gentoo auto-resync : 08:12:2024 - 02:07:28

author: V3n3RiX <venerix@koprulu.sector> 2024-12-08 02:07:29 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2024-12-08 02:07:29 +0000
commit: 494168b06b81a32b889c3cb1f721f925d0a6824f (patch)
tree: 0ec763ffa61af808a83f365fb6680258d2e28a50 /metadata/glsa
parent: 2198f8593ae0312add1bdccb49edfcb935e5f8a6 (diff)
15 files changed, 856 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 3edff5422e8a..9b2a69bfd79f 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 591718 BLAKE2B cd53ee1575b57b03315f3e2b15f89a06fbc6711259ee7a82e1ca6f8970d8fdd183ea1f95f313b15f9f7f905c2c8641fa9ae9f0d8a12e8fedc6851ee3f7c15bbd SHA512 1cf337d112115a521c08a9fa208a2c60a1ef9651426b5a20b7ff05709eda7e21b384c627f1dedd2abb84476daf5fadea280b479585390abd903daec89814b24f
-TIMESTAMP 2024-12-07T01:40:52Z
+MANIFEST Manifest.files.gz 593481 BLAKE2B ee22f7c11f33df43a454552d1b8d10d1f96d1802d7fced628a7d07606ddfbf6c846c83faa7621de294b183429366dcc42e80da94b91a2fb761ee3f94e2c85ff2 SHA512 a19559f4dd8c5e382086e5dbaa70e8e2d9e9c9e61e9c81a9309fb2e7fd0cbea622192db4fc799a381855e29e422c461e3ba8808cf8e6e744208eb758356b71af
+TIMESTAMP 2024-12-08T00:58:12Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmdTp6RfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmdU7yVfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klCL8w/+MW/SFtG1cu3M874rUF4VzziJxfUCeXFAKgJg+9o2oXrxHKHyZNG5ZAN6
-sOcr/h6RIM8ysXJmZrW+Te4l8szsBC8oDGA8kqOvNYP2JR5dpcG0i8Rn4Ccym2ka
-CpeHrkqHHXZzvV1XW3q66WXtq3tsa2K6U6MijkMeL2XYz3ZO8x0DEtouu9dkDCTV
-+mgX8Y7CuwSUAV7Csz/aaGT21Ygrsx6sXASyTyXkZTJ7r1aGmFiDE082DN2Ru8Vh
-NgAshzmvGL6y7bzrNYKPIsfbuXvBKyI3IzI9wn/o2Sd49DJsEk4DDG9vgvPwmXT4
-kZeNWQMPC9ikZjeqqyWy6G6WFjm7Rwx0wdi25pX/WrW855cLuMuJoFTxKWb82Ai0
-HbND2MNbXRNJYm5ZFpjYNk91e935bGwjBstZCXVD+X+lfoLn2QqVyqzQxK84Swlm
-ITDWo1VMhVCGZgcmKBr7F9bZhOCw/ZQA3mPvWgCyqnm2RIv15Vn0rElOXZcum9xj
-Ia4FWRfWgrXFne2/5pwY/lyAdEBWX057FOPF2b4tghRyUBXdycGKUAHIh2qVcgy4
-OVEY8hEFhrJ0cGTmksezDPTKAMpqC6gthAFO3KQNJ3Og0r7WzZ+WpeOhKlZwQNyR
-G73dfyR5+6Nwuvfm4A/f6IP0Qp2MtlY7bAu+KAcaav2sQ/1iQFQ=
-=6CZF
+klAcPg/+JYtQiSZCCiVpJIfb4xHImRx3vIDotQK1iq9WLjkq5sqbhSlQIkrvwurs
+IFmEcGPyx1hubbtvfH8EiPH6A324wrWRieeje9CUI7PJrW7UQi91/twn0/hPtaBk
+bu3ODDvMRq3cgjR5o/OmHamFAWTmXLPzrE12rp6w5M4ypu9y7DPm9IbDkzwONFgs
+3iY2JG4cbXcqf14XhCdAESY679w41JPahI1uJXwzhKiyUyRu3+mdBwvC6pqssfRD
+zzwmHhPoqR9kpau5EfKpBKbQ+XreXHKN3HxQVnhfb5HAwUwMXOyZJ9/4jY8r16k/
+GmO8A4FPuI5DSGwBizybU3mx1HXnvES5gHa2VLic6GEK+9OxYl/Hdk3N/D1TEzXW
+5/5Kis6MiQQGH4wyE74iHZwWb5UUTRvJh/hcXFf4GAjILtBBPT26qLNFIqtyLbh4
+LxnrunEp3oWHtOV+CsGlDVzjyYGJeda6AkCUFCPQARWgac/KoxmMyp3+3ghJfd5v
+NiCDHzAMl2bpC/JsGfaYn7iW7YbB3/xBYThGHDHHNHN40K5SLvTAd0BXKaxXtypw
+0JKnwu4NQdXBEfuYGQgNAuVLOhdyAg+OozTlSfNzgd1B7UaxEv1hARk4GX6FibTk
+NBJMgUYga7QTRVz7VK82RwOwq1wl0yaoNBODMsM4CcdX9cyvZc4=
+=orG/
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 22441536c90f..7788e1605e96 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202412-01.xml b/metadata/glsa/glsa-202412-01.xml
new file mode 100644
index 000000000000..1bc02fe634cd
--- /dev/null
+++ b/metadata/glsa/glsa-202412-01.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-01">
+    <title>R: Arbitrary Code Execution</title>
+    <synopsis>A vulnerability has been discovered in R, which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">R</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>930936</bug>
+    <access>local</access>
+    <affected>
+        <package name="dev-lang/R" auto="yes" arch="*">
+            <unaffected range="ge">4.4.1</unaffected>
+            <vulnerable range="lt">4.4.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>R is a language and environment for statistical computing and graphics.</p>
+    </background>
+    <description>
+        <p>Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.</p>
+    </description>
+    <impact type="high">
+        <p>Arbitrary code may be run when deserializing untrusted data.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All R users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-lang/R-4.4.1"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-27322">CVE-2024-27322</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T08:53:34.596478Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T08:53:34.602412Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-02.xml b/metadata/glsa/glsa-202412-02.xml
new file mode 100644
index 000000000000..406294fbcda9
--- /dev/null
+++ b/metadata/glsa/glsa-202412-02.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-02">
+    <title>Cacti: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.</synopsis>
+    <product type="ebuild">cacti</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>823788</bug>
+    <bug>834597</bug>
+    <bug>884799</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-analyzer/cacti" auto="yes" arch="*">
+            <unaffected range="ge">1.2.26</unaffected>
