From 6957f5c65b02bba533954eabc0b62f5de36be206 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Tue, 10 Apr 2018 17:26:49 +0100
Subject: gentoo resync : 10.04.2018

---
 metadata/glsa/Manifest           |  30 +++++++++----------
 metadata/glsa/Manifest.files.gz  | Bin 419802 -> 421068 bytes
 metadata/glsa/glsa-201804-03.xml |  55 ++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-201804-04.xml |  63 +++++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-201804-05.xml |  59 ++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-201804-06.xml |  50 +++++++++++++++++++++++++++++++
 metadata/glsa/glsa-201804-07.xml |  50 +++++++++++++++++++++++++++++++
 metadata/glsa/glsa-201804-08.xml |  61 +++++++++++++++++++++++++++++++++++++
 metadata/glsa/glsa-201804-09.xml |  50 +++++++++++++++++++++++++++++++
 metadata/glsa/glsa-201804-10.xml |  55 ++++++++++++++++++++++++++++++++++
 metadata/glsa/timestamp.chk      |   2 +-
 metadata/glsa/timestamp.commit   |   2 +-
 12 files changed, 460 insertions(+), 17 deletions(-)
 create mode 100644 metadata/glsa/glsa-201804-03.xml
 create mode 100644 metadata/glsa/glsa-201804-04.xml
 create mode 100644 metadata/glsa/glsa-201804-05.xml
 create mode 100644 metadata/glsa/glsa-201804-06.xml
 create mode 100644 metadata/glsa/glsa-201804-07.xml
 create mode 100644 metadata/glsa/glsa-201804-08.xml
 create mode 100644 metadata/glsa/glsa-201804-09.xml
 create mode 100644 metadata/glsa/glsa-201804-10.xml

(limited to 'metadata/glsa')

diff --git a/metadata/glsa/Manifest b/metadata/glsa/Manifest
index 0d9778ce12fd..d06381fc60ff 100644
--- a/metadata/glsa/Manifest
+++ b/metadata/glsa/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 419802 BLAKE2B 77b61430b97be606d07e770dcefecad6df694cb9d174d02e411d0c9124496cc8f3c082d220e88b305fb15b10d7c63b688c68e4484d9efe6cf97b41aabe095755 SHA512 3f233f14b1531babe34f57d6f927c008a3406b144de3e74532b3bf23c806220ffc43906d40c476f43e773cfbdabd98ea035b95415e8a23d7ad3ed93384c13bf7
-TIMESTAMP 2018-04-07T11:38:26Z
+MANIFEST Manifest.files.gz 421068 BLAKE2B 7dadce7e4b041a3441a6b63ed7a860af4bdcb72f0c20dfbfdd9e4fb6e577a48f6a4fcb0599fba15eed3a96fa7c8c225773cd2e3d3942a286fd74ab527c15651e SHA512 acf6ff1943f0998753e92be7360ecf6e135b838a2681d49f8c91bef5155aaca01686c562e9e52ce269826b172b3f86851233b7716507c7b52394116ff6101c02
+TIMESTAMP 2018-04-10T15:38:31Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrIrbJfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAlrM2ndfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDxaw/8Drfbfj0hfEitCnKxUG4s7ZsusS76lSRthsQkw6WlGKhiuO0O60MAS0pa
-ne5YXBBKp8CY9WMtTIPwUK9uFoVzvGvBGP8HZmEYQkKRvSnvfyBudQjrbWp0k3Cs
-2TLcIrTS1slz6CGWDG8e/qwW3+7TfsTCegwixEQ90C8MOqWQkdC2zhkP2uN321gt
-VRs89bMJuxgJTtbVB23Ttkj2mvmbeqPsStvzXF0Yqb0617pBkIgQhZxzsRnJXYhs
-yBFH46JqLacgah3caCyZqPYtu7qefBdIsCo5PbGUlHZWzMrhrF/CVvRcazOUNYBy
-lOD2lpzR9QuX7gMvffiDg16rHxtsHXb0e8cfl1oDJ1JIRpgwi39oVPlIFSIOqTjC
-hDuuHUrqRIwbiuJtLYL034SzXvK7VnqpqPQpH5PoB7iqG/i+FHhyw7WiJg94doAi
-qF48/+QIOuQzesuL89zNwb6FEkP4rPkNyhd0+gZAKETb/mhUoHkNC0OdeUWQTT70
-dtaiH4HlOvlyOxm7Y5Mae2P5mHXWSuKNWrznahnGnQDjeSwpoHLlZLAOUfdy7Wy9
