diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest index 3bcf2234996..99db87db60d 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 596980 BLAKE2B eddb25532154bba44bb35623eb68543626c56c08b4a9b70673d678e12e2e9d223dee9cf4d0203ab7966bfde59e62bbac75b407365fffaffd689f74499226bdef SHA512 63607f6c6d89e0de89c2ed0d49a183cf3ebf144547b6b6c3a675072d222d42a76895e60d6f7b099c2762d742420925f50f5f0705f64f212c92b5228a8c6aac91 -TIMESTAMP 2025-05-01T06:40:34Z +MANIFEST Manifest.files.gz 600793 BLAKE2B 04d710d536849ab97cf8e9927d7b476067af7583d4beeba512f9a1c8dfef30e0fecf4d134afe90cc36dfab3bbb2bb6c7e180690a785f8f4e682e871929bdb8b4 SHA512 4b52258c40c4bdd08e942961b7fddee39a7a5fe9bb9b1bf221367ef6e532948bd6989e08d9e11b42b6b95ab75b6957ac7832c76c8d2305aa3f057cbbfa8a023b +TIMESTAMP 2025-06-30T23:40:56Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmgTF2JfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmhjIIhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klDRMQ/+PAi2qYoR0sip4LFgbYOupfpmsR8tU5KJ1/74lCyKWzBeJXLv6ZpzzUfQ -/zdiT7LTQTI/S+rLzGZ9iuru+SDj+TmSaqqe3/V47EMXrIUMQmi2/wpv4Xdz6SZv -vaIEnBvxy7AcER2kd3SjuP7oqh49lY3M8lSxGzDcyLuKLMtA0GruuXoOHK8Kc32p -e4MTmHiysNkwQ48mxpogteDz6UzMDz69H+RidhBJLcXj+VNi69jmLFUUWJ0WlINK -BScxduFU4NdYew2iDUFohVSAvLshHnpWUg/S6WlJo1Kf7XSjROBnuNxbrHrRfBRh -m4mx1fdXE73jM7QOpyx+BflrOEBmvrsGC2WJpI+YU5HmhRldkq9I1+amcPJEx/WD -8lTul44UWczfeDxOjVSwQ4Ez0a3YzGxtvo/6aT/P/8u6lxZwXC73F4vPe9B/qQDn -tCVkS4kDfMQf3zUlypFo3ny6eF54AcWzaT6XDIYVYJD1aSMXXqHhoffznAFB9Tjd -gmYAjCPk/6Oi7WPKEg+TryBnQLv9GEL7TRpQDAAMf0vc8OXwsJbEfS1HO8msMjA7 -+q4SVTPh7y9uKR62hu9MLuEXBxm3w4fS+U8e+62SVPIqwFsa5Q92Sh98AOPjK9yY -ViFNSQ0SCOaoWbmk9YFaC7JywXnlIXpD7si1W5a4hQ9aIF+qLqs= -=4GyX +klBnlRAAlZWOX7ER6YV4hX3aS5YocWPTxXL9jFpbBVYAiSRi7OKj4aanykvbXkcP +8SW5lCPlHH2EvZ3sWWLJUN9+PZCvnNblwdFTF5bAH79KFXnWgItiYTcrMDXPHdRu +vQae+ZYzEz/SleUCynANroIq9W3GYX+jldKWumLi2FXZcGoSzuY9yix8CPUcYjLN +6s9wpfA8Xsz1i+jmhbFSIOJ9mUElAaI7K+hchDkETfQPgztjchsvJQPUCzSIOq01 +oQEKoUz+6cHXgJ3P/2ZNiygkwXzv290pBr3Dyi7+2UMX7Q+X9S8Z0yv+Mv4vCOvD +Wf2H7TyOIlf5F5PWDSIhcSNOPtIEKkpZho8+t8qGuOwr2/QdKPjiUt9cLd40Y9ly +vRCttCG177iZzLIbS4nhqSb7O+bLJI+XUgONKb+TpjWqBYZUHduw8p51R5Ny/5fx +9/8Hw2u680+tGWFe54seohZpLNSyIIJDHUg1HDI5sofC8Fr4QNZFeqxDB3pKuBQk +PMVgMThEfyw4k3FG1zD+zMQd8bdWS3dB3y0qf7IKOTy8S2K95L9C9+1ciOPq8r+E +S+JhLENcunoGGeuOSoaWIuCTzbYEfws84FVu2reow2VcqAjFMG6AEN+rF1JvmOf+ +C1LLOr/fZ+6JoNHLVGog2sAILy6TwweCVNSDcdmBY5syAcEfV9k= +=jqWI -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz index 174f96b7d26..0bd009cc032 100644 Binary files a/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz and b/sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest.files.gz differ diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-01.xml new file mode 100644 index 00000000000..0e525a79718 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-01.xml @@ -0,0 +1,43 @@ + + + + PAM: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in PAM, the worst of which could lead to password leakage. + pam + 2025-05-12 + 2025-05-12 + 922397 + 942075 + remote + + + 1.7.0_p20241230 + 1.7.0_p20241230 + + + +

PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes.

+
+ +

Multiple vulnerabilities have been discovered in PAM. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All PAM users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.7.0_p20241230" + +
+ + CVE-2024-10041 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-02.xml new file mode 100644 index 00000000000..9ca69164448 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-02.xml @@ -0,0 +1,85 @@ + + + + Mozilla Firefox: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. + firefox,firefox-bin + 2025-05-12 + 2025-05-12 + 951563 + 953021 + remote + + + 137.0.1 + 128.9.0 + 137.0.1 + 128.9.0 + + + 137.0.1 + 128.9.0 + 137.0.1 + 128.9.0 + + + +

Mozilla Firefox is a popular open-source web browser from the Mozilla project.

+
+ +

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Mozilla Firefox users should upgrade to the latest version in their release channel:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-137.0.1:rapid" + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.9.0:esr" + + +

All Mozilla Firefox users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-137.0.1:rapid" + # emerge --ask --oneshot --verbose ">=www-client/firefox-128.9.0:esr" + +
+ + CVE-2024-43097 + CVE-2025-1931 + CVE-2025-1932 + CVE-2025-1933 + CVE-2025-1934 + CVE-2025-1935 + CVE-2025-1936 + CVE-2025-1937 + CVE-2025-1938 + CVE-2025-1941 + CVE-2025-1942 + CVE-2025-1943 + CVE-2025-3028 + CVE-2025-3029 + CVE-2025-3030 + CVE-2025-3031 + CVE-2025-3032 + CVE-2025-3034 + CVE-2025-3035 + MFSA2025-14 + MFSA2025-16 + MFSA2025-18 + MFSA2025-20 + MFSA2025-22 + MFSA2025-23 + MFSA2025-24 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-03.xml new file mode 100644 index 00000000000..30637b9f287 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-03.xml @@ -0,0 +1,107 @@ + + + + Mozilla Thunderbird: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. + thunderbird,thunderbird-bin + 2025-05-12 + 2025-05-12 + 945051 + 948114 + 951564 + 953022 + remote + + + 128.9.0 + 128.9.0 + + + 128.9.0 + 128.9.0 + + + +

Mozilla Thunderbird is a popular open-source email client from the Mozilla project.

+
+ +

Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.9.0" + + +

All Mozilla Thunderbird users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.9.0" + +
+ + CVE-2024-11692 + CVE-2024-11694 + CVE-2024-11695 + CVE-2024-11696 + CVE-2024-11697 + CVE-2024-11699 + CVE-2024-11700 + CVE-2024-11701 + CVE-2024-11704 + CVE-2024-11705 + CVE-2024-11706 + CVE-2024-11708 + CVE-2024-43097 + CVE-2024-50336 + CVE-2025-0237 + CVE-2025-0238 + CVE-2025-0239 + CVE-2025-0240 + CVE-2025-0241 + CVE-2025-0242 + CVE-2025-0243 + CVE-2025-1931 + CVE-2025-1932 + CVE-2025-1933 + CVE-2025-1934 + CVE-2025-1935 + CVE-2025-1936 + CVE-2025-1937 + CVE-2025-1938 + CVE-2025-3028 + CVE-2025-3029 + CVE-2025-3030 + CVE-2025-3031 + CVE-2025-3032 + CVE-2025-3034 + CVE-2025-26695 + CVE-2025-26696 + MFSA2024-63 + MFSA2024-64 + MFSA2024-65 + MFSA2024-67 + MFSA2024-68 + MFSA2025-01 + MFSA2025-02 + MFSA2025-05 + MFSA2025-14 + MFSA2025-16 + MFSA2025-18 + MFSA2025-20 + MFSA2025-22 + MFSA2025-23 + MFSA2025-24 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-04.xml new file mode 100644 index 00000000000..0dd8cb5be7e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-04.xml @@ -0,0 +1,60 @@ + + + + NVIDIA Drivers: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in arbitrary code execution. + nvidia-drivers + 2025-05-12 + 2025-05-12 + 954339 + local + + + 535.247.01 + 550.163.01 + 570.133.07 + 535.247.01 + 550.163.01 + 570.133.07 + + + +

NVIDIA Drivers are NVIDIA's accelerated graphics driver.