+            <vulnerable range="lt">1.2.26</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Cacti is a web-based network graphing and reporting tool.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Cacti users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.26"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14424">CVE-2020-14424</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0730">CVE-2022-0730</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-46169">CVE-2022-46169</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-48547">CVE-2022-48547</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-30534">CVE-2023-30534</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-31132">CVE-2023-31132</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39357">CVE-2023-39357</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39358">CVE-2023-39358</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39359">CVE-2023-39359</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39360">CVE-2023-39360</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39361">CVE-2023-39361</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39362">CVE-2023-39362</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39365">CVE-2023-39365</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39510">CVE-2023-39510</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39511">CVE-2023-39511</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39512">CVE-2023-39512</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39513">CVE-2023-39513</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39514">CVE-2023-39514</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39515">CVE-2023-39515</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-39516">CVE-2023-39516</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T08:56:20.459772Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T08:56:20.462893Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-03.xml b/metadata/glsa/glsa-202412-03.xml
new file mode 100644
index 000000000000..cf4f8ff726a6
--- /dev/null
+++ b/metadata/glsa/glsa-202412-03.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-03">
+    <title>Asterisk: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.</synopsis>
+    <product type="ebuild">asterisk</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>771318</bug>
+    <bug>803440</bug>
+    <bug>838391</bug>
+    <bug>884797</bug>
+    <bug>920026</bug>
+    <bug>937844</bug>
+    <bug>939159</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-misc/asterisk" auto="yes" arch="*">
+            <unaffected range="ge">18.24.3</unaffected>
+            <vulnerable range="lt">18.24.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Asterisk is an open source telephony engine and toolkit.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Asterisk users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-misc/asterisk-18.24.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35776">CVE-2020-35776</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26712">CVE-2021-26712</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26713">CVE-2021-26713</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26714">CVE-2021-26714</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26717">CVE-2021-26717</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26906">CVE-2021-26906</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31878">CVE-2021-31878</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32558">CVE-2021-32558</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26498">CVE-2022-26498</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26499">CVE-2022-26499</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26651">CVE-2022-26651</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37325">CVE-2022-37325</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42705">CVE-2022-42705</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-42706">CVE-2022-42706</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-37457">CVE-2023-37457</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49294">CVE-2023-49294</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-49786">CVE-2023-49786</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T08:58:41.628301Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T08:58:41.632180Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-04.xml b/metadata/glsa/glsa-202412-04.xml
new file mode 100644
index 000000000000..65ac03ed8741
--- /dev/null
+++ b/metadata/glsa/glsa-202412-04.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-04">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>936215</bug>
+    <bug>937467</bug>
+    <bug>941169</bug>
+    <bug>941174</bug>
+    <bug>941224</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">131.0.2</unaffected>
+            <unaffected range="ge" slot="esr">123.3.1</unaffected>
+            <vulnerable range="lt" slot="rapid">131.0.2</vulnerable>
+            <vulnerable range="lt" slot="esr">128.3.1</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="rapid">131.0.2</unaffected>
+            <unaffected range="ge" slot="esr">128.3.1</unaffected>
+            <vulnerable range="lt" slot="rapid">131.0.2</vulnerable>
+            <vulnerable range="lt" slot="esr">128.3.1</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox users should upgrade to the latest version in their release channel:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-131.0.2:rapid"
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.3.1:esr"
+        </code>
+        
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-131.0.2:rapid"
