Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorRepository mirror & CI <repomirrorci@gentoo.org>2022-10-16 14:48:37 +0000
committerRepository mirror & CI <repomirrorci@gentoo.org>2022-10-16 14:48:37 +0000
commit248cd91125218de8e7e922653810c544ebe7f619 (patch)
treef4ced161d9421774d92be18135f7fb8b1abdc275 /metadata/glsa
parent2022-10-16 14:34:02 UTC (diff)
parent[ GLSA 202210-09 ] Rust: Multiple Vulnerabilities (diff)
downloadgentoo-248cd91125218de8e7e922653810c544ebe7f619.tar.gz
gentoo-248cd91125218de8e7e922653810c544ebe7f619.tar.bz2
gentoo-248cd91125218de8e7e922653810c544ebe7f619.zip
Merge commit 'cda5f646cd9bc370223b79be59deee389a0caeef'
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/glsa-202210-01.xml42
-rw-r--r--metadata/glsa/glsa-202210-02.xml54
-rw-r--r--metadata/glsa/glsa-202210-03.xml45
-rw-r--r--metadata/glsa/glsa-202210-04.xml68
-rw-r--r--metadata/glsa/glsa-202210-05.xml43
-rw-r--r--metadata/glsa/glsa-202210-06.xml60
-rw-r--r--metadata/glsa/glsa-202210-07.xml42
-rw-r--r--metadata/glsa/glsa-202210-08.xml54
-rw-r--r--metadata/glsa/glsa-202210-09.xml76
9 files changed, 484 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-202210-01.xml b/metadata/glsa/glsa-202210-01.xml
new file mode 100644
index 000000000000..2fdb25ec8e09
--- /dev/null
+++ b/metadata/glsa/glsa-202210-01.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-01">
+ <title>Open Asset Import Library (&#34;assimp&#34;): Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Open Asset Import Library, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">assimp</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>830374</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/assimp" auto="yes" arch="*">
+ <unaffected range="ge">5.2.2</unaffected>
+ <vulnerable range="lt">5.2.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Open Asset Import Library is a library to import and export various 3d-model-formats including scene-post-processing to generate missing render data.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Open Asset Import Library users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/assimp-5.2.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45948">CVE-2021-45948</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:26:28.704832Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:26:28.710311Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-02.xml b/metadata/glsa/glsa-202210-02.xml
new file mode 100644
index 000000000000..517756557064
--- /dev/null
+++ b/metadata/glsa/glsa-202210-02.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-02">
+ <title>OpenSSL: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">openssl</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>741570</bug>
+ <bug>809980</bug>
+ <bug>832339</bug>
+ <bug>835343</bug>
+ <bug>842489</bug>
+ <bug>856592</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/openssl" auto="yes" arch="*">
+ <unaffected range="ge">1.1.1q</unaffected>
+ <vulnerable range="lt">1.1.1q</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OpenSSL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1q"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1968">CVE-2020-1968</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3711">CVE-2021-3711</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3712">CVE-2021-3712</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4160">CVE-2021-4160</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0778">CVE-2022-0778</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1292">CVE-2022-1292</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1473">CVE-2022-1473</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2097">CVE-2022-2097</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:27:07.365886Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:27:07.370780Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202210-03.xml b/metadata/glsa/glsa-202210-03.xml
new file mode 100644
index 000000000000..22e5f517c9fc
--- /dev/null
+++ b/metadata/glsa/glsa-202210-03.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-03">
+ <title>libxml2: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in libxml2, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">libxml2</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>833809</bug>
+ <bug>842261</bug>
+ <bug>865727</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/libxml2" auto="yes" arch="*">
+ <unaffected range="ge">2.10.2</unaffected>
+ <vulnerable range="lt">2.10.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libxml2 is the XML C parser and toolkit developed for the GNOME project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libxml2 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23308">CVE-2022-23308</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29824">CVE-2022-29824</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:40:08.100268Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:40:08.111318Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-04.xml b/metadata/glsa/glsa-202210-04.xml
new file mode 100644
index 000000000000..78e40dcfbbeb
--- /dev/null
+++ b/metadata/glsa/glsa-202210-04.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-04">
+ <title>Wireshark: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Wireshark, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">wireshark</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>802216</bug>
+ <bug>824474</bug>
+ <bug>830343</bug>
+ <bug>833294</bug>
+ <bug>869140</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/wireshark" auto="yes" arch="*">
+ <unaffected range="ge">3.6.8</unaffected>
+ <vulnerable range="lt">3.6.8</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Wireshark is a versatile network protocol analyzer.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Wireshark users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-3.6.8"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4181">CVE-2021-4181</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4182">CVE-2021-4182</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4183">CVE-2021-4183</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4184">CVE-2021-4184</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4185">CVE-2021-4185</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4186">CVE-2021-4186</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4190">CVE-2021-4190</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22235">CVE-2021-22235</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39920">CVE-2021-39920</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39921">CVE-2021-39921</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39922">CVE-2021-39922</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39924">CVE-2021-39924</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39925">CVE-2021-39925</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39926">CVE-2021-39926</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39928">CVE-2021-39928</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39929">CVE-2021-39929</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0581">CVE-2022-0581</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0582">CVE-2022-0582</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0583">CVE-2022-0583</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0585">CVE-2022-0585</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0586">CVE-2022-0586</uri>
+ <uri>WNPA-SEC-2021-06</uri>
+ <uri>WNPA-SEC-2022-06</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:40:26.419748Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:40:26.423750Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-05.xml b/metadata/glsa/glsa-202210-05.xml
new file mode 100644
index 000000000000..ef3f45395091
--- /dev/null
+++ b/metadata/glsa/glsa-202210-05.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-05">
+ <title>virglrenderer: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in virglrenderer, the worst of which could result in remote code execution.</synopsis>
+ <product type="ebuild">virglrenderer</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>866821</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/virglrenderer" auto="yes" arch="*">
+ <unaffected range="ge">0.10.1</unaffected>
