Monthly GLSA metadata 2025-08-01

sdk_container/src/third_party/portage-stable/metadata/glsa/Manifest

@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 596980 BLAKE2B eddb25532154bba44bb35623eb68543626c56c08b4a9b70673d678e12e2e9d223dee9cf4d0203ab7966bfde59e62bbac75b407365fffaffd689f74499226bdef SHA512 63607f6c6d89e0de89c2ed0d49a183cf3ebf144547b6b6c3a675072d222d42a76895e60d6f7b099c2762d742420925f50f5f0705f64f212c92b5228a8c6aac91
-TIMESTAMP 2025-05-01T06:40:34Z
+MANIFEST Manifest.files.gz 602536 BLAKE2B 91a162d8598eb8bf6ea25e77751a0b7fa92b549d16af2ef26513faf217c26a9295178de5a769cd60342031fa78942e16f543dd099103b200d9cab6b5696ba3fc SHA512 67f89e3170126adb03811ef405e1cbc5e716c5a2f01c9840b9da221edfee53a1560bd3c91cea35afc906b5f7d24e9aba540802027b3cf668865775486392ccb4
+TIMESTAMP 2025-07-31T23:40:25Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmgTF2JfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAmiL/ulfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klDRMQ/+PAi2qYoR0sip4LFgbYOupfpmsR8tU5KJ1/74lCyKWzBeJXLv6ZpzzUfQ
-/zdiT7LTQTI/S+rLzGZ9iuru+SDj+TmSaqqe3/V47EMXrIUMQmi2/wpv4Xdz6SZv
-vaIEnBvxy7AcER2kd3SjuP7oqh49lY3M8lSxGzDcyLuKLMtA0GruuXoOHK8Kc32p
-e4MTmHiysNkwQ48mxpogteDz6UzMDz69H+RidhBJLcXj+VNi69jmLFUUWJ0WlINK
-BScxduFU4NdYew2iDUFohVSAvLshHnpWUg/S6WlJo1Kf7XSjROBnuNxbrHrRfBRh
-m4mx1fdXE73jM7QOpyx+BflrOEBmvrsGC2WJpI+YU5HmhRldkq9I1+amcPJEx/WD
-8lTul44UWczfeDxOjVSwQ4Ez0a3YzGxtvo/6aT/P/8u6lxZwXC73F4vPe9B/qQDn
-tCVkS4kDfMQf3zUlypFo3ny6eF54AcWzaT6XDIYVYJD1aSMXXqHhoffznAFB9Tjd
-gmYAjCPk/6Oi7WPKEg+TryBnQLv9GEL7TRpQDAAMf0vc8OXwsJbEfS1HO8msMjA7
-+q4SVTPh7y9uKR62hu9MLuEXBxm3w4fS+U8e+62SVPIqwFsa5Q92Sh98AOPjK9yY
-ViFNSQ0SCOaoWbmk9YFaC7JywXnlIXpD7si1W5a4hQ9aIF+qLqs=
-=4GyX
+klDuDRAAgXMIWSoUltzfqFgX2pDOzKZ6xFh6jRVYy24UURDt/ls1X7jy+IsrIqBq
+H3+bEsg4xQk/oAHYQaCHbhjIQElt7jBFw4KRyLolbCe0g/XwoQF6yN0Y+J8f6Z6A
+E3IQLkHKDgWyR/CrHEG/6tJPAeVCrtPNtSxFg7wVNatnk9F8nvGujlrVQSKmDWxU
+hoUd+wj257EaBQlyIhHsm/+WttusS2CRl3143UK0nQvAzMKjQP3hWP4aQAbLgL7S
+do6hJZnkxkPFTE67usLed7F3PTcKDcbBRLnSON7+2M92YWHb9IJ5MPYBKEyGVF08
+/XZLk0jqP68b77MeaPwJmVjNNysKzVRJmEbk7fdwogtYxUj1aIwf76JUGKl9zYaC
+j/CFmV5vQrtts2jBTm1AXXrR72YdidleBCHyXMoStrF930SdDRfJSk9+DdsUNX6N
+XLJ08PWYruFFKsCuRnu4muF37y7SUgoovH1BiaItGzArp2JhLejrH6EJTnpLYvCN
+BVczfQFCmKKT3QJaehlXwfhOVfLwasDGgSIdfkWzThB4EJ8PoIjfO3sqEBc9bkGL
+jsTgv7LCUyaenws6fRfrDmsPPI3PnbAyVtmxk41GOVIdw7ldZyAq4+wVBS1rtwSC
+ZybNuz9ztI4wXFDQn5qsYaqhark5cZBGyZJ6IrMYafvD60otvtA=
+=qWc6
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202411-06.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202411-06">
+    <title>GnuTLS: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to a denial of service.</synopsis>
+    <product type="ebuild">gnutls</product>
+    <announced>2024-11-17</announced>
+    <revised count="1">2024-11-17</revised>
+    <bug>831573</bug>
+    <bug>861803</bug>
+    <bug>893880</bug>
+    <bug>918663</bug>
+    <bug>922262</bug>
+    <bug>927557</bug>
+    <access>remote</access>
+    <affected>
+        <package name="net-libs/gnutls" auto="yes" arch="*">
+            <unaffected range="ge">3.8.5</unaffected>
+            <vulnerable range="lt">3.8.5</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>GnuTLS is a secure communications library implementing the SSL, TLS, and DTLS protocols</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="normal">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All GnuTLS users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=net-libs/gnutls-3.8.5"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2509">CVE-2022-2509</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-0361">CVE-2023-0361</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-5981">CVE-2023-5981</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0553">CVE-2024-0553</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0567">CVE-2024-0567</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-28834">CVE-2024-28834</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-28835">CVE-2024-28835</uri>
+    </references>
+    <metadata tag="requester" timestamp="2024-11-17T08:50:20.605702Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2024-11-17T08:50:20.609484Z">sam</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-01.xml

