Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--glsa-202411-09.xml46
-rw-r--r--glsa-202412-01.xml42
-rw-r--r--glsa-202412-02.xml63
-rw-r--r--glsa-202412-03.xml64
-rw-r--r--glsa-202412-04.xml129
-rw-r--r--glsa-202412-05.xml121
-rw-r--r--glsa-202412-06.xml133
-rw-r--r--glsa-202412-07.xml104
-rw-r--r--glsa-202412-08.xml47
-rw-r--r--glsa-202412-09.xml47
-rw-r--r--glsa-202412-10.xml47
-rw-r--r--glsa-202412-11.xml42
-rw-r--r--glsa-202412-12.xml60
-rw-r--r--glsa-202412-13.xml88
-rw-r--r--glsa-202412-14.xml51
-rw-r--r--glsa-202412-15.xml46
-rw-r--r--glsa-202412-16.xml46
-rw-r--r--glsa-202412-17.xml42
-rw-r--r--glsa-202412-18.xml42
-rw-r--r--glsa-202412-19.xml42
-rw-r--r--glsa-202412-20.xml51
-rw-r--r--glsa-202501-01.xml47
-rw-r--r--glsa-202501-02.xml49
-rw-r--r--glsa-202501-03.xml42
-rw-r--r--glsa-202501-04.xml43
-rw-r--r--glsa-202501-05.xml42
-rw-r--r--glsa-202501-06.xml47
-rw-r--r--glsa-202501-07.xml45
-rw-r--r--glsa-202501-08.xml48
-rw-r--r--glsa-202501-09.xml134
-rw-r--r--glsa-202501-10.xml104
-rw-r--r--glsa-202501-11.xml54
32 files changed, 2008 insertions, 0 deletions
diff --git a/glsa-202411-09.xml b/glsa-202411-09.xml
new file mode 100644
index 00000000..69504e0c
--- /dev/null
+++ b/glsa-202411-09.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202411-09">
+ <title>Perl: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">perl</product>
+ <announced>2024-11-17</announced>
+ <revised count="1">2024-11-17</revised>
+ <bug>807307</bug>
+ <bug>905296</bug>
+ <bug>918612</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-lang/perl" auto="yes" arch="*">
+ <unaffected range="ge">5.38.2</unaffected>
+ <vulnerable range="lt">5.38.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Perl is Larry Wall’s Practical Extraction and Report Language.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Perl users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.38.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36770">CVE-2021-36770</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31486">CVE-2023-31486</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-47038">CVE-2023-47038</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-11-17T09:51:20.109847Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-11-17T09:51:20.112367Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-01.xml b/glsa-202412-01.xml
new file mode 100644
index 00000000..1bc02fe6
--- /dev/null
+++ b/glsa-202412-01.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-01">
+ <title>R: Arbitrary Code Execution</title>
+ <synopsis>A vulnerability has been discovered in R, which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">R</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>930936</bug>
+ <access>local</access>
+ <affected>
+ <package name="dev-lang/R" auto="yes" arch="*">
+ <unaffected range="ge">4.4.1</unaffected>
+ <vulnerable range="lt">4.4.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>R is a language and environment for statistical computing and graphics.</p>
+ </background>
+ <description>
+ <p>Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.</p>
+ </description>
+ <impact type="high">
+ <p>Arbitrary code may be run when deserializing untrusted data.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All R users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/R-4.4.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-27322">CVE-2024-27322</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T08:53:34.596478Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T08:53:34.602412Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-02.xml b/glsa-202412-02.xml
new file mode 100644
index 00000000..406294fb
--- /dev/null
+++ b/glsa-202412-02.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-02">
+ <title>Cacti: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.</synopsis>
+ <product type="ebuild">cacti</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>823788</bug>
+ <bug>834597</bug>
+ <bug>884799</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/cacti" auto="yes" arch="*">
+ <unaffected range="ge">1.2.26</unaffected>
+ <vulnerable range="lt">1.2.26</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Cacti is a web-based network graphing and reporting tool.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Cacti users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.26"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14424">CVE-2020-14424</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0730">CVE-2022-0730</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46169">CVE-2022-46169</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48547">CVE-2022-48547</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30534">CVE-2023-30534</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31132">CVE-2023-31132</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39357">CVE-2023-39357</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39358">CVE-2023-39358</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39359">CVE-2023-39359</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39360">CVE-2023-39360</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39361">CVE-2023-39361</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39362">CVE-2023-39362</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39365">CVE-2023-39365</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39510">CVE-2023-39510</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39511">CVE-2023-39511</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39512">CVE-2023-39512</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39513">CVE-2023-39513</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39514">CVE-2023-39514</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39515">CVE-2023-39515</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39516">CVE-2023-39516</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T08:56:20.459772Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T08:56:20.462893Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-03.xml b/glsa-202412-03.xml
new file mode 100644
index 00000000..cf4f8ff7
--- /dev/null
+++ b/glsa-202412-03.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-03">
+ <title>Asterisk: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.</synopsis>
+ <product type="ebuild">asterisk</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>771318</bug>
+ <bug>803440</bug>
+ <bug>838391</bug>
+ <bug>884797</bug>
+ <bug>920026</bug>
+ <bug>937844</bug>
+ <bug>939159</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-misc/asterisk" auto="yes" arch="*">
+ <unaffected range="ge">18.24.3</unaffected>
+ <vulnerable range="lt">18.24.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Asterisk is an open source telephony engine and toolkit.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Asterisk users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/asterisk-18.24.3"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35776">CVE-2020-35776</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26712">CVE-2021-26712</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26713">CVE-2021-26713</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26714">CVE-2021-26714</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26717">CVE-2021-26717</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26906">CVE-2021-26906</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31878">CVE-2021-31878</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32558">CVE-2021-32558</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26498">CVE-2022-26498</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26499">CVE-2022-26499</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26651">CVE-2022-26651</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37325">CVE-2022-37325</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42705">CVE-2022-42705</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42706">CVE-2022-42706</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37457">CVE-2023-37457</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49294">CVE-2023-49294</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49786">CVE-2023-49786</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T08:58:41.628301Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T08:58:41.632180Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-04.xml b/glsa-202412-04.xml
new file mode 100644
index 00000000..65ac03ed
--- /dev/null
+++ b/glsa-202412-04.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-04">
+ <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution.</synopsis>
+ <product type="ebuild">firefox,firefox-bin</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>936215</bug>
+ <bug>937467</bug>
+ <bug>941169</bug>
+ <bug>941174</bug>
+ <bug>941224</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge" slot="rapid">131.0.2</unaffected>
+ <unaffected range="ge" slot="esr">123.3.1</unaffected>
+ <vulnerable range="lt" slot="rapid">131.0.2</vulnerable>
+ <vulnerable range="lt" slot="esr">128.3.1</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="rapid">131.0.2</unaffected>
+ <unaffected range="ge" slot="esr">128.3.1</unaffected>
+ <vulnerable range="lt" slot="rapid">131.0.2</vulnerable>
