summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2023-05-03 17:26:08 +0100
committerV3n3RiX <venerix@koprulu.sector>2023-05-03 17:26:08 +0100
commit3cf27339901a7ca15df33f6ea134daa93888d5d0 (patch)
treed0f451df94a8ce90e3e81be8816e5f3ed8e62138 /metadata/glsa
parentf6a034d922bf54efeaa781fcb5388b325b90d945 (diff)
gentoo auto-resync : 03:05:2023 - 17:26:08
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin541169 -> 543888 bytes
-rw-r--r--metadata/glsa/glsa-202305-07.xml42
-rw-r--r--metadata/glsa/glsa-202305-08.xml44
-rw-r--r--metadata/glsa/glsa-202305-09.xml42
-rw-r--r--metadata/glsa/glsa-202305-10.xml143
-rw-r--r--metadata/glsa/glsa-202305-11.xml49
-rw-r--r--metadata/glsa/glsa-202305-12.xml42
-rw-r--r--metadata/glsa/glsa-202305-13.xml68
-rw-r--r--metadata/glsa/glsa-202305-14.xml42
-rw-r--r--metadata/glsa/glsa-202305-15.xml68
-rw-r--r--metadata/glsa/glsa-202305-16.xml155
-rw-r--r--metadata/glsa/glsa-202305-17.xml56
-rw-r--r--metadata/glsa/glsa-202305-18.xml44
-rw-r--r--metadata/glsa/glsa-202305-19.xml51
-rw-r--r--metadata/glsa/glsa-202305-20.xml42
-rw-r--r--metadata/glsa/glsa-202305-21.xml42
-rw-r--r--metadata/glsa/glsa-202305-22.xml45
-rw-r--r--metadata/glsa/glsa-202305-23.xml65
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
21 files changed, 1057 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index aef754899f8c..38723649af72 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 541169 BLAKE2B 04ddea7633f5279cfe3dc609178287731e78b26b0d04d296fb468f9943b71ce950dfa6d434af7c4eaed9b918e6c40b290caa51ffda6e4d3b91f1a49601405d8e SHA512 2a71312a2085359f0dbd859a945e0f1893e1d3b869018adaeab33289a72db7e82cc588308dfb1286ac4c794d6c6138ed4dedafa4afbabcaf7ef0514cde7b6820
-TIMESTAMP 2023-05-03T09:39:39Z
+MANIFEST Manifest.files.gz 543888 BLAKE2B 086be039b2492a206323b75c8d1a8c08cdf31c2fe2e08f902e3700fc585c0319af276d12436ba1ba5c8a1ea22ced8cee550bb804838c202489f371cc48e18e03 SHA512 a642abd36a43fa7a71aaa3ad66ad69b85d000aa101f2ed17ffec19bfa6f96356463e72244f2ffd41ff948a43d39d9cfb1936eb14f9667d502dfcb6563e225a11
+TIMESTAMP 2023-05-03T15:39:42Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmRSK9tfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmRSgD5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDt8A/+OvEa+RWrPtwlLfqN+n11+CmTL/l9qnP1MzWpH8AsNpj2tKenTczWeILR
-rPGvdZrH/izJpm/AQOkKw1FQPjKwHQSmicwg452z48nzFIDm/TrEFr1h5U7h7Jdd
-e9iSVXF9H55G9L67MKp7JgfuUuBvRTbuN+bfCT0nIm2UxiS/iG6B8J9HNR3bW2sZ
-fOoc0sfRXS5zyxlnopEzvDyYEG27uZw61P53SdkH4IUPydcVP1SyF0mOWAxep9MY
-27Wrp5uLP3mOam8hz6niiwYGJSiyR0ihjHLgbt3d0lBeVF5Tn/EGtQzg++J3lZnd
-TGy+30YqKYZtagP3SPL6DB/v3As4M3iESBt7GpG6q1kyH5Q8I023EWnirkNNm5aS
-C2EEi2/T66QuylK8+Ga73VcVi+JzK3yF05oi2bwZOFScO8q0bxW0my9YTgof5zkM
-Y7XX8GT8N+sa/TdSiIPI8O9nu/aG35zYYzKAPzeiG+lXljAPrrIJAaOU9hH6AvOW
-mEyDuMfDAm78Q0J3Wmf6CwhE6mhMEh6yt+KqCH21jtW6VXMpKluFzJmeBb/kCHNt
-FfJXKFLJV7+nghbjApf8QUxDeDXNu1suJmJvOhsCJK9xmzwq26fk2A9jf/kY53mn
-ua55TdDfvh3NMRgoum8U/Yj0w3Vg2Jw9KJqqtim9IDYvM0AUqXQ=
-=2BJl
+klBYthAAii4etgzaDjruUCNjwjU87jmH3IF87D+oNHuiKqqkgs+NSaQlD9dt7OqM
+vloyPw78OPGk1K3mNFEN3VNlMJPzTUFFOYRgw/xPgG+uJXJH+jHqcpwzq6C9MGkx
+F5j+K7zgIvwjQeWGv+YiUC/r00EPlmYMVYhnSphsZlED6pawW9/AkZ/ae17/oemT