-Gn4yHzSRMUX31T8c8UlBDqzIwaPP2npukLAhW/fD8+BsHWofDMqA18sGLnw5XKSD
-+5nROyVpqxqKf44RNM/KNKdQCamasvsX7SMfuhrdkBHYoJ79bmo=
-=4WEz
+klBM2hAAhxjdROZlLwG2CxokiwKkVTLMepPK80nnhs85wEgE/DD4+zDo7qeKsRvi
+24x/hzxUrr+B82GoEGK6nhCq90CCj54FMZNu+3csa8T8JaFJrzJ+HAU6iNtfdKjE
+vMsE6Vdvehx6pgTEmVXrcc0iGQHKu8FNItd4z6MXvQg6s7UUJqdhw+mIV1t7jOB3
+rbGrzpYFgn1fZggmRrhIk82Lf3cTlSe5AU5/3625wrYpNUkYzS0cgkIA+vTjWo0N
+2bOpNXSJQobx1mILAivJHyjcz2TU38Po63soohfjyj1qpDF1FNKcYaidbR7ytFXS
+V3NmV0eoXmstXDMBsH1r01YtVxs6zpHSWkoZDEZTixGGxhJdPqyO0eQo1fCzCg0k
+AlIDdmNkfZAJiguSz8ZOjhIbhBrED7jyxl7q6bkfzC99rJwLSHeXk4h9bsGNdcFG
+WKByqf2HACL8J+XRpiwUX/lF8YxQ6PkXr3fWi4/i6zrGMa/Mu2U+RKDzFEHTTbXc
+nPuk4fY8aQt1FCXIjqBWUmhy4S/8VFCYKzru+s7NWNxFQsTzVXA8A5E4/KxOO4Ui
+jkUACXpPNWH/wAN55j5kZ4GwfvNDhQZ2Q/kiQAAWkcKUoYrQVrfB/gPy+eTTfa6N
+naEOmfnrFKuN0C0rYr6iLloS79cwvVSqZw2IjNsrcvAB7anhlUM=
+=iVON
 -----END PGP SIGNATURE-----
diff --git a/metadata/glsa/Manifest.files.gz b/metadata/glsa/Manifest.files.gz
index b5be97045f05..0c5cc77ecc00 100644
Binary files a/metadata/glsa/Manifest.files.gz and b/metadata/glsa/Manifest.files.gz differ
diff --git a/metadata/glsa/glsa-201804-03.xml b/metadata/glsa/glsa-201804-03.xml
new file mode 100644
index 000000000000..c59928cc59f0
--- /dev/null
+++ b/metadata/glsa/glsa-201804-03.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-03">
+  <title>Poppler: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Poppler, the worst of
+    which could allow a Denial of Service.
+  </synopsis>
+  <product type="ebuild">poppler</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>644388</bug>
+  <bug>645868</bug>
+  <access>remote</access>
+  <affected>
+    <package name="app-text/poppler" auto="yes" arch="*">
+      <unaffected range="ge">0.61.1</unaffected>
+      <vulnerable range="lt">0.61.1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Poppler is a PDF rendering library based on the xpdf-3.0 code base.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Poppler. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker, by enticing a user to open a specially crafted PDF,
+      could cause a Denial of Service condition or have other unspecified
+      impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All Poppler users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-text/poppler-0.61.1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-1000456">
+      CVE-2017-1000456
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14975">CVE-2017-14975</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14976">CVE-2017-14976</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-14977">CVE-2017-14977</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T12:41:02Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T14:25:23Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-04.xml b/metadata/glsa/glsa-201804-04.xml
new file mode 100644
index 000000000000..d12760a99d68
--- /dev/null
+++ b/metadata/glsa/glsa-201804-04.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-04">
+  <title>cURL: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in cURL, the worst of
+    which could result in a Denial of Service condition.
