Joblib is a set of tools to provide lightweight pipelining in Python. In particular: + +1. transparent disk-caching of functions and lazy re-evaluation (memoize pattern) +2. easy simple parallel computing + +Joblib is optimized to be fast and robust on large data in particular and has specific optimizations for numpy arrays.
+A vulnerability has been discovered in Joblib. Please review the CVE identifier referenced below for details.
+Joblib is vulnerable to arbitrary code execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
+There is no known workaround at this time.
+All Joblib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/joblib-1.2.0"
+
+ c-ares is a C library for asynchronous DNS requests (including name resolves).
+Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All c-ares users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-dns/c-ares-1.19.0"
+
+ BlueZ is the canonical bluetooth tools and system daemons package for Linux.
+Multiple vulnerabilities have been discovered in BlueZ. Please review the CVE identifiers referenced below for details.
+An attacker may inject unauthenticated keystrokes via Bluetooth, leading to privilege escalation or denial of service.
+There is no known workaround at this time.
+All BlueZ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.70-r1"
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All WebKitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.3"
+
+ RDoc produces HTML and command-line documentation for Ruby projects.
+A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details.
+RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run the rdoc command.
+There is no known workaround at this time.
+All RDoc users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/rdoc-6.3.2"
+
+ CUPS filters provides backends, filters, and other software that was once part of the core CUPS distribution.
+A vulnerability has been discovered in cups-filters. Please review the CVE identifier referenced below for details.
+If you use beh to create an accessible network printer, this security vulnerability can cause remote code execution.
+There is no known workaround at this time.
+All cups-filters users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-print/cups-filters-1.28.17-r2"
+
+ R is a language and environment for statistical computing and graphics.
+The native R package installation mechanisms do not sufficiently validate installed source packages for path traversal.
+Installation of a malicious R package could result in an arbitrary file overwrite which could result in arbitrary code execution, as might be seen with the overwrite of an authorized_keys file.
+There is no known workaround at this time.
+All R users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/R-4.0.4"
+
+ util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems.
+Multiple vulnerabilities have been discovered in util-linux. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All util-linux users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.37.4"
+
+ Eclipse Mosquitto is an open source MQTT v3 broker.
+Multiple vulnerabilities have been discovered in Eclipse Mosquitto. Please review the CVE identifier referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Eclipse Mosquitto users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/mosquitto-2.0.17"
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla project.
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mozilla Firefox ESR binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.6.0:esr"
+
+
+ All Mozilla Firefox ESR users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-115.6.0:esr"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-121.0:rapid"
+
+
+ All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-121.0:rapid"
+
+ Apache Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation.
+Multiple vulnerabilities have been discovered in Apache Batik. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Apache Batik users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17"
+
+ Synapse is a Matrix homeserver written in Python/Twisted.
+Multiple vulnerabilities have been discovered in Synapse. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Synapse users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-im/synapse-1.96.0"
+
+ FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder.
+Multiple vulnerabilities have been discovered in FAAD2. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All FAAD2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/faad2-2.11.0"
+
+ RedCloth is a module for using Textile in Ruby
+A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details.
+RedCloth is vulnerable to a regular expression denial of service ("ReDoS") attack via the sanitize_html function.
+There is no known workaround at this time.
+All RedCloth users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-ruby/redcloth-4.3.2-r5"
+
+ The Prometheus SNMP Exporter is the recommended way to expose SNMP data in a format which Prometheus can ingest.
+A vulnerability has been discovered in Prometheus SNMP Exporter. Please review the CVE identifier referenced below for details.
+A user who knows the password hash of a user capable of performing HTTP basic authentication with a vulnerable exporter can use the hash to successfully authenticate as that user via cache manipulation, without knowing the password from which the hash was derived.
+There is no known workaround at this time.
+All Prometheus SNMP Exporter users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-metrics/snmp_exporter-0.24.1"
+
+ FreeRDP is a free implementation of the remote desktop protocol.
+Multiple vulnerabilities have been discovered in FreeRDP. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All FreeRDP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/freerdp-2.11.0"
+
+ libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API.
+A vulnerability has been discovered in libgit2. Please review the CVE identifier referenced below for details.
+Usages of a malicious crafted Git repository could allow the creator of the repository to elevate privileges to those of the user accessing the repository.
+Administrators can ensure that their usages of libgit2 only interact with repositories which have only been modified by trusted users.
+All libgit2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libgit2-1.4.4"
+
+ zlib is a widely used free and patent unencumbered data compression library.
