gentoo resync : 04.05.2021

author: V3n3RiX <venerix@redcorelinux.org> 2021-05-04 22:28:33 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2021-05-04 22:28:33 +0100
commit: a978c074e4272bb901fbe4a10de0a7b2af574f17 (patch)
tree: 8c764c1cc0576389ce22abd317bceba71ea5732d /metadata/glsa
parent: 40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (diff)
15 files changed, 886 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 9a40583bc91b..b624f3d0141a 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 501179 BLAKE2B 8497331f9dd69ca6298da2b244da7c443f558ba5b1a3fe30fd16624181c44f495f273604ef8a4cf26755eba9c949c383c797e8057c9baf45d23d874b04364a7a SHA512 1bcbdcac9faaadcbf738837161742f91747423833b925f90f520b0d3356096c18fcd1565918d664e0bf798a9b1b666a396108d3b8f84b2c2fd74cd3e730a319c
-TIMESTAMP 2021-04-28T18:38:32Z
+MANIFEST Manifest.files.gz 502928 BLAKE2B 4e05777f9b079a42eb84d60a21da4ea6f5360b3577989267141081878f0b732bcb93075e1929366199e18d3e1a21a16ae70ed796931681b1b573aa0b10cc5078 SHA512 c56775c1540b0ebb8f0386f5b352030f212f18222cbbefb95a16fa57a60aae01a7069287ba96443202c19c8e16589238b433d1da54fea1ddc1c44b81ba9fa6b7
+TIMESTAMP 2021-05-04T21:09:06Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmCJq6hfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmCRt/JfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klB+jg//Y0TJkIxdlLVt3oHtahHk8rBYELFtI2VEeQR7dGOy8o3tzJrEEj+zcPd4
-MJhLBpiliMIBTwlamyHxWVbZ3pG14XX+nYtrWYJ2qLuglLhllZDIVjiVvSLXW7Nd
-e1noLA7C4YXuJyPDA8fkCox0EXVTsOw2RbGGKAEAfr+D/bQPG6dsvhQ4GPOfmCb1
-nFVPVl47D1ToHHFhzV67iMX26/UXjD2l0b8psJXWrj75+YZc18U1w0kaKJeTICd9
-dhnl2L9lKfiPirT3bjE76zNcS3aszK8LyT4Z7eI85f0JUMVvNsDuADlxcfclbhTF
-QeK5Hz8BSPSWtbjmegD1itAvghHn9u3Gdsrq8W6AMGsg4+M+Ir9zC+l/Th196Kip
-X1ixDf43hFwEUMecZwtznf8PXH1Wa1mvq6cke9cafP4qOxeNjlaCmxfdr/0v3yoT
-mntfRa05SZpXIGU2Ax5xW3ZkaU27p1so/CldlqSx5uYRSlLBlOYvODQgIK+F+zB0
-GTrhpvjHMw73QsyUDD5npw6ZTOd8iLLDHy3t9orPAisE3VyWnXd6VJYZCSwB7aSd
-3O+KkDm0u/FoE0nDXpCGO1yn6R2wx8o2dXs5NFP7ajZyd8b0ecvnaEFQ45aAmpIb
-mpFftQlNd90ZbSk2jpHGKkk3UcLTtE2jdKei/Q+3QQBwwCuCgF0=
-=AdQL
+klBb7BAAlZO9wyh6g7gW9aUNtmtGW3b3PKAvPZlwQ8Cw9QCineszNmNMxP1YV0Ps
+6HwdVrg147FAiy4eiv7NNkk/U+f+ouPspLPMp6FftWm3C7pXJUyv9TCAq68Dl9NF
+6Lp88/pRjzooJWIoIEeCyGwYkDtxyhOVaKHuXEVMHV8xSuqDIocoPU/vsDlqhc9v
+Z+4r9sKdNm/ZD9Mv0r4xGx6DFZRQgi3BfXBgEZ41fBUsS78TQ+7o72nvskI7Azai
+tNaJB+XxGdJCT5TV2U1NrDx96QUbu3CX8Xc1KYufqM9I7P/dgwcMOx1NZfic47ea
+OFkt1gMUSeHU51h7pzfUD15fsa2xEpe7pUVCcPYNqfVXCIbzXUJf2d4K34p5/mdP
+1RuVXqqJk6le5i/bQ0fbq224CYE/VCRhZtryzAJnwtNvn/S0MGcPjXk+mSf2hx/T
+OB80rNEWsJSKojhmh6wJjPjvcDpcK5mrolnlg4bn6rmW5hhk96AFVlj5PRvMt+Qu
+GFnn64jwlWzPL5nvxC4hiP48nKslKL0ZNQa43vS04/nmeWeshub6mb+u+jpbgG9S
+l30YzdgteO5rF5BbpdGJM+fxIJwVykJccJnjNJ8Tnzz3ts3qxdBQkP8BAhFZ0jwY
+OcRbHEC6sijjCQuCZWea2lRoOp8EILL5gYtqYUxFUednSkkqKEw=
+=5mdT
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 5c152816d44d..a665ea17c60d 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-202104-01.xml b/metadata/glsa/glsa-202104-01.xml
new file mode 100644
index 000000000000..74237596f227
--- /dev/null
+++ b/metadata/glsa/glsa-202104-01.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-01">
+  <title>Git: User-assisted execution of arbitrary code</title>
+  <synopsis>A vulnerability has been found in Git that could allow a remote
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">git</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>774678</bug>
+  <access>local</access>
+  <affected>
+    <package name="dev-vcs/git" auto="yes" arch="*">
+      <unaffected range="ge">2.26.3</unaffected>
+      <vulnerable range="lt">2.26.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Git is a distributed version control system designed.</p>
+  </background>
+  <description>
+    <p>It was discovered that Git could be fooled into running remote code
+      during a clone on case-insensitive file systems with support for symbolic
+      links, if Git is configured globally to apply delay-capable clean/smudge
+      filters (such as Git LFS).
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to clone a specially crafted
+      repository, possibly resulting in the remote execution of arbitrary code
