There is no known workaround at this time.
All XZ utils users should downgrade to the latest version before the backdoor was introduced:
+All XZ utils users should upgrade to the latest fixed version, or downgrade to the latest version before the backdoor was introduced:
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">app-arch/xz-utils-5.6.1"
+
# emerge --sync
# emerge --ask --oneshot --verbose "<app-arch/xz-utils-5.6.0"
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-01.xml
new file mode 100644
index 0000000000..a6e2cd89d1
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-01.xml
@@ -0,0 +1,79 @@
+
+
+
+ Python, PyPy3: Multiple Vulnerabilities
+ Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation.
+ pypy3,pypy3_10,pypy3_9,python
+ 2024-05-04
+ 2024-05-04
+ 884653
+ 897958
+ 908018
+ 912976
+ 919475
+ 927299
+ remote
+
+
+ 3.12.1
+ 3.11.8
+ 3.10.14
+ 3.9.19
+ 3.8.19
+ 3.12.1
+ 3.11.8
+ 3.10.14
+ 3.9.19
+ 3.8.19
+
+
+ 7.3.16
+ 7.3.16
+
+
+ 7.3.16
+ 7.3.16
+
+
+ 7.3.16
+ 7.3.16
+
+
+
+ Python is an interpreted, interactive, object-oriented, cross-platform programming language.
+
+
+ Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All Python, PyPy3 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.1:3.12"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.9:3.11"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.14:3.10"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.19:3.9"
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.19:3.8"
+ # emerge --ask --oneshot --verbose ">=dev-python/pypy3-7.3.16"
+ # emerge --ask --oneshot --verbose ">=dev-python/pypy3_10-7.3.16"
+ # emerge --ask --oneshot --verbose ">=dev-python/pypy3_9-7.3.16"
+
+
+
+ CVE-2023-6507
+ CVE-2023-6597
+ CVE-2023-24329
+ CVE-2023-40217
+ CVE-2023-41105
+ CVE-2024-0450
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-02.xml
new file mode 100644
index 0000000000..edf6010e27
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-02.xml
@@ -0,0 +1,74 @@
+
+
+
+ ImageMagick: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution.
+ imagemagick
+ 2024-05-04
+ 2024-05-04
+ 835931
+ 843833
+ 852947
+ 871954
+ 893526
+ 904357
+ 908082
+ 917594
+ remote
+
+
+ 6.9.13.0
+ 7.1.1.22
+ 6.9.12.88
+ 7.1.1.11
+
+
+
+ ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats.
+
+
+ Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All ImageMagick 6.x users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.13.0" =media-gfx/imagemagick-6*"
+
+
+ All ImageMagick 7.x users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-7.1.1.22"
+
+
+
+ CVE-2021-4219
+ CVE-2021-20224
+ CVE-2022-0284
+ CVE-2022-1115
+ CVE-2022-2719
+ CVE-2022-3213
+ CVE-2022-28463
+ CVE-2022-32545
+ CVE-2022-32546
+ CVE-2022-32547
+ CVE-2022-44267
+ CVE-2022-44268
+ CVE-2023-1906
+ CVE-2023-2157
+ CVE-2023-5341
+ CVE-2023-34151
+ CVE-2023-34153
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-03.xml
new file mode 100644
index 0000000000..71fc1600b2
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-03.xml
@@ -0,0 +1,42 @@
+
+
+
+ Dalli: Code Injection
+ A vulnerability has been discovered in Dalli, which can lead to code injection.
+ dalli
+ 2024-05-04
+ 2024-05-04
+ 882077
+ local and remote
+
+
+ 3.2.3
+ 3.2.3
+
+
+
+ Dalli is a high performance pure Ruby client for accessing memcached servers.
+
+
+ A vulnerability was found in Dalli. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All Dalli users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/dalli-3.2.3"
+
+
+
+ CVE-2022-4064
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-04.xml
new file mode 100644
index 0000000000..d3736199de
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-04.xml
@@ -0,0 +1,44 @@
+
+
+
+ systemd: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service.
+ systemd
+ 2024-05-04
+ 2024-05-04
+ 882769
+ 887581
+ local
+
+
+ 252.4
+ 252.4
+
+
+
+ A system and service manager.
+
+
+ Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All systemd users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/systemd-252.4"
+
+
+
+ CVE-2022-4415
+ CVE-2022-45873
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-05.xml
new file mode 100644
index 0000000000..6a9805c47e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-05.xml
@@ -0,0 +1,55 @@
+
+
+
+ MPlayer: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution.
+ mplayer
+ 2024-05-04
+ 2024-05-04
+ 870406
+ local
+
+
+ 1.5
+ 1.5
+
+
+
+ MPlayer is a media player capable of handling multiple multimedia file formats.
+
+
+ Multiple vulnerabilities have been discovered in MPlayer. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All MPlayer users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.5"
+
+
+
+ CVE-2022-38600
+ CVE-2022-38850
+ CVE-2022-38851
+ CVE-2022-38853
+ CVE-2022-38855
+ CVE-2022-38856
+ CVE-2022-38858
+ CVE-2022-38860
+ CVE-2022-38861
+ CVE-2022-38862
+ CVE-2022-38863
+ CVE-2022-38864
+ CVE-2022-38865
+ CVE-2022-38866
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-06.xml
new file mode 100644
index 0000000000..9d940ce8ac
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-06.xml
@@ -0,0 +1,47 @@
+
+
+
+ mujs: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution.
