Monthly GLSA metadata 2025-11-01

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 596980 BLAKE2B eddb25532154bba44bb35623eb68543626c56c08b4a9b70673d678e12e2e9d223dee9cf4d0203ab7966bfde59e62bbac75b407365fffaffd689f74499226bdef SHA512 63607f6c6d89e0de89c2ed0d49a183cf3ebf144547b6b6c3a675072d222d42a76895e60d6f7b099c2762d742420925f50f5f0705f64f212c92b5228a8c6aac91
-TIMESTAMP 2025-05-01T06:40:34Z
+MANIFEST Manifest.files.gz 604600 BLAKE2B 67fa11a1e6485039ed07ecb341dd3eed3351c2e805dffb942c7b1d5a67de5ce334f9c7e8c5cb91c69c6b47f09ddfab8f9675421c6bbcbc7edbff873eafe92a4e SHA512 ca8da2d1e3d921194da4de308aa6824a3315fadb8fa8032bf4faea9a454874b09a269bfba3178304da1473e32d3744bc06c1991003b11e8e16b1624b75ee3551
+TIMESTAMP 2025-11-01T06:40:07Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmgTF2JfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmkFq0dfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDRMQ/+PAi2qYoR0sip4LFgbYOupfpmsR8tU5KJ1/74lCyKWzBeJXLv6ZpzzUfQ
-/zdiT7LTQTI/S+rLzGZ9iuru+SDj+TmSaqqe3/V47EMXrIUMQmi2/wpv4Xdz6SZv
-vaIEnBvxy7AcER2kd3SjuP7oqh49lY3M8lSxGzDcyLuKLMtA0GruuXoOHK8Kc32p
-e4MTmHiysNkwQ48mxpogteDz6UzMDz69H+RidhBJLcXj+VNi69jmLFUUWJ0WlINK
-BScxduFU4NdYew2iDUFohVSAvLshHnpWUg/S6WlJo1Kf7XSjROBnuNxbrHrRfBRh
-m4mx1fdXE73jM7QOpyx+BflrOEBmvrsGC2WJpI+YU5HmhRldkq9I1+amcPJEx/WD
-8lTul44UWczfeDxOjVSwQ4Ez0a3YzGxtvo/6aT/P/8u6lxZwXC73F4vPe9B/qQDn
-tCVkS4kDfMQf3zUlypFo3ny6eF54AcWzaT6XDIYVYJD1aSMXXqHhoffznAFB9Tjd
-gmYAjCPk/6Oi7WPKEg+TryBnQLv9GEL7TRpQDAAMf0vc8OXwsJbEfS1HO8msMjA7
-+q4SVTPh7y9uKR62hu9MLuEXBxm3w4fS+U8e+62SVPIqwFsa5Q92Sh98AOPjK9yY
-ViFNSQ0SCOaoWbmk9YFaC7JywXnlIXpD7si1W5a4hQ9aIF+qLqs=
-=4GyX
+klAlqw//Rh+QFG/HU8p/afZwOkCuKiH3EYyTI6xrchUx//UMbrQlEawqkxbcF9S+
+q8cx1x2S0FsrDI7nT0qh7yndM+rBNl0zRuRMzczq8gQo7rCGdePJkklevXUD5B6/
+RmRE0ojr+TZSfNsFtGGAs1Smh7QjViKB7L4OV+lGo+i7q+yFPK5yd2gUFvvDJuYz
+Orji4sAhdH8n4eDJ63DgJXn0oqLiDAHN55MizeQ1JmvAnuW6KCcflyzJ8wW4b3bB
+3tmpUDq0LcNQ5unffo6YhUhIYaALUivdp0sPLbQ3Z3MYWWoIhL6M9E/RyNU6e1Rw
+mX/VwyqNJGv+lTDYIEio4GFh0CiD0xyfW2EDD89ONqym3WwTNFWT0Y891FlaZm9q
+czYbX0nN8z91rLOj7olRRjbt9Jh8m4ixb8s/F1afK+eDNMvevNQJcY6+rOInDuog
+eCOo6hgBhAdKrBePXpnADD2PUG7HXrjijWZAzoOfThs3IvRfSmRhtd9wAU5a+W4U
+YpY8ogO9mwP5HQwCs6hARnZB8cIJJZXBgXC1AK139O88KaRlhLT4dTo9DI5as2Lk
+2VEUNAGMAoGRuQIHUvLJ83AtV0A1w/wt8O54lcusXxvcYCaxiLRQ5Lb46IrcmEmD
+zihw7ItaE4/sYgbqEgpw5W29XDAFrzKv/Cy4wT9HUznGFu0813A=
+=hxuR
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202411-06.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202411-06">
+    <title>GnuTLS: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to a denial of service.</synopsis>
+    <product type="ebuild">gnutls</product>
+    <announced>2024-11-17</announced>
+    <revised count="1">2024-11-17</revised>
+    <bug>831573</bug>
+    <bug>861803</bug>
+    <bug>893880</bug>
+    <bug>918663</bug>
+    <bug>922262</bug>
+    <bug>927557</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-libs/gnutls" auto="yes" arch="*">
+            <unaffected range="ge">3.8.5</unaffected>
+            <vulnerable range="lt">3.8.5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All GnuTLS users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.8.5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2509">CVE-2022-2509</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0361">CVE-2023-0361</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5981">CVE-2023-5981</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0553">CVE-2024-0553</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0567">CVE-2024-0567</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-28834">CVE-2024-28834</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-28835">CVE-2024-28835</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-11-17T08:50:20.605702Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-11-17T08:50:20.609484Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-01.xml