+ <vulnerable range="lt" slot="esr">128.3.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox users should upgrade to the latest version in their release channel:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-131.0.2:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.3.1:esr"
+ </code>
+
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-131.0.2:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-128.3.1:esr"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6601">CVE-2024-6601</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6602">CVE-2024-6602</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6603">CVE-2024-6603</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6604">CVE-2024-6604</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6606">CVE-2024-6606</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6607">CVE-2024-6607</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6608">CVE-2024-6608</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6609">CVE-2024-6609</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6610">CVE-2024-6610</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6611">CVE-2024-6611</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6612">CVE-2024-6612</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6613">CVE-2024-6613</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6614">CVE-2024-6614</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6615">CVE-2024-6615</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7518">CVE-2024-7518</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7519">CVE-2024-7519</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7520">CVE-2024-7520</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7521">CVE-2024-7521</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7522">CVE-2024-7522</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7523">CVE-2024-7523</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7524">CVE-2024-7524</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7525">CVE-2024-7525</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7526">CVE-2024-7526</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7527">CVE-2024-7527</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7528">CVE-2024-7528</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7529">CVE-2024-7529</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7530">CVE-2024-7530</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7531">CVE-2024-7531</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8381">CVE-2024-8381</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8382">CVE-2024-8382</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8383">CVE-2024-8383</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8384">CVE-2024-8384</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8385">CVE-2024-8385</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8386">CVE-2024-8386</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8387">CVE-2024-8387</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8389">CVE-2024-8389</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8394">CVE-2024-8394</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8900">CVE-2024-8900</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9391">CVE-2024-9391</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9392">CVE-2024-9392</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9395">CVE-2024-9395</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9396">CVE-2024-9396</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9397">CVE-2024-9397</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9399">CVE-2024-9399</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9400">CVE-2024-9400</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9401">CVE-2024-9401</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9402">CVE-2024-9402</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9403">CVE-2024-9403</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9680">CVE-2024-9680</uri>
+ <uri>MFSA2024-29</uri>
+ <uri>MFSA2024-30</uri>
+ <uri>MFSA2024-31</uri>
+ <uri>MFSA2024-33</uri>
+ <uri>MFSA2024-34</uri>
+ <uri>MFSA2024-35</uri>
+ <uri>MFSA2024-38</uri>
+ <uri>MFSA2024-39</uri>
+ <uri>MFSA2024-40</uri>
+ <uri>MFSA2024-41</uri>
+ <uri>MFSA2024-43</uri>
+ <uri>MFSA2024-44</uri>
+ <uri>MFSA2024-46</uri>
+ <uri>MFSA2024-47</uri>
+ <uri>MFSA2024-48</uri>
+ <uri>MFSA2024-49</uri>
+ <uri>MFSA2024-50</uri>
+ <uri>MFSA2024-51</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T10:09:25.027501Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T10:09:25.030768Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-05.xml b/glsa-202412-05.xml
new file mode 100644
index 00000000..f6800580
--- /dev/null
+++ b/glsa-202412-05.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-05">
+ <title>Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.</synopsis>
+ <product type="ebuild">chromium,google-chrome,microsoft-edge,microsoft-edge,opera</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>924450</bug>
+ <bug>925161</bug>
+ <bug>925666</bug>
+ <bug>926230</bug>
+ <bug>926869</bug>
+ <bug>927312</bug>
+ <bug>927928</bug>
+ <bug>928462</bug>
+ <bug>929112</bug>
+ <bug>930124</bug>
+ <bug>930647</bug>
+ <bug>930994</bug>
+ <bug>931548</bug>
+ <access>remote</access>
+ <affected>
+ <package name="ww-client/microsoft-edge" auto="yes" arch="*">
+ <unaffected range="ge">124.0.2478.97</unaffected>
+ </package>
+ <package name="www-client/chromium" auto="yes" arch="*">
+ <unaffected range="ge">124.0.6367.155</unaffected>
+ <vulnerable range="lt">124.0.6367.155</vulnerable>
+ </package>
+ <package name="www-client/google-chrome" auto="yes" arch="*">
+ <unaffected range="ge">124.0.6367.155</unaffected>
+ <vulnerable range="lt">124.0.6367.155</vulnerable>
+ </package>
+ <package name="www-client/microsoft-edge" auto="yes" arch="*">
+ <vulnerable range="lt">124.0.2478.97</vulnerable>
+ </package>
+ <package name="www-client/opera" auto="yes" arch="*">
+ <unaffected range="ge">110.0.5130.35</unaffected>
+ <vulnerable range="lt">110.0.5130.35</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Opera is a fast and secure web browser.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Google Chrome users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-124.0.6367.155"
+ </code>
+
+ <p>All Chromium users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-124.0.6367.155 "
+ </code>
+
+ <p>All Microsoft Edge users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-124.0.2478.97"
+ </code>
+
+ <p>All Oprea users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-110.0.5130.35"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1669">CVE-2024-1669</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1670">CVE-2024-1670</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1671">CVE-2024-1671</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1672">CVE-2024-1672</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1673">CVE-2024-1673</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1674">CVE-2024-1674</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1675">CVE-2024-1675</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1676">CVE-2024-1676</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2173">CVE-2024-2173</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2174">CVE-2024-2174</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2176">CVE-2024-2176</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2400">CVE-2024-2400</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2625">CVE-2024-2625</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2626">CVE-2024-2626</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2627">CVE-2024-2627</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2628">CVE-2024-2628</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2883">CVE-2024-2883</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2885">CVE-2024-2885</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2886">CVE-2024-2886</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2887">CVE-2024-2887</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3156">CVE-2024-3156</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3158">CVE-2024-3158</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3159">CVE-2024-3159</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3832">CVE-2024-3832</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3833">CVE-2024-3833</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3834">CVE-2024-3834</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4058">CVE-2024-4058</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4059">CVE-2024-4059</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4060">CVE-2024-4060</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4331">CVE-2024-4331</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4368">CVE-2024-4368</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4558">CVE-2024-4558</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4559">CVE-2024-4559</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T10:13:10.835687Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T10:13:10.839877Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-06.xml b/glsa-202412-06.xml
