# emerge --sync
- # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29"
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.29:7.2"
All PHP 7.3.x users should upgrade to the latest version:
# emerge --sync
- # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16"
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.16:7.3"
All PHP 7.4.x users should upgrade to the latest version:
# emerge --sync
- # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4"
+ # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.4:7.4"
@@ -74,5 +76,5 @@
All Mozilla Firefox users should upgrade to the latest version:
- -
- # emerge --sync
- # emerge --ask --oneshot --verbose ">=www-client/firefox-74.0.1"
-
-
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well + as a general purpose cryptography library. +
+Multiple vulnerabilities have been discovered in OpenSSL. Please review + the CVE identifiers referenced below for details. +
+A remote attacker could perform a malicious crafted TLS 1.3 handshake + against an application using OpenSSL, possibly resulting in a Denial of + Service condition. +
+ +In addition, it’s feasible that an attacker might attack DH512.
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1g"
+
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process, an information leak or a Denial of Service + condition. +
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-68.7.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.7.0"
+
+
+ Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+ +Google Chrome is one fast, simple, and secure browser for all your + devices. +
+Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the referenced CVE identifiers for details. +
+A remote attacker could entice a user to open a specially crafted HTML + or multimedia file using Chromium or Google Chrome, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-81.0.4044.122"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/google-chrome-81.0.4044.122"
+
+
+ Git is a free and open source distributed version control system + designed to handle everything from small to very large projects with + speed and efficiency. +
+Multiple vulnerabilities have been discovered in Git. Please review the + CVE identifiers referenced below for details. +
+A remote attacker, by providing a specially crafted URL, could possibly + trick Git into returning credential information for a wrong host. +
+Disabling credential helpers will prevent this vulnerability.
+All Git 2.23.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.23.3"
+
+
+ All Git 2.24.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.24.3"
+
+
+ All Git 2.25.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.25.4"
+
+
+ All Git 2.26.x users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.26.2"
+
+
+ FontForge is a PostScript font editor and converter.
+Multiple vulnerabilities have been discovered in FontForge. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted font + using FontForge, possibly resulting in execution of arbitrary code with + the privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All FontForge users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-gfx/fontforge-20200314"
+
+
+ Yubico Universal 2nd Factor (U2F) Host C Library.
+Multiple vulnerabilities have been discovered in libu2f-host. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to plug-in a malicious USB device, + possibly resulting in execution of arbitrary code with the privileges of + the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All libu2f-host users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-crypt/libu2f-host-1.1.10"
+
+ Cacti is a complete frontend to rrdtool.
+Multiple vulnerabilities have been discovered in Cacti. Please review + the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Cacti users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.11"
+
+ Django is a Python-based web framework.
+Multiple vulnerabilities have been discovered in Django. Please review + the CVE identifiers referenced below for details. +
+A remote attacker, by sending specially crafted input, could possibly + cause a Denial of Service condition, or alter the database. +
+There is no known workaround at this time.
+All Django users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/django-2.2.11"
+
+ Optimized for compressing large files
+Multiple vulnerabilities have been discovered in Long Range ZIP. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to open a specially crafted + archive file possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Long Range ZIP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-arch/lrzip-0.631_p20190619"
+
+ QEMU is a generic and open source machine emulator and virtualizer.
+Multiple vulnerabilities have been discovered in QEMU. Please review the + CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All QEMU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/qemu-4.2.0-r5"
+
+ Mozilla Thunderbird is a popular open-source email client from the + Mozilla project. +
+Multiple vulnerabilities have been discovered in Mozilla Thunderbird. + Please review the CVE identifiers referenced below for details. +
+A remote attacker may be able to execute arbitrary code, cause a Denial + of Service condition or spoof sender email address. +
+There is no known workaround at this time.
+All Mozilla Thunderbird users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-68.8.0"
+
+
+ All Mozilla Thunderbird binary users should upgrade to the latest + version: +
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=mail-client/thunderbird-bin-68.8.0"
+
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process, an information leak or a Denial of Service + condition. +
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-68.8.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.8.0"
+
+
+ Squid is a full-featured Web proxy cache designed to run on Unix + systems. It supports proxying and caching of HTTP, FTP, and other URLs, + as well as SSL support, cache hierarchies, transparent caching, access + control lists and many other features. +
+Multiple vulnerabilities have been discovered in Squid. Please review + the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Squid users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squid-4.11"
+
+
+ LIVE555 Media Server is a set of libraries for multimedia streaming.
+Multiple vulnerabilities have been discovered in LIVE555 Media Server. + Please review the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All LIVE555 Media Server users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-plugins/live-2020.03.06"
+
+ FreeRDP is a free implementation of the Remote Desktop Protocol.
+Multiple vulnerabilities have been discovered in FreeRDP. Please review + the CVE identifiers referenced below for details. +
+An attacker could possibly cause a Denial of Service condition.
+There is no known workaround at this time.
+All FreeRDP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/freerdp-2.1.0"
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the + CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Xen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.12.2-r2"
+
+
+ All Xen Tools users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=app-emulation/xen-tools-4.12.2-r1"
+
+ Python is an interpreted, interactive, object-oriented programming + language. +
+An issue was discovered in urllib.request.AbstractBasicAuthHandler which + allowed a remote attacker to send malicious data causing extensive + regular expression backtracking. +
+An attacker could cause a possible Denial of Service condition.
+There is no known workaround at this time.
+All Python 2.7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.18:2.7"
+
+
+ All Python 3.6 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.6.10-r2:3.6"
+
+
+ All Python 3.7 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.7.7-r2:3.7"
+
+
+ All Python 3.8 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.2-r2:3.8"
+
+
+ libmicrodns is an mDNS library, focused on being simple and + cross-platform. +
+Multiple vulnerabilities have been discovered in libmicrodns. Please + review the CVE identifiers and the upstream advisory referenced below for + details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All libmicrodns users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/libmicrodns-0.1.2"
+
+ VLC is a cross-platform media player and streaming server.
+A buffer overflow in DecodeBlock in sdl_image.c was discovered.
+A remote user could craft a specifically crafted image file that could + execute arbitrary code or cause denial of service. +
+The user should refrain from opening files from untrusted third parties + or accessing untrusted remote sites (or disable the VLC browser plugins), + until they upgrade. +
+All VLC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-3.0.10"
+
+ OpenSLP is an open-source implementation of Service Location Protocol + (SLP). +
+Multiple vulnerabilities have been discovered in OpenSLP. Please review + the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+Gentoo has discontinued support for OpenSLP. We recommend that users
+ unmerge OpenSLP:
+
+ # emerge --unmerge "net-libs/openslp"
+
+
+
NOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued + support at this time. It may be possible that a new Gentoo developer + will update OpenSLP at a later date. No known alternatives to OpenSLP + are in the tree at this time. +
+ +Chromium is an open-source browser project that aims to build a safer, + faster, and more stable way for all users to experience the web. +
+ +Google Chrome is one fast, simple, and secure browser for all your + devices. +
+Multiple vulnerabilities have been discovered in Chromium and Google + Chrome. Please review the CVE identifiers referenced below for details. +
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Chromium users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/chromium-81.0.4044.138"
+
+
+ All Google Chrome users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose
+ ">=www-client/google-chrome-81.0.4044.138"
+
+