+      with the privileges of the user running the application.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Git users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-vcs/git-2.26.3"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21300">CVE-2021-21300</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T22:21:04Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:44:55Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-02.xml b/metadata/glsa/glsa-202104-02.xml
new file mode 100644
index 000000000000..fc7805e8fe2d
--- /dev/null
+++ b/metadata/glsa/glsa-202104-02.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-02">
+  <title>X.Org X Server: Privilege escalation</title>
+  <synopsis>A vulnerability in X.Org X Server may allow users to escalate
+    privileges.
+  </synopsis>
+  <product type="ebuild">xorg-server</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>782679</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="x11-base/xorg-server" auto="yes" arch="*">
+      <unaffected range="ge">1.20.11</unaffected>
+      <vulnerable range="lt">1.20.11</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The X Window System is a graphical windowing system based on a
+      client/server model.
+    </p>
+  </background>
+  <description>
+    <p>It was discovered that X.Org X Server did not sufficiently check the
+      length of the XInput extension’s ChangeFeedbackControl request.
+    </p>
+  </description>
+  <impact type="high">
+    <p>An authorized attacker could possibly escalate privileges, or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All X.Org X Server users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=x11-base/xorg-server-1.20.11"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3472">CVE-2021-3472</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T21:51:09Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:45:08Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-03.xml b/metadata/glsa/glsa-202104-03.xml
new file mode 100644
index 000000000000..1486ced0fbaf
--- /dev/null
+++ b/metadata/glsa/glsa-202104-03.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-03">
+  <title>WebkitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebkitGTK+, the worst
+    of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>770793</bug>
+  <bug>773193</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.30.6</unaffected>
+      <vulnerable range="lt">2.30.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebkitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker, by enticing a user to visit maliciously crafted web
+      content, may be able to execute arbitrary code, violate iframe sandboxing
+      policy, access restricted ports on arbitrary servers, cause memory
+      corruption, or could cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebkitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.30.6"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-13558">CVE-2020-13558</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27918">CVE-2020-27918</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29623">CVE-2020-29623</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-9947">CVE-2020-9947</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1765">CVE-2021-1765</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1789">CVE-2021-1789</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1799">CVE-2021-1799</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1801">CVE-2021-1801</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1870">CVE-2021-1870</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2021-0001.html">WSA-2021-0001</uri>
+    <uri link="https://webkitgtk.org/security/WSA-2021-0002.html">WSA-2021-0002</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T22:10:11Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:45:22Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-04.xml b/metadata/glsa/glsa-202104-04.xml
new file mode 100644
index 000000000000..09f39c7237d8
--- /dev/null
+++ b/metadata/glsa/glsa-202104-04.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-04">
+  <title>Python: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Python, the worst of
+    which might allow attackers to access sensitive information.