+zRin79ikwFizOXcqw2/GrNzvISVlZmzXJmgAff1TKJ18wRpiuc98to/pmhxLAI+V
+ROXFjt/k15wwiJEK6cm5OWfWE4QEfHcWaBPOUrfg8XbUwZLzpQA3q5tTiV0jioPq
+OwzSCQqrNIRFLPZAanzVRx1oqGH54vug1xExSIHWZcetZVNbzN7xfaCH86V5Y/Gi
+VrMhbN6dsG9S9xN/d1y09qauWLiJqFnlwD64Br138K+y/3eB+7rA813/I59YoBLW
+qgEMgV3gUI1jz/zO21hCqJHK3sWdcVjUFHV+3DgqisM+gCq6O9zSlo4KXF0boChz
+ovuY2zc34oJo8mJs/emA6uwjVnkaPMoObSj8Nme5iEN78G7j/aoMPPQLGtQc422X
+2vobefZNxUqP+zMLRA44teteJFwvCFTbmtLU6H1o0SxXAmCWeLsAQsLfygmguoNG
+oe3MhQW0fjVMZv2Zgz6SQrVhyHYpcxZZt4YWsdtQTuKy7wqTOzk=
+=Mm5T
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 1c03b8466681..df1dab65675f 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202305-07.xml b/metadata/glsa/glsa-202305-07.xml
new file mode 100644
index 000000000000..ea0624a6d193
--- /dev/null
+++ b/metadata/glsa/glsa-202305-07.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-07">
+ <title>slixmpp: Insufficient Certificate Validation</title>
+ <synopsis>A vulnerability has been discovered in slixmpp which can result in successful man-in-the-middle attacks.</synopsis>
+ <product type="ebuild">slixmpp</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>881181</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-python/slixmpp" auto="yes" arch="*">
+ <unaffected range="ge">1.8.3</unaffected>
+ <vulnerable range="lt">1.8.3</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>slixmpp is a Python 3 library for XMPP.</p>
+ </background>
+ <description>
+ <p>slixmpp does not validate hostnames in certificates used by connected servers.</p>
+ </description>
+ <impact type="low">
+ <p>An attacker could perform a man-in-the-middle attack on users&#39; connections to servers with slixmpp.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All slixmpp users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --upgrade --verbose ">=dev-python/slixmpp-1.8.3"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-45197">CVE-2022-45197</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:47:07.895475Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:47:07.900775Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-08.xml b/metadata/glsa/glsa-202305-08.xml
new file mode 100644
index 000000000000..4bc05bd57073
--- /dev/null
+++ b/metadata/glsa/glsa-202305-08.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-08">
+ <title>D-Bus: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in D-Bus, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">dbus</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>875518</bug>
+ <access>remote</access>
+ <affected>
+ <package name="sys-apps/dbus" auto="yes" arch="*">
+ <unaffected range="ge">1.14.4</unaffected>
+ <vulnerable range="lt">1.14.4</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>D-Bus is a daemon providing a framework for applications to communicate with one another.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in D-Bus. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All D-Bus users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/dbus-1.14.4"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42010">CVE-2022-42010</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42011">CVE-2022-42011</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42012">CVE-2022-42012</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:52:25.396421Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:52:25.399162Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-09.xml b/metadata/glsa/glsa-202305-09.xml