new file mode 100644
index 00000000..a7fb73b9
--- /dev/null
+++ b/glsa-202412-06.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-06">
+ <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis>
+ <product type="ebuild">thunderbird,thunderbird-bin</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>935551</bug>
+ <bug>936216</bug>
+ <bug>937468</bug>
+ <bug>941170</bug>
+ <bug>941175</bug>
+ <bug>942470</bug>
+ <access>remote</access>
+ <affected>
+ <package name="mail-client/thunderbird" auto="yes" arch="*">
+ <unaffected range="ge">128.4.0</unaffected>
+ <vulnerable range="lt">128.4.0</vulnerable>
+ </package>
+ <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+ <unaffected range="ge">128.4.0</unaffected>
+ <vulnerable range="lt">128.4.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.4.0"
+ </code>
+
+ <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.4.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5693">CVE-2024-5693</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5696">CVE-2024-5696</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5700">CVE-2024-5700</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6601">CVE-2024-6601</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6602">CVE-2024-6602</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6603">CVE-2024-6603</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6604">CVE-2024-6604</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7518">CVE-2024-7518</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7519">CVE-2024-7519</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7520">CVE-2024-7520</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7521">CVE-2024-7521</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7522">CVE-2024-7522</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7523">CVE-2024-7523</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7524">CVE-2024-7524</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7525">CVE-2024-7525</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7526">CVE-2024-7526</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7527">CVE-2024-7527</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7528">CVE-2024-7528</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7529">CVE-2024-7529</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7531">CVE-2024-7531</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8381">CVE-2024-8381</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8382">CVE-2024-8382</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8383">CVE-2024-8383</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8384">CVE-2024-8384</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8385">CVE-2024-8385</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8386">CVE-2024-8386</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8387">CVE-2024-8387</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8389">CVE-2024-8389</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8394">CVE-2024-8394</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8900">CVE-2024-8900</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9391">CVE-2024-9391</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9392">CVE-2024-9392</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9395">CVE-2024-9395</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9396">CVE-2024-9396</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9397">CVE-2024-9397</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9399">CVE-2024-9399</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9400">CVE-2024-9400</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9401">CVE-2024-9401</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9402">CVE-2024-9402</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9403">CVE-2024-9403</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10458">CVE-2024-10458</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10459">CVE-2024-10459</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10460">CVE-2024-10460</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10461">CVE-2024-10461</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10462">CVE-2024-10462</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10463">CVE-2024-10463</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10464">CVE-2024-10464</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10465">CVE-2024-10465</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10466">CVE-2024-10466</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10467">CVE-2024-10467</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10468">CVE-2024-10468</uri>
+ <uri>MFSA-2024-25</uri>
+ <uri>MFSA-2024-26</uri>
+ <uri>MFSA-2024-28</uri>
+ <uri>MFSA2024-29</uri>
+ <uri>MFSA2024-30</uri>
+ <uri>MFSA2024-31</uri>
+ <uri>MFSA2024-33</uri>
+ <uri>MFSA2024-34</uri>
+ <uri>MFSA2024-35</uri>
+ <uri>MFSA2024-38</uri>
+ <uri>MFSA2024-39</uri>
+ <uri>MFSA2024-40</uri>
+ <uri>MFSA2024-41</uri>
+ <uri>MFSA2024-43</uri>
+ <uri>MFSA2024-44</uri>
+ <uri>MFSA2024-46</uri>
+ <uri>MFSA2024-47</uri>
+ <uri>MFSA2024-48</uri>
+ <uri>MFSA2024-49</uri>
+ <uri>MFSA2024-50</uri>
+ <uri>MFSA2024-55</uri>
+ <uri>MFSA2024-56</uri>
+ <uri>MFSA2024-57</uri>
+ <uri>MFSA2024-58</uri>
+ <uri>MFSA2024-59</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T10:32:19.630664Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T10:32:19.634875Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-07.xml b/glsa-202412-07.xml
new file mode 100644
index 00000000..f2ac638e
--- /dev/null
+++ b/glsa-202412-07.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-07">
+ <title>OpenJDK: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.</synopsis>
+ <product type="ebuild">openjdk,openjdk-bin,openjdk-jre-bin</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>912719</bug>
+ <bug>916211</bug>
+ <bug>925020</bug>
+ <bug>941689</bug>
+ <access>local and remote</access>
+ <affected>
+ <package name="dev-java/openjdk" auto="yes" arch="*">
+ <unaffected range="ge" slot="8">8.422_p05</unaffected>
+ <unaffected range="ge" slot="11">11.0.24_p8</unaffected>
+ <unaffected range="ge" slot="17">17.0.12_p7</unaffected>
+ <vulnerable range="lt" slot="8">8.422_p05</vulnerable>
+ <vulnerable range="lt" slot="11">11.0.24_p8</vulnerable>
+ <vulnerable range="lt" slot="17">17.0.12_p7</vulnerable>
+ </package>
+ <package name="dev-java/openjdk-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="8">8.422_p05</unaffected>
+ <unaffected range="ge" slot="11">11.0.24_p8</unaffected>
+ <unaffected range="ge" slot="17">17.0.12_p7</unaffected>
+ <vulnerable range="lt" slot="8">8.422_p05</vulnerable>
+ <vulnerable range="lt" slot="11">11.0.24_p8</vulnerable>
+ <vulnerable range="lt" slot="17">17.0.12_p7</vulnerable>
+ </package>
+ <package name="dev-java/openjdk-jre-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="8">8.422_p05</unaffected>
+ <unaffected range="ge" slot="11">11.0.24_p8</unaffected>
+ <unaffected range="ge" slot="17">17.0.12_p7</unaffected>
+ <vulnerable range="lt" slot="8">8.422_p05</vulnerable>
+ <vulnerable range="lt" slot="11">11.0.24_p8</vulnerable>
+ <vulnerable range="lt" slot="17">17.0.12_p7</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OpenJDK is an open source implementation of the Java programming language.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OpenJDK users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.422_p05:8"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.24_p8:11"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.12_p7:17"
+ </code>
+
+ <p>All OpenJDK users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.442_p05:8"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.24_p8:11"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.12_p7:17"
+ </code>
+
+ <p>All OpenJDK users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.442_p05:8"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.24_p8:11"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.12_p7:17"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22006">CVE-2023-22006</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22025">CVE-2023-22025</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22036">CVE-2023-22036</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22041">CVE-2023-22041</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22044">CVE-2023-22044</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22045">CVE-2023-22045</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22049">CVE-2023-22049</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22067">CVE-2023-22067</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22081">CVE-2023-22081</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20918">CVE-2024-20918</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20919">CVE-2024-20919</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20921">CVE-2024-20921</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20926">CVE-2024-20926</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20932">CVE-2024-20932</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20945">CVE-2024-20945</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20952">CVE-2024-20952</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21208">CVE-2024-21208</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21210">CVE-2024-21210</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21217">CVE-2024-21217</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21235">CVE-2024-21235</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T10:36:00.689590Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T10:36:00.694327Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-08.xml b/glsa-202412-08.xml
