Portage is the default Gentoo package management system.
+Multiple vulnerabilities have been discovered in Portage. Please review the CVE identifiers referenced below for details.
+When using the webrsync mechanism to sync the tree the PGP signatures that protect the integrity of the data in the tree would not be verified. This would allow a man-in-the-middle attack to inject arbitrary content into the tree.
+There is no known workaround at this time.
+All Portage users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/portage-3.0.47"
+
+ PostgreSQL is an open source object-relational database management system.
+A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details.
+An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pg_dump session with the privileges of the role running pg_dump (which is often a superuser). The attack involves replacing a sequence or similar object with a view or foreign table that will execute malicious code. To prevent this, introduce a new server parameter restrict_nonsystem_relation_kind that can disable expansion of non-builtin views as well as access to foreign tables, and teach pg_dump to set it when available. Note that the attack is prevented only if both pg_dump and the server it is dumping from are new enough to have this fix.
+There is no known workaround at this time.
+All PostgreSQL users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.20:12"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-13.16:13"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-14.13:14"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-15.8:15"
+ # emerge --ask --oneshot --verbose ">=dev-db/postgresql-16.4:16"
+
+ Ghostscript is an interpreter for the PostScript language and for PDF.
+Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All GPL Ghostscript users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-10.03.1"
+
+ calibre is a powerful and easy to use e-book manager.
+Multiple vulnerabilities have been discovered in calibre. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All calibre users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/calibre-7.16.0"
+
+ PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
+Please review the CVE identifier referenced below for details.
+Please review the CVE identifier referenced below for details.
+There is no known workaround at this time.
+All PJSIP users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/pjproject-2.13.1"
+
+ The file utility attempts to identify a file’s format by scanning binary data for patterns.
+Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details.
+File has an stack-based buffer over-read in file_copystr in funcs.c.
+There is no known workaround at this time.
+All file users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-apps/file-5.42"
+
+ A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.
+Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Rust binary users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/rust-bin-1.71.1"
+
+
+ All Rust users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-lang/rust-1.71.1"
+
+ OpenVPN is a multi-platform, full-featured SSL VPN solution.
+Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All OpenVPN users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-vpn/openvpn-2.6.7"
+
+ Exo is an Xfce library targeted at application development, originally developed by os-cillation. It contains various custom widgets and APIs extending the functionality of GLib and GTK. It also has some helper applications that are used throughout the entire Xfce desktop to manage preferred applications and edit .desktop files.
+A vulnerability has been discovered in Exo. Please review the CVE identifiers referenced below for details.
+Exo executes remote desktop files which may lead to unexpected arbitrary code execution.
+There is no known workaround at this time.
+All Exo users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=xfce-base/exo-4.17.2"
+
+ Xen is a bare-metal hypervisor.
+Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Xen users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.17.4"
+
+ VirtualBox is a powerful virtualization product from Oracle.
+Multiple vulnerabilities have been discovered in Oracle VirtualBox. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Oracle VirtualBox users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-7.0.12"
+
+ A fast, compliant alternative implementation of the Python language.
+Multiple vulnerabilities have been discovered in pypy. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All pypy users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pypy-7.3.3_p37_p1-r1"
+ # emerge --ask --oneshot --verbose ">=dev-python/pypy-exe-7.3.2"
+ # emerge --ask --oneshot --verbose ">=dev-python/pypy-exe-bin-7.3.2"
+
+
+ All pypy3 users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-python/pypy3-7.3.3_p37_p1-r1"
+
+ gst-plugins-good contains a set of plugins for the GStreamer open source multimedia framework.
+Multiple vulnerabilities have been discovered in gst-plugins-good. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All gst-plugins-good users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-good-1.20.3"
+
+ Mbed TLS (previously PolarSSL) is an “easy to understand, use, integrate and expand” implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required.
+Multiple vulnerabilities have been discovered in Mbed TLS. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Mbed TLS users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-libs/mbedtls-2.28.7"
+
+ A set of single-file public domain (or MIT licensed) libraries for C/C++
+Multiple vulnerabilities have been discovered in stb. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All stb users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/stb-20240201"
+
+
+ Note that stb is included at compile time, so all packages that depend on it should also be reinstalled. If you have app-portage/gentoolkit installed you can use:
+ +
+ # emerge --ask --verbose $( equery depends dev-libs/stb | sed 's/^/=/' )
+
+ Slurm is a highly scalable resource manager.
