From 4df3bf9762850b34cd1ead5c80374d1a0fc3362e Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Mon, 12 Jul 2021 08:41:54 +0100
Subject: gentoo resync : 12.07.2021

---
 metadata/glsa/Manifest           |  30 ++++++++--------
 metadata/glsa/Manifest.files.gz  | Bin 512077 -> 513815 bytes
 metadata/glsa/glsa-202107-20.xml |  57 ++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-21.xml |  53 ++++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-22.xml |  51 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-23.xml |  55 +++++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-24.xml |  65 ++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-25.xml |  69 ++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-26.xml |  51 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-27.xml |  69 ++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-28.xml |  50 +++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-29.xml |  49 ++++++++++++++++++++++++++
 metadata/glsa/glsa-202107-30.xml |  73 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 15 files changed, 659 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-202107-20.xml
 create mode 100644 metadata/glsa/glsa-202107-21.xml
 create mode 100644 metadata/glsa/glsa-202107-22.xml
 create mode 100644 metadata/glsa/glsa-202107-23.xml
 create mode 100644 metadata/glsa/glsa-202107-24.xml
 create mode 100644 metadata/glsa/glsa-202107-25.xml
 create mode 100644 metadata/glsa/glsa-202107-26.xml
 create mode 100644 metadata/glsa/glsa-202107-27.xml
 create mode 100644 metadata/glsa/glsa-202107-28.xml
 create mode 100644 metadata/glsa/glsa-202107-29.xml
 create mode 100644 metadata/glsa/glsa-202107-30.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 7f2cd84f9c73..29379dfcc71a 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 512077 BLAKE2B b3a851fed4ec119529da478b2c6ab640c467b59cd6ed71ff2f31dfb0a9c99957f51e497a53950da01067cd032428548811b642889d9279a9955dbf64efffd2ce SHA512 7112ff989d4e2884b7e474492ed51f97f63f207d184a4ebe02216b0e52b94bf603a95397cb7a6644dd2c462634f0537399957d0d097ff499b816c78955fc2f22
-TIMESTAMP 2021-07-08T13:39:14Z
+MANIFEST Manifest.files.gz 513815 BLAKE2B c9341c70c451176624067442c934e00b2746cd12e3817b856dc0f8fd8c41edcf12efea2ca7042e862fd64a6f5fc4c391e4bdeab74017bbb63dda51c5ff0fcf2a SHA512 6745132a386e572818d7fd992a7f2ef031ba828e3e48360c5a4f3b3160c32f4e65e615769109aebc74bb29d44c91864e25ff06783231a9b67785a728877e9e1d
+TIMESTAMP 2021-07-12T07:09:00Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmDnAAJfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmDr6oxfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klANhQ/9HGufwoJIrfVn1rrOtTclE5+g2CX8iPECUNRY9XRMoLABFbvsUzdnQL8j
-lFrUlsMEKtm5jamyeMoHwtWWtXgXzrifSgUAZ7Qv9u8c9mAKBBvsVhrTIhI7GAAo
-Gny4YCPFnrUvobhVinSMWo5UnN5JG6aXvgIikzw8p6/k/Vb85sEVoU600LHcF919
-DfsszgGPQczxEW3RF67wgCD34/QlwLjCbNGf1p8VX/EAOrCKkMEF4CT6vImEO7ph
-lVo2TcoPSjBiNWzbhhNFgGSyhxtscp6uxTKxCZSCochfC6eeYABq0ZwRKKxEWkkf
-gPfvAlj8sSExN/cjc345DOde6b8yYqFZcMXrxuBVNxlyTBTwURqNsazq2p8xRvZU
-HvKOoOfD8ZTnhHvEbs+FS8beHIltARIJ4aI1bM+SwYPu2tAVxNIlhkNobPwaCsod
-LsRAywPUsvkMAjLDKCEUOWM8/LlevHwC8RrKDNdZLHD+WyI0/tbEH3ubx+DEsTU2
-ynFgqDIUFI8re77D+7WZTEL1wNTNm6DmiAHpfetvBywrq6dzV0w1IkJVHE9SHZ4O
-U+CwUOMse8aK++i2N9btjPxYhA8ZzfHpXwxnoXEl+q2jC3PTkl09bE1DM9B+Nqp6
-hg8Rb9IX2grC6Tn1urxv+75hkAaEK1reh9tKLh5l2oXk8gI4ZTg=
-=8BwF
+klBPRQ/9EcSbkFNNsrrJbsDGdKEnzgbOn+Wr9RNajghqM1MAYNkZ1LnBYt4UDc6S
+KJOM9kbrtVXvyBu88jpIabBJG3NuPhvB/mpQnzPxkux6bO6q1da+h2DMf5hgNL+N
+Er5r3FI1WWHIJ7ECLej2jowXcuyTHSQOpWoSXm9X8uMhBMHDYygf2EB7yinxfxa4
+ZoJwm9FJn7SX+YhQpS4aZSQ3cVSHEe1hF59HWGcj5Dz5g93/pJwxl+EolQvtsHPE
+zX/CybqINK4RPouccjZJPyGVcuwCVuaWc2vTlQullbKq0RwkAJgn9oFRYCxxZgTN
+IT9YbBsB5i2Bwfj9/l/NVJYQ3BMzkicpoJoSTTYsKXBX+PZJeUxo+ozfqOrbEZmq
+aE0Ag3k/fTVaabjFqUm4sJD+F3FR06nT0SsSUMJCC5zotqgiuyYOGJJ9ew7ywQEr