+
+ +

A vulnerability has been discovered in NVIDIA Drivers. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifier for details.

+
+ +

There is no known workaround at this time.

+
+ +

All NVIDIA Drivers 535 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.247.01:0/535" + + +

All NVIDIA Drivers 550 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-550.163.01:0/550" + + +

All NVIDIA Drivers 570 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-570.133.07:0/570" + +
+ + CVE-2025-23244 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-05.xml new file mode 100644 index 00000000000..32b4836ab20 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-05.xml @@ -0,0 +1,48 @@ + + + + Orc: Arbitrary Code Execution + A vulnerability has been discovered in Orc, which can lead to arbitrary code execution + orc + 2025-05-12 + 2025-05-12 + 937127 + local + + + 0.4.40 + 0.4.40 + + + +

Orc is a library and set of tools for compiling and executing +very simple programs that operate on arrays of data. The "language" +is a generic assembly language that represents many of the features +available in SIMD architectures, including saturated addition and +subtraction, and many arithmetic operations.

+
+ +

Please review the CVE identifier referenced below for details.

+
+ +

It is possible for a malicious third party to trigger a buffer overflow and effect code execution with the same privileges as the orc compiler is called with by feeding it with malformed orc source files. + +This only affects developers and CI environments using orcc, not users of liborc.

+
+ +

There is no known workaround at this time.

+
+ +

All Orc users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/orc-0.4.40" + +
+ + CVE-2024-40897 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-06.xml new file mode 100644 index 00000000000..a6b234657b8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-06.xml @@ -0,0 +1,42 @@ + + + + glibc: Buffer Overflow + A vulnerability has been discovered in glibc, which can lead to execution of arbitrary code.. + glibc + 2025-05-12 + 2025-05-12 + 948592 + local and remote + + + 2.40-r8 + 2.40-r8 + + + +

glibc is a package that contains the GNU C library.

+
+ +

A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details.

+
+ +

Please review the referenced CVE identifier for details.

+
+ +

There is no known workaround at this time.

+
+ +

All glibc users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.40-r8" + +
+ + CVE-2025-0395 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-07.xml new file mode 100644 index 00000000000..63db4d35880 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-07.xml @@ -0,0 +1,42 @@ + + + + FreeType: Remote Code Execution + A vulnerability has been discovered in FreeType, which can lead to remote code execution. + freetype + 2025-05-14 + 2025-05-14 + 951286 + local and remote + + + 2.13.1 + 2.13.1 + + + +

FreeType is a high-quality and portable font engine.

+
+ +

Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.

+
+ +

An out of bounds write exists in FreeType when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

+
+ +

There is no known workaround at this time.

+
+ +

All FreeType users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.13.1" + +
+ + CVE-2025-27363 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-08.xml new file mode 100644 index 00000000000..5d8b1435cf7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-08.xml @@ -0,0 +1,87 @@ + + + + Spidermonkey: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Spidermonkey, the worst of which could lead to execution of arbitrary code. + spidermonkey + 2025-05-14 + 2025-05-14 + 941171 + 942471 + 951565 + local and remote + + + 128.8.0 + 128.8.0 + + + +

SpiderMonkey is Mozilla’s JavaScript and WebAssembly Engine, used in Firefox, Servo and various other projects. It is written in C++, Rust and JavaScript. You can embed it into C++ and Rust projects, and it can be run as a stand-alone shell.

