039">CVE-2020-7039</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-04T02:29:17Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:31:56Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-03.xml b/metadata/glsa/glsa-202005-03.xml
new file mode 100644
index 000000000000..0311ac6901f8
--- /dev/null
+++ b/metadata/glsa/glsa-202005-03.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-03">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>721324</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">68.8.0</unaffected>
+      <vulnerable range="lt">68.8.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.8.0</unaffected>
+      <vulnerable range="lt">68.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker may be able to execute arbitrary code, cause a Denial
+      of Service condition or spoof sender email address.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.8.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-68.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12397">CVE-2020-12397</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/">
+      MFSA-2020-18
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-06T20:22:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:34:15Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-04.xml b/metadata/glsa/glsa-202005-04.xml
new file mode 100644
index 000000000000..d5c267fdd883
--- /dev/null
+++ b/metadata/glsa/glsa-202005-04.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-04">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>721090</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">68.8.0</unaffected>
+      <vulnerable range="lt">68.8.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.8.0</unaffected>
+      <vulnerable range="lt">68.8.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process, an information leak or a Denial of Service
+      condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-68.8.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-68.8.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12387">CVE-2020-12387</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12392">CVE-2020-12392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12394">CVE-2020-12394</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12395">CVE-2020-12395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12396">CVE-2020-12396</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-6831">CVE-2020-6831</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/">
+      MFSA-2020-17
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-06T14:48:10Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:36:01Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202005-05.xml b/metadata/glsa/glsa-202005-05.xml
new file mode 100644
index 000000000000..3e3855c771f2
--- /dev/null
+++ b/metadata/glsa/glsa-202005-05.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202005-05">
+  <title>Squid: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Squid, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">squid</product>
+  <announced>2020-05-12</announced>
+  <revised count="1">2020-05-12</revised>
+  <bug>719046</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-proxy/squid" auto="yes" arch="*">
+      <unaffected range="ge">4.11</unaffected>
+      <vulnerable range="lt">4.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Squid is a full-featured Web proxy cache designed to run on Unix
+      systems. It supports proxying and caching of HTTP, FTP, and other URLs,
+      as well as SSL support, cache hierarchies, transparent caching, access
+      control lists and many other features.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Squid. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Squid users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-proxy/squid-4.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12519">CVE-2019-12519</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12521">CVE-2019-12521</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11945">CVE-2020-11945</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-04T11:10:13Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-05-12T23:40:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 64d6d4b98f8d..a8a4210fb03b 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 25 Apr 2020 09:38:53 +0000
+Thu, 14 May 2020 09:08:19 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index eab48bd233f7..42d3e919a17e 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-5f514a6bc0b6082d08328fcc290cbba6761ee102 1587655514 2020-04-23T15:25:14+00:00
+87a3185d1d1560e7d00df11c54ac0f9e63c64368 1589326875 2020-05-12T23:41:15+00:00
-- 
cgit v1.2.3