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202505-01">
+    <title>PAM: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in PAM, the worst of which could lead to password leakage.</synopsis>
+    <product type="ebuild">pam</product>
+    <announced>2025-05-12</announced>
+    <revised count="1">2025-05-12</revised>
+    <bug>922397</bug>
+    <bug>942075</bug>
+    <access>remote</access>
+    <affected>
+        <package name="sys-libs/pam" auto="yes" arch="*">
+            <unaffected range="ge">1.7.0_p20241230</unaffected>
+            <vulnerable range="lt">1.7.0_p20241230</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in PAM. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All PAM users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.7.0_p20241230"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-10041">CVE-2024-10041</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-05-12T06:55:41.605140Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-05-12T06:55:41.608795Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-02.xml

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202505-02">
+    <title>Mozilla Firefox: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.</synopsis>
+    <product type="ebuild">firefox,firefox-bin</product>
+    <announced>2025-05-12</announced>
+    <revised count="1">2025-05-12</revised>
+    <bug>951563</bug>
+    <bug>953021</bug>
+    <access>remote</access>
+    <affected>
+        <package name="www-client/firefox" auto="yes" arch="*">
+            <unaffected range="ge" slot="stable">137.0.1</unaffected>
+            <unaffected range="ge" slot="esr">128.9.0</unaffected>
+            <vulnerable range="lt" slot="stable">137.0.1</vulnerable>
+            <vulnerable range="lt" slot="esr">128.9.0</vulnerable>
+        </package>
+        <package name="www-client/firefox-bin" auto="yes" arch="*">
+            <unaffected range="ge" slot="stable">137.0.1</unaffected>
+            <unaffected range="ge" slot="esr">128.9.0</unaffected>
+            <vulnerable range="lt" slot="stable">137.0.1</vulnerable>
+            <vulnerable range="lt" slot="esr">128.9.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Firefox users should upgrade to the latest version in their release channel:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-137.0.1:rapid"
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-128.9.0:esr"
+        </code>
+
+        <p>All Mozilla Firefox users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-137.0.1:rapid"
+          # emerge --ask --oneshot --verbose ">=www-client/firefox-128.9.0:esr"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-43097">CVE-2024-43097</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1931">CVE-2025-1931</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1932">CVE-2025-1932</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1933">CVE-2025-1933</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1934">CVE-2025-1934</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1935">CVE-2025-1935</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1936">CVE-2025-1936</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1937">CVE-2025-1937</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1938">CVE-2025-1938</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1941">CVE-2025-1941</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1942">CVE-2025-1942</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1943">CVE-2025-1943</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3028">CVE-2025-3028</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3029">CVE-2025-3029</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3030">CVE-2025-3030</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3031">CVE-2025-3031</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3032">CVE-2025-3032</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3034">CVE-2025-3034</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3035">CVE-2025-3035</uri>
+        <uri>MFSA2025-14</uri>
+        <uri>MFSA2025-16</uri>
+        <uri>MFSA2025-18</uri>
+        <uri>MFSA2025-20</uri>
+        <uri>MFSA2025-22</uri>
+        <uri>MFSA2025-23</uri>
+        <uri>MFSA2025-24</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-05-12T08:06:29.059257Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-05-12T08:06:29.061692Z">graaff</metadata>
+</glsa>

sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-202505-03.xml

@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202505-03">
+    <title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
+    <synopsis>Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.</synopsis>
+    <product type="ebuild">thunderbird,thunderbird-bin</product>
+    <announced>2025-05-12</announced>
+    <revised count="1">2025-05-12</revised>
+    <bug>945051</bug>
+    <bug>948114</bug>
+    <bug>951564</bug>
+    <bug>953022</bug>
+    <access>remote</access>
+    <affected>
+        <package name="mail-client/thunderbird" auto="yes" arch="*">
+            <unaffected range="ge">128.9.0</unaffected>
+            <vulnerable range="lt">128.9.0</vulnerable>
+        </package>
+        <package name="mail-client/thunderbird-bin" auto="yes" arch="*">
+            <unaffected range="ge">128.9.0</unaffected>
+            <vulnerable range="lt">128.9.0</vulnerable>
+        </package>
+    </affected>
+    <background>
+        <p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
+    </background>
+    <description>
+        <p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
+    </description>
+    <impact type="high">
+        <p>Please review the referenced CVE identifiers for details.</p>
+    </impact>
+    <workaround>
+        <p>There is no known workaround at this time.</p>
+    </workaround>
+    <resolution>
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-128.9.0"
+        </code>
+
+        <p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
+
+        <code>
+          # emerge --sync
+          # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-128.9.0"
+        </code>
+    </resolution>
+    <references>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11692">CVE-2024-11692</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11694">CVE-2024-11694</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11695">CVE-2024-11695</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11696">CVE-2024-11696</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11697">CVE-2024-11697</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11699">CVE-2024-11699</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11700">CVE-2024-11700</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11701">CVE-2024-11701</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11704">CVE-2024-11704</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11705">CVE-2024-11705</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11706">CVE-2024-11706</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-11708">CVE-2024-11708</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-43097">CVE-2024-43097</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-50336">CVE-2024-50336</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0237">CVE-2025-0237</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0238">CVE-2025-0238</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0239">CVE-2025-0239</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0240">CVE-2025-0240</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0241">CVE-2025-0241</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0242">CVE-2025-0242</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-0243">CVE-2025-0243</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1931">CVE-2025-1931</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1932">CVE-2025-1932</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1933">CVE-2025-1933</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1934">CVE-2025-1934</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1935">CVE-2025-1935</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1936">CVE-2025-1936</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1937">CVE-2025-1937</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-1938">CVE-2025-1938</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3028">CVE-2025-3028</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3029">CVE-2025-3029</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3030">CVE-2025-3030</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3031">CVE-2025-3031</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3032">CVE-2025-3032</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-3034">CVE-2025-3034</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-26695">CVE-2025-26695</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2025-26696">CVE-2025-26696</uri>
+        <uri>MFSA2024-63</uri>
+        <uri>MFSA2024-64</uri>
+        <uri>MFSA2024-65</uri>
+        <uri>MFSA2024-67</uri>
+        <uri>MFSA2024-68</uri>
+        <uri>MFSA2025-01</uri>
+        <uri>MFSA2025-02</uri>
+        <uri>MFSA2025-05</uri>
+        <uri>MFSA2025-14</uri>
+        <uri>MFSA2025-16</uri>
+        <uri>MFSA2025-18</uri>
+        <uri>MFSA2025-20</uri>
+        <uri>MFSA2025-22</uri>
+        <uri>MFSA2025-23</uri>
+        <uri>MFSA2025-24</uri>
+    </references>
+    <metadata tag="requester" timestamp="2025-05-12T09:13:59.331961Z">graaff</metadata>
+    <metadata tag="submitter" timestamp="2025-05-12T09:13:59.334292Z">graaff</metadata>
+</glsa>