new file mode 100644
index 00000000..e886a101
--- /dev/null
+++ b/glsa-202412-08.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-08">
+ <title>icinga2: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Icinga2, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">icinga2</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>760660</bug>
+ <bug>943329</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/icinga2" auto="yes" arch="*">
+ <unaffected range="ge">2.14.3</unaffected>
+ <vulnerable range="lt">2.14.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Icinga2 is a distributed, general purpose, network monitoring engine.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Icinga2 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/icinga2-2.14.3"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29663">CVE-2020-29663</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32739">CVE-2021-32739</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32743">CVE-2021-32743</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37698">CVE-2021-37698</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-49369">CVE-2024-49369</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T10:38:13.796029Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T10:38:13.799855Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-09.xml b/glsa-202412-09.xml
new file mode 100644
index 00000000..a4213f22
--- /dev/null
+++ b/glsa-202412-09.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-09">
+ <title>Salt: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Salt, the worst of which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">salt</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>916512</bug>
+ <bug>925021</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-admin/salt" auto="yes" arch="*">
+ <unaffected range="ge">3006.6</unaffected>
+ <vulnerable range="lt">3006.6</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Salt is a fast, intelligent and scalable automation engine.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Salt users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/salt-3006.6"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-20897">CVE-2023-20897</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-20898">CVE-2023-20898</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34049">CVE-2023-34049</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-22231">CVE-2024-22231</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-22232">CVE-2024-22232</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T11:25:36.905520Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T11:25:36.909137Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-10.xml b/glsa-202412-10.xml
new file mode 100644
index 00000000..264249f3
--- /dev/null
+++ b/glsa-202412-10.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-10">
+ <title>Dnsmasq: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service.</synopsis>
+ <product type="ebuild">dnsmasq</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>867322</bug>
+ <bug>905321</bug>
+ <bug>924448</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-dns/dnsmasq" auto="yes" arch="*">
+ <unaffected range="ge">2.90</unaffected>
+ <vulnerable range="lt">2.90</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Dnsmasq. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Dnsmasq users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.90"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0934">CVE-2022-0934</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28450">CVE-2023-28450</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50387">CVE-2023-50387</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50868">CVE-2023-50868</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T11:27:15.261272Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T11:27:15.263698Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-11.xml b/glsa-202412-11.xml
new file mode 100644
index 00000000..8596c449
--- /dev/null
+++ b/glsa-202412-11.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-11">
+ <title>OATH Toolkit: Privilege Escalation</title>
+ <synopsis>A vulnerability has been discovered in OATH Toolkit, which could lead to local root privilege escalation.</synopsis>
+ <product type="ebuild">oath-toolkit</product>
+ <announced>2024-12-07</announced>
+ <revised count="1">2024-12-07</revised>
+ <bug>940778</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-auth/oath-toolkit" auto="yes" arch="*">
+ <unaffected range="ge">2.6.12</unaffected>
+ <vulnerable range="lt">2.6.12</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key data. OATH stands for Open AuTHentication, which is the organization that specify the algorithms.</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in OATH Toolkit. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifier for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OATH Toolkit users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/oath-toolkit-2.6.12"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-47191">CVE-2024-47191</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-07T11:29:36.174751Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-07T11:29:36.177979Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-12.xml b/glsa-202412-12.xml
new file mode 100644
index 00000000..c9363090
--- /dev/null
+++ b/glsa-202412-12.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-12">
+ <title>PostgreSQL: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in PostgreSQL, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">postgresql</product>
+ <announced>2024-12-08</announced>
+ <revised count="1">2024-12-08</revised>
+ <bug>943512</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-db/postgresql" auto="yes" arch="*">
+ <unaffected range="ge" slot="12">12.21</unaffected>
+ <unaffected range="ge" slot="13">13.17</unaffected>
+ <unaffected range="ge" slot="14">14.14</unaffected>
+ <unaffected range="ge" slot="15">15.9</unaffected>
+ <unaffected range="ge" slot="16">16.5</unaffected>
+ <unaffected range="ge" slot="17">17.1</unaffected>
+ <vulnerable range="lt" slot="12">12.21</vulnerable>
+ <vulnerable range="lt" slot="13">13.17</vulnerable>
+ <vulnerable range="lt" slot="14">14.14</vulnerable>
+ <vulnerable range="lt" slot="15">15.9</vulnerable>
+ <vulnerable range="lt" slot="16">16.5</vulnerable>
+ <vulnerable range="lt" slot="17">17.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>PostgreSQL is an open source object-relational database management system.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All PostgreSQL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.21:12"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-13.17:13"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-14.14:14"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-15.9:15"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-16.5:16"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-17.1:17"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10976">CVE-2024-10976</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10977">CVE-2024-10977</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10978">CVE-2024-10978</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10979">CVE-2024-10979</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-08T08:29:04.506280Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-08T08:29:04.508614Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-13.xml b/glsa-202412-13.xml
new file mode 100644
index 00000000..77a0f6a0
--- /dev/null
+++ b/glsa-202412-13.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-13">
+ <title>Spidermonkey: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">spidermonkey</product>
+ <announced>2024-12-08</announced>
+ <revised count="1">2024-12-08</revised>
+ <bug>935552</bug>
+ <bug>936217</bug>
+ <bug>937469</bug>
+ <bug>941176</bug>
+ <access>local and remote</access>
+ <affected>
+ <package name="dev-lang/spidermonkey" auto="yes" arch="*">
+ <unaffected range="ge" slot="115">115.15.0</unaffected>
