From feb0daf81d888e9160f9f94502de09b66f2a63fd Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sun, 21 Jun 2020 17:50:24 +0100
Subject: gentoo resync : 21.06.2020

---
 metadata/glsa/Manifest           |  30 ++++++------
 metadata/glsa/Manifest.files.gz  | Bin 467478 -> 469221 bytes
 metadata/glsa/glsa-202006-13.xml |  48 ++++++++++++++++++++
 metadata/glsa/glsa-202006-14.xml |  52 +++++++++++++++++++++
 metadata/glsa/glsa-202006-15.xml |  48 ++++++++++++++++++++
 metadata/glsa/glsa-202006-16.xml |  46 +++++++++++++++++++
 metadata/glsa/glsa-202006-17.xml |  62 +++++++++++++++++++++++++
 metadata/glsa/glsa-202006-18.xml |  48 ++++++++++++++++++++
 metadata/glsa/glsa-202006-19.xml |  68 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202006-20.xml |  49 ++++++++++++++++++++
 metadata/glsa/glsa-202006-21.xml |  63 +++++++++++++++++++++++++
 metadata/glsa/glsa-202006-22.xml |  96 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202006-23.xml |  50 ++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 15 files changed, 647 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-202006-13.xml
 create mode 100644 metadata/glsa/glsa-202006-14.xml
 create mode 100644 metadata/glsa/glsa-202006-15.xml
 create mode 100644 metadata/glsa/glsa-202006-16.xml
 create mode 100644 metadata/glsa/glsa-202006-17.xml
 create mode 100644 metadata/glsa/glsa-202006-18.xml
 create mode 100644 metadata/glsa/glsa-202006-19.xml
 create mode 100644 metadata/glsa/glsa-202006-20.xml
 create mode 100644 metadata/glsa/glsa-202006-21.xml
 create mode 100644 metadata/glsa/glsa-202006-22.xml
 create mode 100644 metadata/glsa/glsa-202006-23.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 576d87c190a3..0ed418e0af93 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 467478 BLAKE2B f84f56d6f84d28d53ec12df6c1c9b351ab47c5a1f49b61ce8622c5db679861e27d7ce25da735464bfef3bcee4dd60d3b2993b39f3e35242be74b9c6a4dd0b4bf SHA512 88d1586b65d21522de591f657953bb9f61f8b1cce30f3dadef48927eb3f8eb3a3d2f22090d280a08a48c5e888e6fdd1b407f88d87a09782817743b4b23e2c92e
-TIMESTAMP 2020-06-13T09:08:29Z
+MANIFEST Manifest.files.gz 469221 BLAKE2B ceeb5e3ff11ecad175899479757b8424d4d844fbe59abeeee4a4b37448f6dfffdc8ded3f1362c29de1347def4ee57e7dcf15cbd83f40a9103e7b370e3a3097d7 SHA512 06b8c8870a2821eeebd3c9cbc9c92177635bbaa84ef8cdb537ff7ec57048cf77711fd0d737d476fd8724d0474477b8411e09d5263aca5af221eea2a2cd8fc8a3
+TIMESTAMP 2020-06-21T11:38:29Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl7kl41fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl7vRrVfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAmmg/+Jm295pzRFIchRjP2pTiXNnhc3h05wSjXK0IBL9I8cMNqrlHHpLEJpmSB
-jcjbdsm8+xXPnRv/m1tTAeusHoGKWOfLQ0Z6F2M5/XoJfjigUlCbL2/wES7+FflM
-/mKfFWtHWn4UiqouSpudqmnRqPb+2aOHPOge+NV6NY1jDIXb+v58f6OGvlcF+QUt
-QyVu1IDWEBsPA1uRbsUujsRBf8L5X6HdN0glgTnTdlMNQ8eCAGqsr/NWbS0tNeTC
-4CMuH++A673UiXX+M4Gh8IJ3uiO97XEFKXDQGBvuVQU9b6yBMdAmyMFzl3KWSiKe
-dmqMxtohPkassGhnMf5qTQZ5jeK3lAbUYG6395h3zye/ZURNe2InbLfByr8sdhxV
-kdcg5KM58/+uwXFsdNzzj4KIdTrPqe5bLYsvVeyznxc3hpvtoVKJTfeXO+wfLaP6
-dRbAdlsHd3sIDIfrkZXQHtjhtfLvrbA1hFTIirTsK++QTJyawNcf8/MiJhU4ROX3
-ax8/Mf8i/YeTBFfllkJ63uf4KgaziVJJzYKZIXfFwIVwNC5MqIspWdss/AH89G/m
-PO0D8H34b2ii4Y1RY9vP1ZdpqqFKLwacILYhqKEA3Ra7MgH+9D7a5P01PVAXZ2o/
-xb67ERgTVQ/BSXgS5WhnDuMYSBQevaDfQFTCFlmCdlkiFFIHSYA=
-=PMMM
+klAh+hAAtNZ9jtU/9lytqA7E1WGywHwORbcCrRnFNij83LtAF/yPwAeOysFDwhuh
+i2gF3spsNR6wb+tz6TTFuRUWsiWn+XekW9buaHr/20GkjoIYtES7BswHwwinMxxB
+BxwpVY+x3EvmWX7ra8bqAsL1RulfERwAXosUbIMP0W7Med7EFpsYqmSAlxTiGMpa
+R0GP5RxBfhnF4+PKT0zxoTbGhqRJPLIcqJdojry2TNVs0vocKumBfCQZG8E/hatN
+dgRCz961+C4o/z/XAvQXK483tCPdlIk7URCwYwuaqd0HQMDTaBZQi2RVi8rcqPA1
+0aUUWMBXMb2/cFjuqzlpuxTLMPyICSKgcPZ5w/VHOxIpcafnbz5AUSqA6AysqFRH
+17D3sa8n4x/eMaE72ZO/mLmUPc5icBe36Fwi4fErzrY5jOoU3YIP2ng2xuc67IGe
+GxFKJIF8/7Jr8Y4a+2pFX3i4x38U3mo8USDQ9mHW+SbU5ex2sTOB0KIN3sB3OR1e
+qqZNduNIisZXq+OVt5qNchLHflp0apYt+vuPSbynBH6sOtH+0gS2nMRpUQ4nHT3T
+yM7EPqPAdEXwNIkbyDXC4B5+1/Mr4nY6Y9BzQK0O6CGTWuFaXSmiIQ6iy0NdRiEj
+JZOdPujjB2ZPiaGqGQtq43LzOXKyPatTkMo8ITy8V51u6i0XEqE=
+=DUAj
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 14677ebaa92f..9077094066b3 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202006-13.xml b/metadata/glsa/glsa-202006-13.xml
new file mode 100644