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-128.3.1:esr"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6601">CVE-2024-6601</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6602">CVE-2024-6602</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6603">CVE-2024-6603</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6604">CVE-2024-6604</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6606">CVE-2024-6606</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6607">CVE-2024-6607</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6608">CVE-2024-6608</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6609">CVE-2024-6609</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6610">CVE-2024-6610</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6611">CVE-2024-6611</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6612">CVE-2024-6612</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6613">CVE-2024-6613</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6614">CVE-2024-6614</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6615">CVE-2024-6615</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7518">CVE-2024-7518</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7519">CVE-2024-7519</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7520">CVE-2024-7520</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7521">CVE-2024-7521</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7522">CVE-2024-7522</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7523">CVE-2024-7523</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7524">CVE-2024-7524</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7525">CVE-2024-7525</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7526">CVE-2024-7526</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7527">CVE-2024-7527</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7528">CVE-2024-7528</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7529">CVE-2024-7529</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7530">CVE-2024-7530</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7531">CVE-2024-7531</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8381">CVE-2024-8381</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8382">CVE-2024-8382</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8383">CVE-2024-8383</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8384">CVE-2024-8384</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8385">CVE-2024-8385</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8386">CVE-2024-8386</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8387">CVE-2024-8387</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8389">CVE-2024-8389</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8394">CVE-2024-8394</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8900">CVE-2024-8900</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9391">CVE-2024-9391</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9392">CVE-2024-9392</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9395">CVE-2024-9395</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9396">CVE-2024-9396</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9397">CVE-2024-9397</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9399">CVE-2024-9399</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9400">CVE-2024-9400</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9401">CVE-2024-9401</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9402">CVE-2024-9402</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9403">CVE-2024-9403</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9680">CVE-2024-9680</uri>
+        <uri>MFSA2024-29</uri>
+        <uri>MFSA2024-30</uri>
+        <uri>MFSA2024-31</uri>
+        <uri>MFSA2024-33</uri>
+        <uri>MFSA2024-34</uri>
+        <uri>MFSA2024-35</uri>
+        <uri>MFSA2024-38</uri>
+        <uri>MFSA2024-39</uri>
+        <uri>MFSA2024-40</uri>
+        <uri>MFSA2024-41</uri>
+        <uri>MFSA2024-43</uri>
+        <uri>MFSA2024-44</uri>
+        <uri>MFSA2024-46</uri>
+        <uri>MFSA2024-47</uri>
+        <uri>MFSA2024-48</uri>
+        <uri>MFSA2024-49</uri>
+        <uri>MFSA2024-50</uri>
+        <uri>MFSA2024-51</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T10:09:25.027501Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T10:09:25.030768Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-05.xml b/metadata/glsa/glsa-202412-05.xml
new file mode 100644
index 000000000000..f68005802f5a
--- /dev/null
+++ b/metadata/glsa/glsa-202412-05.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-05">
+    <title>Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.</synopsis>
+    <product type="ebuild">chromium,google-chrome,microsoft-edge,microsoft-edge,opera</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>924450</bug>
+    <bug>925161</bug>
+    <bug>925666</bug>
+    <bug>926230</bug>
+    <bug>926869</bug>
+    <bug>927312</bug>
+    <bug>927928</bug>
+    <bug>928462</bug>
+    <bug>929112</bug>
+    <bug>930124</bug>
+    <bug>930647</bug>
+    <bug>930994</bug>
+    <bug>931548</bug>
+    <access>remote</access>
+    <affected>
+        <package name="ww-client/microsoft-edge" auto="yes" arch="*">
+            <unaffected range="ge">124.0.2478.97</unaffected>
+        </package>
+        <package name="www-client/chromium" auto="yes" arch="*">