+ <vulnerable range="lt" slot="115">115.15.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Spidermonkey. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Spidermonkey users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/spidermonkey-115.15.0:115"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5693">CVE-2024-5693</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5696">CVE-2024-5696</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5700">CVE-2024-5700</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6601">CVE-2024-6601</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6602">CVE-2024-6602</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6603">CVE-2024-6603</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6604">CVE-2024-6604</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7518">CVE-2024-7518</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7519">CVE-2024-7519</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7520">CVE-2024-7520</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7521">CVE-2024-7521</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7522">CVE-2024-7522</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7523">CVE-2024-7523</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7524">CVE-2024-7524</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7525">CVE-2024-7525</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7526">CVE-2024-7526</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7527">CVE-2024-7527</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7528">CVE-2024-7528</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7529">CVE-2024-7529</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7531">CVE-2024-7531</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8381">CVE-2024-8381</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8382">CVE-2024-8382</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8383">CVE-2024-8383</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8384">CVE-2024-8384</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8385">CVE-2024-8385</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8386">CVE-2024-8386</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8387">CVE-2024-8387</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8389">CVE-2024-8389</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8394">CVE-2024-8394</uri>
+ <uri>MFSA-2024-25</uri>
+ <uri>MFSA-2024-26</uri>
+ <uri>MFSA-2024-28</uri>
+ <uri>MFSA2024-29</uri>
+ <uri>MFSA2024-30</uri>
+ <uri>MFSA2024-31</uri>
+ <uri>MFSA2024-33</uri>
+ <uri>MFSA2024-34</uri>
+ <uri>MFSA2024-35</uri>
+ <uri>MFSA2024-38</uri>
+ <uri>MFSA2024-39</uri>
+ <uri>MFSA2024-40</uri>
+ <uri>MFSA2024-41</uri>
+ <uri>MFSA2024-43</uri>
+ <uri>MFSA2024-44</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-08T08:30:35.080391Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-08T08:30:35.086284Z">graaff</metadata>
+</glsa>
diff --git a/glsa-202412-14.xml b/glsa-202412-14.xml
new file mode 100644
index 00000000..f351fb59
--- /dev/null
+++ b/glsa-202412-14.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-14">
+ <title>HashiCorp Consul: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">consul</product>
+ <announced>2024-12-08</announced>
+ <revised count="1">2024-12-08</revised>
+ <bug>907925</bug>
+ <bug>917614</bug>
+ <bug>925030</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-admin/consul" auto="yes" arch="*">
+ <unaffected range="ge">1.15.10</unaffected>
+ <vulnerable range="lt">1.15.10</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>HashiCorp Consul is a tool for service discovery, monitoring and configuration.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All HashiCorp Consul users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/consul-1.15.10"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-1297">CVE-2023-1297</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2816">CVE-2023-2816</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44487">CVE-2023-44487</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23322">CVE-2024-23322</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23323">CVE-2024-23323</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23324">CVE-2024-23324</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23325">CVE-2024-23325</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-23327">CVE-2024-23327</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-08T08:38:34.763660Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-08T08:38:34.766478Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-15.xml b/glsa-202412-15.xml
new file mode 100644
index 00000000..762abfb6
--- /dev/null
+++ b/glsa-202412-15.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-15">
+ <title>OpenSC: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in OpenSC, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">opensc</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>907930</bug>
+ <bug>917651</bug>
+ <access>local</access>
+ <affected>
+ <package name="dev-libs/opensc" auto="yes" arch="*">
+ <unaffected range="ge">0.24.0</unaffected>
+ <vulnerable range="lt">0.24.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OpenSC contains tools and libraries for smart cards.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in OpenSC. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OpenSC users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.24.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2977">CVE-2023-2977</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-4535">CVE-2023-4535</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40660">CVE-2023-40660</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40661">CVE-2023-40661</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T08:39:14.588601Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T08:39:14.593519Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-16.xml b/glsa-202412-16.xml
new file mode 100644
index 00000000..af826ff2
--- /dev/null
+++ b/glsa-202412-16.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-16">
+ <title>libvirt: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in libvirt, the worst of which could lead to a denial of service.</synopsis>
+ <product type="ebuild">libvirt</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>908042</bug>
+ <bug>916497</bug>
+ <bug>929966</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-emulation/libvirt" auto="yes" arch="*">
+ <unaffected range="ge">10.2.0</unaffected>
+ <vulnerable range="lt">10.2.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libvirt users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-10.2.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-2700">CVE-2023-2700</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-3750">CVE-2023-3750</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2494">CVE-2024-2494</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T08:41:12.324140Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T08:41:12.327199Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-17.xml b/glsa-202412-17.xml
new file mode 100644
index 00000000..e30b8e8c
--- /dev/null
+++ b/glsa-202412-17.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-17">
+ <title>idna: Denial of Service</title>
+ <synopsis>A vulnerability has been discovered in idna, which can lead to a denial of service.</synopsis>
+ <product type="ebuild">idna</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>929208</bug>
+ <access>local</access>
+ <affected>
+ <package name="dev-python/idna" auto="yes" arch="*">
+ <unaffected range="ge">3.7</unaffected>
+ <vulnerable range="lt">3.7</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Internationalized Domain Names for Python (IDNA 2008 and UTS #46)</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in idna. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifier for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All idna users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/idna-3.7"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3651">CVE-2024-3651</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T09:59:38.412294Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T09:59:38.415710Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-18.xml b/glsa-202412-18.xml
new file mode 100644
index 00000000..6d486fe4
--- /dev/null
+++ b/glsa-202412-18.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-18">
+ <title>Distrobox: Arbitrary Code Execution</title>
+ <synopsis>A vulnerability has been discovered in Distrobox, which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">distrobox</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>927742</bug>
+ <access>local</access>
+ <affected>
+ <package name="app-containers/distrobox" auto="yes" arch="*">
+ <unaffected range="ge">1.7.0.1</unaffected>
+ <vulnerable range="lt">1.7.0.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Use any Linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Distrobox uses podman, docker or lilipod to create containers using the Linux distribution of your choice. The created container will be tightly integrated with the host, allowing sharing of the HOME directory of the user, external storage, external USB devices and graphical apps (X11/Wayland), and audio.</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in Distrobox. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifier for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Distrobox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-containers/distrobox-1.7.0.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-29864">CVE-2024-29864</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T11:59:52.896177Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T11:59:52.901538Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-19.xml b/glsa-202412-19.xml
new file mode 100644
index 00000000..e00b2b93
--- /dev/null
+++ b/glsa-202412-19.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-19">