index 000000000000..42eeba52e22f
--- /dev/null
+++ b/metadata/glsa/glsa-202006-13.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-13">
+  <title>json-c: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in json-c, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">json-c</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>722150</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/json-c" auto="yes" arch="*">
+      <unaffected range="ge">0.14-r3</unaffected>
+      <vulnerable range="lt">0.14-r3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>json-c is a JSON implementation in C.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in json-c. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote/local attacker could send a specially crafted file possibly
+      resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All json-c users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/json-c-0.14-r3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12762">CVE-2020-12762</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-20T15:54:46Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:44:00Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-14.xml b/metadata/glsa/glsa-202006-14.xml
new file mode 100644
index 000000000000..46fb4e114549
--- /dev/null
+++ b/metadata/glsa/glsa-202006-14.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-14">
+  <title>PEAR Archive_Tar: Remote code execution vulnerability</title>
+  <synopsis>A buffer overflow in the PEAR module Archive_Tar might allow local
+    or remote attacker(s) to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">archive_tar</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>675576</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-php/PEAR-Archive_Tar" auto="yes" arch="*">
+      <unaffected range="ge">1.4.5</unaffected>
+      <vulnerable range="lt">1.4.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>This class provides handling of tar files in PHP.</p>
+  </background>
+  <description>
+    <p>An issue was discovered in the PEAR module Archive_Tar’s handling of
+      file paths within Tar achives.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local or remote attacker could possibly execute arbitrary code with
+      the privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>Avoid handling untrusted Tar files with this package until you have
+      upgraded to a non-vulnerable version.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All PEAR-Archive_Tar users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-php/PEAR-Archive_Tar-1.4.5"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000888">
+      CVE-2018-1000888
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-22T00:11:26Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:46:02Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-15.xml b/metadata/glsa/glsa-202006-15.xml
new file mode 100644
index 000000000000..9fbb52de8eb4
--- /dev/null
+++ b/metadata/glsa/glsa-202006-15.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-15">
+  <title>OpenConnect: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenConnect, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">openconnect</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>719108</bug>
+  <bug>722740</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-vpn/openconnect" auto="yes" arch="*">
+      <unaffected range="ge">8.09-r1</unaffected>
+      <vulnerable range="lt">8.09-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenConnect is a free client for Cisco AnyConnect SSL VPN software.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenConnect. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenConnect users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/openconnect-8.09-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12105">CVE-2020-12105</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12823">CVE-2020-12823</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-23T13:25:13Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:47:01Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-16.xml b/metadata/glsa/glsa-202006-16.xml
new file mode 100644
index 000000000000..a652c18c2802
--- /dev/null
