summaryrefslogtreecommitdiff
path: root/metadata/glsa
diff options
context:
space:
mode:
Diffstat (limited to 'metadata/glsa')
-rw-r--r--metadata/glsa/Manifest30
-rw-r--r--metadata/glsa/Manifest.files.gzbin529253 -> 530688 bytes
-rw-r--r--metadata/glsa/glsa-202210-01.xml42
-rw-r--r--metadata/glsa/glsa-202210-02.xml54
-rw-r--r--metadata/glsa/glsa-202210-03.xml45
-rw-r--r--metadata/glsa/glsa-202210-04.xml68
-rw-r--r--metadata/glsa/glsa-202210-05.xml43
-rw-r--r--metadata/glsa/glsa-202210-06.xml60
-rw-r--r--metadata/glsa/glsa-202210-07.xml42
-rw-r--r--metadata/glsa/glsa-202210-08.xml54
-rw-r--r--metadata/glsa/glsa-202210-09.xml76
-rw-r--r--metadata/glsa/timestamp.chk2
-rw-r--r--metadata/glsa/timestamp.commit2
13 files changed, 501 insertions, 17 deletions
diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 3e1ed0d4c377..29507e64c1b8 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
-MANIFEST Manifest.files.gz 529253 BLAKE2B 4870d0ebed8f73802444d2a3e204d4fe556355a8b2b4d4ffdd695d17206e94777c458bc34f39aee9fe92a996aea872cf895c73e601729b57032c40785dea2d65 SHA512 ca03ae189444f830ef68a97bf0be8dd0ed5045d9010eaead8695ce26c0591587965b16cbf215850d4c87fa27139a325c616d08f336a7213ad4483bb7e1f46baa
-TIMESTAMP 2022-10-16T12:09:56Z
+MANIFEST Manifest.files.gz 530688 BLAKE2B 1384754019a41108cd5a577394c6aafe7ddaa1600e86ddd30f667b8ffcd2a271d1d63c110dd32bcc5d2cdf57213dc2ed2ad65288c00d7dd764fc88a2a5ad121f SHA512 08bf73bc99a66d9fbe7dcf764826772bf00488ab216fa1e39298dffc1fef683f7a82d65031193ede26cf629f7bb21ac7a709099a37a9c6772e7b4eacbf503986
+TIMESTAMP 2022-10-16T18:10:01Z
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNL9JRfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmNMSPlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klD1mQ/+Iok03XkCw3XVb+Njx4cOHDlc25rZR50S96m4m4pwGTw5PwgEhN1rKkFe
-hFHUeaW37tSB05m+eq1mFbEsEewGpmsN/L5iuSb+qAjVnUsZb8ma67CaJgN7qBP8
-MvblOlRjLvk5XH9dehDzNHHbHCBU/IrUipHJhg1J8mNCQca/W2x5k/2LKPdiwu0J
-IY03jGJ1EntfkCGV9aYHGtzb8A1WXyOPYqeAQ2w903lBW5tkdjTdUqqrt3mS3Zmd
-VZ9LsnXrnyzF+MOXe9z7WPRcFTwbewBaB3IpYVH/9YteeqXDuvdGDSQ/hTc0jfIX
-uy0vNwRLn8cVM94Ioxb6jaQ3INW72Vu7ElKvpK+1ldYSz7mDkjN/QzdmfbNIUDKy
-9YtTrORusAkCofRgZl193qmj8pKiWBX/xMkgMp+xP/LFPo2p5g7C3deiMTMdtr6F
-ITCvZtpwmfmAm7X1Rz+kz6BIkmt/kvH8IhaBZGI1oKnUECzMv9b3new+cWbaFfuM
-hk/mFkiPL8TwXHlZmNvkAEkSj+9614VG57Zr7opLfaB1fNxXBejJyKTTimUFqAKv
-+G46tp8PHnEaddz50Dp3/c5Fj03WnqVinFRqdGKhtpSV/3R00q4qdf6+1Wv6vtXi
-DPZHoAktOpRDpO1NPCGKzgIVXC2ftSt+qLfaisN1Ew1H+noxsq8=
-=kXn7
+klAkmw/+LmSS+VRSjYTarqnXxlgpcCO9tClWogjb36GwNz5DeyuBs1rekdhVe6tK
+j8+TasEcSi1B+NVaRfWA0PA+8TFaGTCXwEZkIYELVFdPymiksKvXgK941WzaY1Ax
+Vwjeyjc5mszWIH1AfTmkyYHgY7hjSrnuksbXERBZWSatU0/s7utB9Kb245mxVerN
+QI/jTQ9x90SOW1ABMwDKotOYEqV1cwnZGH6XKALUluydly30ma2gI6DZwFBfy2eP
+nHz6mbQpUz7HRmNs5MywnBd3tUcQEqXokIX1KF1PFKjDEpC3jgUQVQITwBMHjSlG
+Bo4pI4tlO7d4MPEv4s4tUiEazRijQJNR8Hu2fHlaER1FHQN687tWbAG2iSH1zGZM
+gAffDtIBLxWP+sHp68hCH9degrnMW3Deku+mXuc9ciLXqxAu6ZkK7hPEZwpfebIX
+Z+JtRk/YmAwz5bmK+HkvVDk3uNoPzYt/s5fqE3urGxUXo44ysOjR9yN2579VgJ/u
+8qlvkNakJBNzSzC/QnJyrkn7F99QUaAGzEqtFnEmaXZZGUsW7QjhgcytYSE0lu/G
+XsTiDYWfyRoZDAHfBlIDFP2oEo5XIXGVi28jQkzpXs+x1RDbpioZvA8zkP+BL7Hc
+Ir6aSZM4mMYNJEjVW4dQKbR5EqW9eriV4+HCR7xL9aDNHi3y+f0=
+=Q42P
-----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 9e732764b3d4..6b89b5ea51db 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
Binary files differ
diff --git a/metadata/glsa/glsa-202210-01.xml b/metadata/glsa/glsa-202210-01.xml
new file mode 100644
index 000000000000..2fdb25ec8e09
--- /dev/null
+++ b/metadata/glsa/glsa-202210-01.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-01">
+ <title>Open Asset Import Library (&#34;assimp&#34;): Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Open Asset Import Library, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">assimp</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>830374</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/assimp" auto="yes" arch="*">
+ <unaffected range="ge">5.2.2</unaffected>
+ <vulnerable range="lt">5.2.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Open Asset Import Library is a library to import and export various 3d-model-formats including scene-post-processing to generate missing render data.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Open Asset Import Library users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/assimp-5.2.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45948">CVE-2021-45948</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:26:28.704832Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:26:28.710311Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-02.xml b/metadata/glsa/glsa-202210-02.xml
new file mode 100644
index 000000000000..517756557064
--- /dev/null
+++ b/metadata/glsa/glsa-202210-02.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-02">
+ <title>OpenSSL: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">openssl</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>741570</bug>
