libsndfile is a C library for reading and writing files containing + sampled sound. +
+Multiple vulnerabilities have been discovered in libsndfile. Please + review the CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to open a specially crafted file, + could cause a Denial of Service condition or have other unspecified + impacts. +
+There is no known workaround at this time.
+All libsndfile users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.28-r4"
+
+ PostgreSQL is an open source object-relational database management + system. +
+A vulnerability was discovered in PostgreSQL’s pg_upgrade and pg_dump.
+An attacker, by enticing a user to process a specially crafted trigger + definition, can execute arbitrary SQL statements with superuser + privileges. +
+There is no known workaround at this time.
+All PostgreSQL 9.3.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.3.25"
+
+
+ All PostgreSQL 9.4.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.20"
+
+
+ All PostgreSQL 9.5.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.15"
+
+
+ All PostgreSQL 9.6.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.11"
+
+
+ All PostgreSQL 10.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.6"
+
+
+ All PostgreSQL 11.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.1"
+
+ PHP is an open source general-purpose scripting language that is + especially suited for web development. +
+Multiple vulnerabilities have been discovered in PHP. Please review the + referenced CVE identifiers for details. +
+An attacker could cause a Denial of Service condition or obtain + sensitive information. +
+There is no known workaround at this time.
+All PHP 5.6.X users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-5.6.38"
+
+
+ All PHP 7.0.X users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.0.32"
+
+
+ All PHP 7.1.X users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.1.22"
+
+
+ All PHP 7.2.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.10"
+
+ ConnMan provides a daemon for managing Internet connections.
+Multiple vulnerabilities have been discovered in ConnMan. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, via a crafted DNS packet, could remotely execute code + or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All ConnMan users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/connman-1.35-r1"
+
+ Nagios is an open source host, service and network monitoring program.
+A vulnerability in Nagios was discovered due to the improper handling of + configuration files which can be owned by a non-root user. +
+A local attacker can escalate privileges to root by leveraging access to + a non-root owned configuration file. +
+There is no known workaround at this time.
+All Nagios users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-4.3.4"
+
+ WebKitGTK+ is a full-featured port of the WebKit rendering engine, + suitable for projects requiring any kind of web integration, from hybrid + HTML/CSS applications to full-fledged web browsers. +
+Multiple vulnerabilities have been discovered in WebKitGTK+. Please + review the referenced CVE identifiers for details. +
+A remote attacker could execute arbitrary commands or cause a Denial of + Service condition via maliciously crafted web content. +
+There is no known workaround at this time.
+All WebkitGTK+ users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.22.0"
+
+ A package that simplifies the task of creating, building, and debugging + large programs with Emacs. It provides some of the features of an IDE, or + Integrated Development Environment, in Emacs. +
+An untrusted search path vulnerability was discovered in EDE.
+A local attacker could escalate his privileges via a specially crafted + Lisp expression in a Project.ede file in the directory or a parent + directory of an opened file. +
+There is no known workaround at this time.
+All EDE users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-xemacs/ede-1.07"
+
+ Apache CouchDB is a distributed, fault-tolerant and schema-free + document-oriented database. +
+Multiple vulnerabilities have been discovered in CouchDB. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could execute arbitrary code or escalate privileges.
+There is no known workaround at this time.
+Gentoo has discontinued support for CouchDB and recommends that users + unmerge the package: +
+ +
+ # emerge --unmerge "dev-db/couchdb"
+
+ SpamAssassin is an extensible email filter used to identify junk email.
+Multiple vulnerabilities have been discovered in SpamAssassin. Please + review the referenced CVE identifiers for details. +
+A remote attacker could execute arbitrary code, escalate privileges, or + cause a Denial of Service condition. +
+There is no known workaround at this time.
+All SpamAssassin users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-filter/spamassassin-3.4.2-r2"
+
+ Scala combines object-oriented and functional programming in one + concise, high-level language. +
+It was discovered that Scala’s compilation daemon does not properly + manage permissions for private files. +
+A local attacker could escalate privileges.
+There is no known workaround at this time.
+All Scala users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/scala-2.12.4"
+
+ Go is an open source programming language that makes it easy to build + simple, reliable, and efficient software. +
+Multiple vulnerabilities have been discovered in Go. Please review the + CVE identifiers referenced below for details. +
+A remote attacker could cause arbitrary code execution by passing + specially crafted Go packages the ‘go get -u’ command. +
+ +The remote attacker could also craft pathological inputs causing a CPU + based Denial of Service condition via the crypto/x509 package. +
+There is no known workaround at this time.
+All Go users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/go-1.10.7"
+
+