+ <title>eza: Arbitrary Code Execution</title>
+ <synopsis>A vulnerability has been discovered in eza, which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">eza</product>
+ <announced>2024-12-11</announced>
+ <revised count="1">2024-12-11</revised>
+ <bug>926532</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-apps/eza" auto="yes" arch="*">
+ <unaffected range="ge">0.18.6</unaffected>
+ <vulnerable range="lt">0.18.6</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>eza is a modern, maintained replacement for ls, written in rust.</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in eza. Please review the CVE identifier referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>A buffer overflow vulnerability in eza allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All eza users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/eza-0.18.6"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-25817">CVE-2024-25817</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-11T12:01:47.731410Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-11T12:01:47.734155Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202412-20.xml b/glsa-202412-20.xml
new file mode 100644
index 00000000..0156abad
--- /dev/null
+++ b/glsa-202412-20.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-20">
+ <title>NVIDIA Drivers: Privilege Escalation</title>
+ <synopsis>Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in privilege escalation.</synopsis>
+ <product type="ebuild">nvidia-drivers</product>
+ <announced>2024-12-14</announced>
+ <revised count="1">2024-12-14</revised>
+ <bug>942031</bug>
+ <access>local</access>
+ <affected>
+ <package name="x11-drivers/nvidia-drivers" auto="yes" arch="*">
+ <unaffected range="ge">535.216.01</unaffected>
+ <unaffected range="ge">550.127.05</unaffected>
+ <vulnerable range="lt">535.216.01</vulnerable>
+ <vulnerable range="lt">550.127.05</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>NVIDIA Drivers are NVIDIA&#39;s accelerated graphics driver.</p>
+ </background>
+ <description>
+ <p>A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifier for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All NVIDIA Drivers 535 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.216.01:0/535"
+ </code>
+
+ <p>All NVIDIA Drivers 550 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-550.127.05:0/550"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0126">CVE-2024-0126</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-12-14T11:01:53.093210Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-12-14T11:01:53.097240Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-01.xml b/glsa-202501-01.xml
new file mode 100644
index 00000000..86472360
--- /dev/null
+++ b/glsa-202501-01.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-01">
+ <title>rsync: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in rsync, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">rsync</product>
+ <announced>2025-01-15</announced>
+ <revised count="1">2025-01-15</revised>
+ <bug>948106</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-misc/rsync" auto="yes" arch="*">
+ <unaffected range="ge">3.3.0-r2</unaffected>
+ <vulnerable range="lt">3.3.0-r2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo&#39;s Portage tree.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All rsync users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.3.0-r2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-12084">CVE-2024-12084</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-12085">CVE-2024-12085</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-12086">CVE-2024-12086</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-12087">CVE-2024-12087</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-12088">CVE-2024-12088</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-12747">CVE-2024-12747</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-15T17:18:08.215935Z">sam</metadata>
+ <metadata tag="submitter" timestamp="2025-01-15T17:18:08.218034Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-02.xml b/glsa-202501-02.xml
new file mode 100644
index 00000000..1f914bd8
--- /dev/null
+++ b/glsa-202501-02.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-02">
+ <title>GIMP: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">gimp</product>
+ <announced>2025-01-17</announced>
+ <revised count="2">2025-01-18</revised>
+ <bug>845402</bug>
+ <bug>856283</bug>
+ <bug>917406</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-gfx/gimp" auto="yes" arch="*">
+ <unaffected range="ge">2.10.36</unaffected>
+ <vulnerable range="lt">2.10.36</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All GIMP users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.10.36"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30067">CVE-2022-30067</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-32990">CVE-2022-32990</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44441">CVE-2023-44441</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44442">CVE-2023-44442</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44443">CVE-2023-44443</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-44444">CVE-2023-44444</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-17T07:05:31.622583Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-17T07:05:31.625362Z">graaff</metadata>
+</glsa>
diff --git a/glsa-202501-03.xml b/glsa-202501-03.xml
new file mode 100644
index 00000000..63c8aa14
--- /dev/null
+++ b/glsa-202501-03.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-03">
+ <title>pip: arbitrary configuration injection</title>
+ <synopsis>A vulnerability has been discovered in pip, which could lead to arbitrary configuration options being injected.</synopsis>
+ <product type="ebuild">pip</product>
+ <announced>2025-01-17</announced>
+ <revised count="1">2025-01-17</revised>
+ <bug>918427</bug>
+ <access>local</access>
+ <affected>
+ <package name="dev-python/pip" auto="yes" arch="*">
+ <unaffected range="ge">23.3</unaffected>
+ <vulnerable range="lt">23.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>pip is a tool for installing and managing Python packages.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in pip. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>When installing a package from a Mercurial VCS URL (ie &#34;pip install hg+...&#34;), the specified Mercurial revision could be used to inject arbitrary configuration options to the &#34;hg clone&#34; call (ie &#34;--config&#34;). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren&#39;t installing from Mercurial.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All pip users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pip-23.3"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5752">CVE-2023-5752</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-17T07:08:02.410954Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-17T07:08:02.413296Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-04.xml b/glsa-202501-04.xml
new file mode 100644
index 00000000..c4de7150
--- /dev/null
+++ b/glsa-202501-04.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-04">
+ <title>Yubico pam-u2f: Partial Authentication Bypass</title>
+ <synopsis>A vulnerability has been discovered in Yubico pam-u2f, which can lead to a partial authentication bypass.</synopsis>
+ <product type="ebuild">pam_u2f</product>
+ <announced>2025-01-23</announced>
+ <revised count="1">2025-01-23</revised>
+ <bug>948201</bug>
+ <access>local</access>
+ <affected>
+ <package name="sys-auth/pam_u2f" auto="yes" arch="*">
+ <unaffected range="ge">1.3.2</unaffected>
+ <vulnerable range="lt">1.3.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Yubico pam-u2f is a PAM module for FIDO2 and U2F keys.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Depending on specific settings and usage scenarios the result of the pam-u2f module may be altered or ignored.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Yubico pam-u2f users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/pam_u2f-1.3.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-23013">CVE-2025-23013</uri>
+ <uri link="https://www.yubico.com/support/security-advisories/YSA-2025-01">YSA-2025-01</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-23T06:15:02.537459Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-23T06:15:02.541001Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-05.xml b/glsa-202501-05.xml
new file mode 100644
index 00000000..db168d63
--- /dev/null
+++ b/glsa-202501-05.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-05">
+ <title>libuv: Hostname Truncation</title>
+ <synopsis>A vulnerability has been discovered in libuv, where hostname truncation can lead to attacker-controlled lookups.</synopsis>
+ <product type="ebuild">libuv</product>
+ <announced>2025-01-23</announced>
+ <revised count="1">2025-01-23</revised>
+ <bug>924127</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/libuv" auto="yes" arch="*">
+ <unaffected range="ge">1.48.0</unaffected>