+gSmVsUbWS0PC+PaldHuLAAuPe8S4lfsssLQsOe9q35rmjuxGO3Y1di/AEt028eJt
+HL321clXyXE95Px+5pd7cDRfKv+Z6pre907zAuzMzbmzg81iZuAectOmCNgC4yqT
+80/VqQZSYpsURIFyBIFBUeGIyp9pk5YP3KOk8OPMMOk6mmhHW3pDW424VWPjVtfO
+GMg46I5+78fC5BhkBNu5geidmyh8xuTz91VD7MB26WBMEtaVzcI=
+=UXqP
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index a1398261b9ab..2302cd653bc1 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-202107-20.xml b/metadata/glsa/glsa-202107-20.xml
new file mode 100644
index 000000000000..669cd332a6dc
--- /dev/null
+++ b/metadata/glsa/glsa-202107-20.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-20">
+  <title>Redis: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Redis, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">redis</product>
+  <announced>2021-07-09</announced>
+  <revised count="1">2021-07-09</revised>
+  <bug>788211</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-db/redis" auto="yes" arch="*">
+      <unaffected range="ge">6.0.13</unaffected>
+      <unaffected range="ge">6.2.3</unaffected>
+      <vulnerable range="lt">6.0.13</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Redis is an open source (BSD licensed), in-memory data structure store,
+      used as a database, cache and message broker.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Redis. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Redis 6.0.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-6.0.13"
+    </code>
+    
+    <p>All Redis 6.2.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=dev-db/redis-6.2.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29477">CVE-2021-29477</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29478">CVE-2021-29478</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-08T22:57:01Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-07-09T02:52:43Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-21.xml b/metadata/glsa/glsa-202107-21.xml
new file mode 100644
index 000000000000..b8f906df8acf
--- /dev/null
+++ b/metadata/glsa/glsa-202107-21.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-21">
+  <title>Wireshark: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Wireshark, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">wireshark</product>
+  <announced>2021-07-09</announced>
+  <revised count="1">2021-07-09</revised>
+  <bug>767907</bug>
+  <bug>775323</bug>
+  <bug>784899</bug>
+  <bug>793968</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-analyzer/wireshark" auto="yes" arch="*">
+      <unaffected range="ge">3.4.6</unaffected>
+      <vulnerable range="lt">3.4.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Wireshark is a network protocol analyzer formerly known as ethereal.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Wireshark. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Wireshark users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-analyzer/wireshark-3.4.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22173">CVE-2021-22173</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22174">CVE-2021-22174</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22191">CVE-2021-22191</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22207">CVE-2021-22207</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-22222">CVE-2021-22222</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-08T23:11:17Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-07-09T02:54:48Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-22.xml b/metadata/glsa/glsa-202107-22.xml
new file mode 100644
index 000000000000..47009889f605
--- /dev/null
+++ b/metadata/glsa/glsa-202107-22.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-22">
+  <title>InspIRCd: Information disclosure</title>
+  <synopsis>An information disclosure vulnerability in InspIRCd may allow
+    remote attackers to obtain sensitive information.