+  </synopsis>
+  <product type="ebuild">python</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>770853</bug>
+  <bug>779841</bug>
+  <bug>779844</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="dev-lang/python" auto="yes" arch="*">
+      <unaffected range="ge" slot="2.7">2.7.18_p8</unaffected>
+      <unaffected range="ge" slot="3.6">3.6.13_p1</unaffected>
+      <unaffected range="ge" slot="3.7">3.7.10_p1</unaffected>
+      <unaffected range="ge" slot="3.8">3.8.8_p1</unaffected>
+      <unaffected range="ge" slot="3.9">3.9.2_p1</unaffected>
+      <vulnerable range="lt">3.9.2_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Python is an interpreted, interactive, object-oriented programming
+      language.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Python. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Python 2.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-2.7.18_p8"
+    </code>
+    
+    <p>All Python 3.6 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.6.13_p1"
+    </code>
+    
+    <p>All Python 3.7 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.7.10_p1"
+    </code>
+    
+    <p>All Python 3.8 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.8.8_p1"
+    </code>
+    
+    <p>All Python 3.9 users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-lang/python-3.9.2_p1"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23336">CVE-2021-23336</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3426">CVE-2021-3426</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:29:13Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:45:38Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-05.xml b/metadata/glsa/glsa-202104-05.xml
new file mode 100644
index 000000000000..9f9c0ce72f3e
--- /dev/null
+++ b/metadata/glsa/glsa-202104-05.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-05">
+  <title>GRUB: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in GRUB, the worst might
+    allow for circumvention of UEFI Secure Boot.
+  </synopsis>
+  <product type="ebuild">grub</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>734654</bug>
+  <bug>773991</bug>
+  <access>local</access>
+  <affected>
+    <package name="sys-devel/grub" auto="yes" arch="*">
+      <unaffected range="ge">2.06_rc1</unaffected>
+      <vulnerable range="lt">2.06_rc1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU GRUB is a multiboot boot loader used by most Linux systems.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in GRUB. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GRUB users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/grub-2.06_rc1"
+    </code>
+    
+    <p>After upgrading, make sure to run the grub-install command with options
+      appropriate for your system. See the GRUB Quick Start guide in the
+      references below for examples. Your system will be vulnerable until this
+      action is performed.
+    </p>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-10713">CVE-2020-10713</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14308">CVE-2020-14308</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14309">CVE-2020-14309</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14310">CVE-2020-14310</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14311">CVE-2020-14311</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14372">CVE-2020-14372</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15705">CVE-2020-15705</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15706">CVE-2020-15706</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15707">CVE-2020-15707</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25632">CVE-2020-25632</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25647">CVE-2020-25647</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27749">CVE-2020-27749</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-27779">CVE-2020-27779</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20225">CVE-2021-20225</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20233">CVE-2021-20233</uri>
+    <uri link="https://wiki.gentoo.org/wiki/GRUB2_Quick_Start">GRUB Quick Start
+      guide 
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:17:40Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:45:51Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-06.xml b/metadata/glsa/glsa-202104-06.xml
new file mode 100644
index 000000000000..ec8e0eaa696c
--- /dev/null
+++ b/metadata/glsa/glsa-202104-06.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-06">
+  <title>libTIFF: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in LibTIFF, the worst of
+    which could result in the execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">libtiff</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>775125</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-libs/tiff" auto="yes" arch="*">
+      <unaffected range="ge">4.2.0</unaffected>
+      <vulnerable range="lt">4.2.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The TIFF library contains encoding and decoding routines for the Tag
+      Image File Format. It is called by numerous programs, including GNOME and
+      KDE applications, to interpret TIFF images.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in LibTIFF. Please review
+      the referenced CVE identifiers for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing the user to process a specially crafted
+      TIFF file, could possibly execute arbitrary code with the privileges of
+      the process, or cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All LibTIFF users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/tiff-4.2.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35521">CVE-2020-35521</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35522">CVE-2020-35522</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35523">CVE-2020-35523</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35524">CVE-2020-35524</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:10:58Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:46:04Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-07.xml b/metadata/glsa/glsa-202104-07.xml
new file mode 100644
index 000000000000..bd3937bee365
--- /dev/null
+++ b/metadata/glsa/glsa-202104-07.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-07">
+  <title>ClamAV: Denial of Service</title>
+  <synopsis>A vulnerability in ClamAV could lead to a Denial of Service
+    condition.