+ <bug>809980</bug>
+ <bug>832339</bug>
+ <bug>835343</bug>
+ <bug>842489</bug>
+ <bug>856592</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/openssl" auto="yes" arch="*">
+ <unaffected range="ge">1.1.1q</unaffected>
+ <vulnerable range="lt">1.1.1q</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All OpenSSL users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1q"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-1968">CVE-2020-1968</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3711">CVE-2021-3711</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3712">CVE-2021-3712</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4160">CVE-2021-4160</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0778">CVE-2022-0778</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1292">CVE-2022-1292</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1473">CVE-2022-1473</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2097">CVE-2022-2097</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:27:07.365886Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:27:07.370780Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202210-03.xml b/metadata/glsa/glsa-202210-03.xml
new file mode 100644
index 000000000000..22e5f517c9fc
--- /dev/null
+++ b/metadata/glsa/glsa-202210-03.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-03">
+ <title>libxml2: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in libxml2, the worst of which could result in arbitrary code execution.</synopsis>
+ <product type="ebuild">libxml2</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>833809</bug>
+ <bug>842261</bug>
+ <bug>865727</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-libs/libxml2" auto="yes" arch="*">
+ <unaffected range="ge">2.10.2</unaffected>
+ <vulnerable range="lt">2.10.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libxml2 is the XML C parser and toolkit developed for the GNOME project.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libxml2 users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-23308">CVE-2022-23308</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29824">CVE-2022-29824</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:40:08.100268Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:40:08.111318Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-04.xml b/metadata/glsa/glsa-202210-04.xml
new file mode 100644
index 000000000000..78e40dcfbbeb
--- /dev/null
+++ b/metadata/glsa/glsa-202210-04.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-04">
+ <title>Wireshark: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Wireshark, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">wireshark</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>802216</bug>
+ <bug>824474</bug>
+ <bug>830343</bug>
+ <bug>833294</bug>
+ <bug>869140</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/wireshark" auto="yes" arch="*">
+ <unaffected range="ge">3.6.8</unaffected>
+ <vulnerable range="lt">3.6.8</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Wireshark is a versatile network protocol analyzer.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Wireshark users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-3.6.8"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4181">CVE-2021-4181</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4182">CVE-2021-4182</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4183">CVE-2021-4183</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4184">CVE-2021-4184</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4185">CVE-2021-4185</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4186">CVE-2021-4186</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4190">CVE-2021-4190</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22235">CVE-2021-22235</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39920">CVE-2021-39920</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39921">CVE-2021-39921</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39922">CVE-2021-39922</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39924">CVE-2021-39924</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39925">CVE-2021-39925</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39926">CVE-2021-39926</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39928">CVE-2021-39928</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-39929">CVE-2021-39929</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0581">CVE-2022-0581</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0582">CVE-2022-0582</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0583">CVE-2022-0583</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0585">CVE-2022-0585</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0586">CVE-2022-0586</uri>
+ <uri>WNPA-SEC-2021-06</uri>