+  </synopsis>
+  <product type="ebuild">curl</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>645698</bug>
+  <bug>650056</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/curl" auto="yes" arch="*">
+      <unaffected range="ge">7.59.0</unaffected>
+      <vulnerable range="lt">7.59.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A command line tool and library for transferring data with URLs.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in cURL. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could cause a Denial of Service condition, obtain
+      sensitive information, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All cURL users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-7.59.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000005">
+      CVE-2018-1000005
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000007">
+      CVE-2018-1000007
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000120">
+      CVE-2018-1000120
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000121">
+      CVE-2018-1000121
+    </uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-1000122">
+      CVE-2018-1000122
+    </uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T14:02:46Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T14:28:57Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-05.xml b/metadata/glsa/glsa-201804-05.xml
new file mode 100644
index 000000000000..fac50a830abb
--- /dev/null
+++ b/metadata/glsa/glsa-201804-05.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-05">
+  <title>ISC DHCP: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in ISC DHCP, the worst of
+    which could allow for the remote execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">dhcp</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>644708</bug>
+  <bug>649010</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-misc/dhcp" auto="yes" arch="*">
+      <unaffected range="ge">4.3.6_p1</unaffected>
+      <vulnerable range="lt">4.3.6_p1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in ISC DHCP. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary code, cause a Denial of Service
+      condition, or have other unspecified impacts.
+    </p>
+  </impact>
+  <workaround>
+    <p>There are no known workarounds at this time for CVE-2018-5732 or
+      CVE-2018-5733.
+    </p>
+    
+    <p>In accordance with upstream documentation, the recommended workaround
+      for CVE-2017-3144 is, “to disallow access to the OMAPI control port
+      from unauthorized clients (in accordance with best practices for server
+      operation).”
+    </p>
+  </workaround>
+  <resolution>
+    <p>All DHCP users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-misc/dhcp-4.3.6_p1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-3144">CVE-2017-3144</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5732">CVE-2018-5732</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5733">CVE-2018-5733</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-03-13T18:06:24Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T16:46:04Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-06.xml b/metadata/glsa/glsa-201804-06.xml
new file mode 100644
index 000000000000..a038c242317f
--- /dev/null
+++ b/metadata/glsa/glsa-201804-06.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-06">
+  <title>mailx: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities were discovered in mailx, the worst of
+    which may allow a remote attacker to execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">mailx</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>533208</bug>
+  <access>remote</access>
+  <affected>
+    <package name="mail-client/mailx" auto="yes" arch="*">
+      <unaffected range="ge">8.1.2.20160123</unaffected>
+      <vulnerable range="lt">8.1.2.20160123</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>A utility program for sending and receiving mail, also known as a Mail
+      User Agent program.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in mailx. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker could execute arbitrary commands.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All mailx users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=mail-client/mailx-8.1.2.20160123"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2004-2771">CVE-2004-2771</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2014-7844">CVE-2014-7844</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T17:41:56Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T23:25:59Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-07.xml b/metadata/glsa/glsa-201804-07.xml
new file mode 100644
index 000000000000..e47a94f67e7d
--- /dev/null
+++ b/metadata/glsa/glsa-201804-07.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-07">
+  <title>libvirt: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been discovered in libvirt, the worst
+    of which may result in the execution of arbitrary commands.
+  </synopsis>
+  <product type="ebuild">libvirt</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>647338</bug>
+  <bug>650018</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/libvirt" auto="yes" arch="*">
+      <unaffected range="ge">4.1.0</unaffected>
+      <vulnerable range="lt">4.1.0</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>libvirt is a C toolkit for manipulating virtual machines.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in libvirt. Please review
+      the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local privileged attacker could execute arbitrary commands or cause a
+      Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All libvirt users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/libvirt-4.1.0"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5748">CVE-2018-5748</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-6764">CVE-2018-6764</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T17:45:31Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T23:28:32Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-08.xml b/metadata/glsa/glsa-201804-08.xml
new file mode 100644
index 000000000000..16b031554877
--- /dev/null
+++ b/metadata/glsa/glsa-201804-08.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-08">
+  <title>QEMU: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in QEMU, the worst of
+    which may allow an attacker to execute arbitrary code.
+  </synopsis>
+  <product type="ebuild">qemu</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>629348</bug>
+  <bug>638506</bug>
+  <bug>643432</bug>
+  <bug>646814</bug>
+  <bug>649616</bug>
+  <access>local, remote</access>
+  <affected>
+    <package name="app-emulation/qemu" auto="yes" arch="*">
+      <unaffected range="ge">2.11.1-r1</unaffected>
+      <vulnerable range="lt">2.11.1-r1</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>QEMU is a generic and open source machine emulator and virtualizer.</p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in QEMU. Please review the
+      CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>An attacker could execute arbitrary code, cause a Denial of Service
+      condition, or obtain sensitive information.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All QEMU users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=app-emulation/qemu-2.11.1-r1"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-13672">CVE-2017-13672</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15124">CVE-2017-15124</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-16845">CVE-2017-16845</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-17381">CVE-2017-17381</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18030">CVE-2017-18030</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-18043">CVE-2017-18043</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-5715">CVE-2017-5715</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5683">CVE-2018-5683</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-5748">CVE-2018-5748</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2018-7550">CVE-2018-7550</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T17:31:53Z">chrisadr</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T23:30:08Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-09.xml b/metadata/glsa/glsa-201804-09.xml
new file mode 100644
index 000000000000..ab4be111389b
--- /dev/null
+++ b/metadata/glsa/glsa-201804-09.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-09">
+  <title>SPICE VDAgent: Arbitrary command injection</title>
+  <synopsis>A vulnerability in SPICE VDAgent could allow local attackers to
+    execute arbitrary commands.
