gentoo resync : 18.11.2018

13 files changed, 505 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 272b5617c473..66be81562320 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 429647 BLAKE2B a411cce710ab8dd39a655bd0e0cc190fbcae6f53119ffd89cae0be474bd52b18b9f669c37dc08ddc9e6dc2a29bf677b9015df98cc57c2d30284d663c0b745fe0 SHA512 727e13fbfd98dfc90a62c0a63c29d8331a6b94e4b42d913790e4a78f814e95d07a616b3b426612b6bfed54ee01f6b9889ca7c2f42345120b9b84f4679ebf482d
-TIMESTAMP 2018-11-03T07:38:39Z
+MANIFEST Manifest.files.gz 431078 BLAKE2B a37fcfee71256f9d40f60594c0e23daa5c659172c73db4acde25cfdd707e9c953c72c601225f03add857a3a4cd00dd0e4d133ce2a5780bc2e304faaa458a4319 SHA512 34e61d1ae19c99e2490f0ce5a8c731b8cbbf25f056f7432c3433599c2ba70347a4dc032b240a0b1d37227f95691c4c78e3d496bae3d66dff4167de8de8693f5d
+TIMESTAMP 2018-11-18T08:38:36Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlvdUH9fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlvxJQxfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klB9HhAAloTGT9BfjtX6lE1xv7+YdKOjU8YbkFR4rbjKI2zGnYqQAc8ZM1zss3+q
-pRDBwW1Bgp3LavCqFdTDVAqVQ2CiGjzAvWAyjYqjQnWyi+2mlgbgB1WpJLufd32P
-647NlKJcpIzGBW2CrL/fkQiqYkeYKx1fr9nr+BJoLYK7hPZbewKNITU2OsiV+TtM
-wgJ7uFECAbluJbdDnJPrY+8mYNpAaHrxmvzPx61hHq3rbMP3V8IC0753QUPhgKbr
-NzIKDX+HbQXN5eydTyUHvPIe2n/F/Xj6r3gYa+NwbynnI5ggjBChkaLrKLHzjpVE
-oUUox9auS/AsN5gxHOaCGZUZ0sDnx/QKAhOKSF20b7MVU8pIPpBtM/C/JASprKSo
-QN2YywpdSioqLf6wcTxxsn0bRu4QlNter8fpe38ai76V2n7GSxxZ0bJrVjzaw18b
-uEkuA+ZWaRE6bkokhUSkTTfQImlOKcH18TXUtivPcjFqichlNacys+ErunG0Z97V
-A5wpJW343ERkqNOwYvrmfNK3DYUQ/KcAuEq/pu5SxpSCbZdfh9gwSkXZv5zVKjpL
-QbAAOyTOhx0vTmc+9fBtNRfUkiepJHYOlt1SiyljYOrhdp28WBzPgvrFoeOcGXeM
-WSuPl143uqYvamOWXXIY5fOy4gUGoJLxlCnScLQ8i3JbqAud8z0=
-=YiFX
+klAQNA/+LYW4R8jPLBp08Reh78sEkHJSZMNLmPt6DYCqB6ao31iMkwo+5nZj/TxI
+VJ+n56iXlY7hm2EvU/SOnta0rONG6QMxFPrOgDMsYsT9o1Qk/ybodPJifB+HW+M9
+pDmuMIyr+hJgYsc/udiEI0t6lT6V83f4DZIbVzt4kHk9VYPYXrj4VpcvQVI3uy1H
+yy3Akdb3zSOeR7gOam0WvWDfFnGD2oeNmR1wp+qpYuHsSvfrSlx0hJtrFUS21teL
+WFso2irh0whV8FqvpHFgA8E7/OX/qNmoEy/6gzWWMhz5McoO6/NX9+FS65lP+PFw
+Ee/DGREMtG0rv0RdwuncsSpRscF/myzo//d394VWFQSVUCS+una6OrGyPOmkYAUh
+Dk7cF/skISpOGqbts9aPlJrNwxH1fmEXpBZoeqvlm2VXjaKGYTkQNCcjYuGEuouz
+RvPbIB5dSEdYM+EWDBHbamixdYscx/RtL8vi1Y2nLnR50M82lKy5zG65VEh21RSl
+r00r7eHJBS7la9XcNqH4Wj6UAF2aUVI8knYRWfK5tg8yzJYbDSVXIYjmUYHfBkBo
+JdZX2xTnkxm7FqgM7SjojFMWyfgwBp5lGWjzaR40+zXoLnN3fxFjAxE8rxaCdO7h
+gsiteLC0/G3AtxTqEXh/3HtmWktyQDv3Uq6QGAeTRZ7Pjsqcm7s=
+=KWRB
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index d0b2412ba016..f7610bd56006 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201811-01.xml b/metadata/glsa/glsa-201811-01.xml
new file mode 100644
index 000000000000..098096755489
--- /dev/null
+++ b/metadata/glsa/glsa-201811-01.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-01">
+  <title>X.Org X11 library: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in X.Org X11 library, the
+    worst of which could allow for remote code execution.