+ mujs
+ 2024-05-04
+ 2024-05-04
+ 833453
+ 845399
+ 882775
+ remote
+
+
+ 1.3.2
+ 1.3.2
+
+
+
+ mujs is an embeddable Javascript interpreter in C.
+
+
+ Multiple vulnerabilities have been discovered in mujs. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All mujs users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/mujs-1.3.2"
+
+
+
+ CVE-2021-45005
+ CVE-2022-30974
+ CVE-2022-30975
+ CVE-2022-44789
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-07.xml
new file mode 100644
index 0000000000..af058486e8
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-07.xml
@@ -0,0 +1,61 @@
+
+
+
+ HTMLDOC: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution.
+ htmldoc
+ 2024-05-04
+ 2024-05-04
+ 780489
+ local and remote
+
+
+ 1.9.16
+ 1.9.16
+
+
+
+ HTMLDOC is a HTML indexer and HTML to PS and PDF converter.
+
+
+ Multiple vulnerabilities have been discovered in HTMLDOC. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All HTMLDOC users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/htmldoc-1.9.16"
+
+
+
+ CVE-2021-20308
+ CVE-2021-23158
+ CVE-2021-23165
+ CVE-2021-23180
+ CVE-2021-23191
+ CVE-2021-23206
+ CVE-2021-26252
+ CVE-2021-26259
+ CVE-2021-26948
+ CVE-2021-33235
+ CVE-2021-33236
+ CVE-2021-40985
+ CVE-2021-43579
+ CVE-2022-0137
+ CVE-2022-0534
+ CVE-2022-24191
+ CVE-2022-27114
+ CVE-2022-28085
+ CVE-2022-34033
+ CVE-2022-34035
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-08.xml
new file mode 100644
index 0000000000..5bbf791842
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-08.xml
@@ -0,0 +1,48 @@
+
+
+
+ strongSwan: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution.
+ strongswan
+ 2024-05-04
+ 2024-05-04
+ 818841
+ 832460
+ 878887
+ 899964
+ remote
+
+
+ 5.9.10
+ 5.9.10
+
+
+
+ strongSwan is an IPSec implementation for Linux.
+
+
+ Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All strongSwan users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.9.10"
+
+
+
+ CVE-2021-41991
+ CVE-2021-45079
+ CVE-2022-40617
+ CVE-2023-26463
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-09.xml
new file mode 100644
index 0000000000..8a896de227
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-09.xml
@@ -0,0 +1,55 @@
+
+
+
+ MediaInfo, MediaInfoLib: Multiple Vulnerabilities
+ Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution.
+ libmediainfo,mediainfo
+ 2024-05-04
+ 2024-05-04
+ 778992
+ 836564
+ 875374
+ 917612
+ remote
+
+
+ 23.10
+ 23.10
+
+
+ 23.10
+ 23.10
+
+
+
+ MediaInfo supplies technical and tag information about media files. MediaInfoLib contains MediaInfo libraries.
+
+
+ Multiple vulnerabilities have been discovered in MediaInfo and MediaInfoLib. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All MediaInfo users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/mediainfo-23.10"
+
+
+ All MediaInfolib users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libmediainfo-23.10"
+
+
+
+
+ ajak
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-10.xml
new file mode 100644
index 0000000000..c087018a3a
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-10.xml
@@ -0,0 +1,42 @@
+
+
+
+ Setuptools: Denial of Service
+ A vulnerability has been discovered in Setuptools, which can lead to denial of service.
+ setuptools
+ 2024-05-05
+ 2024-05-05
+ 879813
+ remote
+
+
+ 65.5.1
+ 65.5.1
+
+
+
+ Setuptools is a manager for Python packages.
+
+
+ A vulnerability has been discovered in Setuptools. See the impact field.
+
+
+ An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom PackageIndex page.
+
+
+ There is no known workaround at this time.
+
+
+ All Setuptools users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/setuptools-65.5.1"
+
+
+
+ CVE-2022-40897
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-11.xml
new file mode 100644
index 0000000000..8274d0a300
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-11.xml
@@ -0,0 +1,49 @@
+
+
+
+ MIT krb5: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution.
+ mit-krb5
+ 2024-05-05
+ 2024-05-05
+ 803434
+ 809845
+ 879875
+ 917464
+ remote
+
+
+ 1.21.2
+ 1.21.2
+
+
+
+ MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology.
+
+
+ Multiple vulnerabilities have been discovered in MIT krb5. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All MIT krb5 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.21.2"
+
+
+
+ CVE-2021-36222
+ CVE-2021-37750
+ CVE-2022-42898
+ CVE-2023-36054
+ CVE-2023-39975
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-12.xml
new file mode 100644
index 0000000000..8d46bab161
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-12.xml
@@ -0,0 +1,46 @@
+
+
+
+ Pillow: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution.
+ pillow
+ 2024-05-05
+ 2024-05-05
+ 889594
+ 903664
+ 916907
+ 922577
+ remote
+
+
+ 10.2.0
+ 10.2.0
+
+
+
+ The friendly PIL fork.
+
+
+ Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All Pillow users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pillow-10.2.0"
+
+
+
+ CVE-2023-44271
+ CVE-2023-50447
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-13.xml
new file mode 100644
index 0000000000..18cc95cd51
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-13.xml
@@ -0,0 +1,41 @@
+
+
+
+ borgmatic: Shell Injection
+ A vulnerability has been discovered in borgmatic, which can lead to shell injection.