+  </synopsis>
+  <product type="ebuild">clamav</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>780894</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-antivirus/clamav" auto="yes" arch="*">
+      <unaffected range="ge">0.103.2</unaffected>
+      <vulnerable range="lt">0.103.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ClamAV is a GPL virus scanner.</p>
+  </background>
+  <description>
+    <p>A vulnerability has been discovered in ClamAV. Please review the CVE
+      identifier referenced below for details.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could cause ClamAV to scan a specially crafted file,
+      possibly resulting a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ClamAV users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-antivirus/clamav-0.103.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-1405">CVE-2021-1405</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:40:37Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:46:17Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-08.xml b/metadata/glsa/glsa-202104-08.xml
new file mode 100644
index 000000000000..8fca53ce6b6a
--- /dev/null
+++ b/metadata/glsa/glsa-202104-08.xml
@@ -0,0 +1,163 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-08">
+  <title>Chromium, Google Chrome: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Chromium and Google
+    Chrome, the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">chromium,google-chrome</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>768459</bug>
+  <bug>768831</bug>
+  <bug>771012</bug>
+  <bug>774015</bug>
+  <bug>776181</bug>
+  <bug>779493</bug>
+  <bug>782802</bug>
+  <bug>782970</bug>
+  <bug>784554</bug>
+  <bug>785889</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/chromium" auto="yes" arch="*">
+      <unaffected range="ge">90.0.4430.93</unaffected>
+      <vulnerable range="lt">90.0.4430.93</vulnerable>
+    </package>
+    <package name="www-client/google-chrome" auto="yes" arch="*">
+      <unaffected range="ge">90.0.4430.93</unaffected>
+      <vulnerable range="lt">90.0.4430.93</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Chromium is an open-source browser project that aims to build a safer,
+      faster, and more stable way for all users to experience the web.
+    </p>
+    
+    <p>Google Chrome is one fast, simple, and secure browser for all your
+      devices.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Chromium and Google
+      Chrome. Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Chromium users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/chromium-90.0.4430.93"
+    </code>
+    
+    <p>All Google Chrome users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=www-client/google-chrome-90.0.4430.93"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21142">CVE-2021-21142</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21143">CVE-2021-21143</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21144">CVE-2021-21144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21145">CVE-2021-21145</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21146">CVE-2021-21146</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21147">CVE-2021-21147</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21148">CVE-2021-21148</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21149">CVE-2021-21149</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21150">CVE-2021-21150</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21151">CVE-2021-21151</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21152">CVE-2021-21152</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21153">CVE-2021-21153</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21154">CVE-2021-21154</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21155">CVE-2021-21155</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21156">CVE-2021-21156</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21157">CVE-2021-21157</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21159">CVE-2021-21159</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21160">CVE-2021-21160</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21161">CVE-2021-21161</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21162">CVE-2021-21162</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21163">CVE-2021-21163</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21165">CVE-2021-21165</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21166">CVE-2021-21166</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21167">CVE-2021-21167</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21168">CVE-2021-21168</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21169">CVE-2021-21169</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21170">CVE-2021-21170</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21171">CVE-2021-21171</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21172">CVE-2021-21172</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21173">CVE-2021-21173</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21174">CVE-2021-21174</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21175">CVE-2021-21175</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21176">CVE-2021-21176</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21177">CVE-2021-21177</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21178">CVE-2021-21178</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21179">CVE-2021-21179</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21180">CVE-2021-21180</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21181">CVE-2021-21181</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21182">CVE-2021-21182</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21183">CVE-2021-21183</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21184">CVE-2021-21184</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21185">CVE-2021-21185</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21186">CVE-2021-21186</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21187">CVE-2021-21187</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21188">CVE-2021-21188</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21189">CVE-2021-21189</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-2119">CVE-2021-2119</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21191">CVE-2021-21191</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21192">CVE-2021-21192</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21193">CVE-2021-21193</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21194">CVE-2021-21194</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21195">CVE-2021-21195</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21196">CVE-2021-21196</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21197">CVE-2021-21197</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