Poppler is a PDF rendering library based on the xpdf-3.0 code base.
+Multiple vulnerabilities have been discovered in Poppler. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to open a specially crafted PDF, + could cause a Denial of Service condition or have other unspecified + impacts. +
+There is no known workaround at this time.
+All Poppler users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/poppler-0.61.1"
+
+ A command line tool and library for transferring data with URLs.
+Multiple vulnerabilities have been discovered in cURL. Please review the + CVE identifiers referenced below for details. +
+Remote attackers could cause a Denial of Service condition, obtain + sensitive information, or have other unspecified impacts. +
+There is no known workaround at this time.
+All cURL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-7.59.0"
+
+ ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.
+Multiple vulnerabilities have been discovered in ISC DHCP. Please review + the CVE identifiers referenced below for details. +
+Remote attackers could execute arbitrary code, cause a Denial of Service + condition, or have other unspecified impacts. +
+There are no known workarounds at this time for CVE-2018-5732 or + CVE-2018-5733. +
+ +In accordance with upstream documentation, the recommended workaround + for CVE-2017-3144 is, “to disallow access to the OMAPI control port + from unauthorized clients (in accordance with best practices for server + operation).” +
+All DHCP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.3.6_p1"
+
+ A utility program for sending and receiving mail, also known as a Mail + User Agent program. +
+Multiple vulnerabilities have been discovered in mailx. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary commands.
+There is no known workaround at this time.
+All mailx users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/mailx-8.1.2.20160123"
+
+ libvirt is a C toolkit for manipulating virtual machines.
+Multiple vulnerabilities have been discovered in libvirt. Please review + the CVE identifiers referenced below for details. +
+A local privileged attacker could execute arbitrary commands or cause a + Denial of Service condition. +
+There is no known workaround at this time.
+All libvirt users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-4.1.0"
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+An attacker could execute arbitrary code, cause a Denial of Service + condition, or obtain sensitive information. +
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.11.1-r1"
+
+ Provides a complete open source solution for remote access to virtual + machines in a seamless way so you can play videos, record audio, share + USB devices and share folders without complications. +
+SPICE VDAgent does not properly escape save directory before passing to + shell. +
+A local attacker could execute arbitrary commands.
+There is no known workaround at this time.
+All SPICE VDAgent users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/spice-vdagent-0.17.0_p20180319"
+
+ Zend Framework is a high quality and open source framework for + developing Web Applications. +
+ +Multiple vulnerabilities have been discovered in Zend Framework that + have remain unaddressed. Please review the referenced CVE identifiers for + details. +
+Remote attackers could execute arbitrary commands or conduct SQL + injection attacks. +
+There is no known workaround at this time.
+Gentoo has discontinued support for Zend Framework and recommends that + users unmerge the package: +
+ +
+ # emerge --unmerge "dev-php/ZendFramework"
+
+