+ borgmatic
+ 2024-05-05
+ 2024-05-05
+ 924892
+ remote
+
+
+ 1.8.8
+ 1.8.8
+
+
+
+ borgmatic is simple, configuration-driven backup software for servers and workstations.
+
+
+ Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation.
+
+
+ Shell injection may be used in several borgmatic backends to execute arbitrary code.
+
+
+ There is no known workaround at this time.
+
+
+ All borgmatic users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-backup/borgmatic-1.8.8"
+
+
+
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-14.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-14.xml
new file mode 100644
index 0000000000..b66d4faff8
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-14.xml
@@ -0,0 +1,57 @@
+
+
+
+ QtWebEngine: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.
+ qtwebengine
+ 2024-05-05
+ 2024-05-05
+ 927746
+ remote
+
+
+ 5.15.13_p20240322
+ 5.15.13_p20240322
+
+
+
+ QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications.
+
+
+ Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All QtWebEngine users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.13_p20240322"
+
+
+
+ CVE-2024-0804
+ CVE-2024-0805
+ CVE-2024-0806
+ CVE-2024-0807
+ CVE-2024-0808
+ CVE-2024-0809
+ CVE-2024-0810
+ CVE-2024-0811
+ CVE-2024-0812
+ CVE-2024-0813
+ CVE-2024-0814
+ CVE-2024-1059
+ CVE-2024-1060
+ CVE-2024-1077
+ CVE-2024-1283
+ CVE-2024-1284
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-15.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-15.xml
new file mode 100644
index 0000000000..3e9f5e37a0
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-15.xml
@@ -0,0 +1,82 @@
+
+
+
+ Mozilla Firefox: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution.
+ firefox,firefox-bin
+ 2024-05-05
+ 2024-05-05
+ 925122
+ remote
+
+
+ 123.0
+ 115.8.0
+ 123.0
+ 115.8.0
+
+
+ 123.0
+ 115.8.0
+ 123.0
+ 115.8.0
+
+
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+
+
+ Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All Mozilla Firefox rapid release users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-123.0"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-123.0"
+
+
+ All Mozilla Firefox ESR users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.8.0:esr"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-115.8.0:esr"
+
+
+
+ CVE-2024-1546
+ CVE-2024-1547
+ CVE-2024-1548
+ CVE-2024-1549
+ CVE-2024-1550
+ CVE-2024-1551
+ CVE-2024-1552
+ CVE-2024-1553
+ CVE-2024-1554
+ CVE-2024-1555
+ CVE-2024-1556
+ CVE-2024-1557
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-16.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-16.xml
new file mode 100644
index 0000000000..04da4682d8
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-16.xml
@@ -0,0 +1,43 @@
+
+
+
+ Apache Commons BCEL: Remote Code Execution
+ A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution.
+ bcel
+ 2024-05-05
+ 2024-05-05
+ 880447
+ remote
+
+
+ 6.6.0
+ 6.6.0
+
+
+
+ The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class).
+
+
+ A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details.
+
+
+ Please review the referenced CVE identifier for details.
+
+
+ There is no known workaround at this time.
+
+
+ All Apache Commons BCEL users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/bcel-6.6.0"
+
+
+
+ CVE-2022-34169
+ CVE-2022-42920
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-17.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-17.xml
new file mode 100644
index 0000000000..07d4418f12
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-17.xml
@@ -0,0 +1,52 @@
+
+
+
+ glibc: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in glibc, the worst of which could lead to remote code execution.
+ glibc
+ 2024-05-06
+ 2024-05-06
+ 930177
+ 930667
+ remote
+
+
+ 2.38-r13
+ 2.38-r13
+
+
+
+ glibc is a package that contains the GNU C library.
+
+
+ Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All glibc users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.38-r13"
+
+
+
+ CVE-2024-2961
+ CVE-2024-33599
+ CVE-2024-33600
+ CVE-2024-33601
+ CVE-2024-33602
+ GLIBC-SA-2024-0004
+ GLIBC-SA-2024-0005
+ GLIBC-SA-2024-0006
+ GLIBC-SA-2024-0007
+ GLIBC-SA-2024-0008
+
+ sam
+ sam
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-18.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-18.xml
new file mode 100644
index 0000000000..ecec50f0d1
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-18.xml
@@ -0,0 +1,49 @@
+
+
+
+ Xpdf: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution.
+ xpdf
+ 2024-05-07
+ 2024-05-07
+ 755938
+ 840873
+ remote
+
+
+ 4.04
+ 4.04
+
+
+
+ Xpdf is an X viewer for PDF files.
+
+
+ Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All Xpdf users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-4.04"
+
+
+
+ CVE-2020-25725
+ CVE-2020-35376
+ CVE-2021-27548
+ CVE-2022-24106
+ CVE-2022-24107
+ CVE-2022-27135
+ CVE-2022-38171
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-19.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-19.xml
new file mode 100644
index 0000000000..5ae43a639f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-19.xml
@@ -0,0 +1,42 @@
+
+
+
+ xar: Unsafe Extraction
+ A vulnerability has been discovered in xar, which can lead to privilege escalation.
+ xar
+ 2024-05-07
+ 2024-05-07
+ 820641
+ remote
+
+
+ 1.8.0.0.487.100.1
+ 1.8.0.0.487.100.1
+
+
+
+ xar provides an easily extensible archive format.
+
+
+ A vulnerability has been discovered in xar. Please review the CVE identifier referenced below for details.