+++ b/metadata/glsa/glsa-202006-16.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-16">
+  <title>PCRE2: Denial of service</title>
+  <synopsis>A vulnerability in PCRE2 could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">pcre2</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>717800</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/pcre2" auto="yes" arch="*">
+      <unaffected range="ge">10.34</unaffected>
+      <vulnerable range="lt">10.34</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PCRE2 is a project based on PCRE (Perl Compatible Regular Expressions)
+      which has a new and revised API.
+    </p>
+  </background>
+  <description>
+    <p>PCRE2 has a flaw when handling JIT-compiled regex using the \X pattern.</p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could cause a possible Denial of Service condition.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All PCRE2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/pcre2-10.34"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-20454">CVE-2019-20454</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-12T14:41:37Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:48:59Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-17.xml b/metadata/glsa/glsa-202006-17.xml
new file mode 100644
index 000000000000..95c9c6dd1af0
--- /dev/null
+++ b/metadata/glsa/glsa-202006-17.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-17">
+  <title>FAAD2: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in FAAD2, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">faad2</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>695540</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/faad2" auto="yes" arch="*">
+      <unaffected range="ge">2.9.0</unaffected>
+      <vulnerable range="lt">2.9.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in FAAD2. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All FAAD2 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/faad2-2.9.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19502">CVE-2018-19502</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19503">CVE-2018-19503</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-19504">CVE-2018-19504</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20194">CVE-2018-20194</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20195">CVE-2018-20195</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20196">CVE-2018-20196</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20197">CVE-2018-20197</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20198">CVE-2018-20198</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20199">CVE-2018-20199</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20357">CVE-2018-20357</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20358">CVE-2018-20358</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20359">CVE-2018-20359</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20360">CVE-2018-20360</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20361">CVE-2018-20361</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-20362">CVE-2018-20362</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-15296">CVE-2019-15296</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-6956">CVE-2019-6956</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-22T01:42:00Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:50:03Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-18.xml b/metadata/glsa/glsa-202006-18.xml
new file mode 100644
index 000000000000..ad77d145a25c
--- /dev/null
+++ b/metadata/glsa/glsa-202006-18.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-18">
+  <title>Bubblewrap: Arbitrary code execution</title>
+  <synopsis>Bubblewrap misuses temporary directories allowing local code
+    execution.
+  </synopsis>
+  <product type="ebuild">bubblerwrap</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>686114</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-apps/bubblewrap" auto="yes" arch="*">
+      <unaffected range="ge">0.4.1</unaffected>
+      <vulnerable range="lt">0.4.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Bubblewrap is an unprivileged sandboxing tool namespaces-powered
+      chroot-like solution.