new file mode 100644
index 000000000000..9bf31f312e2f
--- /dev/null
+++ b/metadata/glsa/glsa-202305-09.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-09">
+ <title>syslog-ng: Denial of Service</title>
+ <synopsis>A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.</synopsis>
+ <product type="ebuild">syslog-ng</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>891941</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-admin/syslog-ng" auto="yes" arch="*">
+ <unaffected range="ge">3.38.1</unaffected>
+ <vulnerable range="lt">3.38.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>syslog replacement with advanced filtering features.</p>
+ </background>
+ <description>
+ <p>An integer overflow in the RFC3164 parser allows remote attackers to cause a denial of service via crafted syslog input that is mishandled by the tcp or network function.</p>
+ </description>
+ <impact type="normal">
+ <p>Attackers with access to input syslogs over syslog-ng&#39;s network functionality can cause a denial of service.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All syslog-ng users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.38.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-38725">CVE-2022-38725</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:52:45.897422Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:52:45.899984Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-10.xml b/metadata/glsa/glsa-202305-10.xml
new file mode 100644
index 000000000000..02f988fa3669
--- /dev/null
+++ b/metadata/glsa/glsa-202305-10.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-10">
+ <title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.</synopsis>
+ <product type="ebuild">chromium,chromium-bin,google-chrome,microsoft-edge</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>876855</bug>
+ <bug>878825</bug>
+ <bug>883031</bug>
+ <bug>883697</bug>
+ <bug>885851</bug>
+ <bug>890726</bug>
+ <bug>886479</bug>
+ <bug>890728</bug>
+ <bug>891501</bug>
+ <bug>891503</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/chromium" auto="yes" arch="*">
+ <unaffected range="ge">109.0.5414.74-r1</unaffected>
+ <vulnerable range="lt">109.0.5414.74-r1</vulnerable>
+ </package>
+ <package name="www-client/chromium-bin" auto="yes" arch="*">
+ <unaffected range="ge">109.0.5414.74</unaffected>
+ <vulnerable range="lt">109.0.5414.74</vulnerable>
+ </package>
+ <package name="www-client/google-chrome" auto="yes" arch="*">
+ <unaffected range="ge">109.0.5414.74</unaffected>
+ <vulnerable range="lt">109.0.5414.74</vulnerable>
+ </package>
+ <package name="www-client/microsoft-edge" auto="yes" arch="*">
+ <unaffected range="ge">109.0.1518.61</unaffected>
+ <vulnerable range="lt">109.0.1518.61</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
+
+Google Chrome is one fast, simple, and secure browser for all your devices.