+ <vulnerable range="lt">1.48.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libuv is a multi-platform support library with a focus on asynchronous I/O.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libuv. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>The uv_getaddrinfo function in src/unix/getaddrinfo.c truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses like 0x00007f000001, which are considered valid by getaddrinfo and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libuv users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libuv-1.48.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-24806">CVE-2024-24806</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-23T06:16:58.811764Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-23T06:16:58.815474Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-06.xml b/glsa-202501-06.xml
new file mode 100644
index 00000000..eb611460
--- /dev/null
+++ b/glsa-202501-06.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-06">
+ <title>GPL Ghostscript: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">ghostscript-gpl</product>
+ <announced>2025-01-23</announced>
+ <revised count="1">2025-01-23</revised>
+ <bug>942639</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-text/ghostscript-gpl" auto="yes" arch="*">
+ <unaffected range="ge">10.04.0</unaffected>
+ <vulnerable range="lt">10.04.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Ghostscript is an interpreter for the PostScript language and for PDF.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All GPL Ghostscript users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-10.04.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-46951">CVE-2024-46951</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-46952">CVE-2024-46952</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-46953">CVE-2024-46953</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-46954">CVE-2024-46954</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-46955">CVE-2024-46955</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-46956">CVE-2024-46956</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-23T06:18:34.082233Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-23T06:18:34.085244Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-07.xml b/glsa-202501-07.xml
new file mode 100644
index 00000000..51811220
--- /dev/null
+++ b/glsa-202501-07.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-07">
+ <title>libgsf: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in libgsf, the worst of which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">libgsf</product>
+ <announced>2025-01-23</announced>
+ <revised count="1">2025-01-23</revised>
+ <bug>940777</bug>
+ <access>remote</access>
+ <affected>
+ <package name="gnome-extra/libgsf" auto="yes" arch="*">
+ <unaffected range="ge">1.14.53</unaffected>
+ <vulnerable range="lt">1.14.53</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>The GNOME Structured File Library is an I/O library that can read and write common file types and handle structured formats that provide file-system-in-a-file semantics.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libgsf. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libgsf users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=gnome-extra/libgsf-1.14.53"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-36474">CVE-2024-36474</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-42415">CVE-2024-42415</uri>
+ <uri>TALOS-2024-2068</uri>
+ <uri>TALOS-2024-2069</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-23T06:25:02.419159Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-23T06:25:02.421783Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-08.xml b/glsa-202501-08.xml
new file mode 100644
index 00000000..153f3a37
--- /dev/null
+++ b/glsa-202501-08.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-08">
+ <title>Qt: Buffer Overflow</title>
+ <synopsis>A vulnerability has been discovered in Qt, where a buffer overflow can lead to denial of service.</synopsis>
+ <product type="ebuild">qtbase,qtcore</product>
+ <announced>2025-01-23</announced>
+ <revised count="1">2025-01-23</revised>
+ <bug>911790</bug>
+ <access>local</access>
+ <affected>
+ <package name="dev-qt/qtbase" auto="yes" arch="*">
+ <unaffected range="ge">6.5.2</unaffected>
+ <vulnerable range="lt">6.5.2</vulnerable>
+ </package>
+ <package name="dev-qt/qtcore" auto="yes" arch="*">
+ <unaffected range="ge">5.15.10-r1</unaffected>
+ <vulnerable range="lt">5.15.10-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Qt is a cross-platform application development framework.</p>
+ </background>
+ <description>
+ <p>When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash or freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Qt users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtcore-5.15.10-r1"
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.5.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37369">CVE-2023-37369</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-38197">CVE-2023-38197</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-23T07:21:01.913237Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-23T07:21:01.915567Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-09.xml b/glsa-202501-09.xml
new file mode 100644
index 00000000..99697342
--- /dev/null
+++ b/glsa-202501-09.xml
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-09">
+ <title>QtWebEngine: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">qtwebengine</product>
+ <announced>2025-01-23</announced>
+ <revised count="1">2025-01-23</revised>
+ <bug>944807</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-qt/qtwebengine" auto="yes" arch="*">
+ <unaffected range="ge">5.15.16_p20241115</unaffected>
+ <vulnerable range="lt">5.15.16_p20241115</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All QtWebEngine users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.16_p20241115"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4058">CVE-2024-4058</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4059">CVE-2024-4059</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4060">CVE-2024-4060</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4558">CVE-2024-4558</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4559">CVE-2024-4559</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4761">CVE-2024-4761</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5157">CVE-2024-5157</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5158">CVE-2024-5158</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5159">CVE-2024-5159</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5160">CVE-2024-5160</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5830">CVE-2024-5830</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5831">CVE-2024-5831</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5832">CVE-2024-5832</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5833">CVE-2024-5833</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5834">CVE-2024-5834</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5835">CVE-2024-5835</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5836">CVE-2024-5836</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5837">CVE-2024-5837</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5838">CVE-2024-5838</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5839">CVE-2024-5839</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5840">CVE-2024-5840</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5841">CVE-2024-5841</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5842">CVE-2024-5842</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5843">CVE-2024-5843</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5844">CVE-2024-5844</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5845">CVE-2024-5845</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5846">CVE-2024-5846</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5847">CVE-2024-5847</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6290">CVE-2024-6290</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6291">CVE-2024-6291</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6292">CVE-2024-6292</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6293">CVE-2024-6293</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6988">CVE-2024-6988</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6989">CVE-2024-6989</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6991">CVE-2024-6991</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6994">CVE-2024-6994</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6995">CVE-2024-6995</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6996">CVE-2024-6996</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6997">CVE-2024-6997</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6998">CVE-2024-6998</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6999">CVE-2024-6999</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7000">CVE-2024-7000</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7001">CVE-2024-7001</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7003">CVE-2024-7003</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7004">CVE-2024-7004</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7005">CVE-2024-7005</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7532">CVE-2024-7532</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7533">CVE-2024-7533