+    </p>
+  </background>
+  <description>
+    <p>Bubblewrap misuses temporary directories in /tmp as a mount point.</p>
+  </description>
+  <impact type="normal">
+    <p>This flaw may allow possible execution of code or prevention of running
+      Bubblewrap.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Bubblewrap users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-apps/bubblewrap-0.4.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-12439">CVE-2019-12439</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-25T21:13:31Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:51:19Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-19.xml b/metadata/glsa/glsa-202006-19.xml
new file mode 100644
index 000000000000..4f2140b8c1a2
--- /dev/null
+++ b/metadata/glsa/glsa-202006-19.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-19">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>727118</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">68.9.0</unaffected>
+      <vulnerable range="lt">68.9.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">68.9.0</unaffected>
+      <vulnerable range="lt">68.9.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-68.9.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-68.9.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12398">CVE-2020-12398</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12405">CVE-2020-12405</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12406">CVE-2020-12406</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-12410">CVE-2020-12410</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/">
+      MFSA-2020-22
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-06-04T22:44:05Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:52:20Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-20.xml b/metadata/glsa/glsa-202006-20.xml
new file mode 100644
index 000000000000..690bfee258f4
--- /dev/null
+++ b/metadata/glsa/glsa-202006-20.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-20">
+  <title>Asterisk: Root privilege escalation</title>
+  <synopsis>A vulnerability was discovered in Asterisk which may allow local
+    attackers to gain root privileges. 
+  </synopsis>
+  <product type="ebuild">asterisk</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>602722</bug>
+  <access>local</access>
+  <affected>
+    <package name="net-misc/asterisk" auto="yes" arch="*">
+      <unaffected range="ge">13.32.0-r1</unaffected>
+      <vulnerable range="lt">13.32.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A Modular Open Source PBX System.</p>
+  </background>
+  <description>
+    <p>It was discovered that Gentoo’s Asterisk ebuild does not properly set
+      permissions on its data directories. This only affects OpenRC systems, as
+      the flaw was exploitable via the init script.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A local attacker could escalate privileges.</p>
+  </impact>
+  <workaround>
+    <p>Users should ensure the proper permissions are set as discussed in the
+      referenced bugs. Do not run /etc/init.d/asterisk checkperms.
+    </p>
+  </workaround>
+  <resolution>
+    <p>All Asterisk users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/asterisk-13.32.0-r1"
+    </code>
+    
+  </resolution>
+  <references>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-15T11:13:35Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:53:36Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-21.xml b/metadata/glsa/glsa-202006-21.xml
new file mode 100644
index 000000000000..ac2c137808f1
--- /dev/null
+++ b/metadata/glsa/glsa-202006-21.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-21">
+  <title>Apache Tomcat: Remote code execution</title>
+  <synopsis>A vulnerability has been discovered in Apache Tomcat which could
+    result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">tomcat</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>724344</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-servers/tomcat" auto="yes" arch="*">
+      <unaffected range="ge" slot="7">7.0.104</unaffected>
+      <unaffected range="ge" slot="8.5">8.5.55</unaffected>
+      <vulnerable range="lt" slot="7">7.0.104</vulnerable>
+      <vulnerable range="lt" slot="8.5">8.5.55</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.</p>
+  </background>
+  <description>
+    <p>Apache Tomcat improperly handles deserialization of files under specific
+      circumstances.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could possibly execute arbitrary code with the
+      privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Apache Tomcat 7.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-7.0.104"
+    </code>
+    
+    <p>All Apache Tomcat 8.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-servers/tomcat-8.5.55"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9484">CVE-2020-9484</uri>
+    <uri link="https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104">
+      Upstream advisory (7)
+    </uri>
+    <uri link="https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55">
+      Upstream advisory (8.5)
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-25T12:42:10Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:55:34Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-22.xml b/metadata/glsa/glsa-202006-22.xml
new file mode 100644
index 000000000000..82046e4ece12
--- /dev/null
+++ b/metadata/glsa/glsa-202006-22.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-22">
+  <title>OpenJDK, IcedTea: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenJDK and IcedTea,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">icedtea</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>718720</bug>
+  <bug>720690</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-java/openjdk-bin" auto="yes" arch="*">
+      <unaffected range="ge">8.252_p09</unaffected>
+      <vulnerable range="lt">8.252_p09</vulnerable>
+    </package>
+    <package name="dev-java/openjdk-jre-bin" auto="yes" arch="*">
+      <unaffected range="ge">8.252_p09</unaffected>
+      <vulnerable range="lt">8.252_p09</vulnerable>
+    </package>
+    <package name="dev-java/icedtea-bin" auto="yes" arch="*">
+      <unaffected range="ge">3.16.0</unaffected>
+      <vulnerable range="lt">3.16.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenJDK is a free and open-source implementation of the Java Platform,
+      Standard Edition.