+  </synopsis>
+  <product type="ebuild">libX11</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>664184</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/libX11" auto="yes" arch="*">
+      <unaffected range="ge">1.6.6</unaffected>
+      <vulnerable range="lt">1.6.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>X.Org is an implementation of the X Window System. The X.Org X11 library
+      provides the X11 protocol library files.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in X.Org X11 library.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to connect to a malicious server,
+      could cause the execution of arbitrary code with the privileges of the
+      process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X11 library users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/libX11-1.6.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14598">CVE-2018-14598</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14599">CVE-2018-14599</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-14600">CVE-2018-14600</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-24T03:54:14Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:23:32Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-02.xml b/metadata/glsa/glsa-201811-02.xml
new file mode 100644
index 000000000000..6ba1bc458393
--- /dev/null
+++ b/metadata/glsa/glsa-201811-02.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-02">
+  <title>Python: Buffer overflow</title>
+  <synopsis>A buffer overflow in Python might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">Python</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>647862</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge">2.7.15</unaffected>
+      <vulnerable range="lt">2.7.15</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>A buffer overflow vulnerability have been discovered in Python. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, in special situations such as function as a service,
+      could violate a trust boundary and cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.15"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000030">
+      CVE-2018-1000030
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-16T02:38:25Z">irishluck83</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:24:00Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-03.xml b/metadata/glsa/glsa-201811-03.xml
new file mode 100644
index 000000000000..cbf256a1d569
--- /dev/null
+++ b/metadata/glsa/glsa-201811-03.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-03">
+  <title>OpenSSL: Denial of Service</title>
+  <synopsis>A vulnerability in OpenSSL might allow remote attackers to cause a
+    Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">openssl</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>663654</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-libs/openssl" auto="yes" arch="*">
+      <unaffected range="ge">1.0.2o-r6</unaffected>
+      <vulnerable range="lt">1.0.2o-r6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
+      (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general
+      purpose cryptography library.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that OpenSSL allow malicious servers to send very
+      large primes to a client during DH(E) based TLS handshakes.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by sending large prime to client during DH(E) TLS
+      handshake, could possibly cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenSSL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-1.0.2o-r6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-0732">CVE-2018-0732</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-08T02:56:32Z">BlueKnight</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:24:28Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-04.xml b/metadata/glsa/glsa-201811-04.xml
new file mode 100644
index 000000000000..a32fa0121383
--- /dev/null
+++ b/metadata/glsa/glsa-201811-04.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-04">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2018-11-09</announced>
+  <revised count="1">2018-11-09</revised>
+  <bug>669430</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge">60.3.0</unaffected>
+      <vulnerable range="lt">60.3.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge">60.3.0</unaffected>
+      <vulnerable range="lt">60.3.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      Project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to view a specially crafted web
+      page, possibly resulting in the execution of arbitrary code with the
+      privileges of the process, cause a Denial of Service condition, bypass
+      access restriction, access otherwise protected information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-60.3.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-60.3.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12389">CVE-2018-12389</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12390">CVE-2018-12390</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12392">CVE-2018-12392</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12393">CVE-2018-12393</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12395">CVE-2018-12395</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12396">CVE-2018-12396</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-12397">CVE-2018-12397</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/">
+      Mozilla Foundation Security Advisory 2018-27
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-31T21:42:48Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-09T00:25:06Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-05.xml b/metadata/glsa/glsa-201811-05.xml
new file mode 100644
index 000000000000..f37e9af492b9
--- /dev/null
+++ b/metadata/glsa/glsa-201811-05.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-05">
+  <title>PHProjekt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in PHProjekt due to
+    embedded Zend Framework, the worst of which could allow attackers to
+    remotely execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">PHProjekt</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>650936</bug>
+  <access>remote</access>
+  <affected>
+    <package name="www-apps/phprojekt" auto="yes" arch="*">
+      <vulnerable range="le">6.1.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>PHProjekt is an application suite that supports communication and
+      management of teams and companies.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in PHProjekt due to
+      embedded Zend Framework. Please review the GLSA identifiers referenced
+      below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary commands or conduct SQL