21198">CVE-2021-21198</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21199">CVE-2021-21199</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21201">CVE-2021-21201</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21202">CVE-2021-21202</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21203">CVE-2021-21203</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21204">CVE-2021-21204</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21205">CVE-2021-21205</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21206">CVE-2021-21206</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21207">CVE-2021-21207</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21208">CVE-2021-21208</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21209">CVE-2021-21209</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21210">CVE-2021-21210</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21211">CVE-2021-21211</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21212">CVE-2021-21212</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21213">CVE-2021-21213</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21214">CVE-2021-21214</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21215">CVE-2021-21215</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21216">CVE-2021-21216</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21217">CVE-2021-21217</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21218">CVE-2021-21218</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21219">CVE-2021-21219</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21220">CVE-2021-21220</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21221">CVE-2021-21221</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21222">CVE-2021-21222</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21223">CVE-2021-21223</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21224">CVE-2021-21224</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21225">CVE-2021-21225</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21226">CVE-2021-21226</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21227">CVE-2021-21227</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21228">CVE-2021-21228</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21229">CVE-2021-21229</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21230">CVE-2021-21230</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21231">CVE-2021-21231</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21232">CVE-2021-21232</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21233">CVE-2021-21233</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T23:06:01Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:46:30Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-09.xml b/metadata/glsa/glsa-202104-09.xml
new file mode 100644
index 000000000000..079925cdc2cd
--- /dev/null
+++ b/metadata/glsa/glsa-202104-09.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-09">
+  <title>Mozilla Thunderbird: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird,
+    the worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">thunderbird</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>772287</bug>
+  <bug>778272</bug>
+  <bug>784578</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-client/thunderbird" auto="yes" arch="*">
+      <unaffected range="ge">78.10.0</unaffected>
+      <vulnerable range="lt">78.10.0</vulnerable>
+    </package>
+    <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+      <unaffected range="ge">78.10.0</unaffected>
+      <vulnerable range="lt">78.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Thunderbird is a popular open-source email client from the
+      Mozilla project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
+      Please review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-client/thunderbird-78.10.0"
+    </code>
+    
+    <p>All Mozilla Thunderbird binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/thunderbird-bin-78.10.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23961">CVE-2021-23961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23968">CVE-2021-23968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23969">CVE-2021-23969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23973">CVE-2021-23973</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23978">CVE-2021-23978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23981">CVE-2021-23981</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23982">CVE-2021-23982</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23984">CVE-2021-23984</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23987">CVE-2021-23987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23994">CVE-2021-23994</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23995">CVE-2021-23995</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23998">CVE-2021-23998</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23999">CVE-2021-23999</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-24002">CVE-2021-24002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29945">CVE-2021-29945</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29946">CVE-2021-29946</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29948">CVE-2021-29948</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/">
+      MFSA-2021-09
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/">
+      MFSA-2021-12
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/">
+      MFSA-2021-14
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T22:33:39Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:46:41Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202104-10.xml b/metadata/glsa/glsa-202104-10.xml
new file mode 100644
index 000000000000..02a76e567bf1
--- /dev/null
+++ b/metadata/glsa/glsa-202104-10.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202104-10">
+  <title>Mozilla Firefox: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the
+    worst of which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">firefox</product>
+  <announced>2021-04-30</announced>
+  <revised count="1">2021-04-30</revised>
+  <bug>772305</bug>
+  <bug>778269</bug>
+  <bug>784572</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="www-client/firefox" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.10.0</unaffected>
+      <unaffected range="ge">88.0</unaffected>
+      <vulnerable range="lt">88.0</vulnerable>
+    </package>
+    <package name="www-client/firefox-bin" auto="yes" arch="*">
+      <unaffected range="ge" slot="0/esr78">78.10.0</unaffected>
+      <unaffected range="ge">88.0</unaffected>
+      <vulnerable range="lt">88.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Mozilla Firefox is a popular open-source web browser from the Mozilla
+      project.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-78.10.0"