+            <unaffected range="ge">124.0.6367.155</unaffected>
+            <vulnerable range="lt">124.0.6367.155</vulnerable>
+        </package>
+        <package name="www-client/google-chrome" auto="yes" arch="*">
+            <unaffected range="ge">124.0.6367.155</unaffected>
+            <vulnerable range="lt">124.0.6367.155</vulnerable>
+        </package>
+        <package name="www-client/microsoft-edge" auto="yes" arch="*">
+            <vulnerable range="lt">124.0.2478.97</vulnerable>
+        </package>
+        <package name="www-client/opera" auto="yes" arch="*">
+            <unaffected range="ge">110.0.5130.35</unaffected>
+            <vulnerable range="lt">110.0.5130.35</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Opera is a fast and secure web browser.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Google Chrome users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/google-chrome-124.0.6367.155"
+        </code>
+        
+        <p>All Chromium users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/chromium-124.0.6367.155 "
+        </code>
+        
+        <p>All Microsoft Edge users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-124.0.2478.97"
+        </code>
+        
+        <p>All Oprea users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/opera-110.0.5130.35"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1669">CVE-2024-1669</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1670">CVE-2024-1670</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1671">CVE-2024-1671</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1672">CVE-2024-1672</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1673">CVE-2024-1673</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1674">CVE-2024-1674</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1675">CVE-2024-1675</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1676">CVE-2024-1676</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2173">CVE-2024-2173</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2174">CVE-2024-2174</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2176">CVE-2024-2176</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2400">CVE-2024-2400</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2625">CVE-2024-2625</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2626">CVE-2024-2626</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2627">CVE-2024-2627</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2628">CVE-2024-2628</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2883">CVE-2024-2883</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2885">CVE-2024-2885</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2886">CVE-2024-2886</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-2887">CVE-2024-2887</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3156">CVE-2024-3156</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3158">CVE-2024-3158</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3159">CVE-2024-3159</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3832">CVE-2024-3832</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3833">CVE-2024-3833</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-3834">CVE-2024-3834</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4058">CVE-2024-4058</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4059">CVE-2024-4059</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4060">CVE-2024-4060</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4331">CVE-2024-4331</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4368">CVE-2024-4368</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4558">CVE-2024-4558</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-4559">CVE-2024-4559</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T10:13:10.835687Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T10:13:10.839877Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-06.xml b/metadata/glsa/glsa-202412-06.xml
new file mode 100644
index 000000000000..a7fb73b9eba0
--- /dev/null
+++ b/metadata/glsa/glsa-202412-06.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-06">
+    <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">thunderbird,thunderbird-bin</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>935551</bug>
+    <bug>936216</bug>
+    <bug>937468</bug>
+    <bug>941170</bug>
+    <bug>941175</bug>
+    <bug>942470</bug>
+    <access>remote</access>
+    <affected>
+        <package name="mail-client/thunderbird" auto="yes" arch="*">
+            <unaffected range="ge">128.4.0</unaffected>
+            <vulnerable range="lt">128.4.0</vulnerable>
+        </package>
+        <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+            <unaffected range="ge">128.4.0</unaffected>
+            <vulnerable range="lt">128.4.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.4.0"
+        </code>
+        