+
+ +

Multiple vulnerabilities have been discovered in Spidermonkey. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Spidermonkey users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/spidermonkey-128.8.0" + +
+ + CVE-2024-8900 + CVE-2024-9391 + CVE-2024-9392 + CVE-2024-9395 + CVE-2024-9396 + CVE-2024-9397 + CVE-2024-9399 + CVE-2024-9400 + CVE-2024-9401 + CVE-2024-9402 + CVE-2024-9403 + CVE-2024-10458 + CVE-2024-10459 + CVE-2024-10460 + CVE-2024-10461 + CVE-2024-10462 + CVE-2024-10463 + CVE-2024-10464 + CVE-2024-10465 + CVE-2024-10466 + CVE-2024-10467 + CVE-2024-10468 + CVE-2024-43097 + CVE-2025-1931 + CVE-2025-1932 + CVE-2025-1933 + CVE-2025-1934 + CVE-2025-1935 + CVE-2025-1936 + CVE-2025-1937 + CVE-2025-1938 + MFSA2024-46 + MFSA2024-47 + MFSA2024-48 + MFSA2024-49 + MFSA2024-50 + MFSA2024-55 + MFSA2024-56 + MFSA2024-57 + MFSA2024-58 + MFSA2024-59 + MFSA2025-14 + MFSA2025-16 + MFSA2025-18 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-09.xml new file mode 100644 index 00000000000..4f517b2d09d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-09.xml @@ -0,0 +1,42 @@ + + + + Atop: Heap Corruption + A vulnerability has been discovered in Atop, which can possibly lead to arbitrary code execution. + atop + 2025-05-14 + 2025-05-14 + 952921 + remote + + + 2.11.1 + 2.11.1 + + + +

Atop is an ASCII full-screen performance monitor for Linux that is capable of reporting the activity of all processes (even if processes have finished during the interval), daily logging of system and process activity for long-term analysis, highlighting overloaded system resources by using colors, etc. At regular intervals, it shows system-level activity related to the CPU, memory, swap, disks (including LVM) and network layers, and for every process (and thread) it shows e.g. the CPU utilization, memory growth, disk utilization, priority, username, state, and exit code.

+
+ +

A vulnerability has been discovered in Atop. Please review the CVE identifier referenced below for details.

+
+ +

Atop allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.

+
+ +

There is no known workaround at this time.

+
+ +

All Atop users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-process/atop-2.11.1" + +
+ + CVE-2025-31160 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-10.xml new file mode 100644 index 00000000000..b36ba63eb00 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-10.xml @@ -0,0 +1,42 @@ + + + + Tracker miners: Sandbox weakness + A vulnerability has been discovered in Tracker miners, which can lead to a sandbox escape and execution of arbitrary code. + tracker-miners + 2025-05-14 + 2025-05-14 + 916378 + remote + + + 3.5.3 + 3.5.3 + + + +

The Tracker miners are a collection of data extractors for the GNOME Tracker.

+
+ +

A vulnerability has been discovered in Tracker minders. Please review the CVE identifier referenced below for details.

+
+ +

Please review the referenced CVE identifier for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Tracker miners users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-misc/tracker-miners-3.5.3" + +
+ + CVE-2023-5557 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-11.xml new file mode 100644 index 00000000000..7640b898ee7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-11.xml @@ -0,0 +1,68 @@ + + + + Node.js: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Node.js, the worst of which could lead to execution of arbitrary code. + nodejs + 2025-05-14 + 2025-05-17 + 916513 + 924704 + 928532 + 936204 + local and remote + + + 18.20.4 + 20.15.1 + 22.4.1 + 18.20.4 + 20.15.1 + 22.4.1 + + + +

Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.

+
+ +

Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Node.js users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/nodejs-22.4.1" + +
+ + CVE-2023-38552 + CVE-2023-39331 + CVE-2023-39332 + CVE-2023-39333 + CVE-2023-44487 + CVE-2023-45143 + CVE-2023-46809 + CVE-2024-21890 + CVE-2024-21891 + CVE-2024-21892 + CVE-2024-21896 + CVE-2024-22017 + CVE-2024-22018 + CVE-2024-22019 + CVE-2024-22020 + CVE-2024-22025 + CVE-2024-27982 + CVE-2024-27983 + CVE-2024-36137 + CVE-2024-37372 + + graaff + graaff +
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-01.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-01.xml new file mode 100644 index 00000000000..7d906610212 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-01.xml @@ -0,0 +1,53 @@ + + + + Emacs: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Emacs, the worst of which could lead to arbitrary code execution. + emacs + 2025-06-12 + 2025-06-12 + 945164 + 950192 + local + + + 29.4-r2 + 28.2-r16 + 27.2-r20 + 26.3-r22 + 29.4-r2 + 28.2-r16 + 27.2-r20 + 26.3-r22 + + + +

Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning.