+ <uri>WNPA-SEC-2022-06</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:40:26.419748Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:40:26.423750Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-05.xml b/metadata/glsa/glsa-202210-05.xml
new file mode 100644
index 000000000000..ef3f45395091
--- /dev/null
+++ b/metadata/glsa/glsa-202210-05.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-05">
+ <title>virglrenderer: Multiple vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in virglrenderer, the worst of which could result in remote code execution.</synopsis>
+ <product type="ebuild">virglrenderer</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>866821</bug>
+ <access>remote</access>
+ <affected>
+ <package name="media-libs/virglrenderer" auto="yes" arch="*">
+ <unaffected range="ge">0.10.1</unaffected>
+ <vulnerable range="lt">0.10.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>A virtual 3D GPU library, that allows the guest operating system to use the host GPU to accelerate 3D rendering.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in virglrenderer. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All virglrenderer users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/virglrenderer-0.10.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0135">CVE-2022-0135</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0175">CVE-2022-0175</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:41:23.560398Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:41:23.564666Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-06.xml b/metadata/glsa/glsa-202210-06.xml
new file mode 100644
index 000000000000..2133f4bfc472
--- /dev/null
+++ b/metadata/glsa/glsa-202210-06.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-06">
+ <title>libvirt: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in libvirt, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">libvirt,libvirt-python</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>746119</bug>
+ <bug>799713</bug>
+ <bug>812317</bug>
+ <bug>836128</bug>
+ <access>remote</access>
+ <affected>
+ <package name="app-emulation/libvirt" auto="yes" arch="*">
+ <unaffected range="ge">8.2.0</unaffected>
+ <vulnerable range="lt">8.2.0</vulnerable>
+ </package>
+ <package name="dev-python/libvirt-python" auto="yes" arch="*">
+ <unaffected range="ge">8.2.0</unaffected>
+ <vulnerable range="lt">8.2.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All libvirt users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/libvirt-8.2.0"
+ </code>
+
+ <p>All libvirt-python users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/libvirt-python-8.2.0"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-14339">CVE-2020-14339</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-25637">CVE-2020-25637</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3631">CVE-2021-3631</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3667">CVE-2021-3667</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0897">CVE-2022-0897</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:42:10.219617Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:42:10.224150Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-07.xml b/metadata/glsa/glsa-202210-07.xml
new file mode 100644
index 000000000000..23531d82ae8d
--- /dev/null
+++ b/metadata/glsa/glsa-202210-07.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-07">
+ <title>Deluge: Cross-Site Scripting</title>
+ <synopsis>A vulnerability has been found in Deluge which could result in XSS.</synopsis>
+ <product type="ebuild">deluge</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>866842</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-p2p/deluge" auto="yes" arch="*">
+ <unaffected range="ge">2.1.1</unaffected>
+ <vulnerable range="lt">2.1.1</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Deluge is a BitTorrent client.</p>
+ </background>
+ <description>
+ <p>Deluge does not sufficiently sanitize crafted torrent file data, leading to the application interpreting untrusted data as HTML.</p>
+ </description>
+ <impact type="low">
+ <p>An attacker can achieve XSS via a crafted torrent file.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Deluge users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-p2p/deluge-2.1.1"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3427">CVE-2021-3427</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:42:29.766021Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:42:29.770310Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-08.xml b/metadata/glsa/glsa-202210-08.xml
new file mode 100644
index 000000000000..258553a8b88c
--- /dev/null
+++ b/metadata/glsa/glsa-202210-08.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-08">
+ <title>Tcpreplay: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Tcpreplay, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">tcpreplay</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>833139</bug>
+ <bug>836240</bug>
+ <access>remote</access>
+ <affected>
