X.Org is an implementation of the X Window System. The X.Org X11 library + provides the X11 protocol library files. +
+Multiple vulnerabilities have been discovered in X.Org X11 library. + Please review the CVE identifiers referenced below for details. +
+A remote attacker, by enticing a user to connect to a malicious server, + could cause the execution of arbitrary code with the privileges of the + process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All X.Org X11 library users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.6.6"
+
+
+ Python is an interpreted, interactive, object-oriented programming + language. +
+A buffer overflow vulnerability have been discovered in Python. Please + review the CVE identifiers referenced below for details. +
+A remote attacker, in special situations such as function as a service, + could violate a trust boundary and cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Python users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.15"
+
+
+ OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer + (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general + purpose cryptography library. +
+It was discovered that OpenSSL allow malicious servers to send very + large primes to a client during DH(E) based TLS handshakes. +
+A remote attacker, by sending large prime to client during DH(E) TLS + handshake, could possibly cause a Denial of Service condition. +
+There is no known workaround at this time.
+All OpenSSL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2o-r6"
+
+
+ Mozilla Firefox is a popular open-source web browser from the Mozilla + Project. +
+Multiple vulnerabilities have been discovered in Mozilla Firefox. Please + review the CVE identifiers referenced below for details. +
+A remote attacker could entice a user to view a specially crafted web + page, possibly resulting in the execution of arbitrary code with the + privileges of the process, cause a Denial of Service condition, bypass + access restriction, access otherwise protected information. +
+There is no known workaround at this time.
+All Mozilla Firefox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-60.3.0"
+
+
+ All Mozilla Firefox binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-60.3.0"
+
+
+ PHProjekt is an application suite that supports communication and + management of teams and companies. +
+Multiple vulnerabilities have been discovered in PHProjekt due to + embedded Zend Framework. Please review the GLSA identifiers referenced + below for details. +
+Remote attackers could execute arbitrary commands or conduct SQL + injection attacks. +
+There is no known workaround at this time.
+Gentoo has discontinued support for PHProjekt and recommends that users + unmerge the package: +
+ +
+ # emerge --unmerge "www-apps/phprojekt"
+
+ Open h.265 video codec implementation.
+Multiple vulnerabilities have been discovered in libde265. Please review + libde265 changelog referenced below for details. +
+A remote attacker could entice a user to open a specially crafted media + file using libde265 or linked applications, possibly resulting in + execution of arbitrary code with the privileges of the process or a + Denial of Service condition. +
+There is no known workaround at this time.
+All libde265 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libde265-1.0.3"
+
+
+ Library for layout and rendering of internationalized text.
+Processing certain invalid Emoji sequences in a GTK+ application can + trigger a reachable assertion resulting in an application crash. +
+A remote attacker could provide a specially crafted Emoji sequences, + possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All Pango users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/pango-1.42.4"
+
+
+ Okular is a universal document viewer based on KPDF for KDE 4.
+It was discovered that Okular contains a Directory Traversal + vulnerability in function unpackDocumentArchive() in core/document.cpp. +
+A remote attacker could entice a user to open a specially crafted Okular + archive, possibly allowing the writing of arbitrary files with the + privileges of the process. +
+There is no known workaround at this time.
+All Okular users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=kde-apps/okular-18.04.3-r1"
+
+
+ Icecast is an open source alternative to SHOUTcast that supports MP3, + OGG (Vorbis/Theora) and AAC streaming. +
+Multiple buffer overflows have been discovered in Icecast. Please review + the CVE identifier referenced below for details. +
+A remote attacker, by sending a specially crafted request using + authentication type “url”, could possibly execute arbitrary code with + the privileges of the process, or cause a Denial of Service condition. +
+There is no known workaround at this time.
+All Icecast users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/icecast-2.4.4"
+
+
+