+
+ +

Multiple vulnerabilities have been discovered in Emacs, org-mode. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Emacs, org-mode users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-29.4-r2:29" + # emerge --ask --oneshot --verbose ">=app-editors/emacs-28.2-r16:28" + # emerge --ask --oneshot --verbose ">=app-editors/emacs-27.2-r20:27" + # emerge --ask --oneshot --verbose ">=app-editors/emacs-26.3-r22:26" + +
+ + CVE-2024-53920 + CVE-2025-1244 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-02.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-02.xml new file mode 100644 index 00000000000..3b15ebf5508 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-02.xml @@ -0,0 +1,77 @@ + + + + GStreamer, GStreamer Plugins: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution. + gst-plugins-base,gstreamer + 2025-06-12 + 2025-06-12 + 948198 + local and remote + + + 1.24.10 + 1.24.10 + + + 1.24.10 + 1.24.10 + + + +

GStreamer is an open source multimedia framework.

+
+ +

Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All GStreamer, GStreamer Plugins users should upgrade to the latest versions:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.24.10" ">=media-libs/gst-plugins-bad-1.24.10" + +
+ + CVE-2024-44331 + CVE-2024-47537 + CVE-2024-47538 + CVE-2024-47539 + CVE-2024-47540 + CVE-2024-47541 + CVE-2024-47542 + CVE-2024-47543 + CVE-2024-47544 + CVE-2024-47545 + CVE-2024-47546 + CVE-2024-47596 + CVE-2024-47597 + CVE-2024-47598 + CVE-2024-47599 + CVE-2024-47600 + CVE-2024-47601 + CVE-2024-47602 + CVE-2024-47603 + CVE-2024-47606 + CVE-2024-47607 + CVE-2024-47613 + CVE-2024-47615 + CVE-2024-47774 + CVE-2024-47775 + CVE-2024-47776 + CVE-2024-47777 + CVE-2024-47778 + CVE-2024-47834 + CVE-2024-47835 + GStreamer-SA-2024-0003 + GStreamer-SA-2024-0004 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-03.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-03.xml new file mode 100644 index 00000000000..53d406a2110 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-03.xml @@ -0,0 +1,54 @@ + + + + LibreOffice: Multiple Vulnerabilities + Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in user-assisted code execution. + libreoffice,libreoffice-bin + 2025-06-12 + 2025-06-12 + 948825 + local + + + 24.2.7.2-r1 + 24.2.7.2-r1 + + + 24.8.4 + 24.8.4 + + + +

LibreOffice is a powerful office suite; its clean interface and powerful tools let you unleash your creativity and grow your productivity.

+
+ +

Multiple vulnerabilities have been discovered in LibreOffice. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All LibreOffice binary users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-bin-24.8.4" + + +

All LibreOffice users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-office/libreoffice-24.2.7.2-r1" + +
+ + CVE-2024-12425 + CVE-2024-12426 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-04.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-04.xml new file mode 100644 index 00000000000..b68093edfb8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-04.xml @@ -0,0 +1,60 @@ + + + + X.Org X server, XWayland: Multiple Vulnerabilities + A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. + xorg-server,xwayland + 2025-06-12 + 2025-06-12 + 950290 + local + + + 21.1.16 + 21.1.16 + + + 24.1.6 + 24.1.6 + + + +

The X Window System is a graphical windowing system based on a client/server model.

+
+ +

Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All X.Org X server users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-21.1.16" + + +

All XWayland users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-base/xwayland-24.1.6" + +
+ + CVE-2025-26594 + CVE-2025-26595 + CVE-2025-26596 + CVE-2025-26597 + CVE-2025-26598 + CVE-2025-26599 + CVE-2025-26600 + CVE-2025-26601 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-05.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-05.xml new file mode 100644 index 00000000000..f1dade8e1c2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-05.xml @@ -0,0 +1,42 @@ + + + + GTK+ 3: Search path vulnerability + A vulnerability has been discovered in Gtk+, which can lead to arbitrary code execution. + gtk+ + 2025-06-12 + 2025-06-12 + 949825 + local + + + 3.24.48:3 + 3.24.48:3 + + + +

GTK+ (GIMP Toolkit +) is a toolkit for creating graphical user interfaces.

+
+ +

A vulnerability has been discovered in GTK+ 3. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifier for details.