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202505-01">
+    <title>PAM: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in PAM, the worst of which could lead to password leakage.</synopsis>
+    <product type="ebuild">pam</product>
+    <announced>2025-05-12</announced>
+    <revised count="1">2025-05-12</revised>
+    <bug>922397</bug>
+    <bug>942075</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-libs/pam" auto="yes" arch="*">
+            <unaffected range="ge">1.7.0_p20241230</unaffected>
+            <vulnerable range="lt">1.7.0_p20241230</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in PAM. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All PAM users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.7.0_p20241230"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10041">CVE-2024-10041</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-05-12T06:55:41.605140Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-05-12T06:55:41.608795Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-02.xml

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202505-02">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2025-05-12</announced>
+    <revised count="1">2025-05-12</revised>
+    <bug>951563</bug>
+    <bug>953021</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="stable">137.0.1</unaffected>
+            <unaffected range="ge" slot="esr">128.9.0</unaffected>
+            <vulnerable range="lt" slot="stable">137.0.1</vulnerable>
+            <vulnerable range="lt" slot="esr">128.9.0</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="stable">137.0.1</unaffected>
+            <unaffected range="ge" slot="esr">128.9.0</unaffected>
+            <vulnerable range="lt" slot="stable">137.0.1</vulnerable>
+            <vulnerable range="lt" slot="esr">128.9.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox users should upgrade to the latest version in their release channel:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-137.0.1:rapid"
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.9.0:esr"
+        </code>
+
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-137.0.1:rapid"
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-128.9.0:esr"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-43097">CVE-2024-43097</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1931">CVE-2025-1931</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1932">CVE-2025-1932</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1933">CVE-2025-1933</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1934">CVE-2025-1934</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1935">CVE-2025-1935</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1936">CVE-2025-1936</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1937">CVE-2025-1937</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1938">CVE-2025-1938</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1941">CVE-2025-1941</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1942">CVE-2025-1942</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1943">CVE-2025-1943</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3028">CVE-2025-3028</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3029">CVE-2025-3029</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3030">CVE-2025-3030</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3031">CVE-2025-3031</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3032">CVE-2025-3032</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3034">CVE-2025-3034</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3035">CVE-2025-3035</uri>
+        <uri>MFSA2025-14</uri>
+        <uri>MFSA2025-16</uri>
+        <uri>MFSA2025-18</uri>
+        <uri>MFSA2025-20</uri>
+        <uri>MFSA2025-22</uri>
+        <uri>MFSA2025-23</uri>
+        <uri>MFSA2025-24</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-05-12T08:06:29.059257Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-05-12T08:06:29.061692Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-03.xml

@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202505-03">
+    <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">thunderbird,thunderbird-bin</product>
+    <announced>2025-05-12</announced>
+    <revised count="1">2025-05-12</revised>
+    <bug>945051</bug>
+    <bug>948114</bug>
+    <bug>951564</bug>
+    <bug>953022</bug>
+    <access>remote</access>
+    <affected>
+        <package name="mail-client/thunderbird" auto="yes" arch="*">
+            <unaffected range="ge">128.9.0</unaffected>
+            <vulnerable range="lt">128.9.0</vulnerable>
+        </package>
+        <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+            <unaffected range="ge">128.9.0</unaffected>
+            <vulnerable range="lt">128.9.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.9.0"
+        </code>
+
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.9.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11692">CVE-2024-11692</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11694">CVE-2024-11694</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11695">CVE-2024-11695</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11696">CVE-2024-11696</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11697">CVE-2024-11697</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11699">CVE-2024-11699</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11700">CVE-2024-11700</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11701">CVE-2024-11701</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11704">CVE-2024-11704</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11705">CVE-2024-11705</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11706">CVE-2024-11706</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11708">CVE-2024-11708</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-43097">CVE-2024-43097</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-50336">CVE-2024-50336</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0237">CVE-2025-0237</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0238">CVE-2025-0238</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0239">CVE-2025-0239</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0240">CVE-2025-0240</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0241">CVE-2025-0241</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0242">CVE-2025-0242</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0243">CVE-2025-0243</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1931">CVE-2025-1931</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1932">CVE-2025-1932</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1933">CVE-2025-1933</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1934">CVE-2025-1934</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1935">CVE-2025-1935</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1936">CVE-2025-1936</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1937">CVE-2025-1937</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1938">CVE-2025-1938</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3028">CVE-2025-3028</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3029">CVE-2025-3029</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3030">CVE-2025-3030</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3031">CVE-2025-3031</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3032">CVE-2025-3032</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3034">CVE-2025-3034</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-26695">CVE-2025-26695</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-26696">CVE-2025-26696</uri>
+        <uri>MFSA2024-63</uri>
+        <uri>MFSA2024-64</uri>
+        <uri>MFSA2024-65</uri>
+        <uri>MFSA2024-67</uri>
+        <uri>MFSA2024-68</uri>
+        <uri>MFSA2025-01</uri>
+        <uri>MFSA2025-02</uri>
+        <uri>MFSA2025-05</uri>
+        <uri>MFSA2025-14</uri>
+        <uri>MFSA2025-16</uri>
+        <uri>MFSA2025-18</uri>
+        <uri>MFSA2025-20</uri>
+        <uri>MFSA2025-22</uri>
+        <uri>MFSA2025-23</uri>
+        <uri>MFSA2025-24</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-05-12T09:13:59.331961Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-05-12T09:13:59.334292Z">graaff</metadata>
+</glsa>