+
+Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Chromium, Google Chrome, Microsoft Edge. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Chromium users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-109.0.5414.74-r1"
+ </code>
+
+ <p>All Chromium binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-109.0.5414.74"
+ </code>
+
+ <p>All Google Chrome users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-109.0.5414.74"
+ </code>
+
+ <p>All Microsoft Edge users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-109.0.1518.61"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3445">CVE-2022-3445</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3446">CVE-2022-3446</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3447">CVE-2022-3447</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3448">CVE-2022-3448</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3449">CVE-2022-3449</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3450">CVE-2022-3450</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3723">CVE-2022-3723</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4135">CVE-2022-4135</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4174">CVE-2022-4174</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4175">CVE-2022-4175</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4176">CVE-2022-4176</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4177">CVE-2022-4177</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4178">CVE-2022-4178</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4179">CVE-2022-4179</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4180">CVE-2022-4180</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4181">CVE-2022-4181</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4182">CVE-2022-4182</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4183">CVE-2022-4183</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4184">CVE-2022-4184</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4185">CVE-2022-4185</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4186">CVE-2022-4186</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4187">CVE-2022-4187</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4188">CVE-2022-4188</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4189">CVE-2022-4189</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4190">CVE-2022-4190</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4191">CVE-2022-4191</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4192">CVE-2022-4192</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4193">CVE-2022-4193</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4194">CVE-2022-4194</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4195">CVE-2022-4195</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4436">CVE-2022-4436</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4437">CVE-2022-4437</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4438">CVE-2022-4438</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4439">CVE-2022-4439</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4440">CVE-2022-4440</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-41115">CVE-2022-41115</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44688">CVE-2022-44688</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-44708">CVE-2022-44708</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0128">CVE-2023-0128</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0129">CVE-2023-0129</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0130">CVE-2023-0130</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0131">CVE-2023-0131</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0132">CVE-2023-0132</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0133">CVE-2023-0133</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0134">CVE-2023-0134</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0135">CVE-2023-0135</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0136">CVE-2023-0136</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0137">CVE-2023-0137</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0138">CVE-2023-0138</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0139">CVE-2023-0139</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0140">CVE-2023-0140</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0141">CVE-2023-0141</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21719">CVE-2023-21719</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21775">CVE-2023-21775</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21795">CVE-2023-21795</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-21796">CVE-2023-21796</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:53:05.056143Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:53:05.059084Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-11.xml b/metadata/glsa/glsa-202305-11.xml
new file mode 100644
index 000000000000..5b7a54c72d9a
--- /dev/null
+++ b/metadata/glsa/glsa-202305-11.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-11">
+ <title>Tor: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Tor, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">tor</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>808681</bug>
+ <bug>852821</bug>
+ <bug>890618</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-vpn/tor" auto="yes" arch="*">
+ <unaffected range="ge">0.4.7.13</unaffected>
+ <vulnerable range="lt">0.4.7.13</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Tor users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.7.13"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38385">CVE-2021-38385</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-33903">CVE-2022-33903</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23589">CVE-2023-23589</uri>
+ <uri>TROVE-2021-007</uri>
+ <uri>TROVE-2022-001</uri>
+ <uri>TROVE-2022-002</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:53:19.845731Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:53:19.850253Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-12.xml b/metadata/glsa/glsa-202305-12.xml
new file mode 100644
index 000000000000..4522165ae54f
--- /dev/null
+++ b/metadata/glsa/glsa-202305-12.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-12">
+ <title>sudo: Root Privilege Escalation</title>
+ <synopsis>A vulnerability has been discovered in sudo which could result in root privilege escalation.</synopsis>