+Multiple vulnerabilities have been discovered in Slurm. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+Gentoo has discontinued support for Slurm. We recommend that users unmerge it:
+ +
+ # emerge --ask --depclean "sys-cluster/slurm"
+
+ VLC is a cross-platform media player and streaming server.
+Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All VLC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=media-video/vlc-3.0.20"
+
+ liblouis is an open-source braille translator and back-translator.
+Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All liblouis users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/liblouis-3.25.0"
+
+ Emacs is the extensible, customizable, self-documenting real-time display editor. org-mode is an Emacs mode for notes and project planning.
+%(...) link abbreviations could specify unsafe functions.
+Opening a malicious org-mode file could result in arbitrary code execution.
+There is no known workaround at this time.
+All Emacs users should upgrade to the latest version according to the installed slot, one of:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-26.3-r19:26"
+
+
+ Alternatively:
+ +
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-27.2-r17:27"
+
+
+
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-28.2-r13:28"
+
+
+
+ # emerge --ask --oneshot --verbose ">=app-editors/emacs-29.3-r3:29"
+
+
+ All org-mode users should upgrade to the latest package:
+ +
+ # emerge --ask --oneshot --verbose ">=app-emacs/org-mode-9.7.5"
+
+ A command line tool and library for transferring data with URLs.
+Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All curl users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/curl-8.7.1"
+
+ Hunspell is the spell checker of LibreOffice, OpenOffice.org, Mozilla Firefox & Thunderbird, Google Chrome.
+Malicious input to the hunspell spell checker could result in an application crash or other unspecified behavior.
+Malicious input to the hunspell spell checker could result in an application crash or other unspecified behavior.
+There is no known workaround at this time.
+All Hunspell users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/hunspell-1.7.1"
+
+ The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages (libstdc++,...).
+A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details.
+The POWER9 backend in GNU Compiler Collection (GCC) could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
+There is no known workaround at this time.
+All GCC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=sys-devel/gcc-10.0"
+
+
+ And then select it with gcc-config:
+ +
+ # gcc-config latest
+
+
+ In this case, users should also rebuild all affected packages with emerge -e, e.g.:
+ +
+ # emerge --usepkg=n --emptytree @world
+
+ ZNC is an advanced IRC bouncer.
+ZNC's modtcl could allow for remote code execution via a KICK.
+A vulnerable ZNC with the modtcl module loaded could be exploited for remote code execution.
+Unload the mod_tcl module.
+All ZNC users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/znc-1.9.1"
+
+ Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.
+Multiple vulnerabilities have been discovered in Tor. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Tor users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.8.9"
+
+ Xpdf is an X viewer for PDF files.
+Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Xpdf users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-text/xpdf-4.05"
+
+ IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions.
+Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+Gentoo has discontinued support for IcedTea. We recommend that users unmerge it:
+ +
+ # emerge --sync
+ # emerge --ask --depclean "dev-java/icedtea" "dev-java/icedtea-bin"
+
+ tmux is a terminal multiplexer.
+A null pointer dereference issue was discovered in function window_pane_set_event in window.c in which allows attackers to cause denial of service or other unspecified impacts.
+Manipulating tmux window state could result in a null pointer dereference.
+There is no known workaround at this time.
+All tmux users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-misc/tmux-3.4"
+
+ HashiCorp Consul is a tool for service discovery, monitoring and configuration.
+Multiple vulnerabilities have been found in HashiCorp Consul. Please review the CVE identifiers referenced below for details.
+Please review the CVE identifiers referenced below for details.
+There is no known workaround at this time.
+All HashiCorp Consul users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-admin/consul-1.15.10"
+
+ Docker contains the the core functions you need to create Docker images and run Docker containers
+Multiple vulnerabilities have been discovered in Docker. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Docker users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-containers/docker-25.0.4"
+
+ yt-dlp is a youtube-dl fork with additional features and fixes.
+Multiple vulnerabilities have been found in yt-dlp. Please review the referenced CVE identifiers for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All yt-dlp users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-misc/yt-dlp-2024.07.01"
+
+ The Apache HTTP server is one of the most popular web servers on the Internet.
+Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All Apache HTTPD users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.62"
+
+ nginx is a robust, small, and high performance HTTP and reverse proxy server.
+Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details.
+Please review the referenced CVE identifiers for details.
+There is no known workaround at this time.
+All nginx users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.26.2-r2"
+
+