+    </p>
+    
+    <p>IcedTea’s aim is to provide OpenJDK in a form suitable for easy
+      configuration, compilation and distribution with the primary goal of
+      allowing inclusion in GNU/Linux distributions.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenJDK and IcedTea.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenJDK binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/openjdk-bin-8.252_p09"
+    </code>
+    
+    <p>All OpenJDK JRE binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=dev-java/openjdk-jre-bin-8.252_p09"
+    </code>
+    
+    <p>All IcedTea binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-java/icedtea-bin-3.16.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2585">CVE-2020-2585</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2585">CVE-2020-2585</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2755">CVE-2020-2755</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2755">CVE-2020-2755</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2756">CVE-2020-2756</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2756">CVE-2020-2756</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2757">CVE-2020-2757</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2757">CVE-2020-2757</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2773">CVE-2020-2773</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2773">CVE-2020-2773</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2781">CVE-2020-2781</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2781">CVE-2020-2781</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2800">CVE-2020-2800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2800">CVE-2020-2800</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2803">CVE-2020-2803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2803">CVE-2020-2803</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2805">CVE-2020-2805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2805">CVE-2020-2805</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2830">CVE-2020-2830</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-2830">CVE-2020-2830</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-14T21:46:41Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:56:40Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202006-23.xml b/metadata/glsa/glsa-202006-23.xml
new file mode 100644
index 000000000000..7fb7e375cbc8
--- /dev/null
+++ b/metadata/glsa/glsa-202006-23.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202006-23">
+  <title>Cyrus IMAP Server: Access restriction bypass</title>
+  <synopsis>An error in Cyrus IMAP Server allows mailboxes to be created with
+    administrative privileges.
+  </synopsis>
+  <product type="ebuild">cyrusimap</product>
+  <announced>2020-06-15</announced>
+  <revised count="1">2020-06-15</revised>
+  <bug>703630</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-mail/cyrus-imapd" auto="yes" arch="*">
+      <unaffected range="ge">3.0.13</unaffected>
+      <vulnerable range="lt">3.0.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail
+      server.
+    </p>
+  </background>
+  <description>
+    <p>An issue was discovered in Cyrus IMAP Server where sieve script
+      uploading is excessively trusted.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A user can use a sieve script to create any mailbox with administrator
+      privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>Disable sieve script uploading until the upgrade is complete.</p>
+  </workaround>
+  <resolution>
+    <p>All Cyrus IMAP Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-mail/cyrus-imapd-3.0.13"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-19783">CVE-2019-19783</uri>
+  </references>
+  <metadata tag="requester" timestamp="2020-05-22T07:13:03Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2020-06-15T15:58:17Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 88cdcb72a7ae..03b6be48b1f2 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 13 Jun 2020 09:08:26 +0000
+Sun, 21 Jun 2020 11:38:26 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index ee8db8673cd1..4906fc32ac0a 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-d201bee5ad23e8472de3397c356e66a559081d7f 1592013107 2020-06-13T01:51:47+00:00
+f51c88fbf8e00dbbe6f151e02b823400a85889ba 1592236707 2020-06-15T15:58:27+00:00
-- 
cgit v1.2.3