+ <product type="ebuild">sudo</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>891335</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-admin/sudo" auto="yes" arch="*">
+ <unaffected range="ge">1.9.12_p2</unaffected>
+ <vulnerable range="lt">1.9.12_p2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>sudo allows a system administrator to give users the ability to run commands as other users.</p>
+ </background>
+ <description>
+ <p>The sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.</p>
+ </description>
+ <impact type="high">
+ <p>The improper processing of user&#39;s environment variables could lead to the editing of arbitrary files as root, potentially leading to root privilege escalation.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All sudo users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.12_p2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22809">CVE-2023-22809</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T09:53:34.200622Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T09:53:34.205155Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-13.xml b/metadata/glsa/glsa-202305-13.xml
new file mode 100644
index 000000000000..31de2ec7a134
--- /dev/null
+++ b/metadata/glsa/glsa-202305-13.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-13">
+ <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">thunderbird,thunderbird-bin</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>885815</bug>
+ <bug>891217</bug>
+ <access>remote</access>
+ <affected>
+ <package name="mail-client/thunderbird" auto="yes" arch="*">
+ <unaffected range="ge">102.7.0</unaffected>
+ <vulnerable range="lt">102.7.0</vulnerable>
+ </package>
+ <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+ <unaffected range="ge">102.7.0</unaffected>
+ <vulnerable range="lt">102.7.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.7.0"
+ </code>
+
+ <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.7.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46871">CVE-2022-46871</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46872">CVE-2022-46872</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46874">CVE-2022-46874</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46875">CVE-2022-46875</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46877">CVE-2022-46877</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46878">CVE-2022-46878</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46880">CVE-2022-46880</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46881">CVE-2022-46881</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46882">CVE-2022-46882</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23598">CVE-2023-23598</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23599">CVE-2023-23599</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23601">CVE-2023-23601</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23602">CVE-2023-23602</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23603">CVE-2023-23603</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-23605">CVE-2023-23605</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:03:08.414596Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:03:08.419037Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-14.xml b/metadata/glsa/glsa-202305-14.xml
new file mode 100644
index 000000000000..f42e1eb0ac47
--- /dev/null
+++ b/metadata/glsa/glsa-202305-14.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-14">
+ <title>uptimed: Root Privilege Escalation</title>
+ <synopsis>A vulnerability has been discovered in uptimed which could result in root privilege escalation.</synopsis>
+ <product type="ebuild">uptimed</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>630810</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-misc/uptimed" auto="yes" arch="*">
+ <unaffected range="ge">0.4.6-r1</unaffected>
+ <vulnerable range="lt">0.4.6-r1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>uptimed is a system uptime record daemon that keeps track of your highest uptimes.</p>
+ </background>
+ <description>
+ <p>Via unnecessary file ownership modifications in the pkg_postinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time.</p>
+ </description>
+ <impact type="high">
+ <p>The uptimed user could achieve root privileges when the uptimed package is emerged.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All uptimed users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/uptimed-0.4.6-r1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-36657">CVE-2020-36657</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:03:26.877508Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:03:26.880820Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-15.xml b/metadata/glsa/glsa-202305-15.xml
new file mode 100644
index 000000000000..7fa92d4c0221
--- /dev/null
+++ b/metadata/glsa/glsa-202305-15.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-15">
+ <title>systemd: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in systemd, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">systemd,systemd-tmpfiles,systemd-utils,udev</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>880547</bug>
+ <bug>830967</bug>
+ <access>remote</access>
+ <affected>
+ <package name="sys-apps/systemd" auto="yes" arch="*">
+ <unaffected range="ge">251.3</unaffected>
+ <vulnerable range="lt">251.3</vulnerable>
+ </package>
+ <package name="sys-apps/systemd-tmpfiles" auto="yes" arch="*">
+ <vulnerable range="None">None</vulnerable>
+ </package>
+ <package name="sys-apps/systemd-utils" auto="yes" arch="*">
+ <unaffected range="ge">251.3</unaffected>
+ <vulnerable range="lt">251.3</vulnerable>
+ </package>
+ <package name="sys-fs/udev" auto="yes" arch="*">
+ <vulnerable range="None">None</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>A system and service manager.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in systemd. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All systemd users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/systemd-251.3"
+ </code>
+
+ <p>All systemd-utils users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/systemd-utils-251.3"
+ </code>
+
+ <p>Gentoo has discontinued support for sys-apps/systemd-tmpfiles, sys-boot/systemd-boot, and sys-fs/udev. See the 2022-04-19-systemd-utils news item. Users should unmerge it in favor of sys-apps/systemd-utils on non-systemd systems:</p>
+
+ <code>
+ # emerge --ask --depclean --verbose "sys-apps/systemd-tmpfiles" "sys-boot/systemd-boot" "sys-fs/udev"