+
+
+ xar allows for a forward-slash separated path to be specified in the file name property, e.g. <name>x/foo</name> – as long as it doesn’t traverse upwards, and the path exists within the current directory. This means an attacker can create a .xar file which contains both a directory symlink, and a file with a name property which points into the extracted symlink directory. By abusing symlink directories in this manner, an attacker can write arbitrary files to any directory on the filesystem – providing the user has permissions to write to it.
+
+
+ There is no known workaround at this time.
+
+
+ All xar users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/xar-1.8.0.0.487.100.1"
+
+
+
+ CVE-2021-30833
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-20.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-20.xml
new file mode 100644
index 0000000000..e8bf7d00eb
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-20.xml
@@ -0,0 +1,58 @@
+
+
+
+ libjpeg-turbo: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead to arbitrary code execution.
+ libjpeg-turbo
+ 2024-05-07
+ 2024-05-07
+ 797424
+ 814206
+ remote
+
+
+ 2.1.1
+ 2.1.1
+
+
+
+ libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library.
+
+
+ Multiple vulnerabilities have been discovered in libjpeg-turbo. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All libjpeg-turbo users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libjpeg-turbo-2.1.1"
+
+
+
+ CVE-2020-17541
+ CVE-2021-37956
+ CVE-2021-37957
+ CVE-2021-37958
+ CVE-2021-37959
+ CVE-2021-37960
+ CVE-2021-37961
+ CVE-2021-37962
+ CVE-2021-37963
+ CVE-2021-37965
+ CVE-2021-37966
+ CVE-2021-37967
+ CVE-2021-37968
+ CVE-2021-37970
+ CVE-2021-37971
+ CVE-2021-37972
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-21.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-21.xml
new file mode 100644
index 0000000000..fe0ce1ff7f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-21.xml
@@ -0,0 +1,42 @@
+
+
+
+ Commons-BeanUtils: Improper Access Restriction
+ A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code.
+ commons-beanutils
+ 2024-05-08
+ 2024-05-08
+ 739346
+ remote
+
+
+ 1.9.4
+ 1.9.4
+
+
+
+ Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs
+
+
+ A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All Commons-BeanUtils users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/commons-beanutils-1.9.4"
+
+
+
+ CVE-2019-10086
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-22.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-22.xml
new file mode 100644
index 0000000000..d49835dbc2
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-22.xml
@@ -0,0 +1,46 @@
+
+
+
+ rsync: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in rsync, the worst of which can lead to denial of service or information disclosure.
+ rsync
+ 2024-05-08
+ 2024-05-08
+ 792576
+ 838724
+ 862876
+ remote
+
+
+ 3.2.5_pre1
+ 3.2.5_pre1
+
+
+
+ rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree.
+
+
+ Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All rsync users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.2.5_pre1"
+
+
+
+ CVE-2018-25032
+ CVE-2020-14387
+ CVE-2022-29154
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-23.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-23.xml
new file mode 100644
index 0000000000..e27b66cb42
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-23.xml
@@ -0,0 +1,42 @@
+
+
+
+ U-Boot tools: double free vulnerability
+ A vulnerability has been discovered in U-Boot tools which can lead to execution of arbitary code.
+ u-boot-tools
+ 2024-05-08
+ 2024-05-08
+ 717000
+ remote
+
+
+ 2020.04
+ 2020.04
+
+
+
+ U-Boot tools provides utiiities for working with Das U-Boot.
+
+
+ A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details.
+
+
+ In Das U-Boot a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code.
+
+
+ There is no known workaround at this time.
+
+
+ All U-Boot tools users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-embedded/u-boot-tools-2020.04"
+
+
+
+ CVE-2020-8432
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-24.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-24.xml
new file mode 100644
index 0000000000..e0e2b0211e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-24.xml
@@ -0,0 +1,45 @@
+
+
+
+ ytnef: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution.
+ ytnef
+ 2024-05-08
+ 2024-05-08
+ 774255
+ remote
+
+
+ 2.0
+ 2.0
+
+
+
+ ytnef is a TNEF stream reader for reading winmail.dat files.
+
+
+ The TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
+
+The SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All ytnef users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-mail/ytnef-2.0"
+
+
+
+ CVE-2021-3403
+ CVE-2021-3404
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-25.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-25.xml
new file mode 100644
index 0000000000..c2899b509e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-25.xml
@@ -0,0 +1,111 @@
+
+
+
+ MariaDB: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code.
+ mariadb
+ 2024-05-08
+ 2024-05-08
+ 699874
+ 822759
+ 832490
+ 838244
+ 847526
+ 856484
+ 891781
+ remote
+
+
+ 10.6.13
+ 10.11.3
+ 10.11.3
+ 10.11.3
+ 10.6.0
+
+
+
+ MariaDB is an enhanced, drop-in replacement for MySQL.