+  </synopsis>
+  <product type="ebuild">spice,vdagent</product>
+  <announced>2018-04-08</announced>
+  <revised count="1">2018-04-08</revised>
+  <bug>650020</bug>
+  <access>local</access>
+  <affected>
+    <package name="app-emulation/spice-vdagent" auto="yes" arch="*">
+      <unaffected range="ge">0.17.0_p20180319</unaffected>
+      <vulnerable range="lt">0.17.0_p20180319</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Provides a complete open source solution for remote access to virtual
+      machines in a seamless way so you can play videos, record audio, share
+      USB devices and share folders without complications.
+    </p>
+  </background>
+  <description>
+    <p>SPICE VDAgent does not properly escape save directory before passing to
+      shell.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A local attacker could execute arbitrary commands.</p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All SPICE VDAgent users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose
+      "&gt;=app-emulation/spice-vdagent-0.17.0_p20180319"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2017-15108">CVE-2017-15108</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-08T17:31:09Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-08T23:32:55Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/glsa-201804-10.xml b/metadata/glsa/glsa-201804-10.xml
new file mode 100644
index 000000000000..82a5c8731e29
--- /dev/null
+++ b/metadata/glsa/glsa-201804-10.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201804-10">
+  <title>Zend Framework: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in Zend Framework, the
+    worst of which could allow attackers to remotely execute arbitrary
+    commands.
+  </synopsis>
+  <product type="ebuild">zendframework</product>
+  <announced>2018-04-09</announced>
+  <revised count="2">2018-04-09</revised>
+  <bug>604182</bug>
+  <access>remote</access>
+  <affected>
+    <package name="dev-php/ZendFramework" auto="yes" arch="*">
+      <vulnerable range="le">1.12.9</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>Zend Framework is a high quality and open source framework for
+      developing Web Applications.
+    </p>
+    
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in Zend Framework that
+      have remain unaddressed. Please review the referenced CVE identifiers for
+      details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>Remote attackers could execute arbitrary commands or conduct SQL
+      injection attacks.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>Gentoo has discontinued support for Zend Framework and recommends that
+      users unmerge the package:
+    </p>
+    
+    <code>
+      # emerge --unmerge "dev-php/ZendFramework"
+    </code>
+  </resolution>
+  <references>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-10034">CVE-2016-10034</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-4861">CVE-2016-4861</uri>
+    <uri link="https://nvd.nist.gov/vuln/detail/CVE-2016-6233">CVE-2016-6233</uri>
+  </references>
+  <metadata tag="requester" timestamp="2018-04-09T00:33:10Z">b-man</metadata>
+  <metadata tag="submitter" timestamp="2018-04-09T17:05:49Z">b-man</metadata>
+</glsa>
diff --git a/metadata/glsa/timestamp.chk b/metadata/glsa/timestamp.chk
index a01a4cb82d0c..688d03838185 100644
--- a/metadata/glsa/timestamp.chk
+++ b/metadata/glsa/timestamp.chk
@@ -1 +1 @@
-Sat, 07 Apr 2018 11:38:22 +0000
+Tue, 10 Apr 2018 15:38:27 +0000
diff --git a/metadata/glsa/timestamp.commit b/metadata/glsa/timestamp.commit
index febf2abf42b1..f481b3dc7443 100644
--- a/metadata/glsa/timestamp.commit
+++ b/metadata/glsa/timestamp.commit
@@ -1 +1 @@
-e07af6df7a81524d31084c5565441abb9e572281 1522807580 2018-04-04T02:06:20+00:00
+6d341a6c00fd52a41ddaf7e932d941b6c7f9bf88 1523293654 2018-04-09T17:07:34+00:00
-- 
cgit v1.2.3