+  </synopsis>
+  <product type="ebuild">inspircd</product>
+  <announced>2021-07-09</announced>
+  <revised count="1">2021-07-09</revised>
+  <bug>791589</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-irc/inspircd" auto="yes" arch="*">
+      <unaffected range="ge">3.10.0</unaffected>
+      <vulnerable range="lt">3.10.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>InspIRCd is a modular Internet Relay Chat (IRC) server written in C++
+      which was created from scratch to be stable, modern and lightweight.
+    </p>
+  </background>
+  <description>
+    <p>InspIRCd incorrectly handled malformed PONG messages, resulting in
+      access of freed memory.
+    </p>
+  </description>
+  <impact type="low">
+    <p>A remote attacker could send crafted packets to the server, possibly
+      allowing them to obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All InspIRCd users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-irc/inspircd-3.10.0"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33586">CVE-2021-33586</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-08T23:19:01Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-07-09T02:55:39Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-23.xml b/metadata/glsa/glsa-202107-23.xml
new file mode 100644
index 000000000000..9c39ca6f7a45
--- /dev/null
+++ b/metadata/glsa/glsa-202107-23.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-23">
+  <title>Docker: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Docker, the worst of
+    which could result in privilege escalation to root on the host.
+  </synopsis>
+  <product type="ebuild">docker</product>
+  <announced>2021-07-10</announced>
+  <revised count="1">2021-07-10</revised>
+  <bug>768612</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/docker" auto="yes" arch="*">
+      <unaffected range="ge">19.03.15</unaffected>
+      <unaffected range="ge">20.10.3</unaffected>
+      <vulnerable range="lt">20.10.3</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Docker is the world’s leading software containerization platform.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Docker. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Docker 19.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/docker-19.03.15"
+    </code>
+    
+    <p>All Docker 20.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/docker-20.10.3"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21284">CVE-2021-21284</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-21285">CVE-2021-21285</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-10T00:25:27Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-10T02:49:46Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-24.xml b/metadata/glsa/glsa-202107-24.xml
new file mode 100644
index 000000000000..c5aea138e344
--- /dev/null
+++ b/metadata/glsa/glsa-202107-24.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-24">
+  <title>Binutils: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Binutils, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">binutils</product>
+  <announced>2021-07-10</announced>
+  <revised count="1">2021-07-10</revised>
+  <bug>678806</bug>
+  <bug>761957</bug>
+  <bug>764170</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="sys-devel/binutils" auto="yes" arch="*">
+      <unaffected range="ge">2.35.2</unaffected>
+      <vulnerable range="lt">2.35.2</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>The GNU Binutils are a collection of tools to create, modify and analyse
+      binary files. Many of the files use BFD, the Binary File Descriptor
+      library, to do low-level manipulation.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Binutils. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Binutils users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=sys-devel/binutils-2.35.2"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9070">CVE-2019-9070</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9071">CVE-2019-9071</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9072">CVE-2019-9072</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9073">CVE-2019-9073</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9074">CVE-2019-9074</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9075">CVE-2019-9075</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9076">CVE-2019-9076</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2019-9077">CVE-2019-9077</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-19599">CVE-2020-19599</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35448">CVE-2020-35448</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35493">CVE-2020-35493</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35494">CVE-2020-35494</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35495">CVE-2020-35495</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35496">CVE-2020-35496</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-35507">CVE-2020-35507</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-06T00:21:42Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-10T02:51:25Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-25.xml b/metadata/glsa/glsa-202107-25.xml
new file mode 100644
index 000000000000..5e9b2a4ff2e3
--- /dev/null
+++ b/metadata/glsa/glsa-202107-25.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-25">
+  <title>Tor: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Tor, the worst of which
+    could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">tor</product>
+  <announced>2021-07-10</announced>
+  <revised count="1">2021-07-10</revised>
+  <bug>776586</bug>
+  <bug>795969</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-vpn/tor" auto="yes" arch="*">
+      <unaffected range="ge">0.4.6.5</unaffected>
+      <unaffected range="ge">0.4.5.9</unaffected>
+      <unaffected range="ge">0.4.4.9</unaffected>
+      <vulnerable range="lt">0.4.6.5</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Tor is an implementation of second generation Onion Routing, a
+      connection-oriented anonymizing communication service.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Tor. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Tor 0.4.6.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/tor-0.4.6.5"
+    </code>
+    
+    <p>All Tor 0.4.5.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/tor-0.4.5.9"
+    </code>
+    
+    <p>All Tor 0.4.4.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-vpn/tor-0.4.4.9"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28089">CVE-2021-28089</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28090">CVE-2021-28090</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34548">CVE-2021-34548</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34549">CVE-2021-34549</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-34550">CVE-2021-34550</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-10T00:37:16Z">sam_c</metadata>
+  <metadata tag="submitter" timestamp="2021-07-10T02:53:55Z">sam_c</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-26.xml b/metadata/glsa/glsa-202107-26.xml
new file mode 100644
index 000000000000..311683d9ec00
--- /dev/null
+++ b/metadata/glsa/glsa-202107-26.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-26">
+  <title>runC: Container breakout</title>
+  <synopsis>A vulnerability has been found in runC which could result in
+    privilege escalation.
