5 files changed, 67 insertions, 17 deletions

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index c9eb25507932..70c0413061fd 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 423609 BLAKE2B cbd920553b52bd805c115c763e4d6e2ee3d453ad1d6dfc315556c7a37a40f6e92d25437ae0c4238712e49a25ff5de88a4a56f425e3de6b9710d55daa2faef491 SHA512 3ac6837ed015c4c2f983100055b2867a7affaa1fd0de409b6c572144638db29f44f2af6b02450bb12cf8d1d79d3f90f56519fcc92e5b499d612f1c4c59fb4481
-TIMESTAMP 2018-05-13T14:38:31Z
+MANIFEST Manifest.files.gz 423767 BLAKE2B b4b02eedb610a1c6d9e2d0e9f57f61c0c0ddafb48679b275cd19d127faac6f1d44d72cf4d204e2e99bbdadfb9d1e296ea33c63e12cff5af0207e2e6247914ff9 SHA512 ba2fcf04666f32bf8235a27f099dd883ab13109b872e9d00eac03e3e02b976470b0d5a6f1b3ce76acd9005d909e8b6e04ffdfefb9cce629ec213bbe88eb4d8b4
+TIMESTAMP 2018-05-15T11:38:31Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlr4TedfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlr6xrdfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDikw//UqLB7+1+uhfixHN0WqM+UPb4R61rJWeOs72/zlkkMnEW+ZNzxTp0mbNx
-+a+Sn900vyQNnJQz9McuEl7+PiRUO5Io4vHQmgIkCOEIye/gOW57Bm/VLa0lda1q
-os2RJGQtoA//iAInFtT3JyA5gJxkp0vNgsGdJ5JXfKaoCArsL/7rJCjqS1DNvjvW
-Oyg5aYnwVv/PIonyzfZb3Je/QwicI4SAG6zHUaE4ae3kvkzT1ezw2kj+2Pdmi/Z6
-GThSMFXAxcAAf9oJGAvYMwBwpoDdr8MKENL3bE02aO2xn0Nm0LpsQRqCEBZ8bZtD
-iQ7KkuVfu3nAbEp3gbs/parMTwW/MSgn6l0taGbX8nqMnIP0MMlvQdewRImby1Wt
-4D58hHogGvLWd4vTfEJJvoW+Wkk0/AL0g8E3RB2FEdyrXPMMC75Lk/+LcZ8tFKV9
-XDp8F3gpf27vRjQQeuy9l49o8yBwR9wO6d5s0+hfw7ppXPbgWKx3V0dhMWlB/p8L
-Gs8m+Vsi70dJRb5jq39ZOXJkq1FuW/NHsFH30og49so9IuwwEpBbLcpO/x9gTSH7
-r89iS3uXbHIX303/wWNiOAAZd7S3Biw5bXxfIaRYhLooKpubNbHoV6Rw03bKivm3
-Q0g+MwUuWyxsnf/tqu8jxveeIMpXYAX8J39cwATsTKKmQb38wIE=
-=kr3z
+klDvxQ/+KdmjH8O+LKuoAlSAFfhT4sIYSytSf1a8hWEPEUhwiKqDY9SYOeSU3QJ4
+BKF+phOT/J8IkK/GDvnykkTkG14HS+brzg2IKvXRIsxyxjPyu+NFzyA5EE00dZ8N
+mPksBTXkoyH855LROJSkRtTCnuxLuLQ1wYiDXZQLckDyaRhUr0DLpnAIDKRXlrdb
+44lAjUgEwo3vpU5cLUaDdNAnMjwhPNuG3xz5itde1DseKN2fZgWUvKGvastM0/oB
+ms0amV4yQun9A3fhPi8GXtJgysecskM8DyWQ4eoHpUYSHkn3SseswQIRtoMek39Z
+WqQ9do6C7kiihCXVzykUnxna2Zu7t5hDRFbxAz9xYHD7F8qsNvtH3gXGWoJy83wO
+fRr6JF6lQ2sUT3I0CnnZ1dtravmK5Mto7neT2JGbKDghf9kW4ZCOTgHlTX6Cxuc2
+frEyNRoEVsqkMhyiWRTjPyNcRO8hJ40oPfhF/+QRXdBqTxaxW+AJbObl1fewSWMH
+Sb9A449OsTf+tz0r0BFo1YirlojObIqvs08ZFEvf+mYdDv/HA+rGyJpI/Zs9VT9M
+QSeDQ5inptMATbx6iqhrMX+7Wo+lggRb9OAeEryaACeirYUDC4Tyagkqo7/PTM0K
+nvFU5LFiA2E28QDIFU+prn/eewcM8Il8Z2yBWlNqInjrol02d2U=
+=wHHE
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index 88517ac8974b..595bc6ad9a46 100644
--- a/metadata/glsa/Manifest.files.gz
+++ b/metadata/glsa/Manifest.files.gz
diff --git a/metadata/glsa/glsa-201805-05.xml b/metadata/glsa/glsa-201805-05.xml
new file mode 100644
index 000000000000..ef4b236a7e27
--- /dev/null
+++ b/metadata/glsa/glsa-201805-05.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201805-05">
+  <title>mpv: Remote code execution</title>
+  <synopsis>A vulnerability has been found in mpv that may allow a remote
+    attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">mpv</product>
+  <announced>2018-05-14</announced>
+  <revised count="1">2018-05-14</revised>
+  <bug>646886</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="media-video/mpv" auto="yes" arch="*">
+      <unaffected range="ge">0.27.2</unaffected>
+      <vulnerable range="lt">0.27.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Video player based on MPlayer/mplayer2</p>
+  </background>
+  <description>
+    <p>A vulnerability was discovered in mpv with the handling of HTML
+      documents containing VIDEO elements. Additionally, mpv accepts arbitrary
+      URLs in a src attribute without a protocol whitelist in
+      player/lua/ytdl_hook.lua.
+    </p>
+  </description>
+  <impact type="high">
+    <p>A remote attacker, by enticing the user to visit a specially crafted web
+      site, could execute arbitrary code.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mpv users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-video/mpv-0.27.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6360">CVE-2018-6360</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-05-07T16:02:12Z">jmbailey</metadata>
+  <metadata tag="submitter" timestamp="2018-05-14T23:21:56Z">jmbailey</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 0f8eba1a8fd7..f83209db3b2e 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sun, 13 May 2018 14:38:28 +0000
+Tue, 15 May 2018 11:38:27 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 80519ec96966..2680641b2a8e 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-b65153089d9ef7671aaa737050c3a53cb35a1893 1525793297 2018-05-08T15:28:17+00:00
+40f254b177f3628d865f1e77c8fd7c94584de14e 1526340152 2018-05-14T23:22:32+00:00