+    </code>
+    
+    <p>All Mozilla Firefox ESR binary users should upgrade to the latest
+      version:
+    </p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-78.10.0"
+    </code>
+    
+    <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-88.0"
+    </code>
+    
+    <p>All Mozilla Firefox binary users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=www-client/firefox-bin-88.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23961">CVE-2021-23961</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23968">CVE-2021-23968</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23969">CVE-2021-23969</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23970">CVE-2021-23970</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23971">CVE-2021-23971</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23972">CVE-2021-23972</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23973">CVE-2021-23973</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23974">CVE-2021-23974</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23975">CVE-2021-23975</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23976">CVE-2021-23976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23977">CVE-2021-23977</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23978">CVE-2021-23978</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23981">CVE-2021-23981</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23982">CVE-2021-23982</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23983">CVE-2021-23983</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23984">CVE-2021-23984</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23985">CVE-2021-23985</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23986">CVE-2021-23986</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23987">CVE-2021-23987</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23988">CVE-2021-23988</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23994">CVE-2021-23994</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23995">CVE-2021-23995</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23998">CVE-2021-23998</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-23999">CVE-2021-23999</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-24002">CVE-2021-24002</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29945">CVE-2021-29945</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29946">CVE-2021-29946</uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/">
+      MFSA-2021-08
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/">
+      MFSA-2021-11
+    </uri>
+    <uri link="https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/">
+      MFSA-2021-15
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-04-30T22:45:03Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-04-30T23:47:33Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202105-01.xml b/metadata/glsa/glsa-202105-01.xml
new file mode 100644
index 000000000000..9d471cc9a50c
--- /dev/null
+++ b/metadata/glsa/glsa-202105-01.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202105-01">
+  <title>Exim: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Exim, the worst of
+    which allows remote attackers to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">exim</product>
+  <announced>2021-05-04</announced>
+  <revised count="1">2021-05-04</revised>
+  <bug>786945</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="mail-mta/exim" auto="yes" arch="*">
+      <unaffected range="ge">4.94.2</unaffected>
+      <vulnerable range="lt">4.94.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Exim is a message transfer agent (MTA) designed to be a a highly
+      configurable, drop-in replacement for sendmail.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Exim. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by connecting to the SMTP listener daemon, could
+      possibly execute arbitrary code with the privileges of the process or
+      cause a Denial of Service condition. Furthermore, a local attacker could
+      perform symlink attacks to overwrite arbitrary files with the privileges
+      of the user running the application or escalate privileges.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Exim users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=mail-mta/exim-4.94.2"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28007">CVE-2020-28007</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28008">CVE-2020-28008</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28009">CVE-2020-28009</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28010">CVE-2020-28010</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28011">CVE-2020-28011</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28012">CVE-2020-28012</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28013">CVE-2020-28013</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28014">CVE-2020-28014</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28015">CVE-2020-28015</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28016">CVE-2020-28016</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28017">CVE-2020-28017</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28018">CVE-2020-28018</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28019">CVE-2020-28019</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28020">CVE-2020-28020</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28021">CVE-2020-28021</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28022">CVE-2020-28022</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28023">CVE-2020-28023</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28024">CVE-2020-28024</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28025">CVE-2020-28025</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-28026">CVE-2020-28026</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-27216">CVE-2021-27216</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-05-04T18:26:25Z">whissi</metadata>
+  <metadata tag="submitter" timestamp="2021-05-04T19:29:15Z">whissi</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 8e00199f4a7a..2d5a3dd5b3b6 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Wed, 28 Apr 2021 18:38:28 +0000
+Tue, 04 May 2021 21:09:02 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 212cb4faf828..785900450f6b 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-9df841975125d76bb458214192472faedfc1d3f7 1617193334 2021-03-31T12:22:14+00:00
+ce41c6125acff2a3d4d5dec0069d73d86997778a 1620156660 2021-05-04T19:31:00+00:00
author	V3n3RiX <venerix@redcorelinux.org>	2021-05-04 22:28:33 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2021-05-04 22:28:33 +0100
commit	a978c074e4272bb901fbe4a10de0a7b2af574f17 (patch)
tree	8c764c1cc0576389ce22abd317bceba71ea5732d /metadata/glsa
parent	40aaaa64e86ba6710bbeb31c4615a6ce80e75e11 (diff)