+  </synopsis>
+  <product type="ebuild">runc</product>
+  <announced>2021-07-10</announced>
+  <revised count="1">2021-07-10</revised>
+  <bug>790257</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-emulation/runc" auto="yes" arch="*">
+      <unaffected range="ge">1.0.0_rc95</unaffected>
+      <vulnerable range="lt">1.0.0_rc95</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>runC is a CLI tool for spawning and running containers according to the
+      OCI specification.
+    </p>
+  </background>
+  <description>
+    <p>A vulnerability in runC could allow an attacker to achieve privilege
+      escalation if specific mount configuration prerequisites are satisfied.
+    </p>
+  </description>
+  <impact type="low">
+    <p>An attacker may be able to escalation privileges to gain access to the
+      host system.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All runC users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/runc-1.0.0_rc95"
+    </code>
+    
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30465">CVE-2021-30465</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-10T00:27:46Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-10T02:54:58Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-27.xml b/metadata/glsa/glsa-202107-27.xml
new file mode 100644
index 000000000000..7e0b126848b6
--- /dev/null
+++ b/metadata/glsa/glsa-202107-27.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-27">
+  <title>OpenEXR: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in OpenEXR, the worst of
+    which could result in the arbitrary execution of code.
+  </synopsis>
+  <product type="ebuild">openexr</product>
+  <announced>2021-07-11</announced>
+  <revised count="1">2021-07-11</revised>
+  <bug>717474</bug>
+  <bug>746794</bug>
+  <bug>762862</bug>
+  <bug>770229</bug>
+  <bug>776808</bug>
+  <access>remote</access>
+  <affected>
+    <package name="media-libs/openexr" auto="yes" arch="*">
+      <unaffected range="ge">2.5.6</unaffected>
+      <vulnerable range="lt">2.5.6</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>OpenEXR is a high dynamic-range (HDR) image file format developed by
+      Industrial Light &amp; Magic for use in computer imaging applications.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in OpenEXR. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All OpenEXR users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=media-libs/openexr-2.5.6"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11758">CVE-2020-11758</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11759">CVE-2020-11759</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11760">CVE-2020-11760</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11761">CVE-2020-11761</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11762">CVE-2020-11762</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11763">CVE-2020-11763</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11764">CVE-2020-11764</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-11765">CVE-2020-11765</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15304">CVE-2020-15304</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15305">CVE-2020-15305</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-15306">CVE-2020-15306</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-20296">CVE-2021-20296</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3474">CVE-2021-3474</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3475">CVE-2021-3475</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3476">CVE-2021-3476</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3477">CVE-2021-3477</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3478">CVE-2021-3478</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3479">CVE-2021-3479</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-11T02:00:34Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-11T02:27:52Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-28.xml b/metadata/glsa/glsa-202107-28.xml
new file mode 100644
index 000000000000..b7822d9afc6b
--- /dev/null
+++ b/metadata/glsa/glsa-202107-28.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-28">
+  <title>GNU Chess: Buffer overflow</title>
+  <synopsis>A buffer overflow in GNU Chess might allow arbitrary code
+    execution.