+ <vulnerable range="lt">0.10.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>A virtual 3D GPU library, that allows the guest operating system to use the host GPU to accelerate 3D rendering.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in virglrenderer. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All virglrenderer users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/virglrenderer-0.10.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0135">CVE-2022-0135</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0175">CVE-2022-0175</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:41:23.560398Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:41:23.564666Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-06.xml b/metadata/glsa/glsa-202210-06.xml
new file mode 100644
index 000000000000..2133f4bfc472
--- /dev/null
+++ b/metadata/glsa/glsa-202210-06.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-06">
+ <title>libvirt: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in libvirt, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">libvirt,libvirt-python</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>746119</bug>
+ <bug>799713</bug>
+ <bug>812317</bug>
+ <bug>836128</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-emulation/libvirt" auto="yes" arch="*">
+ <unaffected range="ge">8.2.0</unaffected>
+ <vulnerable range="lt">8.2.0</vulnerable>
+ </package>
+ <package name="dev-python/libvirt-python" auto="yes" arch="*">
+ <unaffected range="ge">8.2.0</unaffected>
+ <vulnerable range="lt">8.2.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libvirt users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-8.2.0"
+ </code>
+
+ <p>All libvirt-python users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/libvirt-python-8.2.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14339">CVE-2020-14339</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25637">CVE-2020-25637</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3631">CVE-2021-3631</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3667">CVE-2021-3667</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0897">CVE-2022-0897</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:42:10.219617Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:42:10.224150Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-07.xml b/metadata/glsa/glsa-202210-07.xml
new file mode 100644
index 000000000000..23531d82ae8d
--- /dev/null
+++ b/metadata/glsa/glsa-202210-07.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-07">
+ <title>Deluge: Cross-Site Scripting</title>
+ <synopsis>A vulnerability has been found in Deluge which could result in XSS.</synopsis>
+ <product type="ebuild">deluge</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>866842</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-p2p/deluge" auto="yes" arch="*">
+ <unaffected range="ge">2.1.1</unaffected>
+ <vulnerable range="lt">2.1.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Deluge is a BitTorrent client.</p>
+ </background>
+ <description>
+ <p>Deluge does not sufficiently sanitize crafted torrent file data, leading to the application interpreting untrusted data as HTML.</p>
+ </description>
+ <impact type="low">
+ <p>An attacker can achieve XSS via a crafted torrent file.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Deluge users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/deluge-2.1.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3427">CVE-2021-3427</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:42:29.766021Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:42:29.770310Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-08.xml b/metadata/glsa/glsa-202210-08.xml
new file mode 100644
index 000000000000..258553a8b88c
--- /dev/null
+++ b/metadata/glsa/glsa-202210-08.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-08">
+ <title>Tcpreplay: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Tcpreplay, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">tcpreplay</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>833139</bug>
+ <bug>836240</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/tcpreplay" auto="yes" arch="*">
+ <unaffected range="ge">4.4.2</unaffected>
+ <vulnerable range="lt">4.4.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Tcpreplay is a suite of utilities for UNIX systems for editing and replaying network traffic which was previously captured by tools like tcpdump and ethereal/wireshark.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Tcpreplay. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Tcpreplay users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tcpreplay-4.4.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45386">CVE-2021-45386</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45387">CVE-2021-45387</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27416">CVE-2022-27416</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27418">CVE-2022-27418</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27939">CVE-2022-27939</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27940">CVE-2022-27940</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27941">CVE-2022-27941</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27942">CVE-2022-27942</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28487">CVE-2022-28487</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37047">CVE-2022-37047</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37048">CVE-2022-37048</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37049">CVE-2022-37049</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:42:49.366484Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:42:49.370906Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-09.xml b/metadata/glsa/glsa-202210-09.xml
new file mode 100644
index 000000000000..dbb426860d29
--- /dev/null
+++ b/metadata/glsa/glsa-202210-09.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-09">
+ <title>Rust: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">rust,rust-bin</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>870166</bug>
+ <bug>831638</bug>
+ <bug>821157</bug>
+ <bug>807052</bug>
+ <bug>782367</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-lang/rust" auto="yes" arch="*">
+ <unaffected range="ge">1.63.0-r1</unaffected>
+ <vulnerable range="lt">1.63.0-r1</vulnerable>
+ </package>
+ <package name="dev-lang/rust-bin" auto="yes" arch="*">
+ <unaffected range="ge">1.64.0</unaffected>
+ <vulnerable range="lt">1.64.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Rust users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/rust-1.63.0-r1"
+ </code>
+
+ <p>All Rust binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/rust-bin-1.64.0"
+ </code>
+
+ <p>In addition, users using Portage 3.0.38 or later should ensure that packages with Rust binaries have no vulnerable code statically linked into their binaries by rebuilding the @rust-rebuild set:</p>
+
+ <code>
+ # emerge --ask --oneshot --verbose @rust-rebuild
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28875">CVE-2021-28875</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28876">CVE-2021-28876</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28877">CVE-2021-28877</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28878">CVE-2021-28878</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28879">CVE-2021-28879</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29922">CVE-2021-29922</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31162">CVE-2021-31162</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36317">CVE-2021-36317</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36318">CVE-2021-36318</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42574">CVE-2021-42574</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42694">CVE-2021-42694</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21658">CVE-2022-21658</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36113">CVE-2022-36113</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36114">CVE-2022-36114</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:43:11.432733Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:43:11.437329Z">ajak</metadata>
+</glsa> \ No newline at end of file