+ # emerge --ask --verbose --oneshot ">=sys-apps/systemd-utils-251.3"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3997">CVE-2021-3997</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3821">CVE-2022-3821</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:03:45.135890Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:03:45.140859Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-16.xml b/metadata/glsa/glsa-202305-16.xml
new file mode 100644
index 000000000000..4f71e42cd375
--- /dev/null
+++ b/metadata/glsa/glsa-202305-16.xml
@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-16">
+ <title>Vim, gVim: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">gvim,vim,vim-core</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>851231</bug>
+ <bug>861092</bug>
+ <bug>869359</bug>
+ <bug>879257</bug>
+ <bug>883681</bug>
+ <bug>889730</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-editors/gvim" auto="yes" arch="*">
+ <unaffected range="ge">9.0.1157</unaffected>
+ <vulnerable range="lt">9.0.1157</vulnerable>
+ </package>
+ <package name="app-editors/vim" auto="yes" arch="*">
+ <unaffected range="ge">9.0.1157</unaffected>
+ <vulnerable range="lt">9.0.1157</vulnerable>
+ </package>
+ <package name="app-editors/vim-core" auto="yes" arch="*">
+ <unaffected range="ge">9.0.1157</unaffected>
+ <vulnerable range="lt">9.0.1157</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Vim users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157"
+ </code>
+
+ <p>All gVim users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157"
+ </code>
+
+ <p>All vim-core users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1154">CVE-2022-1154</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1160">CVE-2022-1160</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1381">CVE-2022-1381</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1420">CVE-2022-1420</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1616">CVE-2022-1616</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1619">CVE-2022-1619</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1620">CVE-2022-1620</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1621">CVE-2022-1621</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1629">CVE-2022-1629</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1674">CVE-2022-1674</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1720">CVE-2022-1720</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1725">CVE-2022-1725</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1733">CVE-2022-1733</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1735">CVE-2022-1735</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1769">CVE-2022-1769</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1771">CVE-2022-1771</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1785">CVE-2022-1785</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1796">CVE-2022-1796</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1851">CVE-2022-1851</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1886">CVE-2022-1886</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1897">CVE-2022-1897</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1898">CVE-2022-1898</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1927">CVE-2022-1927</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1942">CVE-2022-1942</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1968">CVE-2022-1968</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2000">CVE-2022-2000</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2042">CVE-2022-2042</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2124">CVE-2022-2124</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2125">CVE-2022-2125</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2126">CVE-2022-2126</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2129">CVE-2022-2129</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2175">CVE-2022-2175</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2182">CVE-2022-2182</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2183">CVE-2022-2183</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2206">CVE-2022-2206</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2207">CVE-2022-2207</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2208">CVE-2022-2208</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2210">CVE-2022-2210</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2231">CVE-2022-2231</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2257">CVE-2022-2257</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2264">CVE-2022-2264</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2284">CVE-2022-2284</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2285">CVE-2022-2285</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2286">CVE-2022-2286</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2287">CVE-2022-2287</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2288">CVE-2022-2288</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2289">CVE-2022-2289</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2304">CVE-2022-2304</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2343">CVE-2022-2343</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2344">CVE-2022-2344</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2345">CVE-2022-2345</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2522">CVE-2022-2522</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2816">CVE-2022-2816</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2817">CVE-2022-2817</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2819">CVE-2022-2819</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2845">CVE-2022-2845</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2849">CVE-2022-2849</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2862">CVE-2022-2862</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2874">CVE-2022-2874</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2889">CVE-2022-2889</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2923">CVE-2022-2923</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2946">CVE-2022-2946</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2980">CVE-2022-2980</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2982">CVE-2022-2982</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3016">CVE-2022-3016</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3099">CVE-2022-3099</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3134">CVE-2022-3134</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3153">CVE-2022-3153</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