+      injection attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for PHProjekt and recommends that users
+      unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "www-apps/phprojekt"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://security.gentoo.org/glsa/201804-10">GLSA 201804-10</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-10T16:56:26Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:10:47Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-06.xml b/metadata/glsa/glsa-201811-06.xml
new file mode 100644
index 000000000000..6083ad9ef3d7
--- /dev/null
+++ b/metadata/glsa/glsa-201811-06.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-06">
+  <title>libde265: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in libde265, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">libde265</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>665520</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/libde265" auto="yes" arch="*">
+      <unaffected range="ge">1.0.3</unaffected>
+      <vulnerable range="lt">1.0.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Open h.265 video codec implementation.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libde265. Please review
+      libde265 changelog referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted media
+      file using libde265 or linked applications, possibly resulting in
+      execution of arbitrary code with the privileges of the process or a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libde265 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/libde265-1.0.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://github.com/strukturag/libde265/compare/v1.0.2...v1.0.3">
+      libde265 v1.03 Changelog
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-09-21T12:42:46Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:04Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-07.xml b/metadata/glsa/glsa-201811-07.xml
new file mode 100644
index 000000000000..a8cd2f63051d
--- /dev/null
+++ b/metadata/glsa/glsa-201811-07.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-07">
+  <title>Pango: Denial of Service</title>
+  <synopsis>A vulnerability in Pango could result in a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">pango</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>664108</bug>
+  <access>remote</access>
+  <affected>
+    <package name="x11-libs/pango" auto="yes" arch="*">
+      <unaffected range="ge">1.42.4</unaffected>
+      <vulnerable range="lt">1.42.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Library for layout and rendering of internationalized text.</p>
+  </background>
+  <description>
+    <p>Processing certain invalid Emoji sequences in a GTK+ application can
+      trigger a reachable assertion resulting in an application crash.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could provide a specially crafted Emoji sequences,
+      possibly resulting in a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Pango users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-libs/pango-1.42.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-15120">CVE-2018-15120</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-08-30T12:31:14Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-08.xml b/metadata/glsa/glsa-201811-08.xml
new file mode 100644
index 000000000000..7b0bc67ea86f
--- /dev/null
+++ b/metadata/glsa/glsa-201811-08.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-08">
+  <title>Okular: Directory traversal</title>
+  <synopsis>Okular is vulnerable to a directory traversal attack.</synopsis>
+  <product type="ebuild">Okular</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>665662</bug>
+  <access>remote</access>
+  <affected>
+    <package name="kde-apps/okular" auto="yes" arch="*">
+      <unaffected range="ge">18.04.3-r1</unaffected>
+      <vulnerable range="lt">18.04.3-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Okular is a universal document viewer based on KPDF for KDE 4.</p>
+  </background>
+  <description>
+    <p>It was discovered that Okular contains a Directory Traversal
+      vulnerability in function unpackDocumentArchive() in core/document.cpp.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted Okular
+      archive, possibly allowing the writing of arbitrary files with the
+      privileges of the process.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Okular users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=kde-apps/okular-18.04.3-r1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000801">
+      CVE-2018-1000801
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-10-09T10:06:04Z">Zlogene</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:36Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201811-09.xml b/metadata/glsa/glsa-201811-09.xml
new file mode 100644
index 000000000000..c2c62151e471
--- /dev/null
+++ b/metadata/glsa/glsa-201811-09.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201811-09">
+  <title>Icecast: Arbitrary code execution</title>
+  <synopsis>A vulnerability in Icecast might allow remote attackers to execute
+    arbitrary code.
+  </synopsis>
+  <product type="ebuild">Icecast</product>
+  <announced>2018-11-10</announced>
+  <revised count="1">2018-11-10</revised>
+  <bug>670148</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/icecast" auto="yes" arch="*">
+      <unaffected range="ge">2.4.4</unaffected>
+      <vulnerable range="lt">2.4.4</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Icecast is an open source alternative to SHOUTcast that supports MP3,
+      OGG (Vorbis/Theora) and AAC streaming.
+    </p>
+  </background>
+  <description>
+    <p>Multiple buffer overflows have been discovered in Icecast. Please review
+      the CVE identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by sending a specially crafted request using
+      authentication type “url”, could possibly execute arbitrary code with
+      the privileges of the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Icecast users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/icecast-2.4.4"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-18820">CVE-2018-18820</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-11-08T14:07:15Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2018-11-10T00:11:51Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 00851f29a882..78275940bcba 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 03 Nov 2018 07:38:35 +0000
+Sun, 18 Nov 2018 08:38:33 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 41fb03066c8c..222bb03a9e88 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-3fe134c9c609fe0fa952396df0dd91b901ef64de 1540938926 2018-10-30T22:35:26+00:00
+d0ed5c4d9d5a03355ab534b5784906e0956ea022 1541809004 2018-11-10T00:16:44+00:00