+
+
+ Multiple vulnerabilities have been discovered in MariaDB. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All MariaDB 10.6 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.6"
+
+
+ All MariaDB 10.11 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/mariadb-10.11.3:10.11"
+
+
+
+ CVE-2019-2938
+ CVE-2019-2974
+ CVE-2021-46661
+ CVE-2021-46662
+ CVE-2021-46663
+ CVE-2021-46664
+ CVE-2021-46665
+ CVE-2021-46666
+ CVE-2021-46667
+ CVE-2021-46668
+ CVE-2021-46669
+ CVE-2022-24048
+ CVE-2022-24050
+ CVE-2022-24051
+ CVE-2022-24052
+ CVE-2022-27376
+ CVE-2022-27377
+ CVE-2022-27378
+ CVE-2022-27379
+ CVE-2022-27380
+ CVE-2022-27381
+ CVE-2022-27382
+ CVE-2022-27383
+ CVE-2022-27384
+ CVE-2022-27385
+ CVE-2022-27386
+ CVE-2022-27444
+ CVE-2022-27445
+ CVE-2022-27446
+ CVE-2022-27447
+ CVE-2022-27448
+ CVE-2022-27449
+ CVE-2022-27451
+ CVE-2022-27452
+ CVE-2022-27455
+ CVE-2022-27456
+ CVE-2022-27457
+ CVE-2022-27458
+ CVE-2022-31621
+ CVE-2022-31622
+ CVE-2022-31623
+ CVE-2022-31624
+ CVE-2022-32081
+ CVE-2022-32082
+ CVE-2022-32083
+ CVE-2022-32084
+ CVE-2022-32085
+ CVE-2022-32086
+ CVE-2022-32088
+ CVE-2022-32089
+ CVE-2022-32091
+ CVE-2022-38791
+ CVE-2022-47015
+ CVE-2023-5157
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-26.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-26.xml
new file mode 100644
index 0000000000..dd4b37ce92
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-26.xml
@@ -0,0 +1,44 @@
+
+
+
+ qtsvg: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to a denial of service.
+ qtsvg
+ 2024-05-08
+ 2024-05-08
+ 830381
+ 906465
+ remote
+
+
+ 5.15.9-r1
+ 5.15.9-r1
+
+
+
+ qtsvg is a SVG rendering library for the Qt framework.
+
+
+ Multiple vulnerabilities have been discovered in qtsvg. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All qtsvg users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-qt/qtsvg-5.15.9-r1:5"
+
+
+
+ CVE-2021-45930
+ CVE-2023-32573
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-27.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-27.xml
new file mode 100644
index 0000000000..eb8326533b
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-27.xml
@@ -0,0 +1,42 @@
+
+
+
+ Epiphany: Buffer Overflow
+ A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow.
+ epiphany
+ 2024-05-08
+ 2024-05-08
+ 839786
+ remote
+
+
+ 42.4
+ 42.4
+
+
+
+ Epiphany is a GNOME webbrowser based on the Mozilla rendering engine Gecko.
+
+
+ A vulnerability has been discovered in Epiphany. Please review the CVE identifier referenced below for details.
+
+
+ In GNOME Epiphany an HTML document can trigger a client buffer overflow (in ephy_string_shorten) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
+
+
+ There is no known workaround at this time.
+
+
+ All Epiphany users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/epiphany-42.4"
+
+
+
+ CVE-2022-29536
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-28.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-28.xml
new file mode 100644
index 0000000000..775039d90a
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-28.xml
@@ -0,0 +1,63 @@
+
+
+
+ NVIDIA Drivers: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation.
+ nvidia-drivers
+ 2024-05-08
+ 2024-05-08
+ 909226
+ 916583
+ remote
+
+
+ 470.223.02
+ 525.147.05
+ 535.129.03
+ 470.223.02
+ 525.147.05
+ 535.129.03
+
+
+
+ NVIDIA Drivers are NVIDIA's accelerated graphics driver.
+
+
+ Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All NVIDIA Drivers 470 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-470.223.02:0/470"
+
+
+ All NVIDIA Drivers 525 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-525.147.05:0/525"
+
+
+ All NVIDIA Drivers 535 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.129.03:0/535"
+
+
+
+ CVE-2023-25515
+ CVE-2023-25516
+ CVE-2023-31022
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-29.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-29.xml
new file mode 100644
index 0000000000..fa25f94651
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-29.xml
@@ -0,0 +1,121 @@
+
+
+
+ Node.js: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in Node.js.
+ nodejs
+ 2024-05-08
+ 2024-05-08
+ 772422
+ 781704
+ 800986
+ 805053
+ 807775
+ 811273
+ 817938
+ 831037
+ 835615
+ 857111
+ 865627
+ 872692
+ 879617
+ 918086
+ 918614
+ remote
+
+
+ 16.20.2
+ 18.17.1
+ 20.5.1
+ 16.20.2
+ 18.17.1
+ 20.5.1
+
+
+
+ Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
+
+
+ Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All Node.js 20 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"
+
+
+ All Node.js 18 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"
+
+
+ All Node.js 16 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"
+
+
+
+ CVE-2020-7774
+ CVE-2021-3672
+ CVE-2021-22883
+ CVE-2021-22884
+ CVE-2021-22918
+ CVE-2021-22930
+ CVE-2021-22931
+ CVE-2021-22939
+ CVE-2021-22940
+ CVE-2021-22959
+ CVE-2021-22960
+ CVE-2021-37701
+ CVE-2021-37712
+ CVE-2021-39134
+ CVE-2021-39135
+ CVE-2021-44531
+ CVE-2021-44532
+ CVE-2021-44533
+ CVE-2022-0778
+ CVE-2022-3602
+ CVE-2022-3786
+ CVE-2022-21824
+ CVE-2022-32212
+ CVE-2022-32213
+ CVE-2022-32214
+ CVE-2022-32215
+ CVE-2022-32222
+ CVE-2022-35255
+ CVE-2022-35256
+ CVE-2022-35948
+ CVE-2022-35949
+ CVE-2022-43548
+ CVE-2023-30581
+ CVE-2023-30582
+ CVE-2023-30583
+ CVE-2023-30584
+ CVE-2023-30586
+ CVE-2023-30587
+ CVE-2023-30588
+ CVE-2023-30589
+ CVE-2023-30590
+ CVE-2023-32002
+ CVE-2023-32003
+ CVE-2023-32004
+ CVE-2023-32005
+ CVE-2023-32006
+ CVE-2023-32558
+ CVE-2023-32559
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-30.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-30.xml
new file mode 100644
index 0000000000..f0b94267f9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-30.xml
@@ -0,0 +1,41 @@
+
+
+
+ Rebar3: Command Injection
+ A vulnerability has been discovered in Rebar3, which can lead to command injection.