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.4.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5693">CVE-2024-5693</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5696">CVE-2024-5696</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-5700">CVE-2024-5700</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6601">CVE-2024-6601</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6602">CVE-2024-6602</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6603">CVE-2024-6603</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-6604">CVE-2024-6604</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7518">CVE-2024-7518</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7519">CVE-2024-7519</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7520">CVE-2024-7520</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7521">CVE-2024-7521</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7522">CVE-2024-7522</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7523">CVE-2024-7523</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7524">CVE-2024-7524</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7525">CVE-2024-7525</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7526">CVE-2024-7526</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7527">CVE-2024-7527</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7528">CVE-2024-7528</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7529">CVE-2024-7529</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-7531">CVE-2024-7531</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8381">CVE-2024-8381</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8382">CVE-2024-8382</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8383">CVE-2024-8383</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8384">CVE-2024-8384</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8385">CVE-2024-8385</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8386">CVE-2024-8386</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8387">CVE-2024-8387</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8389">CVE-2024-8389</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8394">CVE-2024-8394</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-8900">CVE-2024-8900</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9391">CVE-2024-9391</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9392">CVE-2024-9392</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9395">CVE-2024-9395</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9396">CVE-2024-9396</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9397">CVE-2024-9397</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9399">CVE-2024-9399</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9400">CVE-2024-9400</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9401">CVE-2024-9401</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9402">CVE-2024-9402</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-9403">CVE-2024-9403</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10458">CVE-2024-10458</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10459">CVE-2024-10459</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10460">CVE-2024-10460</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10461">CVE-2024-10461</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10462">CVE-2024-10462</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10463">CVE-2024-10463</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10464">CVE-2024-10464</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10465">CVE-2024-10465</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10466">CVE-2024-10466</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10467">CVE-2024-10467</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10468">CVE-2024-10468</uri>
+        <uri>MFSA-2024-25</uri>
+        <uri>MFSA-2024-26</uri>
+        <uri>MFSA-2024-28</uri>
+        <uri>MFSA2024-29</uri>
+        <uri>MFSA2024-30</uri>
+        <uri>MFSA2024-31</uri>
+        <uri>MFSA2024-33</uri>
+        <uri>MFSA2024-34</uri>
+        <uri>MFSA2024-35</uri>
+        <uri>MFSA2024-38</uri>
+        <uri>MFSA2024-39</uri>
+        <uri>MFSA2024-40</uri>
+        <uri>MFSA2024-41</uri>
+        <uri>MFSA2024-43</uri>
+        <uri>MFSA2024-44</uri>
+        <uri>MFSA2024-46</uri>
+        <uri>MFSA2024-47</uri>
+        <uri>MFSA2024-48</uri>
+        <uri>MFSA2024-49</uri>
+        <uri>MFSA2024-50</uri>
+        <uri>MFSA2024-55</uri>
+        <uri>MFSA2024-56</uri>
+        <uri>MFSA2024-57</uri>
+        <uri>MFSA2024-58</uri>
+        <uri>MFSA2024-59</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T10:32:19.630664Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T10:32:19.634875Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-07.xml b/metadata/glsa/glsa-202412-07.xml
new file mode 100644
index 000000000000..f2ac638e2f8d
--- /dev/null
+++ b/metadata/glsa/glsa-202412-07.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-07">
+    <title>OpenJDK: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in OpenJDK, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">openjdk,openjdk-bin,openjdk-jre-bin</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>912719</bug>
+    <bug>916211</bug>
+    <bug>925020</bug>
+    <bug>941689</bug>
+    <access>local and remote</access>
+    <affected>
+        <package name="dev-java/openjdk" auto="yes" arch="*">
+            <unaffected range="ge" slot="8">8.422_p05</unaffected>
+            <unaffected range="ge" slot="11">11.0.24_p8</unaffected>
+            <unaffected range="ge" slot="17">17.0.12_p7</unaffected>