</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7534">CVE-2024-7534</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7535">CVE-2024-7535</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7536">CVE-2024-7536</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7550">CVE-2024-7550</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7964">CVE-2024-7964</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7965">CVE-2024-7965</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7966">CVE-2024-7966</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7967">CVE-2024-7967</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7968">CVE-2024-7968</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7969">CVE-2024-7969</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7971">CVE-2024-7971</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7972">CVE-2024-7972</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7973">CVE-2024-7973</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7974">CVE-2024-7974</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7975">CVE-2024-7975</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7976">CVE-2024-7976</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7977">CVE-2024-7977</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7978">CVE-2024-7978</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7979">CVE-2024-7979</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7980">CVE-2024-7980</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7981">CVE-2024-7981</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8033">CVE-2024-8033</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8034">CVE-2024-8034</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8035">CVE-2024-8035</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8193">CVE-2024-8193</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8194">CVE-2024-8194</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8198">CVE-2024-8198</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8636">CVE-2024-8636</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8637">CVE-2024-8637</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8638">CVE-2024-8638</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8639">CVE-2024-8639</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9120">CVE-2024-9120</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9121">CVE-2024-9121</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9122">CVE-2024-9122</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9123">CVE-2024-9123</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9602">CVE-2024-9602</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9603">CVE-2024-9603</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10229">CVE-2024-10229</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10230">CVE-2024-10230</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10231">CVE-2024-10231</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10826">CVE-2024-10826</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10827">CVE-2024-10827</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-45490">CVE-2024-45490</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-45491">CVE-2024-45491</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-45492">CVE-2024-45492</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-23T07:22:20.140856Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-23T07:22:20.142818Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-10.xml b/glsa-202501-10.xml
new file mode 100644
index 00000000..e8e9b1c0
--- /dev/null
+++ b/glsa-202501-10.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-10">
+ <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">firefox,firefox-bin</product>
+ <announced>2025-01-23</announced>
+ <revised count="1">2025-01-23</revised>
+ <bug>942469</bug>
+ <bug>945050</bug>
+ <bug>948113</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/firefox" auto="yes" arch="*">
+ <unaffected range="ge" slot="rapid">134.0</unaffected>
+ <unaffected range="ge" slot="esr">128.6.0</unaffected>
+ <vulnerable range="lt" slot="rapid">134.0</vulnerable>
+ <vulnerable range="lt" slot="esr">128.6.0</vulnerable>
+ </package>
+ <package name="www-client/firefox-bin" auto="yes" arch="*">
+ <unaffected range="ge" slot="rapid">134.0</unaffected>
+ <unaffected range="ge" slot="esr">128.6.0</unaffected>
+ <vulnerable range="lt" slot="rapid">134.0</vulnerable>
+ <vulnerable range="lt" slot="esr">128.6.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Firefox users should upgrade to the latest version in their release channel:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-134.0:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.6.0:esr"
+ </code>
+
+ <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-134.0:rapid"
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-128.6.0:esr"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10458">CVE-2024-10458</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10459">CVE-2024-10459</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10460">CVE-2024-10460</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10461">CVE-2024-10461</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10462">CVE-2024-10462</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10463">CVE-2024-10463</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10464">CVE-2024-10464</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10465">CVE-2024-10465</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10466">CVE-2024-10466</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10467">CVE-2024-10467</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10468">CVE-2024-10468</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11692">CVE-2024-11692</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11694">CVE-2024-11694</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11695">CVE-2024-11695</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11696">CVE-2024-11696</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11697">CVE-2024-11697</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11699">CVE-2024-11699</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11700">CVE-2024-11700</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11701">CVE-2024-11701</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11704">CVE-2024-11704</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11705">CVE-2024-11705</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11706">CVE-2024-11706</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11708">CVE-2024-11708</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0237">CVE-2025-0237</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0238">CVE-2025-0238</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0239">CVE-2025-0239</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0240">CVE-2025-0240</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0241">CVE-2025-0241</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0242">CVE-2025-0242</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0243">CVE-2025-0243</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0247">CVE-2025-0247</uri>
+ <uri>MFSA2024-55</uri>
+ <uri>MFSA2024-56</uri>
+ <uri>MFSA2024-57</uri>
+ <uri>MFSA2024-58</uri>
+ <uri>MFSA2024-59</uri>
+ <uri>MFSA2024-63</uri>
+ <uri>MFSA2024-64</uri>
+ <uri>MFSA2024-65</uri>
+ <uri>MFSA2024-67</uri>
+ <uri>MFSA2024-68</uri>
+ <uri>MFSA2025-01</uri>
+ <uri>MFSA2025-02</uri>
+ <uri>MFSA2025-05</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-23T07:24:25.583285Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-23T07:24:25.586463Z">graaff</metadata>
+</glsa> \ No newline at end of file
diff --git a/glsa-202501-11.xml b/glsa-202501-11.xml
new file mode 100644
index 00000000..4222591d
--- /dev/null
+++ b/glsa-202501-11.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202501-11">
+ <title>PHP: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution.</synopsis>
+ <product type="ebuild">php</product>
+ <announced>2025-01-23</announced>
+ <revised count="1">2025-01-23</revised>
+ <bug>941598</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-lang/php" auto="yes" arch="*">
+ <unaffected range="ge" slot="8.2">8.2.24</unaffected>
+ <unaffected range="ge" slot="8.3">8.3.12</unaffected>
+ <vulnerable range="lt" slot="8.2">8.2.24</vulnerable>
+ <vulnerable range="lt" slot="8.3">8.3.12</vulnerable>
+ <vulnerable range="lt" slot="8.1">8.1.30</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All PHP users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-8.2.24:8.2"
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-8.3.12:8.3"
+ </code>
+
+ <p>Gentoo has discontinued support for php 8.1:</p>
+
+ <code>
+ # emerge --ask --verbose --depclean "dev-lang/php:8.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8925">CVE-2024-8925</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8927">CVE-2024-8927</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9026">CVE-2024-9026</uri>
+ </references>
+ <metadata tag="requester" timestamp="2025-01-23T07:26:35.892309Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2025-01-23T07:26:35.894806Z">graaff</metadata>
+</glsa> \ No newline at end of file