+
+ +

There is no known workaround at this time.

+
+ +

All GTK+ 3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=x11-libs/gtk+-3.24.48:3" + +
+ + CVE-2024-6655 + + graaff + graaff +
diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-06.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-06.xml new file mode 100644 index 00000000000..1bddab78ff4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-06.xml @@ -0,0 +1,58 @@ + + + + Qt: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Qt, the worst of which can lead to arbitrary code execution. + qtbase,qtgui,qtnetwork + 2025-06-12 + 2025-06-12 + 924647 + 931096 + 935869 + 954261 + local + + + 6.8.3-r1 + 6.8.3-r1 + + + 5.15.12-r2 + 5.15.12-r2 + + + 5.15.14-r1 + 5.15.14-r1 + + + +

Qt is a cross-platform application development framework.

+
+ +

Multiple vulnerabilities have been discovered in Qt. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Qt users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.8.3-r1" + # emerge --ask --oneshot --verbose ">=dev-qt/qtnetwork-5.15.14-r1" + # emerge --ask --oneshot --verbose ">=dev-qt/qtgui-5.15.12-r2" + +
+ + CVE-2024-25580 + CVE-2024-33861 + CVE-2024-39936 + CVE-2025-3512 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-07.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-07.xml new file mode 100644 index 00000000000..532762aebe9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-07.xml @@ -0,0 +1,83 @@ + + + + Python, PyPy: Multiple Vulnerabilities + Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. + pypy,python + 2025-06-12 + 2025-06-12 + 929045 + 937124 + 938432 + 939206 + 945845 + 953493 + 956682 + 957088 + local and remote + + + 3.10.7.3.19_p4 + 3.11.7.3.19_p9 + 3.10.7.3.19_p4 + 3.11.7.3.19_p9 + + + 3.14.0_beta2 + 3.13.3_p1 + 3.12.10_p1 + 3.11.12_p1 + 3.10.17_p1 + 3.9.22_p1 + 3.8.20_p7 + 3.14.0_beta2 + 3.13.3_p1 + 3.12.10_p1 + 3.11.12_p1 + 3.10.17_p1 + 3.9.22_p1 + 3.8.20_p7 + + + +

Python is an interpreted, interactive, object-oriented, cross-platform programming language.

+
+ +

Multiple vulnerabilities have been discovered in Python, PyPy3. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Python, PyPy3 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.14.0_beta2:3.14" + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.13.3_p1:3.13" + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.12.10_p1:3.12" + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.11.12_p1:3.11" + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.10.17_p1:3.10" + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.9.22_p1:3.9" + # emerge --ask --oneshot --verbose ">=dev-lang/python-3.8.20_p7:3.8" + # emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.10.7.3.19_p4:3.10" + # emerge --ask --oneshot --verbose ">=dev-lang/pypy-3.11.7.3.19_p9:3.11" + +
+ + CVE-2024-6232 + CVE-2024-6923 + CVE-2024-7592 + CVE-2024-8088 + CVE-2024-12718 + CVE-2025-4138 + CVE-2025-4330 + CVE-2025-4516 + CVE-2025-4517 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-08.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-08.xml new file mode 100644 index 00000000000..7f9b3bbdc73 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-08.xml @@ -0,0 +1,43 @@ + + + + Node.js: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in Node.js, the worst of which can lead to arbitrary code execution. + nodejs + 2025-06-12 + 2025-06-12 + 948514 + local and remote + + + 22.13.1 + 22.13.1 + + + +

Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.

+
+ +

Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Node.js users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-libs/nodejs-22.13.1" + +
+ + CVE-2025-23083 + CVE-2025-23085 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-09.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-09.xml new file mode 100644 index 00000000000..e97a7121c56 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-09.xml @@ -0,0 +1,48 @@ + + + + OpenImageIO: Multiple Vulnerabilities + Multiple vulnerabilities have been discovered in OpenImageIO, the worst of which can lead to execution of arbitrary code. + openimageio + 2025-06-12 + 2025-06-12 + 903807 + 917679 + local and remote + + + 2.5.4.0 + 2.5.4.0 + + + +

OpenImageIO is a library for reading and writing images.

+
+ +

Multiple vulnerabilities have been discovered in OpenImageIO. Please review the CVE identifiers referenced below for details.

+
+ +

Please review the referenced CVE identifiers for details.