+            <vulnerable range="lt" slot="8">8.422_p05</vulnerable>
+            <vulnerable range="lt" slot="11">11.0.24_p8</vulnerable>
+            <vulnerable range="lt" slot="17">17.0.12_p7</vulnerable>
+        </package>
+        <package name="dev-java/openjdk-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="8">8.422_p05</unaffected>
+            <unaffected range="ge" slot="11">11.0.24_p8</unaffected>
+            <unaffected range="ge" slot="17">17.0.12_p7</unaffected>
+            <vulnerable range="lt" slot="8">8.422_p05</vulnerable>
+            <vulnerable range="lt" slot="11">11.0.24_p8</vulnerable>
+            <vulnerable range="lt" slot="17">17.0.12_p7</vulnerable>
+        </package>
+        <package name="dev-java/openjdk-jre-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="8">8.422_p05</unaffected>
+            <unaffected range="ge" slot="11">11.0.24_p8</unaffected>
+            <unaffected range="ge" slot="17">17.0.12_p7</unaffected>
+            <vulnerable range="lt" slot="8">8.422_p05</vulnerable>
+            <vulnerable range="lt" slot="11">11.0.24_p8</vulnerable>
+            <vulnerable range="lt" slot="17">17.0.12_p7</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>OpenJDK is an open source implementation of the Java programming language.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All OpenJDK users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-java/openjdk-8.422_p05:8"
+          # emerge --ask --oneshot --verbose ">=dev-java/openjdk-11.0.24_p8:11"
+          # emerge --ask --oneshot --verbose ">=dev-java/openjdk-17.0.12_p7:17"
+        </code>
+        
+        <p>All OpenJDK users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-8.442_p05:8"
+          # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-11.0.24_p8:11"
+          # emerge --ask --oneshot --verbose ">=dev-java/openjdk-jre-bin-17.0.12_p7:17"
+        </code>
+        
+        <p>All OpenJDK users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-8.442_p05:8"
+          # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-11.0.24_p8:11"
+          # emerge --ask --oneshot --verbose ">=dev-java/openjdk-bin-17.0.12_p7:17"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22006">CVE-2023-22006</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22025">CVE-2023-22025</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22036">CVE-2023-22036</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22041">CVE-2023-22041</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22044">CVE-2023-22044</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22045">CVE-2023-22045</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22049">CVE-2023-22049</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22067">CVE-2023-22067</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-22081">CVE-2023-22081</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20918">CVE-2024-20918</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20919">CVE-2024-20919</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20921">CVE-2024-20921</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20926">CVE-2024-20926</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20932">CVE-2024-20932</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20945">CVE-2024-20945</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-20952">CVE-2024-20952</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21208">CVE-2024-21208</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21210">CVE-2024-21210</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21217">CVE-2024-21217</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-21235">CVE-2024-21235</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T10:36:00.689590Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T10:36:00.694327Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-08.xml b/metadata/glsa/glsa-202412-08.xml
new file mode 100644
index 000000000000..e886a101b877
--- /dev/null
+++ b/metadata/glsa/glsa-202412-08.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-08">
+    <title>icinga2: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Icinga2, the worst of which could lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">icinga2</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>760660</bug>
+    <bug>943329</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-analyzer/icinga2" auto="yes" arch="*">
+            <unaffected range="ge">2.14.3</unaffected>
+            <vulnerable range="lt">2.14.3</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Icinga2 is a distributed, general purpose, network monitoring engine.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Icinga2. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="low">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Icinga2 users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-analyzer/icinga2-2.14.3"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29663">CVE-2020-29663</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32739">CVE-2021-32739</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-32743">CVE-2021-32743</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-37698">CVE-2021-37698</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-49369">CVE-2024-49369</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T10:38:13.796029Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T10:38:13.799855Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-09.xml b/metadata/glsa/glsa-202412-09.xml