+  </synopsis>
+  <product type="ebuild">gnuchess</product>
+  <announced>2021-07-12</announced>
+  <revised count="1">2021-07-12</revised>
+  <bug>780855</bug>
+  <access>remote</access>
+  <affected>
+    <package name="games-board/gnuchess" auto="yes" arch="*">
+      <unaffected range="ge">6.2.8-r1</unaffected>
+      <vulnerable range="lt">6.2.8-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>GNU Chess is a console based chess interfae.</p>
+  </background>
+  <description>
+    <p>The cmd_pgnload() and cmd_pgnreplay() functions in cmd.cc in GNU Chess
+      to not sufficiently validate PGN file input, potentially resulting in a
+      buffer overflow.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could entice a user to open a specially crafted PGN
+      file using GNU Chess, possibly resulting in execution of arbitrary code
+      with the privileges of the process or a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All GNU Chess users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=games-board/gnuchess-6.2.8-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30184">CVE-2021-30184</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-06T01:16:05Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-12T02:45:49Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-29.xml b/metadata/glsa/glsa-202107-29.xml
new file mode 100644
index 000000000000..e67c3b566e04
--- /dev/null
+++ b/metadata/glsa/glsa-202107-29.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-29">
+  <title>ConnMan: Multiple vulnerabilities</title>
+  <synopsis>A buffer overflow in ConnMan might allow remote attacker(s) to
+    execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">connman</product>
+  <announced>2021-07-12</announced>
+  <revised count="1">2021-07-12</revised>
+  <bug>769491</bug>
+  <bug>795084</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/connman" auto="yes" arch="*">
+      <unaffected range="ge">1.40</unaffected>
+      <vulnerable range="lt">1.40</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ConnMan provides a daemon for managing Internet connections.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in connman. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All ConnMan users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/connman-1.40"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26675">CVE-2021-26675</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26676">CVE-2021-26676</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-33833">CVE-2021-33833</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-11T03:04:08Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-12T02:47:52Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-202107-30.xml b/metadata/glsa/glsa-202107-30.xml
new file mode 100644
index 000000000000..bd790484fb22
--- /dev/null
+++ b/metadata/glsa/glsa-202107-30.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202107-30">
+  <title>Xen: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Xen, the worst of which
+    could result in privilege escalation.
+  </synopsis>
+  <product type="ebuild">xen</product>
+  <announced>2021-07-12</announced>
+  <revised count="1">2021-07-12</revised>
+  <bug>760144</bug>
+  <bug>766474</bug>
+  <bug>783456</bug>
+  <bug>795054</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/xen" auto="yes" arch="*">
+      <unaffected range="ge">4.14.2-r1</unaffected>
+      <unaffected range="ge">4.15.0-r1</unaffected>
+      <vulnerable range="lt">4.15.0-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Xen is a bare-metal hypervisor.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Xen. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="high">
+    <p>Please review the referenced CVE identifiers for details.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Xen 4.14.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.14.2-r1"
+    </code>
+    
+    <p>All Xen 4.15.x users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/xen-4.15.0-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29479">CVE-2020-29479</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29486">CVE-2020-29486</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29487">CVE-2020-29487</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29566">CVE-2020-29566</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29567">CVE-2020-29567</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29568">CVE-2020-29568</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29569">CVE-2020-29569</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29570">CVE-2020-29570</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2020-29571">CVE-2020-29571</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-0089">CVE-2021-0089</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-26313">CVE-2021-26313</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28687">CVE-2021-28687</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28690">CVE-2021-28690</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28691">CVE-2021-28691</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28692">CVE-2021-28692</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-28693">CVE-2021-28693</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-3308">CVE-2021-3308</uri>
+  </references>
+  <metadata tag="requester" timestamp="2021-07-06T02:51:30Z">ajak</metadata>
+  <metadata tag="submitter" timestamp="2021-07-12T02:48:56Z">ajak</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index 89029127bb67..80697622a60d 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Thu, 08 Jul 2021 13:39:09 +0000
+Mon, 12 Jul 2021 07:08:55 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index 62b17ac292ce..33b059e9fdb6 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-87db1c532ba9e64836890a3c105fac77e62cbc0e 1625717020 2021-07-08T04:03:40+00:00
+cabcc55894eaeb6351c50c95fa8ce6eb111a368b 1626058189 2021-07-12T02:49:49+00:00
-- 
cgit v1.2.3