3234">CVE-2022-3234</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3235">CVE-2022-3235</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3256">CVE-2022-3256</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3278">CVE-2022-3278</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3296">CVE-2022-3296</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3297">CVE-2022-3297</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3324">CVE-2022-3324</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3352">CVE-2022-3352</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3491">CVE-2022-3491</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3520">CVE-2022-3520</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3591">CVE-2022-3591</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-3705">CVE-2022-3705</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4141">CVE-2022-4141</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4292">CVE-2022-4292</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4293">CVE-2022-4293</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-47024">CVE-2022-47024</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0049">CVE-2023-0049</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0051">CVE-2023-0051</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0054">CVE-2023-0054</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:03:57.350349Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:03:57.353137Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-17.xml b/metadata/glsa/glsa-202305-17.xml
new file mode 100644
index 000000000000..579fc43f15d6
--- /dev/null
+++ b/metadata/glsa/glsa-202305-17.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-17">
+ <title>libsdl: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in libsdl, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">libsdl</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>692388</bug>
+ <bug>836665</bug>
+ <bug>861809</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/libsdl" auto="yes" arch="*">
+ <unaffected range="ge">1.2.15_p20221201</unaffected>
+ <vulnerable range="lt">1.2.15_p20221201</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in SDL. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libsdl users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsdl-1.2.15_p20221201"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7572">CVE-2019-7572</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7573">CVE-2019-7573</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7574">CVE-2019-7574</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7575">CVE-2019-7575</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7576">CVE-2019-7576</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7577">CVE-2019-7577</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7578">CVE-2019-7578</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7635">CVE-2019-7635</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7636">CVE-2019-7636</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-7638">CVE-2019-7638</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-13616">CVE-2019-13616</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33657">CVE-2021-33657</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34568">CVE-2022-34568</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:04:10.572876Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:04:10.575693Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-18.xml b/metadata/glsa/glsa-202305-18.xml
new file mode 100644
index 000000000000..8a572e5fecde
--- /dev/null
+++ b/metadata/glsa/glsa-202305-18.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-18">
+ <title>libsdl2: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been found in libsdl2, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">libsdl2</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>836665</bug>
+ <bug>890614</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/libsdl2" auto="yes" arch="*">
+ <unaffected range="ge">2.26.0</unaffected>
+ <vulnerable range="lt">2.26.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libsdl2. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libsdl2 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/libsdl2-2.26.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33657">CVE-2021-33657</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-4743">CVE-2022-4743</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:04:24.467262Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:04:24.470744Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-19.xml b/metadata/glsa/glsa-202305-19.xml
new file mode 100644
index 000000000000..be46977da997
--- /dev/null
+++ b/metadata/glsa/glsa-202305-19.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-19">
+ <title>Firejail: Local Privilege Escalation</title>
+ <synopsis>A vulnerability has been discovered in Firejail which could result in local root privilege escalation.</synopsis>
+ <product type="ebuild">firejail,firejail-lts</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>850748</bug>
+ <access>remote</access>
+ <affected>
+ <package name="sys-apps/firejail" auto="yes" arch="*">
+ <unaffected range="ge">0.9.70</unaffected>
+ <vulnerable range="lt">0.9.70</vulnerable>
+ </package>
+ <package name="sys-apps/firejail-lts" auto="yes" arch="*">
+ <vulnerable range="None">None</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.</p>
+ </background>
+ <description>
+ <p>Firejail does not sufficiently validate the user&#39;s environment prior to using it as the root user when using the --join command line option.</p>
+ </description>
+ <impact type="normal">
+ <p>An unprivileged user can exploit this vulnerability to achieve local root privileges.</p>
+ </impact>
+ <workaround>
+ <p>System administrators can mitigate this vulnerability via adding either &#34;force-nonewprivs yes&#34; or &#34;join no&#34; to the Firejail configuration file in /etc/firejail/firejail.config.</p>
+ </workaround>
+ <resolution>
+ <p>Gentoo has discontinued support for sys-apps/firejail-lts. Users should unmerge it in favor of sys-apps/firejail:</p>
+
+ <code>
+ # emerge --ask --depclean --verbose "sys-apps/firejail-lts"
+ # emerge --ask --verbose "sys-apps/firejail"
+ </code>
+
+ <p>All Firejail users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.70"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31214">CVE-2022-31214</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:04:36.994181Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:04:36.999752Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-20.xml b/metadata/glsa/glsa-202305-20.xml