+ rebar-bin
+ 2024-05-12
+ 2024-05-12
+ 749363
+ local
+
+
+ 3.14.4
+ 3.14.4
+
+
+
+ A sophisticated build-tool for Erlang projects that follows OTP principles.
+
+
+ Rebar3 is vulnerable to OS command injection via the URL parameter of a dependency specification.
+
+
+ A vulnerability has been discovered in Rebar3. Please review the CVE identifier referenced below for details.
+
+
+ There is no known workaround at this time.
+
+
+ Gentoo has discontinued support for Rebar3 binary package. We recommend that users unmerge it:
+
+
+ # emerge --ask --depclean "dev-util/rebar-bin"
+
+
+
+ CVE-2020-13802
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-31.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-31.xml
new file mode 100644
index 0000000000..d2997188de
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-31.xml
@@ -0,0 +1,42 @@
+
+
+
+ Kubelet: Privilege Escalation
+ A vulnerability has been discovered in Kubelet, which can lead to privilege escalation.
+ kubelet
+ 2024-05-12
+ 2024-05-12
+ 918665
+ remote
+
+
+ 1.28.5
+ 1.28.5
+
+
+
+ Kubelet is a Kubernetes Node Agent.
+
+
+ A vulnerability has been discovered in Kubelet. Please review the CVE identifier referenced below for details.
+
+
+ A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
+
+
+ There is no known workaround at this time.
+
+
+ All Kubelet users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-cluster/kubelet-1.28.5"
+
+
+
+ CVE-2023-5528
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-32.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-32.xml
new file mode 100644
index 0000000000..18738749ec
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-32.xml
@@ -0,0 +1,70 @@
+
+
+
+ Mozilla Thunderbird: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.
+ thunderbird,thunderbird-bin
+ 2024-05-12
+ 2024-05-12
+ 925123
+ 926533
+ 930381
+ local and remote
+
+
+ 115.10.0
+ 115.10.0
+
+
+ 115.10.0
+ 115.10.0
+
+
+
+ Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
+
+
+ Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.10.0"
+
+
+ All Mozilla Thunderbird users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.10.0"
+
+
+
+ CVE-2024-1546
+ CVE-2024-1547
+ CVE-2024-1548
+ CVE-2024-1549
+ CVE-2024-1550
+ CVE-2024-1551
+ CVE-2024-1552
+ CVE-2024-1553
+ CVE-2024-1936
+ CVE-2024-2609
+ CVE-2024-3302
+ CVE-2024-3854
+ CVE-2024-3857
+ CVE-2024-3859
+ CVE-2024-3861
+ CVE-2024-3864
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-33.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-33.xml
new file mode 100644
index 0000000000..daa04af5cf
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202405-33.xml
@@ -0,0 +1,43 @@
+
+
+
+ PoDoFo: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution.
+ podofo
+ 2024-05-12
+ 2024-05-12
+ 906105
+ remote
+
+
+ 0.10.1
+ 0.10.1
+
+
+
+ PoDoFo is a free portable C++ library to work with the PDF file format.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All PoDoFo users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/podofo-0.10.1"
+
+
+
+ CVE-2023-31566
+ CVE-2023-31567
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-01.xml
new file mode 100644
index 0000000000..b751481f55
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-01.xml
@@ -0,0 +1,42 @@
+
+
+
+ GLib: Privilege Escalation
+ A vulnerability has been discovered in GLib, which can lead to privilege escalation.
+ glib
+ 2024-06-22
+ 2024-06-22
+ 931507
+ local
+
+
+ 2.78.6
+ 2.78.6
+
+
+
+ GLib is a library providing a number of GNOME's core objects and functions.
+
+
+ A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details.
+
+
+ When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager or logind on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
+
+
+ There is no known workaround at this time.
+
+
+ All GLib users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.78.6"
+
+
+
+ CVE-2024-34397
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-02.xml
new file mode 100644
index 0000000000..e71b4a225f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-02.xml
@@ -0,0 +1,42 @@
+
+
+
+ Flatpak: Sandbox Escape
+ A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape.
+ flatpak
+ 2024-06-22
+ 2024-06-22
+ 930202
+ local
+
+
+ 1.14.6
+ 1.14.6
+
+
+
+ Flatpak is a Linux application sandboxing and distribution framework.
+
+
+ A vulnerability has been discovered in Flatpak. Please review the CVE identifier referenced below for details.
+
+
+ A malicious or compromised Flatpak app could execute arbitrary code outside its sandbox in conjunction with xdg-desktop-portal.
+
+
+ There is no known workaround at this time.