+
+ +

There is no known workaround at this time.

+
+ +

All OpenImageIO users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-libs/openimageio-2.5.4.0" + +
+ + CVE-2023-22845 + CVE-2023-24472 + CVE-2023-24473 + CVE-2023-36183 + CVE-2023-42295 + CVE-2023-42299 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-10.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-10.xml new file mode 100644 index 00000000000..fb6224da695 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-10.xml @@ -0,0 +1,42 @@ + + + + File-Find-Rule: Shell Injection + A vulnerability has been discovered in File-Find-Rule, which can lead to shell injection. + File-Find-Rule + 2025-06-12 + 2025-06-12 + 957182 + local and remote + + + 0.350.0 + 0.350.0 + + + +

File-Find-Rule is an alternative interface to File::Find.

+
+ +

File-Find-Rule uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames.

+
+ +

Shell injection may be used to execute arbitrary code using a malicious filename.

+
+ +

There is no known workaround at this time.

+
+ +

All File-Find-Rule users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/File-Find-Rule-0.350.0" + +
+ + CVE-2011-10007 + + sam + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-11.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-11.xml new file mode 100644 index 00000000000..d9438a103a2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-11.xml @@ -0,0 +1,42 @@ + + + + YAML-LibYAML: Shell injection + A vulnerability has been discovered in YAML-LibYAML, which can lead to shell injection. + YAML-LibYAML + 2025-06-12 + 2025-06-12 + 949498 + local and remote + + + 0.903.0 + 0.903.0 + + + +

YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl.

+
+ +

YAML-LibYAML uses the legacy '2-arg' open() call which is susceptible to shell injection via malicious filenames.

+
+ +

Shell injection may be used to execute arbitrary code using a malicious filename.

+
+ +

There is no known workaround at this time.

+
+ +

All YAML-LibYAML users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-perl/YAML-LibYAML-0.903.0" + +
+ + CVE-2025-40908 + + sam + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-12.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-12.xml new file mode 100644 index 00000000000..e2b7c7ef6dd --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-12.xml @@ -0,0 +1,42 @@ + + + + sysstat: Arbitrary Code Execution + An integer overflow vulnerability has been found in sysstat which could result in arbitrary code execution. + sysstat + 2025-06-15 + 2025-06-15 + 907121 + local + + + 12.6.2-r1 + 12.6.2-r1 + + + +

sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools.

+
+ +

A vulnerability has been discovered in sysstat. Please review the CVE identifier referenced below for details. This CVE improves on an incomplete fix for CVE-2022-39377.

+
+ +

On 32 bit systems, an integer overflow can be triggered when displaying activity data files.

+
+ +

There is no known workaround at this time.

+
+ +

All sysstat users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sysstat-12.6.2-r1" + +
+ + CVE-2023-33204 + + graaff + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-13.xml b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-13.xml new file mode 100644 index 00000000000..6d825bdc718 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202506-13.xml @@ -0,0 +1,42 @@ + + + + Konsole: Code execution + An input sanitization flaw in Konsole might allow remote attackers to execute commands via a malicious URL + konsole + 2025-06-15 + 2025-06-15 + 957792 + remote + + + 24.12.3-r1 + 24.12.3-r1 + + + +

Konsole is KDE's terminal emulator.

+
+ +

Konsole supports loading URLs from the scheme handlers such as telnet://URL. This can be executed regardless of whether the telnet binary is available. It would fallback to bash in that case and execute arbitrary code.

+
+ +

Clicking a malicious URL in a browser may lead to arbitrary code execution. Please review the referenced CVE identifier for details.

+
+ +

There is no known workaround at this time.

+
+ +

All Konsole users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-apps/konsole-24.12.3-r1" + +
+ + CVE-2025-49091 + + sam + graaff +
\ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk index 66c0857d6d0..a27e3fb7ebf 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.chk @@ -1 +1 @@ -Thu, 01 May 2025 06:40:32 +0000 +Mon, 30 Jun 2025 23:40:53 +0000 diff --git a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit index d4c903585d6..a47bb79d0b4 100644 --- a/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit +++ b/sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit @@ -1 +1 @@ -da2df533a0a1b5799029686bc64ece18ac31947e 1743813771 2025-04-05T00:42:51Z +e9a79ea1a521057603616ae1081350857362c2f9 1749968895 2025-06-15T06:28:15Z