+A vulnerability has been discovered in zlib. Please review the CVE identifier referenced below for details.
+MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in ZipOpenNewFileInZip4_64 via a long filename, comment, or extra field.
+There is no known workaround at this time.
+All zlib users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.13-r2"
+
+ Opera is a fast web browser that is available free of charge.
+Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Opera users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-73.0.3856.284"
+
+
+ All Opera users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/opera-beta-73.0.3856.284"
+
+ QPDF: A content-preserving PDF document transformer.
+A vulnerability has been discovered in QPDF. Please review the CVE identifier referenced below for details.
+QPDF has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
+There is no known workaround at this time.
+All QPDF users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/qpdf-10.1.0"
+
+ Framework providing a full text editor component for KDE.
+A vulnerability has been discovered in KTextEditor. Please review the CVE identifiers referenced below for details.
+KTextEditor executes binaries without user interaction in a few cases, e.g. KTextEditor will try to check on external file modification via invoking the "git" binary if the file is known in the repository with the new content.
+There is no known workaround at this time.
+All KTextEditor users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-frameworks/ktexteditor-5.90.0-r2"
+
+ libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from.
+Multiple vulnerabilities have been discovered in libspf2. Please review the CVE identifiers referenced below for details.
+Various buffer overflows have been identified that can lead to denial of service and possibly arbitrary code execution.
+There is no known workaround at this time.
+All libspf2 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.11"
+
+ libuv is a multi-platform support library with a focus on asynchronous I/O.
+libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uv__idna_toascii() function before reading and manipulating the memory at that address.
+The overread can result in information disclosure or application crash.
+There is no known workaround at this time.
+All libuv users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libuv-1.41.1"
+
+ Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space.
+Multiple vulnerabilities have been discovered in Nettle. Please review the CVE identifiers referenced below for details.
+A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
+There is no known workaround at this time.
+All Nettle users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/nettle-3.9.1"
+
+ OpenJDK is an open source implementation of the Java programming language.
+Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenJDK users should upgrade to the latest versions:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.372_p07"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.19_p7"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.7_p7"
+
+
+ All OpenJDK JRE binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.372_p07"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.19_p7"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.7_p7"
+
+
+ All OpenJDK binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.372_p07"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.19_p7"
+ # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.7_p7"
+
+ Apache XML-RPC (previously known as Helma XML-RPC) is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls.
+Multiple vulnerabilities have been discovered in Apache XML-RPC. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+Gentoo has discontinued support for Apache XML-RPC. We recommend that users unmerge it:
+ +
+ # emerge --ask --depclean "dev-java/xmlrpc"
+
+ Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server ("WEBrick").
+Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Ruby users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --depclean ruby:2.5 ruby:2.6 ruby:2.7 ruby:3.0
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.1.4:3.1"
+ # emerge --ask --oneshot --verbose ">=dev-lang/ruby-3.2.2:3.2"
+
+ GOCR is an OCR (Optical Character Recognition) program, developed under the GNU Public License. It converts scanned images of text back to text files.
+Multiple vulnerabilities have been discovered in GOCR. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+Gentoo has discontinued support for GOCR. We recommend that users unmerge it:
+ +
+ # emerge --ask --depclean "app-text/gocr"
+
+ sudo allows a system administrator to give users the ability to run commands as other users.
+Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details.
+Stack/register variables can be flipped via fault injection, affecting execution flow in security-sensitive code.
+There is no known workaround at this time.
+All sudo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.15_p2"
+
+ The X Window System is a graphical windowing system based on a client/server model.
+Multiple vulnerabilities have been discovered in X.Org X Server and XWayland. Please review the CVE identifiers referenced below for details.
+The X server can be crashed by a malicious client, or potentially be compromised for remote code execution in environments with X11 forwarding.
+Users can ensure no untrusted clients can access the running X implementation.
+All X.Org X Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.11"
+
+
+ All XWayland users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-base/xwayland-23.2.4"
+
+ containerd is a daemon with an API and a command line client, to manage containers on one machine. It uses runC to run containers according to the OCI specification.
+Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All containerd users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-containers/containerd-1.6.14"
+
+ libaom is the Alliance for Open Media's AV1 Codec SDK.
+Multiple vulnerabilities have been discovered in libaom. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libaom users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libaom-3.2.0"
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All WebKitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.2"
+
+ Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. + +Google Chrome is one fast, simple, and secure browser for all your devices. + +Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
+Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-120.0.6099.109"
+
+
+ All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-120.0.6099.109"
+
+
+ All Microsoft Edge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-120.0.2210.133"
+
+