+
+
+ All Flatpak users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/flatpak-1.14.6"
+
+
+
+ CVE-2024-32462
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-03.xml
new file mode 100644
index 0000000000..ea0ecac3e1
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-03.xml
@@ -0,0 +1,44 @@
+
+
+
+ RDoc: Remote Code Execution
+ A vulnerability has been discovered in RDoc, which can lead to execution of arbitrary code.
+ rdoc
+ 2024-06-22
+ 2024-06-22
+ 927565
+ local and remote
+
+
+ 6.6.3.1
+ 6.6.3.1
+
+
+
+ RDoc produces HTML and command-line documentation for Ruby projects.
+
+
+ A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details.
+
+
+ When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.
+
+When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.
+
+
+ There is no known workaround at this time.
+
+
+ All RDoc users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rdoc-6.6.3.1"
+
+
+
+ CVE-2024-27281
+
+ graaff
+ graaff
+
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-04.xml
new file mode 100644
index 0000000000..cea7d0f601
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-04.xml
@@ -0,0 +1,42 @@
+
+
+
+ LZ4: Memory Corruption
+ A vulnerability has been discovered in LZ4, which can lead to memory corruption.
+ lz4
+ 2024-06-22
+ 2024-06-22
+ 791952
+ local
+
+
+ 1.9.3-r1
+ 1.9.3-r1
+
+
+
+ LZ4 is a lossless compression algorithm, providing compression speed > 500 MB/s per core, scalable with multi-cores CPU. It features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems.
+
+
+ An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash.
+
+
+ The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
+
+
+ There is no known workaround at this time.
+
+
+ All LZ4 users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/lz4-1.9.3-r1"
+
+
+
+ CVE-2021-3520
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-05.xml
new file mode 100644
index 0000000000..622d3fc82e
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-05.xml
@@ -0,0 +1,48 @@
+
+
+
+ JHead: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in JHead, the worst of which may lead to arbitrary code execution.
+ jhead
+ 2024-06-22
+ 2024-06-22
+ 876247
+ 879801
+ 908519
+ local
+
+
+ 3.08
+ 3.08
+
+
+
+ JHead is an EXIF JPEG header manipulation tool.
+
+
+ Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All JHead users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/jhead-3.08"
+
+
+
+ CVE-2020-6624
+ CVE-2020-6625
+ CVE-2021-34055
+ CVE-2022-28550
+ CVE-2022-41751
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-06.xml
new file mode 100644
index 0000000000..19d35ef345
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202406-06.xml
@@ -0,0 +1,56 @@
+
+
+
+ GStreamer, GStreamer Plugins: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution.
+ gst-plugins-bad,gstreamer
+ 2024-06-28
+ 2024-06-28
+ 917791
+ 918095
+ local and remote
+
+
+ 1.22.11-r1
+ 1.22.11-r1
+
+
+ 1.22.11
+ 1.22.11
+
+
+
+ GStreamer is an open source multimedia framework.
+
+
+ Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All GStreamer, GStreamer Plugins users should upgrade to the latest versions:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.22.11" ">=media-libs/gst-plugins-bad-1.22.11-r1"
+
+
+
+ CVE-2023-40474
+ CVE-2023-40475
+ CVE-2023-40476
+ CVE-2023-44429
+ CVE-2023-44446
+ ZDI-CAN-21660
+ ZDI-CAN-21661
+ ZDI-CAN-21768
+ ZDI-CAN-22226
+ ZDI-CAN-22299
+
+ graaff
+ graaff
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-01.xml
new file mode 100644
index 0000000000..b84833eadb
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-01.xml
@@ -0,0 +1,42 @@
+
+
+
+ Zsh: Prompt Expansion Vulnerability
+ A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code.
+ zsh
+ 2024-07-01
+ 2024-07-01
+ 833252
+ local
+
+
+ 5.8.1
+ 5.8.1
+
+
+
+ A shell designed for interactive use, although it is also a powerful scripting language.
+
+
+ Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details.
+
+
+ A vulnerability in prompt expansion could be exploited through e.g. VCS_Info to execute arbitrary shell commands without a user's knowledge.
+
+
+ There is no known workaround at this time.
+
+
+ All Zsh users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.8.1"
+
+
+
+ CVE-2021-45444
+
+ graaff
+ ajak
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-02.xml
new file mode 100644
index 0000000000..52b617ef1c
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-02.xml
@@ -0,0 +1,42 @@
+
+
+
+ SDL_ttf: Arbitrary Memory Write
+ A vulnerability has been discovered in SDL_ttf, which can lead to arbitrary memory writes.
+ sdl2-ttf
+ 2024-07-01
+ 2024-07-01
+ 843434
+ local and remote
+
+
+ 2.20.0
+ 2.20.0
+
+
+
+ SDL_ttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications.
+
+
+ A vulnerability has been discovered in SDL_ttf. Please review the CVE identifier referenced below for details.
+
+
+ SDL_ttf was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
+
+
+ There is no known workaround at this time.
+
+
+ All SDL_ttf users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/sdl2-ttf-2.20.0"
+
+
+
+ CVE-2022-27470
+
+ graaff
+ ajak
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-03.xml
new file mode 100644
index 0000000000..ce1390f452
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-03.xml
@@ -0,0 +1,42 @@
+
+
+
+ Liferea: Remote Code Execution
+ A vulnerability has been discovered in Liferea, which can lead to remote code execution.
+ liferea
+ 2024-07-01
+ 2024-07-01
+ 901085
+ remote
+
+
+ 1.12.10
+ 1.12.10
+
+
+
+ Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser.