new file mode 100644
index 000000000000..a4213f22a467
--- /dev/null
+++ b/metadata/glsa/glsa-202412-09.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-09">
+    <title>Salt: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Salt, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">salt</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>916512</bug>
+    <bug>925021</bug>
+    <access>remote</access>
+    <affected>
+        <package name="app-admin/salt" auto="yes" arch="*">
+            <unaffected range="ge">3006.6</unaffected>
+            <vulnerable range="lt">3006.6</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Salt is a fast, intelligent and scalable automation engine.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Salt users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=app-admin/salt-3006.6"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-20897">CVE-2023-20897</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-20898">CVE-2023-20898</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-34049">CVE-2023-34049</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-22231">CVE-2024-22231</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-22232">CVE-2024-22232</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T11:25:36.905520Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T11:25:36.909137Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-10.xml b/metadata/glsa/glsa-202412-10.xml
new file mode 100644
index 000000000000..264249f32684
--- /dev/null
+++ b/metadata/glsa/glsa-202412-10.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-10">
+    <title>Dnsmasq: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service.</synopsis>
+    <product type="ebuild">dnsmasq</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>867322</bug>
+    <bug>905321</bug>
+    <bug>924448</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-dns/dnsmasq" auto="yes" arch="*">
+            <unaffected range="ge">2.90</unaffected>
+            <vulnerable range="lt">2.90</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Dnsmasq. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Dnsmasq users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.90"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0934">CVE-2022-0934</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-28450">CVE-2023-28450</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50387">CVE-2023-50387</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-50868">CVE-2023-50868</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T11:27:15.261272Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T11:27:15.263698Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/glsa-202412-11.xml b/metadata/glsa/glsa-202412-11.xml
new file mode 100644
index 000000000000..8596c449aadb
--- /dev/null
+++ b/metadata/glsa/glsa-202412-11.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202412-11">
+    <title>OATH Toolkit: Privilege Escalation</title>
+    <synopsis>A vulnerability has been discovered in OATH Toolkit, which could lead to local root privilege escalation.</synopsis>
+    <product type="ebuild">oath-toolkit</product>
+    <announced>2024-12-07</announced>
+    <revised count="1">2024-12-07</revised>
+    <bug>940778</bug>
+    <access>local</access>
+    <affected>
+        <package name="sys-auth/oath-toolkit" auto="yes" arch="*">
+            <unaffected range="ge">2.6.12</unaffected>
+            <vulnerable range="lt">2.6.12</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to manage secret key data. OATH stands for Open AuTHentication, which is the organization that specify the algorithms.</p>
+    </background>
+    <description>
+        <p>A vulnerability has been discovered in OATH Toolkit. Please review the CVE identifier referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifier for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All OATH Toolkit users should upgrade to the latest version:</p>
+        
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-auth/oath-toolkit-2.6.12"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-47191">CVE-2024-47191</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-12-07T11:29:36.174751Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-12-07T11:29:36.177979Z">graaff</metadata>
+</glsa>
+\ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index b87a62ffe02d..8b48be8e8900 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 07 Dec 2024 01:40:49 +0000
+Sun, 08 Dec 2024 00:58:06 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 0858bad8cc1f..f8d64bd3345e 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-06b1665a387d4d7cb73b9b91b99b6ed644d013ed 1731837118 2024-11-17T09:51:58Z
+d68b435cf0bf62e307cf4887a99866274a0677d7 1733570991 2024-12-07T11:29:51Z
author	V3n3RiX <venerix@koprulu.sector>	2024-12-08 02:07:29 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2024-12-08 02:07:29 +0000
commit	494168b06b81a32b889c3cb1f721f925d0a6824f (patch)
tree	0ec763ffa61af808a83f365fb6680258d2e28a50 /metadata/glsa
parent	2198f8593ae0312add1bdccb49edfcb935e5f8a6 (diff)