new file mode 100644
index 000000000000..bd23dda9c1cb
--- /dev/null
+++ b/metadata/glsa/glsa-202305-20.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-20">
+ <title>libapreq2: Buffer Overflow</title>
+ <synopsis>A buffer overflow vulnerability has been discovered in libapreq2 which could result in denial of service.</synopsis>
+ <product type="ebuild">libapreq2</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>866536</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-apache/libapreq2" auto="yes" arch="*">
+ <unaffected range="ge">2.17</unaffected>
+ <vulnerable range="lt">2.17</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libapreq is a shared library with associated modules for manipulating client request data via the Apache API.</p>
+ </background>
+ <description>
+ <p>TODO</p>
+ </description>
+ <impact type="low">
+ <p>An attacker could submit a crafted multipart form to trigger the buffer overflow and cause a denial of service.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libapreq2 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.17"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22728">CVE-2022-22728</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:05:03.532537Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:05:03.535300Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-21.xml b/metadata/glsa/glsa-202305-21.xml
new file mode 100644
index 000000000000..2fff2cab64ad
--- /dev/null
+++ b/metadata/glsa/glsa-202305-21.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-21">
+ <title>Cairo: Buffer Overflow Vulnerability</title>
+ <synopsis>A buffer overflow vulnerability has been discovered in Cairo which could result in denial of service.</synopsis>
+ <product type="ebuild">cairo</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>777123</bug>
+ <access>remote</access>
+ <affected>
+ <package name="x11-libs/cairo" auto="yes" arch="*">
+ <unaffected range="ge">1.17.6</unaffected>
+ <vulnerable range="lt">1.17.6</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Cairo is a 2D vector graphics library with cross-device output support.</p>
+ </background>
+ <description>
+ <p>An attacker with the ability to provide input to Cairo&#39;s image-compositor can cause a buffer overwrite.</p>
+ </description>
+ <impact type="normal">
+ <p>Malicious input to Cairo&#39;s image-compositor can result in denial of service of the application using such Cairo functionality.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Cairo users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.17.6"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35492">CVE-2020-35492</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:32:09.444977Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:32:09.447930Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-22.xml b/metadata/glsa/glsa-202305-22.xml
new file mode 100644
index 000000000000..7498701d25eb
--- /dev/null
+++ b/metadata/glsa/glsa-202305-22.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-22">
+ <title>ISC DHCP: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in ISC DHCP, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">dhcp</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>875521</bug>
+ <bug>792324</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-misc/dhcp" auto="yes" arch="*">
+ <unaffected range="ge">4.4.3_p1</unaffected>
+ <vulnerable range="lt">4.4.3_p1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>ISC DHCP is ISC&#39;s reference implementation of all aspects of the Dynamic Host Configuration Protocol.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All ISC DHCP users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.4.3_p1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-25217">CVE-2021-25217</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2928">CVE-2022-2928</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2929">CVE-2022-2929</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:32:25.223781Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:32:25.226672Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202305-23.xml b/metadata/glsa/glsa-202305-23.xml
new file mode 100644
index 000000000000..6d921e29970f
--- /dev/null
+++ b/metadata/glsa/glsa-202305-23.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202305-23">
+ <title>Lua: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Lua, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">lua</product>
+ <announced>2023-05-03</announced>
+ <revised count="1">2023-05-03</revised>
+ <bug>837521</bug>
+ <bug>831053</bug>
+ <bug>520480</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-lang/lua" auto="yes" arch="*">
+ <unaffected range="ge" slot="5.4">5.4.4-r103</unaffected>
+ <unaffected range="ge" slot="5.2">5.2.3</unaffected>
+ <unaffected range="ge" slot="5.1">5.1.5-r200</unaffected>
+ <vulnerable range="lt" slot="5.4">5.4.4-r103</vulnerable>
+ <vulnerable range="lt" slot="5.2">5.2.3</vulnerable>
+ <vulnerable range="lt" slot="5.1">5.1.5-r200</vulnerable>
+ <vulnerable range="None">None</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Lua. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Lua 5.1 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.1.5-r200"
+ </code>
+
+ <p>All Lua 5.3 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.2.3"
+ </code>
+
+ <p>All Lua 5.4 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/lua-5.4.4-r103"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5461">CVE-2014-5461</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-44647">CVE-2021-44647</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28805">CVE-2022-28805</uri>
+ </references>
+ <metadata tag="requester" timestamp="2023-05-03T10:32:55.745234Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2023-05-03T10:32:55.751034Z">sam</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index d82f0bf9f814..22ec29cab17e 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 03 May 2023 09:39:36 +0000
+Wed, 03 May 2023 15:39:39 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 27fdda67f379..22d6e004bfa9 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-5f136da08cc28aa97d67b66cdaeb4c59046fd70d 1683106306 2023-05-03T09:31:46+00:00
+9481b5e54d9a028a3f651d96ca46efd05ac1b3a6 1683110025 2023-05-03T10:33:45+00:00
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 09:42:02 +0000