+
+
+ A vulnerability has been discovered in Liferea. Please review the CVE identifier referenced below for details.
+
+
+ A vulnerability was found in liferea. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source can lead to os command injection. The attack may be launched remotely.
+
+
+ There is no known workaround at this time.
+
+
+ All Liferea users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-news/liferea-1.12.10"
+
+
+
+ CVE-2023-1350
+
+ graaff
+ ajak
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-04.xml
new file mode 100644
index 0000000000..4e30db2628
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-04.xml
@@ -0,0 +1,42 @@
+
+
+
+ Pixman: Heap Buffer Overflow
+ A vulnerability has been discovered in Pixman, which can lead to a heap buffer overflow.
+ pixman
+ 2024-07-01
+ 2024-07-01
+ 879207
+ local and remote
+
+
+ 0.42.2
+ 0.42.2
+
+
+
+ Pixman is a pixel manipulation library.
+
+
+ A vulnerability has been discovered in Pixman. Please review the CVE identifiers referenced below for details.
+
+
+ An out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 can occur due to an integer overflow in pixman_sample_floor_y.
+
+
+ There is no known workaround at this time.
+
+
+ All Pixman users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/pixman-0.42.2"
+
+
+
+ CVE-2022-44638
+
+ graaff
+ ajak
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-05.xml
new file mode 100644
index 0000000000..6145f2a4a9
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-05.xml
@@ -0,0 +1,42 @@
+
+
+
+ SSSD: Command Injection
+ A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution.
+ sssd
+ 2024-07-01
+ 2024-07-01
+ 808911
+ local and remote
+
+
+ 2.5.2-r1
+ 2.5.2-r1
+
+
+
+ SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources.
+
+
+ A vulnerability has been discovered in SSSD. Please review the CVE identifier referenced below for details.
+
+
+ A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access.
+
+
+ There is no known workaround at this time.
+
+
+ All SSSD users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-auth/sssd-2.5.2-r1"
+
+
+
+ CVE-2021-3621
+
+ graaff
+ ajak
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-06.xml
new file mode 100644
index 0000000000..7589ec4858
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-06.xml
@@ -0,0 +1,49 @@
+
+
+
+ cryptography: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service.
+ cryptography
+ 2024-07-01
+ 2024-07-01
+ 769419
+ 864049
+ 893576
+ 918685
+ 925120
+ remote
+
+
+ 42.0.4
+ 42.0.4
+
+
+
+ cryptography is a package which provides cryptographic recipes and primitives to Python developers.
+
+
+ Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All cryptography users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/cryptography-42.0.4"
+
+
+
+ CVE-2020-36242
+ CVE-2023-23931
+ CVE-2023-49083
+ CVE-2024-26130
+
+ graaff
+ ajak
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-07.xml
new file mode 100644
index 0000000000..5daea9bc8f
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-07.xml
@@ -0,0 +1,44 @@
+
+
+
+ cpio: Arbitrary Code Execution
+ A vulnerability has been discovered in cpio, which can lead to arbitrary code execution.
+ cpio
+ 2024-07-01
+ 2024-07-01
+ 807088
+ local
+
+
+ 2.13-r1
+ 2.13-r1
+
+
+
+ cpio is a file archival tool which can also read and write tar files.
+
+
+ Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details.
+
+
+ GNU cpio allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
+
+
+ There is no known workaround at this time.
+
+
+ All cpio users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/cpio-2.13-r1"
+
+
+
+ CVE-2016-2037
+ CVE-2019-14866
+ CVE-2021-38185
+
+ graaff
+ ajak
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-08.xml
new file mode 100644
index 0000000000..10cc9f730b
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202407-08.xml
@@ -0,0 +1,66 @@
+
+
+
+ GNU Emacs, Org Mode: Multiple Vulnerabilities
+ Multiple vulnerabilities have been discovered in GNU Emacs and Org Mode, the worst of which could lead to arbitrary code execution.
+ emacs,org-mode
+ 2024-07-01
+ 2024-07-01
+ 897950
+ 927820
+ remote
+
+
+ 26.3-r16
+ 27.2-r14
+ 28.2-r10
+ 29.2-r1
+ 26.3-r16
+ 27.2-r14
+ 28.2-r10
+ 29.2-r1
+
+
+ 9.6.23
+ 9.6.23
+
+
+
+ GNU Emacs is a highly extensible and customizable text editor.
+
+
+ Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details.
+
+
+ Please review the referenced CVE identifiers for details.
+
+
+ There is no known workaround at this time.
+
+
+ All GNU Emacs users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-29.3-r2"
+
+
+ All Org Mode users should upgrade to the latest version:
+
+
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emacs/org-mode-9.6.23"
+
+
+
+ CVE-2022-48337
+ CVE-2022-48338
+ CVE-2022-48339
+ CVE-2024-30202
+ CVE-2024-30203
+ CVE-2024-30204
+ CVE-2024-30205
+
+ graaff
+ ajak
+
\ No newline at end of file
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
index 10b86e2fcd..2c44b89231 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 01 May 2024 06:40:20 +0000
+Mon, 01 Jul 2024 06:40:29 +0000
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
index 2db000c912..21aaf410fe 100644
--- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
+++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-ad7cf37eb216318a2076f79b7aceee6389bc887b 1711749190 2024-03-29T21:53:10+00:00
+7c19ce25facd6aa54d2b0f9a8fecd6020509009e 1719814176 2024-07-01T06:09:36Z