+ <package name="net-analyzer/tcpreplay" auto="yes" arch="*">
+ <unaffected range="ge">4.4.2</unaffected>
+ <vulnerable range="lt">4.4.2</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Tcpreplay is a suite of utilities for UNIX systems for editing and replaying network traffic which was previously captured by tools like tcpdump and ethereal/wireshark.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Tcpreplay. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="low">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Tcpreplay users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-analyzer/tcpreplay-4.4.2"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45386">CVE-2021-45386</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-45387">CVE-2021-45387</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27416">CVE-2022-27416</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27418">CVE-2022-27418</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27939">CVE-2022-27939</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27940">CVE-2022-27940</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27941">CVE-2022-27941</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-27942">CVE-2022-27942</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28487">CVE-2022-28487</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37047">CVE-2022-37047</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37048">CVE-2022-37048</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-37049">CVE-2022-37049</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:42:49.366484Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:42:49.370906Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/glsa-202210-09.xml b/metadata/glsa/glsa-202210-09.xml
new file mode 100644
index 000000000000..dbb426860d29
--- /dev/null
+++ b/metadata/glsa/glsa-202210-09.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202210-09">
+ <title>Rust: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.</synopsis>
+ <product type="ebuild">rust,rust-bin</product>
+ <announced>2022-10-16</announced>
+ <revised count="1">2022-10-16</revised>
+ <bug>870166</bug>
+ <bug>831638</bug>
+ <bug>821157</bug>
+ <bug>807052</bug>
+ <bug>782367</bug>
+ <access>remote</access>
+ <affected>
+ <package name="dev-lang/rust" auto="yes" arch="*">
+ <unaffected range="ge">1.63.0-r1</unaffected>
+ <vulnerable range="lt">1.63.0-r1</vulnerable>
+ </package>
+ <package name="dev-lang/rust-bin" auto="yes" arch="*">
+ <unaffected range="ge">1.64.0</unaffected>
+ <vulnerable range="lt">1.64.0</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="normal">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Rust users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/rust-1.63.0-r1"
+ </code>
+
+ <p>All Rust binary users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/rust-bin-1.64.0"
+ </code>
+
+ <p>In addition, users using Portage 3.0.38 or later should ensure that packages with Rust binaries have no vulnerable code statically linked into their binaries by rebuilding the @rust-rebuild set:</p>
+
+ <code>
+ # emerge --ask --oneshot --verbose @rust-rebuild
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28875">CVE-2021-28875</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28876">CVE-2021-28876</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28877">CVE-2021-28877</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28878">CVE-2021-28878</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28879">CVE-2021-28879</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29922">CVE-2021-29922</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-31162">CVE-2021-31162</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36317">CVE-2021-36317</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-36318">CVE-2021-36318</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42574">CVE-2021-42574</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-42694">CVE-2021-42694</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-21658">CVE-2022-21658</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36113">CVE-2022-36113</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36114">CVE-2022-36114</uri>
+ </references>
+ <metadata tag="requester" timestamp="2022-10-16T14:43:11.432733Z">ajak</metadata>
+ <metadata tag="submitter" timestamp="2022-10-16T14:43:11.437329Z">ajak</metadata>
+</glsa> \ No newline at end of file
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 40d83921d3d5..98bfa60ae39d 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 16 Oct 2022 12:09:53 +0000
+Sun, 16 Oct 2022 18:09:56 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index b1a12b3d73c6..c32526fd918c 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-8e52f9f318ef7a9ff9934af98577da9ceadf5360 1665286750 2022-10-09T03:39:10+00:00
+cda5f646cd9bc370223b79be59deee389a0caeef 1665931525 2022-10-16T14:45:25+00:00